Leave a comment

Uh-oh. Almost EVERY anti-virus has a security hole

Uh-oh. Almost EVERY anti-virus has a security hole
Photo courtesy of Shutterstock

AV-Test has found a shocking new security hole in your computer, comparing it to something that you'd find on Star Trek.

"When a space ship is attacked," writer Markus Selinger says, "Its deflector shields are not merely hit by accident, rather there is always an initial targeted attack on the deflector shield generator."

His strange metaphor actually sheds light on the fact that many commercial anti-virus programs don't lock up their "deflector shield generators" properly.

The website discovered that, in fact, many of these programs aren't secured according to basic industry standards. Remind you of anything? That's right, the most dangerous security vulnerabilities happen when programmers leave your computer's back door open.

What's the standard? Well, a few years ago Information Technology professionals put their heads together to develop two security protocols that account for flaws in code that hackers could potentially exploit. They're called Address Space Layout Randomization and Data Execution Prevention.

If a hacker was a magician, ASLR shuffles his cards. It shuffles where a program's memory is allocated to keep hackers from executing "buffer overflow" attacks. Buffer overflows happen when hackers hit a program with many different queries at one time.

DEP is one of the most important protections that any modern security code can give you. It prevents your computer from getting tricked into remotely executing code.

If a hacker is able to remotely execute code, then they can make your computer do or install whatever they want. That's how hackers have managed to slip dangerous viruses into macros for Microsoft Word and Excel.

These two protections are everyday hacker protection. The computer equivalent of, say, a lock on your backdoor. Without DEP and ASLR protection, then hackers have a way into your computer.

AV-Test checked 24 security suites and eight corporate security solutions for DEP and ASLR protection. Here's what they came up with:

csm_DEP_ASLR_Consumer_en_4f120f4b0b

As the graph shows, most anti-virus programs have at least a 90% protection average between both 32 and 64-bit editions. Those numbers dip rather shockingly when we move over to the eight business programs, however.

csm_DEP_ALSR_B2B_en_a0ecc176a3

The only program that features full protection is Symantec. Other than G Data, no other business-oriented security solution goes over 90% protection.

That means they're vulnerable, and that's a scary thing.

Next Story
Source: AV-Test
View Comments ()
BlackBerry will pay you $550 to get a BlackBerry
Previous Happening Now

BlackBerry will pay you $550 to get a BlackBerry

Budget tablets at Target, Amazon, Walmart and Best Buy come with malware installed
Next Happening Now

Budget tablets at Target, Amazon, Walmart and Best Buy come with malware installed