Not so safe: Security software can put computers at risk
Concordia University research reveals pitfalls of antivirus programs and parental controls
Date:
May 4, 2016
Source:
Concordia University
Summary:
Is the antivirus program
running on your computer really making your computers safer to use, say, for
online banking? Is the parental control software you bought to keep your child
off inappropriate sites transparent for the overall safety of your computer?
New research shows security software might actually make online computing less
safe.
Is the antivirus program running on your computer really
making your computers safer to use, say, for online banking? Is the parental
control software you bought to keep your child off inappropriate sites
transparent for the overall safety of your computer?
For the study, Mohammad Mannan, assistant professor in the Concordia Institute for Information Systems Engineering (CIISE), and PhD student Xavier de Carné de Carnavalet examined 14 commonly used software programs that claim to make computers safer by protecting data, blocking out viruses or shielding users from questionable content on the Internet.
Time and again, the researchers found that these programs were doing more harm than good.
"Out of the products we analyzed, we found that all of them lower the level of security normally provided by current browsers, and often bring serious security vulnerabilities," says de Carnavalet, who was surprised by how widespread the problem has become.
"While a couple of fishy ad-related products were known to behave badly in the same set-up, it's stunning to observe that products intended to bring security and safety to users can fail as badly."
At the root of the problem is how security applications act as gatekeepers, filtering dangerous or unwanted elements by inspecting secure web pages before they reach the browser.
Normally, browsers themselves have to check the certificate delivered by a website, and verify that it has been issued by a proper entity, called a Certification Authority (CA).
But security products make the computer "think" that they are themselves a fully entitled CA, thus allowing them to fool browsers into trusting any certificate issued by the products.
This research has important implications not only for everyday computer users, but also for the companies producing the software programs themselves.
"We reported our findings to the respective vendors so they can fix their products," says Mannan. "Not all of them have responded yet, but we hope to bring their attention to these issues."
"We also hope that our work will bring more awareness among users when choosing a security suite or software to protect their children's online activities," says de Carnavalet, who cautions that internet users should not view these security products as a panacea.
"We encourage consumers to keep their browser, operating system and other applications up-to-date, so that they benefit from the latest security patches," he says.
"Parental control apps exist that do not interfere with secure content, but merely block websites by their domain name, which is probably effective enough."
This research was supported in part by an NSERC Discovery Grant, a Vanier Canada Graduate Scholarship and the Office of the Privacy Commissioner of Canada's Contributions Program. These findings were originally pre
Cite
This Page:
Concordia
University. "Not so safe: Security software can put computers at risk:
Concordia University research reveals pitfalls of antivirus programs and
parental controls." ScienceDaily. ScienceDaily, 4 May 2016. <www.sciencedaily.com/releases/2016/05/160504161650.htm>.
Regards
Pralhad
Jadhav
Senior
Manager @ Library
Khaitan
& Co
Best
Paper Award | Received the Best Paper Award at TIFR-BOSLA National Conference on
Future Librarianship: Innovation for Excellence (NCFL 2016) on April 23,
2016. The title of the paper is “Removing
Barriers to Literacy: Marrakesh VIP Treaty”
Note | If anybody use these post for forwarding in any social media coverage
or covering in the Newsletter please give due credit to those who are taking
efforts for the same.
No comments:
Post a Comment