Messing with the browser is just plain bad ju-ju. That's all there is to it.
Former Mozilla Engineer: Disable Your Antivirus Software, Except Microsoft's
- Thread starter Solarquest
- Start date
Messing with the browser is just plain bad ju-ju. That's all there is to it.
- Dec 19, 2016
- 42
Bollocks; I think if I am attacked by a Ransomware and Microsoft would never pay for the ransom or any monetary compensation. We would not want AV products in the first place, but the severity of continuously growing cyber threat forced us to do so.
- Nov 26, 2016
- 699
Windows Defender is garbage. Only good thing about it is simplicity of the interface. And that's about it. it's slow and lacks any kind of proactive protection features or actual fast reacting cloud. It's utterly pointless.
- Sep 26, 2014
- 2,973
I can see his point about AV vulnerabilities but on the other hand is he telling us
that Windows has none?
I don't think so.
that Windows has none?
I don't think so.
Sorry but I will tell this former Mozilla engineer to silence himself right now. He worked on a web browser, not an AV product... He's got absolutely no idea. Does he even know how the injected DLLs work? They were not "rogue" in the way he is thinking of.
The person writing this article is making it seem like all security products can easily be tampered with, but this isn't the case what so ever; sure some security products might not be very good and may be vulnerable, but that doesn't mean they should speak for all of them. Kaspersky for example, have amazing self-defense mechanisms, and are not as easy to exploit... They use the damn hyper-visor which allows them to perform MSR hooking without worrying about PatchGuard protection for example, now tell me that is not advanced!
I bet this Google engineer can't even tell you how such technology works anyway.
Sure, the Anti-Virus vendor could have fully white-listed the vendor for Mozilla but maybe it was more sophisticated than this for the situation they were in, and if it was detection due to generic detection then it isn't a manual blocking. Then again, I wouldn't expect a browser software provider to understand how AV software really works, they can only dream.
They act like it's a crime for AV software to inject code into the other running programs, but what do they recommend as an alternate for the vendor to do so they can properly monitor the behavior of the running program and intercept/block before something bad really happens? I bet they can't recommend anything as a good and useful alternate, because they don't know what they're talking about...
I knew we were close, the day has finally come where I am being told to disable my security software from an engineer who dropped or was dropped by/from Mozilla, a browser developer, who lacks any real experience in the security industry.
What has this world come to....
Something is wrong here... I think he needs to see a doctor, having too much Adderal is bad for you and this is what happens when you do, and then start typing...
You have to ask yourself: "Is this really the fault of the security product"? Sometimes it's not even in their control, but just due to gaps in the actual OS software. There are so many different ways to attack software it makes it impossible to prevent all attacks, and nothing is perfect... Obviously if someone is determined enough and has the skill-set then the target product is getting exploited no matter what you possibly do. This employee knew what he was doing due to experience and worked for Google, he wasn't a normal 20 year old on a blackhat forum copy-pasting code and compiling it, like most.
The person writing this article is making it seem like all security products can easily be tampered with, but this isn't the case what so ever; sure some security products might not be very good and may be vulnerable, but that doesn't mean they should speak for all of them. Kaspersky for example, have amazing self-defense mechanisms, and are not as easy to exploit... They use the damn hyper-visor which allows them to perform MSR hooking without worrying about PatchGuard protection for example, now tell me that is not advanced!
I bet this Google engineer can't even tell you how such technology works anyway.
Firstly, does the writer even know the details on how the DLL was working? Secondly, does the writer know anything about signature/generic detection and white-listing?
Sure, the Anti-Virus vendor could have fully white-listed the vendor for Mozilla but maybe it was more sophisticated than this for the situation they were in, and if it was detection due to generic detection then it isn't a manual blocking. Then again, I wouldn't expect a browser software provider to understand how AV software really works, they can only dream.
They act like it's a crime for AV software to inject code into the other running programs, but what do they recommend as an alternate for the vendor to do so they can properly monitor the behavior of the running program and intercept/block before something bad really happens? I bet they can't recommend anything as a good and useful alternate, because they don't know what they're talking about...
It's even harder when you are a browser developer and don't even know how to develop a security product.
I knew we were close, the day has finally come where I am being told to disable my security software from an engineer who dropped or was dropped by/from Mozilla, a browser developer, who lacks any real experience in the security industry.
What has this world come to....
Something is wrong here... I think he needs to see a doctor, having too much Adderal is bad for you and this is what happens when you do, and then start typing...
Use Your brain, script blocker adblock, anti-adblock killer and pop up blocker you will be fine
And a vpn to protect your ip.
And a vpn to protect your ip.
The problem is that it won't work for everyone. We can stay protected without really trying, but my dad for example can try and never learn.Use Your brain, script blocker adblock, anti-adblock killer and pop up blocker you will be fine
And a vpn to protect your ip.
It's because we study security, not everyone has the time. Idiotic CEO's and self-proclaimed experts can bang some chemicals and claim that all AV software is obsolete but that isn't actually true since most popular vendors like Avast and Kaspersky are improving constantly to stay updated to compete with evolving malware.
For example, application control in KIS and the brand new behavior shield in Avast.
- Sep 17, 2013
- 1,492
The best recommendation is that Microsoft should put 20 million dollar every year on development of Windows Defender.
- Mar 15, 2011
- 13,070
That is technically true since majority of AV focused on prevention on other way rather improving the self protection. Even those DLL are outdated and already been reported for vulnerability risk.
Imagine an unfixed bug will lead to shut down the protection module, and that's pathetic.
AV's purpose of detection and maintenance is already questionable, sometimes it can be instrument as marketing tool to encourage people to use the product because of claimed performance.
Windows Defender is not a bad Antivirus however bare in mind that people should understand carefully about the 'basic protection' it has.
Most of the time, they can save you from third party programs that focuses strong prevention analysis like behavior base or cloud protection.
Usability, protection and reliability are connected to each other.
- Sep 28, 2015
- 543
Currently waiting for the new thread in Malware Removal Assistance:
"Hi, my name is Roc and my computer is acting really funny. I'm using Windows Defender. Anybody able to help me out?"
Coming up in 9, 8, 7, …
"Hi, my name is Roc and my computer is acting really funny. I'm using Windows Defender. Anybody able to help me out?"
Coming up in 9, 8, 7, …
I don't agree at all with that statement, and i think that what this guy is saying is actually dangerous. How many people are going to uninstall their antivirus software after reading this article only to be infected afterward ?
While i agree that Windows Defender has come a long and provides decent protection for users that surf safely, i don't see why would anyone uninstall their security software, granted they're not having any issues with it. Why change something that works ?
There are so many choices, both in free and paid antivirus, that i really don't understand why would anyone go for less security
It's like saying don't use condoms, they can break sometimes and occasionally give you a rash
While i agree that Windows Defender has come a long and provides decent protection for users that surf safely, i don't see why would anyone uninstall their security software, granted they're not having any issues with it. Why change something that works ?
There are so many choices, both in free and paid antivirus, that i really don't understand why would anyone go for less security
It's like saying don't use condoms, they can break sometimes and occasionally give you a rash
- Dec 23, 2014
- 8,499
Disable Your Antivirus Software, Except Microsoft's ??? That would have more sense if Windows was more like Apple Mac, and users could open/run files only with:
1. Windows Store Apps (AppContainer protection).
2. (truly) System Wide Smartscreen.
I do not know anybody, using such software/security configuration.
My friend is very close to this, but sadly Windows Smartscreen is not yet, truly system wide.
I'm also close to built-in Windows security, but I'm MalwareTips member.
1. Windows Store Apps (AppContainer protection).
2. (truly) System Wide Smartscreen.
I do not know anybody, using such software/security configuration.
My friend is very close to this, but sadly Windows Smartscreen is not yet, truly system wide.
I'm also close to built-in Windows security, but I'm MalwareTips member.
Last edited:
- Nov 30, 2016
- 237
hi
I agree only partially
come on there are antivirus with an junkie code ! they are invasice , a BSOD genetors when you uninstall them often they mess up your operation system
i don't want to aim to 2 companies but i had serious problems with 2 security software , not installed on the same time
with w10 i guess many companies release security software not optimazed to the new operation system
but just like i said i agree only partially , microsoft defender is not the solution , i don't find fast , it's I/O eater and there are lots of better programs
just my 2 cents
thanks
I agree only partially
come on there are antivirus with an junkie code ! they are invasice , a BSOD genetors when you uninstall them often they mess up your operation system
i don't want to aim to 2 companies but i had serious problems with 2 security software , not installed on the same time
with w10 i guess many companies release security software not optimazed to the new operation system
but just like i said i agree only partially , microsoft defender is not the solution , i don't find fast , it's I/O eater and there are lots of better programs
just my 2 cents
hi sorry english is not not my native language , who is the former NSA worker , the firefox guy?
thanks
I totally disagree with you on this. Sure, they are able to do whatever they want, but they are an advertising company and I'll never be able to trust them and their work.
I totally disagree with you. I understand that blocking browser update is not an option, but there isn't another way for an antivirus product to check what is happening inside a process. Javascript is absolutely of no help. My opinion is every browser should have a native way to load antivirus dll and allow that code to do what it is ment to, but this is another story.
Regarding enhancements starting with Windows 10:
I will agree with your point of view to a certain extent. Microsoft has full knowledge of and access to the Kernel, which they do not allow access to (or severely limit) the ability of AV Vendors into the Kernel. I suppose in theory - since the product is "embedded in" the OS, there is a potential for it to recognize aberrant behavior and modification of key system files faster. (I don't see many vulns for Windows Defender). A few particular company's driver's have caused BSOD's due to possible faulty drivers that interact poorly with updates, etc.
I suppose you could consider AV like a 3rd party program, you have to patch and keep it updated too. That could add a layer of risk.
With regard to it protecting against sophisticated ROP and similar attacks, my opinion may differ, and an anti-exploit would be of benefit.
There have been quite a few threats (exploit packs) that I have seen with conditional statements (such as if Flash version is x.x.x.x or below, exploit) I have seen a few that check "if AV = ............ , (cancel/don't infect)"
I do not dispute the importance of antivirus programs, I am using ESS and Zemana Premium at the moment. I haven't got infected in a long time fortunately. Nobody's programming is perfect, I suppose it's a matter of the best option at the time based on real world experience.
Additional Info courtesy of StackExchange:
What is the difference between Trusted boot and Kernel Patch Protection (PatchGuard)
