Skip to main content
  1. Home
  2. Computing
  3. News

Google security pro Tavis Ormandy calls Verizon’s anti-virus certification “meaningless”

By

Hacker
hamburg_berlin/Shutterstock
Verizon-affiliated certificates for anti-virus are “meaningless,” according to Google security expert Tavis Ormandy, who claims that the awards fail to recognize “low hanging fruit” flaws in AV products.

In a blog post last weekend, Ormandy criticized ICSA Labs, an independent division of Verizon, for rewarding Comodo’s anti-virus software its 2016 Excellence in Information Security Testing Award despite the fact that he had discovered vulnerabilities in the product.

Recommended Videos

Comodo’s senior vice president of engineering Egemen Tas said ICSA accreditation was “an important third-party validation of Comodo’s leading security capabilities and technologies.”

Please enable Javascript to view this content

Ormandy on the other hand claimed that he was able to find “hundreds of critical memory corruption flaws” in the software when analyzing it. These flaws have all been fixed, but he said it’s evidence that more and more flaws in anti-virus products aren’t being caught in a timely fashion.

Ormandy points out that he’s not focusing on just Comodo as he has found several vulnerabilities in big name AV products including Kaspersky Lab, AVG, and Avast.

He added that ICSA’s methodology for testing AV products wasn’t rigorous enough. “These are the meaningless tests that antivirus vendors will actually scramble to pass. Perhaps the first step in improving the situation throughout the industry is making sure these certifications actually test something worthwhile,” he said.

“I’m trying to clean up some of the low hanging fruit that is endangering billions of users worldwide. I don’t think the antivirus industry is going to make even a token effort at resolving these issues unless their hand is forced.”

Along with Comodo, the organization awarded certificates to several other anti-virus and security companies including Palo Alto Networks, Imperva, and D-Link Huawei.

ICSA have yet to respond to a request for comment on Ormandy’s remarks.

Ormandy has made a habit out of publicly chastising security and anti-virus software makers for their mistakes and pushing for better practices.

I get asked constantly what av to use. You're missing the point; av creates more problems than it solves, and we're overdue an av slammer.

— Tavis Ormandy (@taviso) March 12, 2016

Last month he found a bug in Avast’s SafeZone browser that left passwords in danger. That same month he found a vulnerability in Malwarebytes that made users susceptible to man in the middle attacks while in December he discovered an AVG Chrome plug-in was potentially exposing the data of nine million users.

Topics
Jonathan Keane
Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Nvidia celebrates Trump, slams Biden for putting AI in jeopardy
The Nvidia RTX 5090 GPU.

In response to new export restrictions placed on AI GPUs, Nvidia posted a scathing blog criticizing the outgoing Biden-Harris administration. The administration's Interim Final Rule on Artificial Intelligence Diffusion largely targets China with restrictions on AI GPUs, according to Newsweek.

Nvidia disagrees. "While cloaked in the guise of an 'anti-China' measure, these rules would do nothing to enhance U.S. security. The new rules would control technology worldwide, including technology that is already widely available in mainstream gaming PCs and consumer hardware. Rather than mitigate any threat, the new Biden rules would only weaken America’s global competitiveness, undermining the innovation that has kept the U.S. ahead," wrote Nvidia's vice president of government of affairs Ned Finkle.

Read more
This new DirectX feature could completely change how PC games work
A scene from Fortnite running in Unreal Engine 5.

Microsoft has announced that neural rendering capabilities are coming to DirectX soon. Cooperative vector support, as it's called, will lead to "cross-platform enablement of neural rendering techniques," according to Microsoft, and it will usher in "a new paradigm in 3D graphics programming."

It sounds buzzy, but that's not without reason. This past week, Nvidia announced its new range of RTX 50-series graphics cards, and along with them, it revealed a slate of neural rendering features. Neural shaders, as Nvidia calls them, allow developers to execute small neural networks from shader code, running them on the dedicated AI hardware available on Nvidia, AMD, Intel, and Qualcomm GPUs. Microsoft is saying that it will enable these features on all GPUs, not just those sold by Nvidia, through the DirectX API.

Read more
This gaming PC with an RTX 4060 is on sale for $1,000 today
The iBuyPower Trace 7 on a white background.

Best Buy often has some great gaming PC deals, with one highlight available today: Right now, you can buy the iBuyPower Trace 7 gaming PC for $1,000 instead of $1,300. The PC includes the RTX 4060 GPU, so it’s ideal for mid-range gaming. It even comes with a keyboard and mouse, so you only need to make sure you have a screen to add to it. If you’re looking to upgrade your gaming PC for less, here’s what it has to offer.

Why you should buy the iBuyPower Trace 7
You won’t see anything from iBuyPower in our look at the best gaming PCs, but don’t let that discourage you. This is still a good option for those on a budget. This particular model has great hardware for the price. It has an AMD Ryzen 7 5700 CPU teamed up with 16GB of RAM and 1TB of SSD storage. More pivotal for a gaming PC is its graphics card: a GeForce RTX 4060 with 8GB of VRAM.

Read more