Tuesday, July 11, 2017

Is antivirus software part of your threat model? Maybe it should be...

Recently we learned that the US Senate was pushing to add language to the National Defense Authorization Act (NDAA) that would prohibit the purchase and use of Kaspersky software anywhere in the DoD. This is nearly certainly a political move and CyberScoop’s Patrick Howell O’Neill did a great job of covering this story already from a political angle. It is entirely possible that the Senate’s statements about the NDAA are just political messages meant to rattle the sabers.

But should antivirus be part of your threat model? Perhaps it should. As Tavis Omandy has shown over the last year, antivirus software is often full of security vulnerabilities. This is especially concerning because antivirus runs with elevated privileges. And the elevated privileges make antivirus software so dangerous.

In considering this debate, it is important to consider the types of threats that antivirus software could pose if the vendor were subject to “influence” from a government. Obviously we are talking about this because of Kaspersky and the NDAA, but it is important to note that this any antivirus company could be subject to the same attacks. The risk is not only for antivirus companies that could be influenced – any software manufacturer with automatic updates could be used as an attack platform by a government. If one was hacked by an APT group (most likely a nation state), their customers would also be vulnerable (whether the software in question is antivirus or something else).

Read the full post here.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.