Your anti-virus might not be as safe as you thought.
An expert from COSEINC, a computer security firm based in Singapore, recently presented some shocking findings at a conference. He tested at least 17 different anti-virus products and found bugs in 14 of them. On top of that, he suggested that, in some ways, anti-virus software can even make you MORE vulnerable rather than less. Here's a quote from one of his presentation slides:
In general, AV software...
- ...doesn't make you any safer against skilled attackers.
- ...increase your attack surface.
- ...make you more vulnerable to skilled attackers.
- ...are as vulnerable to attacks as any other application.
Some AV software...
- ...may lower your operating system protections.
- ...are plagued of both local and remote vulnerabilities.
The researcher, Joxean Koret, is saying that talented hackers who know the ins and outs of how anti-virus software works can actually use it against you. When he talks about "attack surface," he's referring to the amount of code a hacker has to work with to find an exploit. Anti-virus programs need to recognize lots of different file formats to stop threats. They typically operate with the highest privileges possible. Because of that, it increases the number of doors a hacker could conceivably find into your computer.
An anti-virus is a program that's designed to protect operating systems and programs from attacks. But Koret is saying that if someone talented enough goes after the anti-virus program itself, he or she should be able to find a way in. Anti-viruses don't often have processes in place to protect themselves from attacks - they're just like any other program in that way.