When Security Solutions Are Vulnerable
Last year, antivirus provider Symantec was quoted in The Wall Street Journal stating that antivirus software was dead, prompting the security company to start developing solutions that worked differently and more effectively. Symantec’s senior vice president for information security estimated that antivirus software catches just 45 percent of online attacks today.
And now there’s reports of a known vulnerability emerging in many different antivirus solutions from different providers’ software. Dark Reading reported on a security flaw that allows malware to exploit vulnerable and out-of-date third-party Windows apps.
Vulnerable antivirus products allocate a memory page with read, write and execute permissions at a constant and predictable address, which could potentially lead to the compromise of the underlying Windows system, according to a blog by enSilo. A more technical overview can be found here.
Security company enSilo found the flaw in March 2015, as it affected AVG’s antivirus product, which was promptly patched by AVG. But after developing a tool to test other antivirus products, the company found that McAfee Virus Scan, Kaspersky Total Security, and AVG Internet Security solutions were vulnerable. They have all recently patched for the vulnerability.
Incentives for Broken Security Solutions
Last year, we hosted a Duo Tech Talk featuring Peiter Zatko, better known as Mudge, member of the hacker collective, L0pht. In 1998, he testified in front of Congress with other rest of L0pht, stating that they could shut down the entire Internet in 30 minutes.
Mudge continued on to work with DARPA, the Defense Advanced Research Projects Agency, where he conducted research on how additional security layers often contain and create vulnerabilities. They found that 28.8 percent of all vulnerabilities tracked across 100k networks were found within the security software themselves.
He stated that the way antivirus vendors released fixes is more favorable to supporting their own subscription-based models that ultimately made money off of renewals - instead of fixing the root cause, which would benefit consumers the most, vendors were more incentivized to release a patch to fix just a branch or variant of a botnet that would, ultimately, quickly pop up again.
That means consumers - and large companies - aren’t protected if they rely on outdated security solutions that can’t even detect or defend against new threats. Back in 2013, the NYTimes.com reported on the barrage of online attacks they experienced over 4 months, stating that their antivirus solution only detected 1 instance of malware, while 45 were found in total.
Security Basics + Endpoint Insights
Switching over to a solution like two-factor authentication can result in simple prevention, but using the solution in conjunction with advanced endpoint capabilities can prove even more effective and sustainable as combating threats requires a different, more targeted approach.
Endpoint security solutions give you greater insight into increasingly complicated IT environments that now include cloud apps and countless personal, unmanaged devices used to connect to company data. They can help organizations:
- View where their users are authenticating from - whether it’s an anonymous network or a country you don’t typically do business in, you can get actionable data to detect any anomalies
- Set custom policies and controls to block users based on location, network or authentication parameters
- Flag any devices running out-of-date software (like browsers or Flash and Java plugins) that may present a risk if connected to your company network
- Notify users that their personal devices they use for work are outdated, providing a link so they can easily update on their own
Updating your company’s security solution is essential to avoiding known vulnerabilities, and protecting against new threats that can no longer be detected by old security solutions.