Is the antivirus program running on your computer actually making it safer? How about the work filter to keep employees from browsing on inappropriate websites?
Security software has been recently discovered to be not as safe as advertised, according to a study conducted by Concordia University in Montreal.
Mohammad Mannan, assistant professor in the Concordia Institute for Information Systems Engineering (CIISE), and PhD student Xavier de Carne de Carnavalet examined 14 commonly used software programs that claim to make computers safer by protecting data, blocking out viruses or shielding users from questionable content on the internet.
“While a couple of fishy ad-related products were known to behave badly in the same set-up, it’s stunning to observe that products intended to bring security and safety to users can fail as badly.”
Central to the issues is how security applications act as gatekeepers to unwanted sites by inspecting a website’s certificate (which has been issued by a Certification Authority).
Usually, browsers themselves have to check the certificate provided by a website, and verify that is has been issued by a Certification Authority. However, security products trick the computer into thinking that they are themselves a fully entitled CA, allowing them to fool browsers into trusting any certificate issued by the products.
It is important for users to keep their software up-to-date, so that they can benefit from the latest security patches.
For companies that do not have time to assess whether their security protocols are stringent enough, there are ways to make security redundant: professional IT teams.
Although in-house IT teams are expensive, having a remote monitoring program in place can catch malicious websites before they take root in your company’s network.
Concordia University. “Not so safe: Security software can put computers at risk: Concordia University research reveals pitfalls of antivirus programs and parental controls.” ScienceDaily. ScienceDaily, 4 May 2016. <www.sciencedaily.com/releases/2016/05/160504161650.htm>.