You may want to think twice before installing Antivirus software on your computer. For decades installing Antivirus software on your computer has been recommended to keep you and your computer safe. But no more. In fact, having this software on your computer increases your chances of something going terribly wrong. If you have antivirus, you may want to uninstall it now.
It does sound counter-intuitive to “Remove Antivirus software to make your computer safer!” but it is true.
Why we used antivirus software
For decades computers were affected by viruses and worms being spread in documents via floppy disk, email, CDs or other media. Once activated typically by opening a file it your computer was infected. It was a slow process to modify the virus and it took time to spread. Antivirus software companies had time to help prevent them from spreading and it generally worked.
Today’s threat
Today however, the threat is different. Viruses are not the only type of evil computer software out there. Malware – short of Malicious Software – has become even more sophisticated. These little program create havoc on computers often allowing attackers to damage your files; encrypt your files so they can hold them for ransom; add spying tools to access your webcam, get your passwords, and do all sorts of crazy things.
Malware is being distributed in new ways. With web sites dependent on advertising, attackers have sophisticated ways to distribute malware by ad networks allowing them to infiltrate major companies around the world. In April 2015, Adobe Flash was used as major vector of attack for malware that used Google’s DoubleClick ad network to spread randsomware. Attacks are always being updated and are also written in JavaScript which can be executed by any web browser.
Malware is changing and adapting at a very fast rate and attacks are immediate. We discover them during an attack and the ad networks stop them by disabling the fake ads. Antivirus software can not catch up to this and in fact have no way of stopping this type of attack.
Antivirus makes your computer insecure
When Antivirus software is installed on your computer it must gain low-level access to your operating system for it to work. This allows it to do anything it wants including reading and writing all your files, and intercepting all your web traffic – including all the “secure” traffic.
Man-in-the-middle attack
A man-in-the-middle attack is when an attacker is in between you and the intended target and relays the information over. The attacker reads all the “secure” communication then passes it on to it’s original target. If desired, the attacker can modify the message before sending it, spoofing the message, and making it seem as if is really from you or the target.
For example, you want to log into to your bank’s web site. You go to mybank.com over a secure connection and enter your username and password. The page submits your credentials and you are logged in. That’s how it’s supposed to work.
However, if you have Norton Antivirus (or other antivirus software) installed and it is conducting a man-in-the-middle attack.
What’s really happening:
- You type mybank.com into your web browser.
- Norton intercepts the request and connects securely to your mybank.com instead
- A secure response is received from mybank.com
- The secure response is decrypted by Norton and inspected.
- Norton encrypts the response using it’s own secure certificate
- Norton sends the response to the browser.
- Your web browser has a green address bar and everything looks like it’s securely encrypted.
You may think you have a secure connection to your bank but instead the antivirus software was attacking you in a man-in-the-middle attack.
You may feel that this isn’t too bad, but it really is. If you needed to deposit $10,000 into your bank, would you go outside and give that money to some random person standing on your drive way wearing a “MyBank Employee shirt” and trust they will deposit it for you? I didn’t think so.
The Attack Surface
An attack surface is a security term used to describe the area provided to a hacker to try to attack you. Think about it this way, if you told someone to use a ball an throw it into a house. If you aim for a small bathroom window it’ll be hard to hit it, however, if there was a large glass patio door you’ll have a better chance of breaking it.
When you install antivirus software on your computer you are actually installing a large attack surface for the hacker. Antivirus software is super dangerous because it installs at such a low level within the Operating System where it has a lot of privileges to do whatever it wants on your computer. An attacker can do so much with this larger attack surface.
Unfortunately, as many suspected a lot of security software is not actually secure. In June 2016, security researches found High-severity bugs in 25 Symantec/Norton products imperil millions. These bugs along side the bigger attack surface allows worms, unopened emails, malicious web pages to infect and take control of your computer. All these attacks can take place because an attacker can take advantage of the bugs in the antivirus software and execute code or monitor you remotely from your computer.
If you put the two examples together the man-in-the-middle attack and the larger attack surface you can start to see how exactly attackers could own you. An attacker could send an email to you that is executed without you interacting with it. The email simply arrives in your inbox, and malware is installed on your computer. Now, every time you visit a web site that information is sent to the attackers. Your usernames and passwords from your financial web sites, and other important sites are read and sent to the attackers. To make matters worse, maybe after a few weeks once they gather all your information, they decide to encrypt your files and hold you to ransom until you pay. It just gets worse and worse.
What should you do to be safe?
You could start by uninstalling antivirus software from your computer. Making sure the certificates are removed from the Certificate Root Store. This will stop the man-in-the-middle attacks from your antivirus software and reduce the attack surface.
Now the software has been removed from your computer you need to be extra vigilant as you are now responsible trying to keep your computer safe. Don’t click on random links or attachments in emails. Unless you are expecting something from someone you know, don’t click or open attachments.
Trust no-one. That’s the general mantra of the internet. It’s a dangerous world out there but with some training you can navigate safely around in it. Watch yourself and try not to be hacked.
I stopped uaing antiviruses around 15 years ago and all my computers since have worked better