In this article, we’ll go through some of the downsides of anti-virus software. So first up they don’t catch all malware and are particularly poor against custom targeted and crypted malware and unfortunately many malware is encrypted so fits into the category of not able to deal with very well. They also affect the performance of your machine by slowing it down and generally getting in the way.
Privacy and Anonymity concern
Anti-virus is a serious privacy and anonymity concern if you care about those things. This for me personally, stops me wanting to use them when I want to do anything private. And here is why – They need to update signatures for one which requires regular contact with the mother ship so they know where you are and they know when you’re online so they have a limited understanding of your habits based on that metadata. Many of them have features like URL filtering, spam filtering and cloud protection that keeps constant contact with the mothership as well which is great for security but bad for privacy. Then there are the reputation systems which send and receive information about the applications that you’re running on your system which again is more information, more data and with these reputation systems, you don’t really know what data they’re sending back! But again reputation systems are brilliant for security but questionable for privacy and anonymity.
Breaks SSL/TLS
Some antivirus products break your SSL encryption so that they can filter your web traffic which is not really desirable but required in order to filter bad web requests. If they cannot see into your encrypted traffic they cannot filter it so unfortunately some of them have to break the SSL in order to do that.
May send Memory dumps
Your antivirus can potentially send dumps of memory and other undesirable things because they are under full and administrative privileges. Obviously, if you’re using whole disk encryption or some form of encryption your encryption keys could be sent to them if they are receiving memory dumps. The point is almost all antivirus are closed source. They’re sending traffic encrypted and we just don’t know what’s under the hood. We have no idea what might be being communicated and sent and it can be anything because they have full privileges and access to everything.
Some comes with Adware and some sell your data
Some of them antiviruses come bundled with Adware and other PUPs or potentially unwanted programs especially the free ones, you will get annoying ads which also affect your privacy. With free malware protection make sure they are not selling your data. AVG and Avast, for example, can sell your browser and search history to advertisers. Remember with anything free consider how they make their money as they have to make it some way unless they are a charity. If privacy and anonymity are of top priority then you can’t really use anti-virus that calls home to the mothership which is effectively most of them.
Increases attack surface
Another looming issue which is only going to get much worse in my opinion is that antivirus increases the attack surface of your devices. Anti-virus has deep access into your operating system and any security vulnerabilities that they have will give a potential attacker deep access into your system and this isn’t speculation unfortunately. Anti-virus has and will continue to have security vulnerabilities.
The updates that your anti-virus gets both to the application and to the signatures can be an attack vector. An adversary could force a malicious update as many anti-virus products downloads all via HTTP instead of HTTPS thus traffic could be injected into by an adversary to attack the user.
So as you can see anti-virus is an attack surface in itself even though it is a security tool and it is a very useful attack surface allowing to leverage deep access into the operating system and potentially remotely while you are surfing the web. Because a lot of these antivirus products integrate with what you’re doing in the web and these vulnerabilities have been seen and have been shown. So we need to consider how do the benefits of anti-virus outweigh the potential downsides. Now the answer to that is an altering cat and mouse game of attack and defence which marches on and is very individual to you and your particular threat landscape.
Conclusion
I recommend anti-virus for people using Windows who aren’t too technically savvy, don’t really know how to implement all the rest of the complex security controls and for people who really don’t care much about constant contact with the vendor
So for those non-tech-savvy people If you’re using Windows, AV is good to go. If privacy isn’t a concern you can get good security by enabling the endpoint protection features of the high-end versions of the antivirus products which really are endpoint protection products such as application controls and reputation systems as these can restrict malware more than the more traditional ways of stopping malware with your anti-virus products which are just signature, behavioural analysis heuristic analysis which is proving to be less useful these days to prevent malware.