Researchers from Concordia University have found that various versions of anti-virus programs often claiming to make computers safer by protecting data may actually end up harming the systems. This includes parental control software to keep children off inappropriate sites as well.
The study conducted by Mohammad Mannan, assistant professor in the Concordia Institute for Information Systems Engineering (CIISE), and PhD student Xavier de Carné de Carnavalet found that 14 of the most commonly used anti-virus software were doing more harm than good to the machines.
The root problem described by the researchers stems from how these applications act as guards, filtering dangerous or malicious elements by inspecting secure web pages before they reach the browser. Browsers like Chrome or Edge run a check of certificates delivered by websites, verifying if they have been issued by a proper entity known as Certification Authority (CA). But when an antivirus like the ones tested are involved, it makes the computer "think" that they are themselves a fully entitled CA, hence tricking browsers into believing any certificate issued by the products are safe.
"Out of the products we analysed, we found that all of them lower the level of security normally provided by current browsers, and often bring serious security vulnerabilities," says de Carnavalet. The two of them say they have reported their findings to the vendors, whom they have not named, and a few of them have responded. They said they are also working to raise awareness among users when choosing a security software to protect children's online activities.
How to be safe
The researchers say this flaw is limited to certain older versions of these anti-virus software and some new ones as well that may get an update soon. One way to avoid this fiasco is to keep your browser, operating system and other applications up-to-date, which mostly come with the latest security patches.