The US Federal Government recently warned that the products Norton promotes for security can actually help hackers instead:
On Tuesday, the law enforcement agency issued an alert that “all Symantec and Norton branded antivirus products” could allow hackers “to take control” of a computer. — CNN: Symantec – the popular computer protector – may actually help hackers, feds warn
Actually, this news shouldn’t be totally surprising. After all, it’s common knowledge that hackers have had free reign over computers despite widespread use of Norton and other antivirus software.
But what is surprising is the fact that antivirus can actually weaken your computer, making it even more vulnerable than if you didn’t install it in the first place:
“By installing their software you’re actually making yourself less secure. There’s an irony in that,” said Jack Daniel, a computer security expert in Massachusetts.— CNN: Symantec – the popular computer protector – may actually help hackers, feds warn
To be fair, antivirus products do occasionally catch viruses. But, in the process of doing so, their very approach to malware removal can open the door to hackers (a much bigger problem to deal with).
How can the antivirus process let hackers in? Consider Norton again as an example. Norton scans emails as part of its malware removal process. However, a bug in their email scanning process can be triggered by hackers simply by sending an intentionally corrupt email.
It’s important to note: the user doesn’t need to open the email. On the contrary, Norton automatically opens the email to scan it, opening the backdoor for the hackers without any user interaction required:
“Symantec antivirus products use common unpackers to extract malware binaries when scanning a system. A heap overflow vulnerability in the ASPack unpacker could allow an unauthenticated remote attacker to gain root privileges on Linux or OSX platforms. The vulnerability can be triggered remotely using a malicious file (via email or link) with no user interaction.” — US Department of Homeland Security: Alert (TA16-187A)
In fact, Norton Antivirus even corrupted remote memory when scanning simple RAR files — a very common type of file used for compression (Federal Alert TA16-187A).
Normally, if a company opens the doors to hackers while promoting security, that company would be called a “scam.” But when you’re the largest security company on the planet, you can continue charging billions per year despite the most severe warnings possible from the highest authorities in the land.
Traditional antivirus and firewalls have an unfixable Achilles heel. What is this unfixable Achilles heel? What’s the alternative to traditional antivirus and firewalls? Why does this alternative succeed where traditional methods fail? All of these questions will be answered in upcoming blog posts.