Major flaw in 28 antivirus products can brick your computer

Major flaw in 28 antivirus products can brick your computer
© Antonio Guillem | Dreamstime.com

No matter what kind of system you’re using, a strong antivirus program is essential for keeping dangerous malware at bay. Without one, your computer can fall to all sorts of nasty attacks — including hacks that can steal your money or personal data.

Antivirus and antimalware programs work by scanning your computer for hostile files you may have been exposed to or downloaded accidentally. And these days, with so many scammers altering files to carry a malware payload, frequent scanning is more essential than ever. Tap or click here to see what hackers are using to transmit viruses.

But what happens when malware attacks your antivirus program itself? This sounds like a nightmare scenario, but it’s closer to reality than you think. A critical flaw has been discovered in some of the most popular antimalware programs on the web, and if it’s exploited, hackers can turn your defenses against you and delete your system files!

Who watches the watchmen?

Security researchers at Rack911 have confirmed a critical flaw found in 28 of the most popular antimalware programs on the market. If exploited, the antimalware program itself can be infected and hijacked, which can let hackers scan your computer and delete ordinary system files as if they were malware.

Taken to its logical conclusion, this plan of attack can absolutely devastate an infected computer. Researchers note that hackers using the exploit could delete virus definitions and render the antimalware program ineffective. Alternatively, they could delete essential operating system files — which could prevent a computer from booting.

The attack cannot be remote-controlled, but it can be initiated via a malware payload that hackers trick their victim into downloading. Once the malware is installed, it can rewrite the names of important system files to match its own. Then, the antimalware would catch the file and delete it along with the system file.

The result: a “bricked” computer. Worst of all, because this flaw targets antimalware programs, the issue isn’t limited by the operating system. Computers running Windows 10, Linux and macOS are all at risk for this hack!

What can I do to protect myself? Do I need new antivirus software?

Because the issue is so serious, many of the biggest players in the cybersecurity world have already patched their software to remove the exploit. You can see the complete list of affected software below, as well as whether or not the patch is available.

If the program is patched, update your software as soon as possible. You can usually find the option to search for updates under the settings or preferences menu of your antivirus software.

  • Avast: Avast Free Antivirus 
  • AVG: AVG AntiVirus for Mac. Patched.
  • Avira: Avira Free Antivirus for Windows. Patched.
  • Bitdefender: Bitdefender Total Security for Mac. Patched; Bitdefender GravityZone for Windows, Linux and Enterprise. Patched.
  • Comodo: Comodo Endpoint Security For Windows, Linux and Enterprise. Patched.
  • ESET: ESET Cyber Security for Mac. Patched; ESET File Server Security for Linux and Enterprise Patched.
  • F-Secure: F-Secure Computer Protection for Windows and Enterprise. Patched; F-Secure Linux Security for Linux and Enterprise. Patched.
  • FireEye: FireEye Endpoint Security for Windows and Enterprise
  • Kaspersky: Kaspersky Internet Security for Mac. Patched; Kaspersky Endpoint Security for Windows, Linux and Enterprise Patched.
  • Malwarebytes: Malwarebytes for Windows. Patch incoming.
  • McAfee: McAfee Total Protection for Mac; McAfee Endpoint Security for Windows and Enterprise; McAfee Endpoint Security for Linux and Enterprise. Patched.
  • Microsoft: Microsoft Defender for Mac and Enterprise. Patched.
  • Norton: Norton Security for Mac. Patched.
  • Panda: Panda Dome for Windows
  • Sophos: Sophos Home for Mac. Patched; Sophos Intercept X for Windows and Enterprise. Patched; Sophos Antivirus for Linux and Enterprise. Patched.
  • Webroot: Webroot SecureAnywhere for Windows and Mac. Patched.

As you can see, the only major holdouts at the moment are Avast, FireEye, Malwarebytes, and Panda. Malwarebytes notes that it has a patch on the way, so expect the update to be pushed in the near future.

Interestingly enough, Microsoft’s own Windows Defender products for Windows 10 are not affected by this issue. Microsoft told Tomsguide that none of its antimalware products are “currently vulnerable to the methods discussed in this research.”

If you’re concerned about the threat of malware and own a PC, stick to Windows Defender for now. It’s already extremely robust, and thanks to Microsoft’s statement, we now know it won’t accidentally change virus definitions or delete critical system files.

The only thing Windows Defender has to worry about, it seems, are updates from Microsoft itself. Tap or click here to see how one bad update destroyed Windows Defender.

If you’re not using Windows, or rely on a different antimalware program, make sure to update your software to the latest edition if a patch is available. Otherwise, you’ll need to switch and download new antimalware software that will scan your system without the risk.

Fortunately, there are plenty of excellent options to choose from. Tap or click here to see the best free system scanners online.

Until the flaw is completely eliminated, avoid downloading any files you’re not 100% sure about. Avoid opening emails from unknown senders, and try to shy away from downloading movies or TV shows illegally. This is the biggest threat vector for malware at this time. Tap or click here to see why.

If you play it safe, you might not even need to run a system scan more than occasionally. That’s the beauty of the web: It’s only as dangerous as you allow it to be.

Tags: antivirus, cybersecurity, hackers, malware, Microsoft Windows 10, patch, updates