Skip to main content

Google security pro Tavis Ormandy calls Verizon’s anti-virus certification “meaningless”

Verizon-affiliated certificates for anti-virus are “meaningless,” according to Google security expert Tavis Ormandy, who claims that the awards fail to recognize “low hanging fruit” flaws in AV products.

In a blog post last weekend, Ormandy criticized ICSA Labs, an independent division of Verizon, for rewarding Comodo’s anti-virus software its 2016 Excellence in Information Security Testing Award despite the fact that he had discovered vulnerabilities in the product.

Recommended Videos

Comodo’s senior vice president of engineering Egemen Tas said ICSA accreditation was “an important third-party validation of Comodo’s leading security capabilities and technologies.”

Ormandy on the other hand claimed that he was able to find “hundreds of critical memory corruption flaws” in the software when analyzing it. These flaws have all been fixed, but he said it’s evidence that more and more flaws in anti-virus products aren’t being caught in a timely fashion.

Ormandy points out that he’s not focusing on just Comodo as he has found several vulnerabilities in big name AV products including Kaspersky Lab, AVG, and Avast.

He added that ICSA’s methodology for testing AV products wasn’t rigorous enough. “These are the meaningless tests that antivirus vendors will actually scramble to pass. Perhaps the first step in improving the situation throughout the industry is making sure these certifications actually test something worthwhile,” he said.

“I’m trying to clean up some of the low hanging fruit that is endangering billions of users worldwide. I don’t think the antivirus industry is going to make even a token effort at resolving these issues unless their hand is forced.”

Along with Comodo, the organization awarded certificates to several other anti-virus and security companies including Palo Alto Networks, Imperva, and D-Link Huawei.

ICSA have yet to respond to a request for comment on Ormandy’s remarks.

Ormandy has made a habit out of publicly chastising security and anti-virus software makers for their mistakes and pushing for better practices.

I get asked constantly what av to use. You're missing the point; av creates more problems than it solves, and we're overdue an av slammer.

— Tavis Ormandy (@taviso) March 12, 2016

Last month he found a bug in Avast’s SafeZone browser that left passwords in danger. That same month he found a vulnerability in Malwarebytes that made users susceptible to man in the middle attacks while in December he discovered an AVG Chrome plug-in was potentially exposing the data of nine million users.

Jonathan Keane
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Still shopping? Amazon Prime Day deals going strong into day 4
We're bringing you the best Prime Day deals throughout the sales period
Best Prime Day Gift Card Deals

It’s the fourth and final day of the longest ever Amazon Prime Day event, and if you thought the best deals were behind us, think again. Amazon’s stretching this year’s event across four full days (July 8 -11 ) which means price drops are still rolling in hot, with fresh discounts landing on everything from big-name tech to everyday essentials.

There have been stellar savings so far, with the AirPods Pro 2 heading down to $149 as the best saving we've seen.

Read more
Apple loses AI whiz to Meta with an offer that will make your eyes water
Meta AI widget on Home Screen.

It was just last month that OpenAI boss Sam Altman claimed that Meta had been trying to poach his top AI engineers by offering hiring bonuses of as much as $100 million.

There was renewed interest in the matter earlier this week when it emerged that Ruoming Pang, an esteemed AI engineer who oversaw Apple’s AI models, had jumped ship to Meta.

Read more
I found the best Prime Day deal on a tablet hidden beyond Amazon
Microsoft Surface Pro 12-inch, stylus, and keyboard.

A good tablet can take your productivity to the next level, but a boring one will find a niche use and eat dust on a table or couch for most of its time. I love iPads and have been pushing them – as far as I can — to act as my primary computing machine for nearly half a decade now. It has never managed to replace a proper laptop, like a MacBook Air or a Windows machine. 

Why not buy a Windows laptop, you might ask? Well, Windows-powered tablets, especially those Surface devices sold by Microsoft, are pretty expensive. I love the new 12-inch Surface Pro, but at $799, it felt like a steep purchase despite its impressive specifications. 

Read more