Beware! Antivirus can make online transactions less safe

Is the antivirus software running on your computer really making it safer to use, say, for online banking? Probably not, says a study that found that security programmes might actually make online computing less safe.

For the study, the researchers examined 14 commonly used software programmes that claim to make computers safer by protecting data, blocking out viruses or shielding users from questionable content on the internet. Time and again, the researchers found that these programmes were doing more harm than good.

"Out of the products we analysed, we found that all of them lower the level of security normally provided by current browsers, and often bring serious security vulnerabilities," said one of the researchers Xavier de Carne de Carnavalet from Concordia University in Montreal, Canada.

"While a couple of fishy ad-related products were known to behave badly in the same set-up, it's stunning to observe that products intended to bring security and safety to users can fail as badly," de Carnavalet said in an official statatement.

At the root of the problem is how security applications act as gatekeepers, filtering dangerous or unwanted elements by inspecting secure web pages before they reach the browser. Normally, browsers themselves have to check the certificate delivered by a website, and verify that it has been issued by a proper entity, called a Certification Authority (CA).

But security products make the computer "think" that they are themselves a fully entitled CA, thus allowing them to fool browsers into trusting any certificate issued by the products, the study said. This research has important implications not only for everyday computer users, but also for the companies producing the software programmes themselves.