Windows Defender is the only AV Playing Fair with Browsers

Status
Not open for further replies.

DC47561

Level 3
Verified
Feb 3, 2017
102
Using Sophos here with Google Chrome - no problems at all. Interesting post though!
 
5

509322

I too have never had a problem in any way shape or form with Chrome.

Never had any issues with AV's and browsers, Maybe they guy is after a job at M$?

It isn't about AV affecting Chrome in a way that is obvious to the user. The issue is that it makes browsers themselves less secure by affecting the browser code - and the user doesn't\wouldn't even know it.
 
Last edited by a moderator:
5

509322

I understand the concern from what they are saying and they are right, but AVs inject code into processes for protective mechanisms to help secure the user, not the opposite. I guess they need to deal with it, it's not the AV vendors problem because people still buy and use the protection. Maybe Google should speak to the vendors 1-1 independently to improve things.

It is the AV vendor's problem. Whenever a browser update causes some kind of breakage in the security soft, then it is the security soft publisher that must make a fix for their own product. Chrome updates regularly cause problems with Sandboxie, COMODO, HMP.A, etc. And it is not Google's responsibility to ensure that Chrome is compatible with every single security soft.
 
W

Wave

patch guard
I agree with Microsoft on this one especially, because they did it to ensure additional protection for the user against rogue device drivers, plus Kernel Patch Protection keeps the OS more stable overall.

AV vendors don't need to be angry at Microsoft for implementing Kernel Patch Protection, they can do things the proper way and work with the hyper-visor for real virtualization system-wide if they need too (I believe Kaspersky do this, if not Comodo do it for the Sandbox). This way they can perform kernel-mode hooks like MSR hooks without worrying about the Kernel Patch Protection, without actually tampering with the actual OS itself...

Kernel-mode patching can cause more problems than not anyway and slows down the system a lot if it isn't done properly... Besides, Microsoft provided kernel-mode callbacks as a documented and supported alternate! If AV vendors can do kernel patching then so can malware authors also.

If it wasn't for PatchGuard/Kernel Patch Protection, kernel-mode rootkits would still be on the rise. Thankfully, they went down a lot over the years in popularity... That was probably why, since a lot of people prefer x64 to x86 anyway.

//sorry I'll get back onto topic now :)
 
5

509322

I agree with Microsoft on this one especially, because they did it to ensure additional protection for the user against rogue device drivers, plus Kernel Patch Protection keeps the OS more stable overall.

AV vendors don't need to be angry at Microsoft for implementing Kernel Patch Protection, they can do things the proper way and work with the hyper-visor for real virtualization system-wide if they need too. This way they can perform kernel-mode hooks like MSR hooks without worrying about the Kernel Patch Protection, without actually tampering with the actual OS itself...

If it wasn't for PatchGuard/Kernel Patch Protection, kernel-mode rootkits would still be on the rise. Thankfully, they went down a lot over the years in popularity... That was probably why, since a lot of people prefer x64 to x86 anyway.

// sorry I'll get back onto topic now :)

I don't disagree, I am just pointing out that the lack of consensus on a lot of things and between a lot of industry parties is constant and wide-spread. If one analyzes the technical details of each debate it becomes obvious that there are pros and cons to the various solutions. It isn't so simple and straight-forward that it comes down to mere "black-and-white" - which unfortunately is the uninformed propensity of the discussions of such topics on the security forums. Almost everything in the IT industry, like life, is various shades of grey - and everyone can't agree on which shade of grey each one is because of differences in thinking, perspectives, motives, agendas, and such.
 
Last edited by a moderator:
U

uncle bill

It isn't about AV affecting Chrome in a way that is obvious to the user. The issue is that it makes browsers themselves less secure by affecting the browser code - and the user doesn't\wouldn't even know it.

Today malwares come from internet browsing and emails. A browser is not an antivirus so we need one... Do you think browsing the internet with something different from ms defender leave us with security concerns just because google say it? Or do you think chrome is so secure that we don't need one? Can we really say "ms defender is the best solution available"?
 
  • Like
Reactions: Deleted member 2913
5

509322

Today malwares come from internet browsing and emails. A browser is not an antivirus so we need one... Do you think browsing the internet with something different from ms defender leave us with security concerns just because google say it? Or do you think chrome is so secure that we don't need one? Can we really say "ms defender is the best solution available"?

That malware is downloaded from the internet has nothing to do with a security soft tampering with a browser's own protections. There are antivirus\internet security suites that protect the system without breaking a browser's own security mechanisms.

The browser's protections are about protecting itself from attack - like via an exploit - in addition to protecting the system. The first part is the key point that you are missing. If an AV breaks a browser's own protections sufficiently, it is possible to make it more vulnerable to attack and thereby easier to compromise the system.

I pointed out earlier in this thread that Microsoft designed Windows Defender as the bare minimum system protection. If a user wants to install some other security solution, then it is their choice to do so.
 
Last edited by a moderator:
W

Wave

..except "one" coming from firefox development structure and an "unknown one" coming from google. Knowing google's employee policies it feels like a strange statement coming out from nowhere and without a reason.
I agree with you, however I also agree with Google and Firefox now as well (since I've thought about it properly). AV vendors don't really need to inject into the browser processes to protect the user, they can inject into other external unknown programs to prevent them from performing injection attacks into the browser; regarding web filtering, they can work with documented and supported methods which are already available (and a number of successful vendors like Avast are already doing this I believe through the use of web browser extensions).

For system-wide web filtering, a device driver can be used in the same way as a firewall, and then block the connections to the malicious hosts; I lack experience with device driver development for anything firewall-related so I cannot provide more details on that.

I do understand where the browser vendors are coming from, AV software injection and hooks and the such may break the browser product in future updates, cause instability overall and break the protection mechanisms set-in place to help prevent exploitation. At the same time, I do understand why AV software inject into the browser processes. It's a tricky game.

(For the record, I am not saying that I agree WD is the "best", I am saying I agree with the browser vendors not being happy about the injection into their processes).
 
D

Deleted member 178

Chrome shouldn't be even tampered with; it has a dedicated sandbox using similar mechanism as Windows; in addition by a small easy tweaks , you add Appcontainer to Chrome which made it as good as Edge.
However FF is behind in term of security, hence it is why it is often used coupled with Sandboxie.
 
W

Wave

Chrome shouldn't be even tampered with; it has a dedicated sandbox using similar mechanism as Windows; in addition by a small easy tweaks , you add Appcontainer to Chrome which made it as good as Edge.
However FF is behind in term of security, hence it is why it is often used coupled with Sandboxie.
I agree with this now. AV software shouldn't be injecting into it at all, they don't need too, they can perform URL filtering using working and supported documented methods. :)
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top