When security products make systems less secure

There has been an increase in reports pf security products recently which make user systems less secure when they are installed, used or even just present on the system.

Many antivirus companies have added tools and products to their security programs in recent years to increase the perceived value of the product, add new features to them that users may find useful, and to add new revenue opportunities in form of custom search deals.

It is quite common for instance that companies deploy browser extensions on systems that change the search provider, new tab page or home page. Others have created custom versions of the Chromium browser to improve user security while the browser is being used, often calling these custom browsers secure or safe to indicate that.

Google started to analyze browser extensions and custom browsers recently and the results are quite disturbing.

mod apk

The three custom Chromium-based browsers the company analyzed were found to weaken security instead of improving it.

The latest company that Google contacted about security issues found in their products is Avast. The company’s SafeZone browser, based on Chromium, allowed attackers to read any file on the system by getting users to click on links.

chromium security issues

This worked even if users never used SafeZone, as data is automatically imported from a Chrome installation when the program is installed on the user system.

You don’t even have to know the name or path of the file, because you can also retrieve directory listings using this attack. Additionally, you can send arbitrary *authenticated* HTTP requests, and read the responses. This allows an attacker to read cookies, email, interact with online banking and so on.

avastium vulnerability

The company released an update in the meantime that fixed the issue. SafeZone is secure if you have build number 2016.11.1.2253 or newer installed.

Avast is not the only company that has been reprimanded by Google for weakening user security. Just two days ago, it was Comodo and the company’s Chromodo browser, also based on Chromium, that was shamed publicly by Google.

And before that, Google revealed vulnerabilities in products by AVG, Trend Micro, Malwarebytes, and several other products as well.

While there is certainly always the possibility that software programs have security vulnerabilities, some may find it a fair assumption that these add-on products and services do more harm than good.

What weights even more is that these security companies should know better, considering that security and keeping users safe is their business.

Some companies provide users with options to customize what is installed during installation while others don’t offer these options at all. It is probably a good idea to block the installation of any add-on service, browser extensions or standalone browsers, considering the findings of the past couple of months.


Article Name

When security products make systems less secure


Security products by several popular companies were found to contain security vulnerabilities that make user systems less secure.


Martin Brinkmann


Ghacks Technology News


About Martin Brinkmann

Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook, Twitter or Google+

This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.