Anti-virus software is supposed to be the front line of security defenses, right? But what happens when AV software is found to be vulnerable?
It’s not uncommon. Earlier this year, Sophos and Kaspersky Lab, for example, both had to deal with critical vulnerabilities discovered in or affecting their security packages.
Earlier this week, enSilo announced its discovery of a critical security vulnerability affecting various AV software products. According to a release from Tomer Bitton, co-founder and VP Research, the company discovered a critical security vulnerability that could potentially turn AV software into an “attacker-enabler tool.”
It started with finding a vulnerability in AVG’s software, which led the researchers to wanting to see if this was an isolated incident or a real problem in AV. We know the answer to that from the aforementioned examples. (To help you find out if you have a vulnerability problem with your AV, enSilo released a vulnerability checker.) As Bitton wrote in a blog post:
These types of vulnerabilities clearly demonstrate the problems in the security eco-system. On the one hand, Microsoft invests loads of resources in defenses, mitigations and enhancements to strengthen its system against compromise. On the other hand, there’ll always be some oversight in applications. Unfortunately, it’s precisely vulnerable third-party applications that can lead to the compromise of these same defenses.
Does this mean that, like username/password combinations, AV software has peaked as a primary security source? Yes and no. Like passwords, AV software isn’t going anywhere any time soon. It is a mainstay in our security set-up, especially so for those who are focused on protecting individual devices and not entire networks. But I think there is a shift happening, as the protection becomes more concentrated on protecting data. Or, as Kelly Jackson Higgins wrote for Dark Security, endpoint security is the more pragmatic response. She added:
The endpoint remains the most attractive and soft target for cyber criminals and cyber espionage actors to get inside the door of their targets. There’s a treasure trove of intelligence about the attack at the endpoint, and EDR tools take advantage of that by gathering and storing that information in response to an attack and as intel to thwart future ones.
This is the time of year when I and others talk about security predictions and trends for the coming year. Could 2016 be the year we start to shift away from traditional protections to new, more effective solutions?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba