Former Mozilla Engineer: Disable Your Antivirus Software, Except Microsoft's

5

509322

Spawn said:
It's true what he says about Third-party security layers can also increase surface layer of attack, as seen in previous reports about insecure third-party browsers and their configuration, among other things.

What I don't understand is, why doesn't he mention Security that does not infiltrate or interfere with how the Browser operates?

Windows Defender is (still) very underrated because it's the AV vendor's business to say Windows Defender is crap, use our products and services instead. The danger arises from the all the extras that come with modern Antivirus software, when it wants to scan your HTTPS traffic, alter certificates, or inject vulnerable web services with extensions and add-ons.

[You'll hear it next from Piriform about AV Vendors force installing their own version of PC Performance and Tuneup tools, and doing more damage to systems. On the otherhand, you don't need CCleaner on macOS or Android, so they should stick with Windows]. - This was a bad example.

I am not saying don't use a third-party Antivirus, but be aware of -unknown to us- the poorly written code that tries to interfere with the Modern Browser, or Bloatware that attempts to replace your Browser with their own version.

My point of view, of course.
Click to expand...

Messing with the browser is just plain bad ju-ju. That's all there is to it.
 
  • Like
Reactions: DardiM, shukla44, _CyberGhosT_ and 2 others
SKG2016

SKG2016

Level 1
Verified
Dec 19, 2016
42
Bollocks; I think if I am attacked by a Ransomware and Microsoft would never pay for the ransom or any monetary compensation. We would not want AV products in the first place, but the severity of continuously growing cyber threat forced us to do so.
 
  • Like
Reactions: DardiM, Andy Ful, shukla44 and 2 others
RejZoR

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
Windows Defender is garbage. Only good thing about it is simplicity of the interface. And that's about it. it's slow and lacks any kind of proactive protection features or actual fast reacting cloud. It's utterly pointless.
 
  • Like
Reactions: DardiM, FrFc1908, shukla44 and 5 others
W

Wave

Sorry but I will tell this former Mozilla engineer to silence himself right now. He worked on a web browser, not an AV product... He's got absolutely no idea. Does he even know how the injected DLLs work? They were not "rogue" in the way he is thinking of.

Solarquest said:
AV vendors don't follow standard security practices, which leads to many security bugs affecting the AV itself. To prove his point, O'Callahan points his readers to the Google Project Zero project, and especially to the activity of Google security researcher Tavis Ormandy, who in the past two years has discovered gaping security holes in the software of many anti-virus vendors, which in many cases led to a complete takeover of the affected system.
Click to expand...
You have to ask yourself: "Is this really the fault of the security product"? Sometimes it's not even in their control, but just due to gaps in the actual OS software. There are so many different ways to attack software it makes it impossible to prevent all attacks, and nothing is perfect... Obviously if someone is determined enough and has the skill-set then the target product is getting exploited no matter what you possibly do. This employee knew what he was doing due to experience and worked for Google, he wasn't a normal 20 year old on a blackhat forum copy-pasting code and compiling it, like most.

The person writing this article is making it seem like all security products can easily be tampered with, but this isn't the case what so ever; sure some security products might not be very good and may be vulnerable, but that doesn't mean they should speak for all of them. Kaspersky for example, have amazing self-defense mechanisms, and are not as easy to exploit... They use the damn hyper-visor which allows them to perform MSR hooking without worrying about PatchGuard protection for example, now tell me that is not advanced!

I bet this Google engineer can't even tell you how such technology works anyway.

Solarquest said:
AV products poison the software ecosystem because their invasive and poorly-implemented code makes it difficult for browser vendors and other developers to improve their own security. O'Callahan remembers that when Firefox implemented ASLR on Windows, AV vendors broke the feature by injecting rogue DLLs into the browser's process. Furthermore, several AV products blocked Firefox security updates for no apparent reason.
Click to expand...
Firstly, does the writer even know the details on how the DLL was working? Secondly, does the writer know anything about signature/generic detection and white-listing?

Sure, the Anti-Virus vendor could have fully white-listed the vendor for Mozilla but maybe it was more sophisticated than this for the situation they were in, and if it was detection due to generic detection then it isn't a manual blocking. Then again, I wouldn't expect a browser software provider to understand how AV software really works, they can only dream.

They act like it's a crime for AV software to inject code into the other running programs, but what do they recommend as an alternate for the vendor to do so they can properly monitor the behavior of the running program and intercept/block before something bad really happens? I bet they can't recommend anything as a good and useful alternate, because they don't know what they're talking about...

Solarquest said:
It's hard for software vendors to speak out about these problems because they need cooperation from the AV vendors.
Click to expand...
It's even harder when you are a browser developer and don't even know how to develop a security product.

I knew we were close, the day has finally come where I am being told to disable my security software from an engineer who dropped or was dropped by/from Mozilla, a browser developer, who lacks any real experience in the security industry.

What has this world come to....

Something is wrong here... I think he needs to see a doctor, having too much Adderal is bad for you and this is what happens when you do, and then start typing...
 
  • Like
Reactions: DardiM, Andy Ful, shukla44 and 8 others
W

Wave

antreas said:
Use Your brain, script blocker adblock, anti-adblock killer and pop up blocker you will be fine :)
And a vpn to protect your ip.
Click to expand...
The problem is that it won't work for everyone. We can stay protected without really trying, but my dad for example can try and never learn.

It's because we study security, not everyone has the time. Idiotic CEO's and self-proclaimed experts can bang some chemicals and claim that all AV software is obsolete but that isn't actually true since most popular vendors like Avast and Kaspersky are improving constantly to stay updated to compete with evolving malware.

For example, application control in KIS and the brand new behavior shield in Avast.
 
  • Like
Reactions: DardiM, Andy Ful, shukla44 and 6 others
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
AV vendors don't follow standard security practices,
Click to expand...

That is technically true since majority of AV focused on prevention on other way rather improving the self protection. Even those DLL are outdated and already been reported for vulnerability risk.

Imagine an unfixed bug will lead to shut down the protection module, and that's pathetic.

AV products poison the software ecosystem because their invasive and poorly-implemented code makes it difficult for browser vendors and other developers to improve their own security.
Click to expand...

AV's purpose of detection and maintenance is already questionable, sometimes it can be instrument as marketing tool to encourage people to use the product because of claimed performance.

Windows Defender is not a bad Antivirus however bare in mind that people should understand carefully about the 'basic protection' it has.

Most of the time, they can save you from third party programs that focuses strong prevention analysis like behavior base or cloud protection.

Usability, protection and reliability are connected to each other.
 
  • Like
Reactions: DardiM, Andy Ful and Polygon
Fritz

Fritz

Level 11
Verified
Top Poster
Well-known
Sep 28, 2015
543
Currently waiting for the new thread in Malware Removal Assistance:

"Hi, my name is Roc and my computer is acting really funny. I'm using Windows Defender. Anybody able to help me out?" :p

Coming up in 9, 8, 7, … :D
 
  • Like
Reactions: DardiM, FrFc1908, Polygon and 4 others
R

RoadRashWolfenstein

I don't agree at all with that statement, and i think that what this guy is saying is actually dangerous. How many people are going to uninstall their antivirus software after reading this article only to be infected afterward ?

While i agree that Windows Defender has come a long and provides decent protection for users that surf safely, i don't see why would anyone uninstall their security software, granted they're not having any issues with it. Why change something that works ?

There are so many choices, both in free and paid antivirus, that i really don't understand why would anyone go for less security :confused:

It's like saying don't use condoms, they can break sometimes and occasionally give you a rash :rolleyes:
 
  • Like
Reactions: DardiM, Andy Ful, Polygon and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,151
Disable Your Antivirus Software, Except Microsoft's ??? That would have more sense if Windows was more like Apple Mac, and users could open/run files only with:
1. Windows Store Apps (AppContainer protection).
2. (truly) System Wide Smartscreen.
I do not know anybody, using such software/security configuration. ;)
My friend is very close to this, but sadly Windows Smartscreen is not yet, truly system wide.:(
I'm also close to built-in Windows security, but I'm MalwareTips member.:)
 
Last edited:
  • Like
Reactions: Polygon, DardiM, tonibalas and 2 others
giulia

giulia

Level 5
Verified
Nov 30, 2016
236
hi
I agree only partially
come on there are antivirus with an junkie code ! they are invasice , a BSOD genetors when you uninstall them often they mess up your operation system

i don't want to aim to 2 companies but i had serious problems with 2 security software , not installed on the same time
with w10 i guess many companies release security software not optimazed to the new operation system

but just like i said i agree only partially , microsoft defender is not the solution , i don't find fast , it's I/O eater and there are lots of better programs

just my 2 cents

very true, but I was listening to a former NSA worker, who was a cryptology expert and he stated (as he has 12 computers at home searching for vulnerabilities in software and sells them to the US government for $80,000) basically software companies are lazy and need to write proper code then there would be no hacks. Maybe to him and the NSA that's possible - not sure.
Click to expand...
hi sorry english is not not my native language , who is the former NSA worker , the firefox guy?
thanks
 
  • Like
Reactions: Polygon and Fritz
U

uncle bill

Lockdown said:
Messing with the browser is just plain bad ju-ju. That's all there is to it.
Click to expand...

I totally disagree with you. I understand that blocking browser update is not an option, but there isn't another way for an antivirus product to check what is happening inside a process. Javascript is absolutely of no help. My opinion is every browser should have a native way to load antivirus dll and allow that code to do what it is ment to, but this is another story.
 
  • Like
Reactions: Polygon and DardiM
S

soccer97

Level 11
Verified
May 22, 2014
517
Lockdown said:
Messing with the browser is just plain bad ju-ju. That's all there is to it.
Click to expand...


Regarding enhancements starting with Windows 10:

I will agree with your point of view to a certain extent. Microsoft has full knowledge of and access to the Kernel, which they do not allow access to (or severely limit) the ability of AV Vendors into the Kernel. I suppose in theory - since the product is "embedded in" the OS, there is a potential for it to recognize aberrant behavior and modification of key system files faster. (I don't see many vulns for Windows Defender). A few particular company's driver's have caused BSOD's due to possible faulty drivers that interact poorly with updates, etc.

I suppose you could consider AV like a 3rd party program, you have to patch and keep it updated too. That could add a layer of risk.

With regard to it protecting against sophisticated ROP and similar attacks, my opinion may differ, and an anti-exploit would be of benefit.

There have been quite a few threats (exploit packs) that I have seen with conditional statements (such as if Flash version is x.x.x.x or below, exploit) I have seen a few that check "if AV = ............ , (cancel/don't infect)"

I do not dispute the importance of antivirus programs, I am using ESS and Zemana Premium at the moment. I haven't got infected in a long time fortunately. Nobody's programming is perfect, I suppose it's a matter of the best option at the time based on real world experience.


Additional Info courtesy of StackExchange:
What is the difference between Trusted boot and Kernel Patch Protection (PatchGuard)
 
  • Like
Reactions: tonibalas and Andy Ful
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Wow
Chrome Enterprise Premium promises extra security – for a fee
Replies
1
Views
193
Chrome & Chromium
Brahman
Brahman
Gandalf_The_Grey
    • Like
    • Applause
    • Wow
AV-Comparatives Celebrating 20 Years of Excellence in Cybersecurity
Replies
1
Views
371
Security Statistics and Reports
Bot
Bot
Gandalf_The_Grey
    • Like
    • Thanks
Crypto Opinions & News Former Amazon security engineer pleads guilty to hacking crypto exchanges
Replies
3
Views
930
Crypto News
SarahTurner
SarahTurner

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top