What Happens When Your Antivirus Is Attacked?

October 6, 2016

You buy a new computer, a tablet or a smart phone, and, if you are smart, the first thing you do, before you even think about going online, is you get antivirus software. You do your research, ask around and find out which one fits your needs. You install the software, update the database, perhaps perform a scan just to be sure, and you can finally relax. You feel safe and protected and you even venture out to some less-than-trustworthy corners of the World Wide Web, confident that your antivirus will keep you from harm. After all, these programs are so advanced there is no way a virus or another kind of software could ever possibly breach them.

We have bad news for you. It isn’t necessarily so. Security experts, independent researchers, white hat hackers and other entities constantly conduct research and look for defects in the most popular, trustworthy and reliable antivirus programs and some of their findings are not exactly encouraging.


There are all sorts of bugs and defects found in antivirus software. It’s not just that viruses “learn” ways to get around the antivirus shield. The software counts on that and builds its database around the presumption that a virus is going to try to trick it. The real problem is that antivirus software is the one that has to receive most of the blows and hits from malware. It’s your computer’s first line of defense and has to process a lot of unsafe, untrusted and often very harmful pieces of code.

Another problem is that your antivirus has to have high privileges in your computer in order to be able to detect what exactly is going on and needs extreme system visibility. AV programs need to have access to the very heart of your computer, so if there is a bug in the program, you realize how this is actually a serious problem.

There was a bug found recently by independent researchers in one of the major AV companies’ software, namely in their browser extension. Because of the bug, some of the users’ data, such as personal information, browsing history and cookies, were exposed to attackers and, in fact, no one even knows what was done with that data, and by whom. The worst part is that the extension was rarely installed by the users themselves – in many cases the antivirus itself installed it on the browser without asking permission.

A scary weak spot was also found in another big market player’s software – there was a security hole through which the attackers were able to get into the antivirus, disable it from protecting the computer it was installed on, and enter the system.

Attack On AntivirusYet another big antivirus company had to fix a problem regarding their password manager, which is included in some of their bundles. Because of a security hole, the manager did exactly the opposite of what it was supposed to do – it allowed websites to basically do what they like with the data and to steal users’ passwords. Pretty scary, right? Now, the question is, what are we going to do about this now that we know that antivirus software is not the absolute alpha and omega of your computer’s security? This question carries different weight for users and developers.

Fortunately, developers are already on it, and have been for some time. These companies simply cannot risk selling product that is anything less than perfectly reliable. This problem is even bigger for them than for other IT companies working in other sectors, with other software applications, for obvious reasons. Development cycles need to be improved and state of the art technologies have to be employed. For those interested in technical details, AV companies have started using measures like data execution prevention (DEP), address space layout randomization (ASLR) and StackGuard, which are techniques that eliminate buffer overflow attacks. These techniques are not exactly new, but they haven’t been used as extensively as they will be used from now on.

Another thing that absolutely needs to be done, and it is something that every developer dreads, is combing through old code for newly discovered weaknesses. This is because what was once safe and secure, becomes subject to new attacks and threats and needs to be revisited, eliminated or rewritten.

While companies work on that, the question remains – what are we, simple users, going to do? Does this knowledge change anything for us? Certainly, once you learn there are actual holes even in the best AV programs on the market, things definitely get a little scary. But that doesn’t mean you should pull the power cord out of the wall and throw your computer out the window, running away in horror. You can still do pretty much everything you usually do, and you don’t even have to be extra careful. Well, maybe you should.

Chances that there is a security hole in your antivirus software are still pretty slim, but you can make the risk of virus intrusion even lower by being careful in your online activities. Keep your eyes open for phishing sites, for example. Do not click on just about anything you see – read the URL first. Only accept downloads from trusted sources. In a word – be smart.