14 DAY TRIAL // Less known to users is the fact that antiviruses (AV), the programs they use to protect their computers, can also be hacked, just like any other piece of software. This is not only a science-fiction theory, but something that attackers are actively searching for, and that security researchers are working to discover and then help AV makers patch.
A ground-breaking study was carried out in November last year, when AV-TEST, an independent IT-security institute, presented the results of the research into the self-protection measures employed by antiviruses.
Back in 2014, only one antivirus targeting home consumers (Eset Smart Security 8) and another one targeting business endpoints (Symantec Endpoint Protection) were found to be fully protected against various attacks points.
AV-TEST has redone this test this year, and antivirus makers that were caught slacking when it came to self-security have learned their lessons and deployed better self-protection measures.
Antivirus self-protection is achieved by implementing DEP & ASLR in their codebase
This includes the use of DEP and ASLR, two techniques used by many software products to protect themselves, and more specifically, by the kernel of multiple operating systems, ranging from Android to Linux, and from Mac OS X to Windows.
ASLR stands for "Address Space Layout Randomization" and is a technique used against buffer overflow attacks by randomizing the position where data is stored in the memory.
DEP stands for "Data Execution Prevention" and is a hardware-based security system that marks memory data as executable or non-executable. With DEP enabled, only authorized data can be run.
Antivirus engines have learned their lesson
In AV-TEST's 2015 results, home consumer antivirus engines that have achieved 100% self-protection results include Avira Antivirus Pro, Bullguard Internet Security, Eset Smart Security, Kapersky Internet Security, McAfee Internet Security, and Symantec Norton Security. The product that has scored the lowest score in this test is K7 Computing Total Security, with only 25.9%.
In the business endpoint protection category, 100% test results have been achieved by three products, namely Kaspersky Lab Endpoint Security 10.2, Kaspersky Lab Small Office Security 4, and Symantec Endpoint Protection 12.1. The lowest score in this category has been for Seqrite Endpoint Security 16.00 with 29.8%.
