Security software can put computers at risk: study

Is the antivirus programme running on your computer really making your computers safer to use, say for online banking? New research shows security software might actually make online computing less safe.
Researchers examined 14 commonly used software programmes that claim to make computers safer by protecting data, blocking out viruses or shielding users from questionable content on the internet.
They found that these programmes were doing more harm than good.
"Out of the products we analysed, we found that all of them lower the level of security normally provided by current browsers, and often bring serious security vulnerabilities," said Xavier de Carne de Carnavalet from Concordia University in Canada.

"While a couple of fishy ad-related products were known to behave badly in the same set-up, it was stunning to observe that products intended to bring security and safety to users can fail as badly," said de Carnavalet.
At the root of the problem is how security applications act as gatekeepers, filtering dangerous or unwanted elements by inspecting secure web pages before they reach the browser, researchers said.

Normally, browsers themselves have to check the certificate delivered by a website, and verify that it has been issued by a proper entity, called a Certification Authority (CA).
But security products make the computer "think" that they are themselves a fully entitled CA, thus allowing them to fool browsers into trusting any certificate issued by the products, researchers said.

The findings have important implications not only for everyday computer users, but also for the companies producing the software programmes themselves, they said.
"We reported our findings to the respective vendors so they can fix their products. Not all of them have responded yet, but we hope to bring their attention to these issues," said Mohammad Mannan from Concordia University.
"We also hope that our work will bring more awareness among users when choosing a security suite or software to protect their children's online activities," added de Carnavalet.
He cautioned that internet users should not view these security products as a panacea.

"We encourage consumers to keep their browser, operating system and other applications up-to-date, so that they benefit from the latest security patches," said de Carnavalet.
"Parental control apps exist that do not interfere with secure content, but merely block websites by their domain name, which is probably effective enough," he added.