AVG Forces Chrome Extension On Users, Extension Is Woefully Insecure

An anonymous reader writes: The AVG Web TuneUp Chrome extension, forcibly added to Google Chrome browsers when users were installing the AVG antivirus, had a serious flaw that allowed attackers to get the user's browsing history, cookies, and more. "This extension adds numerous JavaScript APIs to Chrome, apparently so that they can hijack search settings and the new tab page," explains Mr. Ormandy. "The installation process is quite complicated so that they [AVG] can bypass the Chrome [Store] malware checks, which specifically tries to stop abuse of the [Chrome] Extension API." Simple XSS and MitM attacks expose data from other tabs opened in the browser, browsing history, and even manage to render SSL useless.

Re:Security theater

Anti-virus that run on Linux are for scanning served file and mail. e.g.: their goal is to stop the spread of windows viruses.

There is no virus other then proof of concept for Linux. And even if that was becoming a problem, no Linux user trust anti-virus to "clean" a system. Once infect the only proper fix is re-installing from clean media source and restore user data from backup. Anti-virus are stupid software for stupid operating system ran by stupid peoples. They have no legitimate purpose.