Skip to main content

Google security pro Tavis Ormandy calls Verizon’s anti-virus certification “meaningless”

Hacker
hamburg_berlin/Shutterstock
Verizon-affiliated certificates for anti-virus are “meaningless,” according to Google security expert Tavis Ormandy, who claims that the awards fail to recognize “low hanging fruit” flaws in AV products.

In a blog post last weekend, Ormandy criticized ICSA Labs, an independent division of Verizon, for rewarding Comodo’s anti-virus software its 2016 Excellence in Information Security Testing Award despite the fact that he had discovered vulnerabilities in the product.

Comodo’s senior vice president of engineering Egemen Tas said ICSA accreditation was “an important third-party validation of Comodo’s leading security capabilities and technologies.”

Ormandy on the other hand claimed that he was able to find “hundreds of critical memory corruption flaws” in the software when analyzing it. These flaws have all been fixed, but he said it’s evidence that more and more flaws in anti-virus products aren’t being caught in a timely fashion.

Ormandy points out that he’s not focusing on just Comodo as he has found several vulnerabilities in big name AV products including Kaspersky Lab, AVG, and Avast.

He added that ICSA’s methodology for testing AV products wasn’t rigorous enough. “These are the meaningless tests that antivirus vendors will actually scramble to pass. Perhaps the first step in improving the situation throughout the industry is making sure these certifications actually test something worthwhile,” he said.

“I’m trying to clean up some of the low hanging fruit that is endangering billions of users worldwide. I don’t think the antivirus industry is going to make even a token effort at resolving these issues unless their hand is forced.”

Along with Comodo, the organization awarded certificates to several other anti-virus and security companies including Palo Alto Networks, Imperva, and D-Link Huawei.

ICSA have yet to respond to a request for comment on Ormandy’s remarks.

Ormandy has made a habit out of publicly chastising security and anti-virus software makers for their mistakes and pushing for better practices.

I get asked constantly what av to use. You're missing the point; av creates more problems than it solves, and we're overdue an av slammer.

— Tavis Ormandy (@taviso) March 12, 2016

Last month he found a bug in Avast’s SafeZone browser that left passwords in danger. That same month he found a vulnerability in Malwarebytes that made users susceptible to man in the middle attacks while in December he discovered an AVG Chrome plug-in was potentially exposing the data of nine million users.

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Dell XPS 13 laptop just crashed to its cheapest-ever price
The Dell XPS 13, open on a table in front of a window.

If you like the idea of a thin and light laptop like the MacBook Air but don't want to enter the Apple ecosystem or spend a lot of money, then the Dell XPS lineup is right up your alley. In essence, the Dell XPS 13 is Dell's response to the MacBook Air, and while it can still be relatively expensive, this configuration has a great deal on it. You can grab it now at Dell for just $600, rather than the regular $800, making it one of the better Dell XPS deals we've seen this week.

Why you should buy the Dell XPS 13
The Dell XPS 13 is a surprisingly powerful little laptop for its size; with a mid-range 12th Gen Intel Core i5-1230U, it can handle many things. That means anything from day-to-day activities to productivity tasks and even potentially some editing work. Because of it's 0.55-inch thickness and 2.59-pound weight, you can easily put it in a bag and carry it around with you, making this a great option if you're constantly on the move and need a laptop for work or school. The 13.-6inch screen only runs FHD, but that's not an issue with a screen that small, and, more importantly, it can hit an impressive 500nits of peak brightness, meaning you can use the XPS 13 in any situation, including outside on a bright day, which is impressive.

Read more
Best gaming laptops in 2023: Razer, Lenovo, Asus, and more
Cyberpunk 2077 on the Lenovo Legion Pro 5.

Finding the best gaming laptop is no easy task. You want something as portable as it is powerful, all while balancing battery life, heat, and fan noise. A lot of gaming laptops get this balance wrong, but a select few rise above and get it right.

We have a new crop of gaming laptops thanks to next-gen CPU and GPU options from AMD, Nvidia, and Intel, but one sits above the rest. The Lenovo Legion Pro 5 is the best gaming laptop you can buy right now thanks to its chart-topping performance, decent price, and fantastic build quality. But it's not the only great gaming laptop we've reviewed this year.

Read more
This weird sneaker PC is on sale for less than you might think
The Cooler Master CMODX Sneaker X PC against a red background.

If you’re feeling like your PC is a little boring, you’re in luck, as Cooler Master’s experimental brand CMODX has started selling its utterly weird Sneaker X shoe-shaped computer to all and sundry. The price? A hefty $3,499.

For that, you get an Intel Core i7-13700K CPU, an Nvidia RTX 4070 GPU, 32GB of memory, 2TB of storage, and a liquid cooling system. It’s all wrapped up in a bright, garish case shaped like a chunky sneaker, of all things.

Read more