Antivirus Software Flaw Alert: Who's Watching The Virus Watchers?
By: Jim Stickley and Tina Davis
February 15, 2021
There’s no doubt those who use antivirus protection and those who don’t, will be surprised by the findings from a recent CyberArk study. Security researchers have uncovered ugly flaws in antivirus software: It too is vulnerable to compromise. Irony aside, it’s better these antivirus vulnerabilities be discovered now rather than later. That’s because they can be quickly patched by the companies who created them and made available for the public to update. The study finds antivirus solutions created by many of the world’s top providers are vulnerable to these flaws. It raises the question why providers were unaware of the issues until CyberArk’s study alerted them? It also makes one wonder why the “virus watchers” aren’t watching themselves.
In general, antivirus, malware-stopping software relies on elevated privileges for system installation. But CyberArk discovered it’s those same elevated privileges that can allow file manipulation attacks when malware allows attackers to gain those same elevated permissions to a vulnerable system. One of the biggest flaws found is the ability for an attacker to delete any file in the system, and another one allowing file corruption that enables content deletion of any system file. Once these privileges are in the wrong hands, any number of cyberattacks like ransomware and brute-force attacks are possible when bad actors infiltrate a system.
The study finds antivirus giants like Kaspersky, Symantec, Trend Micro, McAfee, Check Point, Microsoft Defender, Avira, and Fortinet are vulnerable to the discovered flaws. The good news is that each provider has since fixed the issues. For the savvy and not-so-savvy users, that means those who rely on the above vendors for antivirus solutions need to check pronto with their respective provider and download the security patch immediately. While you’re doing that, switch your settings to do automatic updates, so you’ll get patches as soon as they are pushed out.
It’s not a comforting thought to know your antivirus solution is itself vulnerable to attack. But knowing now rather than later allows a user to combat the vulnerabilities with a quickly applied patch from their security vendor. Take comfort knowing you’re protected going forward – for now. That is, until the watchers who watch the antivirus watchers find another flaw. Let’s hope there are no more left to be found.