Google Security Researcher Slams Antivirus Software For Its Vulnerabilities

Antivirus programs are designed to protect the user from malware and all kinds of nasty software that they might not be familiar with. However it seems that sometimes these softwares could also be the source of the problem, which is why Google security researcher Tavis Ormandy has recently slammed several Norton and Symantec products in a post on Google’s Project Zero blog.

According to Ormandy, “These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”

However it should be pointed out that Symantec has since fixed the vulnerabilities pointed out by Google, but Ormandy’s post basically points out that this is something that should not have happened in the first place, especially for a company that supposedly sells users products meant to protect them.

He has also noted that while some of the updates are done automatically, in some cases it doesn’t where it might require an IT administrator’s permission first, which is something that he urges administrators to quickly do. In the meantime for those with some technical knowledge, Ormandy has listed down the various vulnerabilities that were discovered on the Project Zero blog.

Tyler Lee
Categories: General
Tags: Google, Malware, Security