AV-Test has found a shocking new security hole in your computer, comparing it to something that you'd find on Star Trek.
"When a space ship is attacked," writer Markus Selinger says, "Its deflector shields are not merely hit by accident, rather there is always an initial targeted attack on the deflector shield generator."
His strange metaphor actually sheds light on the fact that many commercial anti-virus programs don't lock up their "deflector shield generators" properly.
The website discovered that, in fact, many of these programs aren't secured according to basic industry standards. Remind you of anything? That's right, the most dangerous security vulnerabilities happen when programmers leave your computer's back door open.
What's the standard? Well, a few years ago Information Technology professionals put their heads together to develop two security protocols that account for flaws in code that hackers could potentially exploit. They're called Address Space Layout Randomization and Data Execution Prevention.
If a hacker was a magician, ASLR shuffles his cards. It shuffles where a program's memory is allocated to keep hackers from executing "buffer overflow" attacks. Buffer overflows happen when hackers hit a program with many different queries at one time.
DEP is one of the most important protections that any modern security code can give you. It prevents your computer from getting tricked into remotely executing code.
If a hacker is able to remotely execute code, then they can make your computer do or install whatever they want. That's how hackers have managed to slip dangerous viruses into macros for Microsoft Word and Excel.
These two protections are everyday hacker protection. The computer equivalent of, say, a lock on your backdoor. Without DEP and ASLR protection, then hackers have a way into your computer.
AV-Test checked 24 security suites and eight corporate security solutions for DEP and ASLR protection. Here's what they came up with:
As the graph shows, most anti-virus programs have at least a 90% protection average between both 32 and 64-bit editions. Those numbers dip rather shockingly when we move over to the eight business programs, however.
The only program that features full protection is Symantec. Other than G Data, no other business-oriented security solution goes over 90% protection.
That means they're vulnerable, and that's a scary thing.