Security Software - Why it may make you LESS safe

Started by Jeremy Collake, March 23, 2013, 03:21:51 PM

Previous topic - Next topic

Jeremy Collake

Security software, specifically anti-virus and anti-malware software, has been a staple in the Windows world since Windows 95. Users are told they need this software to keep them safe, or else they're in for a world of hurt. In this post, I'll take a minute to tell the real story and reveal why your security may make you considerably LESS safe!

Security software rarely detects new or targeted threats

Sadly, the virus and malware authors are always one step ahead of security industry. These rogue programmers use the same software you do, and actively work to make sure they have defeated it. Since differentiating new malware from legitimate applications is nearly impossible, new malware usually slides right through the detection net. After all, if security software worked great, a lot fewer cases of malware infestation would exist!

But wait, you say, what about those 99% detection rate claims? Well, they are testing against samples already known to the security industry. I would certainly hope they have a good detection rate when it comes to those! For unknown , new, or targeted malware, which is regenerated daily, and the only kinds you are likely to encounter, the detection rate is much lower.

Security software is prone to false positives

In the effort to try to detect new, unknown, or targeted malware, some security products are well known to alert on just about everything, including lots of legitimate applications, especially those from smaller developers. As a small developer myself, I find this highly frustrating. I sign my applications, make sure they don't do anything that looks shady, and generally do all I can to avoid false positives, but still they occur so routinely they are to be expected.

It isn't just small developers that are affected though, false positives occur on all sorts of software. One false positive by McAfee a few years ago, on svchost.exe, a critical part of Windows, had a catastrophic effect on countless PCs worldwide.

Worst is that the new web site rating services that security products now offer can take a single false positive and turn it into a badly rated domain. Getting these false positives or web site ratings fixed can be very difficult and time consuming. Some security companies are responsive, others much less so! I had one invalid site rating from a major security provider, which happened due to a false positive, last weeks, and then recur 4 times before they finally fixed it. I nearly lost my mind.

Better to have false positives than missed detections, you say? Well, unfortunately, it doesn't work that way. The malware authors work to avoid detection, so are somewhat less vulnerable to false positives. Further, users get so used to seeing false positives, they may very well quit taking detections seriously!

Security software companies often distribute malware themselves (installer bundles)

Since I consider installer bundles malware, it is painful to see security companies using installer bundles. We've all seen these bundles. You download application X, and are presented with deceptively packaged offers for applications Y and Z. The user's intent was only to install application X, so it is a clear violation of the user's wishes.

It is extremely easy to accidentally get one of these bundled components installed. Since all parties involved make money per install, they have gotten more and more deceptive. Download sites like CNET now even attach their own bundles to downloads.

The most common bundles are toolbars and other web browser add-ons. They clutter up your PC and web browser, bringing performance down. Some are difficult to disable, and almost all behave in deceptive ways. This massive browser add-on problem got so bad, with some users ending up with an unreal number of browser add-ons, Microsoft had to start disabling all of them by default in Internet Explorer, forcing users to selectively choose which are enabled.

Sadly, the entire software industry seems to have adopted these bundles. While it would be nice for security software to detect these as malware, instead security software companies are themselves using installer bindes! They distribute free scanners, web site rating tools, and other 'teaser' components with common applications. One example is McAfee bundling its teaser products with Java!

I wish I could say there was ANY security company out there detecting installer bundles as malware, but there aren't. Instead, I can't think of one that does NOT use installer bundles.

Security software companies have a hard time deciding what is malware

Similar to not detecting deceitful installer bundles as malware, security companies have a hard time deciding what is malware, and what is just a deceitful application. They've even been sued. These days, rogue software companies simply push it up to the limit of being considered malware, and get away with virtual murder. Their borderline applications not only aren't detected, but the distributing web sites are often certified by security companies as safe, a service you can pay for at most security software companies.

Given that rogue software of all types gets away intentionally undetected, the utility of anti-malware products goes down even further.

Security software offers a false sense of security

Given all this, we see that security software isn't very useful. However, it really becomes harmful when users believe they are protected from threats. This may leave them to act more wrecklessly, under the false notion that their security software is protecting them. It seems preferable to remove this illusion of security, and instead have users realize that their safety is in their own hands. User education and common sense is much more effective than any security software!

Conclusion

If slowing your PC down considerably wasn't bad enough, we now see that the actual utility of security software is quite questionable, as are the practices of many of these companies when it comes to rogue installer bundles. They are unlikely to detect any real threats, likely to let rogue borderline applications skate by, and give users a false sense of security. I'd say, toss away the illusion, and start realizing that nothing can protect you except your own judiciousness!
Software Engineer. Bitsum LLC.

edkiefer

#1
I couldn't agree more , most risk issue come from anti-virus companies for sales .
here been my experience with AV software , during win95-98 never had it and think I got maybe total of one or 2 positives with online scanners . I say this cause system worked fine, I used to just check because no AV installed .

During XP I had Dell system, has AV out of box , well got two reports which it was unable to stop, it did tell me the issue but i had to clean it up, it couldn't do it .

Now with win7 64bit I don't have any installed, I must say though how you setup your system and were you go and DL stuff makes huge difference . I used to think was not worth it because of performance issues but now with modern CPU its not so much a issue or shouldn't be but again go on side of no AV .

Just hope I don't jink myself now (knock on wood )  :)
Bitsum QA Engineer

Jeremy Collake

Glad I don't sound too deranged. I continue to edit this .. lackluster ramble ;). It's not a great idea to even say anything, to be honest. Financial interests reign supreme here for sure. There is lots of money in the bundling of security suites with everything possible. Sales through fear, as who wants to take the chance?
Software Engineer. Bitsum LLC.

BenYeeHua

As an user that using China security software, just wanna add some info.
There are many companies, saying the security software is steal user data, lying.
But, they never giving the strongest prove for every accusation.
Who is right? Who is wrong?
How I know. ;D

Just remember one thing, every BIG companies need money. :)
----
QuoteOther browsers like Chrome and Firefox don't do this, and are targeted nearly as much these days.
This is wrong for Firefox, maybe Chrome too(I don't use it).
If other software install the add-on, Firefox will open a new tab and say which add-on wanna install, did you allow it?
Except you just close the tabs and keep browsing. ;D

Jeremy Collake

Thanks for the correction. I don't use Firefox often, so didn't realize that. Chrome does not do this.
Software Engineer. Bitsum LLC.

edkiefer

IMO, that is a mistake on win8 and there anti virus, they should have icon and notification at system tray . I know they want to have it all in one module but in this instance I think its wrong way .

I never had issue with Firefox installing stuff when web browsing, I never even let website install anything . If it says I need something i go direct to maker site, not what they say is correct version .
Bitsum QA Engineer

BenYeeHua

Quote from: edkiefer on March 24, 2013, 04:29:24 PM
IMO, that is a mistake on win8 and there anti virus, they should have icon and notification at system tray . I know they want to have it all in one module but in this instance I think its wrong way .

I never had issue with Firefox installing stuff when web browsing, I never even let website install anything . If it says I need something i go direct to maker site, not what they say is correct version .
Yup, except dev version of add-ons on their forum to working correctly with the Nightly(Firefox). ;)