Monday, January 30, 2017

Anti Virus again

For a very long time I have been banging on about anti virus (AV) programs and how they appear to be designed to make email clients look bad.  Early on I though it was just me,  but then I found an MVP for Outlook Express that also had issues with Anti virus products and their continual ability to mess up email and email applications. Microsoft kindly removed his web presence.  I did get a copy of what he said in my post here though

Today I stumbled on a series of articles and discussion by people whose opinions I think are worth taking notice of.and they are all denouncing Anti virus products.  Some (most really) of this is not new.  But it would appear the cat may be out of the bag.  But You draw your own conclusions.

Robert O'Callahan, was a developer with Mozilla until about 12 months ago.  He has just posted to his blog a recommendation to Disable Your Antivirus Software (Except Microsoft's) a fairly strong statement followed up by a suggestion that. "At best, there is negligible evidence that major non-MS AV products give a net improvement in security".   So there we have it.  But why now?  Because when he tried doing something about the appalling way anti virus affected Firefox in 2012.  He was shut down for shaming Mozilla "partners".  Now having been away from Mozilla he feels he can freely express his opinion.  I encourage you to read everything he says on that blog post.  It really does not reflect well on so called "security" products.

This all gave me some vindication for my prior distaste for AV products,  but  then I wandered into  the twitter sphere of Chrome developer Justin Schuh where he said "AV is my single biggest impediment to shipping a secure browser." and "I could rattle off a laundry list of total security breakage due to worthless AV code."  So now we have developers involved with two major browser projects that are not at all happy with the way things are going with Anti Virus products.  Looking through that discussion you might notice a current Mozilla employee with a grime about AV caused problems,  and a computer technician that does not want thing to change because he makes his money fixing the mess left by anti virus products.  So who actually think these things are doing their job and making things more secure.

Logic would indicate that at east those selling Anti virus product would be supporting them as a good thing.  Not so. Anti virus products are "doomed to failure," according to Brian Dye, senior vice president for information security at Symantec, the maker of Norton brand of anti virus products.

"Antivirus products are catching less than half of all cyberattacks", Dye said, in May 2014.  For a company that is aware of the playing field,  I wonder why they are still in the market all these years latter. (As the Wall street journal article is behind a paywall.  I will link to the ZDNet report for further reading.)

To give Norton a break, they have concentrated more on whitelisting applications that their firewall will allow to access the internet in the past few years.  But this has issues all of it's own.  Thunderbird releases a new version and the support forums light up with users who can no longer get their mail because Nortons firewall has blocked the new version.

But the question is still open.  Is their software leaking?  Is it secure? I really do not know.  Norton had issues last year.  but given the speed of their releases, can they really be doing much more than patching vulnerability as they are notified of them?
The SecurityIntelligence article that reported the Norton issues stated. "It’s a relatable conundrum: Security companies don’t want to lose their share of the market and often choose speed over safety, something corporate IT departments struggle with on a daily basis. But the continuing parade of bad medicine stories suggests that it’s time for a change; using kernel privileges carries the risk of Heartbleed-like failure and simply isn’t worthwhile in the long term. "

The reality is all anti virus products have issues,  just how bad they are is still open to some discussion.  But I think everyone should take just a little time to actually consider what their anti virus product is doing for them, and what issues it might be causing for them.  Not the least of which is slowing your system down.

For once a bibliography.
ZDNet article that set me off on this journey 
Twitter discussion Justin Schuh
Robert O'Callahan's blog post
Antivirus Hall Of Shame discussion on mozilla.dev.platform
Security intelligence report on Norton's vulnerability.
ZDNet report on comments by Brian Dye, senior vice president for information security at Symantec