AV-Test: antivirus vendors should better protect their own software
AV-Test rated the software based on their use of ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) which are measures that should make it harder for attackers to abuse vulnerabilities in software. The antivirus software was also rated on the usage of signed files and the usage of HTTPS to offer updates.
Half of the tested antivirus applications fully utilized ASLR and DEP which is an improvement over a test that AV-Test conducted in 2014, when only 2 antivirus vendors utilize those technologies. Some antivirus vendors told AV-Test to never be able to fully use ASLR and DEP because their protection technology is incompatible with these security measures.
Another test item was the use of signed files. This way the developer of a file can be identified. For security this is important as the antivirus software can check the authenticity and integrity of its own files. Fifteen vendors distributed unsigned files or files that were signed with an invalid certificate.
The last test item was the security of the file distribution. According to AV-Test all software should be offered through HTTPS. In case HTTP is used, an attacker is able to manipulate the download and replace the original update with malware or a modified version. From the 19 vendors that offer a direct download of their software, 13 used the insecure HTTP.
AV-Test notes that security companies, especially because of their role in the software industry, should give a good example and that theres lots of room for improvement. Only Bitdefender, ESET and Kaspersky Lab fully utilize ASLR and DEP, sign all files with valid certificates and offer secure downloads.
The CTO of AV-Test, Maik Morgenstern, does add that while the security of some antivirus vendor isnt on par, it doesnt mean users should use any antivirus software at all, “the test indicates that some manufacturers, through complacency, weaken their own security software due to potential security gaps. But using this as a reason to forgo all protection would result in even graver consequences.”