Windows Defender is the only AV Playing Fair with Browsers
- Thread starter Ink
- Start date
- Status
- Aug 12, 2015
- 1,255
@Wave I know that there is no best antivirus, of course but did you saw test that @MalwareBlockerYT made? 
It isn't about AV affecting Chrome in a way that is obvious to the user. The issue is that it makes browsers themselves less secure by affecting the browser code - and the user doesn't\wouldn't even know it.
Last edited by a moderator:
It is the AV vendor's problem. Whenever a browser update causes some kind of breakage in the security soft, then it is the security soft publisher that must make a fix for their own product. Chrome updates regularly cause problems with Sandboxie, COMODO, HMP.A, etc. And it is not Google's responsibility to ensure that Chrome is compatible with every single security soft.
Hmm, why is everyone now saying that Windows Defender is the best antivirus in the world? I'm really starting to think that Microsoft pays them to say that...
It isn't.
Last edited by a moderator:
The tussle between AV vendors and others isn't just limited to browser publishers. As an example, take a look at the constant spats between the AV industry and Microsoft; patch guard, digital certificates, Microsoft recommended best programming practices, etc.
I agree with Microsoft on this one especially, because they did it to ensure additional protection for the user against rogue device drivers, plus Kernel Patch Protection keeps the OS more stable overall.
AV vendors don't need to be angry at Microsoft for implementing Kernel Patch Protection, they can do things the proper way and work with the hyper-visor for real virtualization system-wide if they need too (I believe Kaspersky do this, if not Comodo do it for the Sandbox). This way they can perform kernel-mode hooks like MSR hooks without worrying about the Kernel Patch Protection, without actually tampering with the actual OS itself...
Kernel-mode patching can cause more problems than not anyway and slows down the system a lot if it isn't done properly... Besides, Microsoft provided kernel-mode callbacks as a documented and supported alternate! If AV vendors can do kernel patching then so can malware authors also.
If it wasn't for PatchGuard/Kernel Patch Protection, kernel-mode rootkits would still be on the rise. Thankfully, they went down a lot over the years in popularity... That was probably why, since a lot of people prefer x64 to x86 anyway.
//sorry I'll get back onto topic now
I agree with Microsoft on this one especially, because they did it to ensure additional protection for the user against rogue device drivers, plus Kernel Patch Protection keeps the OS more stable overall.
AV vendors don't need to be angry at Microsoft for implementing Kernel Patch Protection, they can do things the proper way and work with the hyper-visor for real virtualization system-wide if they need too. This way they can perform kernel-mode hooks like MSR hooks without worrying about the Kernel Patch Protection, without actually tampering with the actual OS itself...
If it wasn't for PatchGuard/Kernel Patch Protection, kernel-mode rootkits would still be on the rise. Thankfully, they went down a lot over the years in popularity... That was probably why, since a lot of people prefer x64 to x86 anyway.
// sorry I'll get back onto topic now
I don't disagree, I am just pointing out that the lack of consensus on a lot of things and between a lot of industry parties is constant and wide-spread. If one analyzes the technical details of each debate it becomes obvious that there are pros and cons to the various solutions. It isn't so simple and straight-forward that it comes down to mere "black-and-white" - which unfortunately is the uninformed propensity of the discussions of such topics on the security forums. Almost everything in the IT industry, like life, is various shades of grey - and everyone can't agree on which shade of grey each one is because of differences in thinking, perspectives, motives, agendas, and such.
Last edited by a moderator:
Today malwares come from internet browsing and emails. A browser is not an antivirus so we need one... Do you think browsing the internet with something different from ms defender leave us with security concerns just because google say it? Or do you think chrome is so secure that we don't need one? Can we really say "ms defender is the best solution available"?
That malware is downloaded from the internet has nothing to do with a security soft tampering with a browser's own protections. There are antivirus\internet security suites that protect the system without breaking a browser's own security mechanisms.
The browser's protections are about protecting itself from attack - like via an exploit - in addition to protecting the system. The first part is the key point that you are missing. If an AV breaks a browser's own protections sufficiently, it is possible to make it more vulnerable to attack and thereby easier to compromise the system.
I pointed out earlier in this thread that Microsoft designed Windows Defender as the bare minimum system protection. If a user wants to install some other security solution, then it is their choice to do so.
Last edited by a moderator:
I agree with you, however I also agree with Google and Firefox now as well (since I've thought about it properly). AV vendors don't really need to inject into the browser processes to protect the user, they can inject into other external unknown programs to prevent them from performing injection attacks into the browser; regarding web filtering, they can work with documented and supported methods which are already available (and a number of successful vendors like Avast are already doing this I believe through the use of web browser extensions).
For system-wide web filtering, a device driver can be used in the same way as a firewall, and then block the connections to the malicious hosts; I lack experience with device driver development for anything firewall-related so I cannot provide more details on that.
I do understand where the browser vendors are coming from, AV software injection and hooks and the such may break the browser product in future updates, cause instability overall and break the protection mechanisms set-in place to help prevent exploitation. At the same time, I do understand why AV software inject into the browser processes. It's a tricky game.
(For the record, I am not saying that I agree WD is the "best", I am saying I agree with the browser vendors not being happy about the injection into their processes).
Chrome shouldn't be even tampered with; it has a dedicated sandbox using similar mechanism as Windows; in addition by a small easy tweaks , you add Appcontainer to Chrome which made it as good as Edge.
However FF is behind in term of security, hence it is why it is often used coupled with Sandboxie.
However FF is behind in term of security, hence it is why it is often used coupled with Sandboxie.
I agree with this now. AV software shouldn't be injecting into it at all, they don't need too, they can perform URL filtering using working and supported documented methods.
- Status
Similar threads
