“Antivirus software is so universally ineffective that it’s just a waste of money.”
The cybersecurity industry has a dirty little secret that hackers don’t want you to know. What’s the secret? Cybersecurity no longer protects you like it used to. Instead of the industry getting better at fending off hackers, it actually lost the battle awhile ago. In fact, antivirus can actually make you less secure than not having antivirus at all.
- 1991: Norton Antivirus began using file signatures to successfully eradicate viruses.
- 2012: Hackers wrote software to generate unlimited variations of their viruses, each with a unique file signature. 500,000 new, unique virus variants were released per day, rendering file signature technology useless. (CBS News)
- 2016: Antivirus introduced a new technology called behavioral analysis. This technology literally weakens computer security rather than strengthening it. (PCWorld)
The antivirus industry asserts that the new behavioral analysis is the answer to modern hacking attacks. But is this true? Concordia University recently tested 14 popular internet-security products. This study discovered that all 14 products literally weakened the computer’s security instead of strengthening it:
“We found that all the analyzed products in some way weaken TLS security on their host.” — Concordia Institute for Information Systems Engineering; Concordia University
How do the tested antivirus products weaken security? These products remove security that’s already built into browsers. Modern browsers come with a security feature called TLS that’s critically important for safe surfing. These antivirus products disable TLS so that they can read the browser traffic for behavioral analysis. By disabling the browser’s core security the computer is rendered more vulnerable to attack (instead of less vulnerable).
Every antivirus product tested literally weakened internet security by disabling TLS — opening a door for hackers which is normally closed off by the browser itself.
Almost everyone knows not to open suspicious emails because they can contain malicious programs inside. Yet, Norton’s product line did the unthinkable. In order to perform behavioral analysis, Norton’s products opened every email received by the computer. In doing so, hackers could send malicious emails that would hijack Norton itself when the product opened the email for analysis.
“An attacker could exploit one vulnerability in Symantec’s unpacker – which runs in the kernel – by ‘just emailing a file to a victim or sending them a link,’ Ormandy wrote. ‘The victim does not need to open the file or interact with it in any way. Because no interaction is necessary to exploit it, this is a wormable vulnerability with potentially devastating consequences to Norton and Symantec customers. An attacker could easily compromise an entire enterprise fleet using a vulnerability like this.'” — Computer World
Even though the user never opened the email, Norton did. Therefore, a hacker can hijack your computer without you even opening the email because your behavioral analysis antivirus product opens the email for you.
Over time, the cybersecurity industry went from effective, to useless, to literally helping hackers (CBC News). Consumers now spend $billions on products that actually make them less secure than not having any security at all:
“’By installing their software you’re actually making yourself less secure. There’s an irony in that,’ said Jack Daniel, a computer security expert in Massachusetts.” CNN
The problem is pervasive throughout the entire antivirus industry:
“Since June, researchers have found and reported several dozen serious flaws in antivirus products from vendors such as Kaspersky Lab, ESET, Avast, AVG Technologies, Intel Security (formerly McAfee) and Malwarebytes. Many of those vulnerabilities would have allowed attackers to remotely execute malicious code on computers, to abuse the functionality of the antivirus products themselves…” — PC World
This article explains how the cybersecurity industry leaped out of the frying pan and into the fire. Then, in conclusion, this article unveils a new, revolutionary security paradigm created by cryptographer Michael Wood. This new paradigm finally offers genuine protection — for your family — for your business — for yourself.
The Frying Pan
The antivirus industry used to rely on a technology called file signatures. Every virus has a unique signature. By scanning every file on a computer, the antivirus software could identify which ones (if any) were viruses.
Hackers responded by writing programs that automatically generated unlimited variations of their viruses. Each variation has a unique signature. Sending unique viruses to every recipient meant that antivirus wouldn’t recognize the new signature. Therefore, the antivirus software would always conclude that the file is clean.
This technique worked so perfectly that underground hackers began advertising Fully Undetectable (FUD) malware. Today, off-the-shelf programs allows even teenagers to create FUD trojans in less than two minutes, rendering antivirus signatures useless:
“The antivirus industry has a dirty little secret: its products are often not very good at stopping viruses.
Consumers and businesses spend billions of dollars every year on antivirus software. But these programs rarely, if ever, block freshly minted computer viruses, experts say, because the virus creators move too quickly.”— New York Times
The New York Times reported the ineffectiveness of antivirus software. Then, in an ironic twist of fate, the New York Times was hacked by the Chinese while using Norton Antivirus. In fact, the Chinese hackers were able to bypass Norton’s security 44 out of 45 times:
“One fact, however, will be of particular concern to the world’s largest antivirus firm, Symantec: Out of the 45 different pieces of malware planted on the Times‘ systems over the course of three months, just one of those programs was spotted by the Symantec antivirus software the Times used” — Forbes
The maker of Norton Security, Symantec, responded to the New York Times’ hack:
“The advanced capabilities in our endpoint offerings, including our unique reputation-based technology and behaviour-based blocking, specifically target sophisticated attacks. Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough.” — The Register
Symantec suggested that antivirus combined with “reputation-based technology and behavior-based blocking” might’ve possibly prevented the hack. But is this true? Or has the cybersecurity industry actually leaped out of the frying pan and into the fire?
In response to the uselessness of file signatures, the cybersecurity industry married antivirus with a new technological paradigm: behavioral analysis. This is the “reputation-based technology and behaviour-based blocking” Symantec was referring to. But, in stark contrast to Symantec’s assertion of added strength, this is where the industry only went from bad to worse.
Behavioral analysis requires antivirus to read everything on your computer. But, in order to do so, it must compromise security that’s already built-in. As documented above, many popular antivirus products weaken browser TLS in order to read internet traffic. Thereby making the computer more vulnerable.
Also documented above, the automatic opening of emails allows hackers to send malicious emails with a 100% guarantee that the email will be opened. Unthinkable, yet that’s precisely what’s happened.
And this is just the tip of the iceberg. Everything that behavioral analysis accesses introduces a new attack vector for hackers — including the updating of new behaviors themselves. The venerated company Malwarebytes was recently outed by Google for downloading behavior updates on an unencrypted channel. This means that hackers could modify the updates in any manner they wanted — including defining their malware as being good behavior.
Updates for Malwarebytes are downloaded sans encryption, meaning a would-be attacker with network access could potentially replace them with arbitrary code. — Digital Trends
Google has recently been sounding the alarm regarding the antivirus industry — stating quite openly that antivirus products “don’t work”:
Does this mean that it’s time to abandon antivirus altogether? Actually, the answer is… no. It’s not time to abandon antivirus. Just because antivirus products don’t work against hackers doesn’t mean that they’re not stopping literally millions of other things. What’s needed is to wrap antivirus software in an anti-hacking shell. How can this be done?
An effective anti-hacking technology must be completely independent of the vulnerabilities contained in antivirus. In order to do this, it must rely 100% on whitelisting good connections. If a connection is either bad or simply unknown then the connection is blocked.
Whitelists patch the inherent flaws of traditional cybersecurity products. However, while whitelists successfully cut hackers off, they used to be impractical to implement:
- Whitelists used to require the user to know all allowable sites in advance.
- Whitelists were based on technical information such as IP addresses and domain names.
- Whitelists were very unforgiving.
Fortunately, a brand new security paradigm has the power of whitelists while avoiding the impracticalities of the past. This new security approach is called dynamically-generated whitelisting. Dynamically-generated whitelists are created on-the-fly, in real-time, in response to user activity. When it comes to surfing the net, dynamically-generated whitelists don’t require any user configuration whatsoever. Everything’s done automatically.
The exciting new security paradigm invented by cryptographer Michael Wood has been showcased in a recent Technology Spotlight by IDC (click below to download):
It’s good to use antivirus and other cybersecurity products to protect against millions of pieces of viruses and the like. However, it’s critically important that you protect both your computer and antivirus itself from being hacked. Fortunately, the new security paradigm of dynamically-generated whitelisting provides the solution. Just make sure that your computer has a dynamically-generated whitelisting security solution such as Terra Privacy LLC’s Hacker Deterrent Pro.