Slashdot Mirror
Bitdefender Disables Anti-Exploit Monitoring in Chrome After Google Policy Change (bleepingcomputer.com)
secwatcher shares a report: Last week we reported that Chrome has started displaying alerts more often that suggest users remove programs that are considered incompatible applications with Chrome because they inject code into the browser's processes. These alerts are displayed by Chrome after the browser crashes and suggest the user remove the listed programs because "this application could prevent Chrome from working properly." One of the programs that a lot of users have seen listed in these alerts and is suggested to be removed is the Bitdefender antivirus program as shown above. Having a well known company like Google telling users to remove a security solution is a problem as these programs are important for many users to have installed on their computers in order to protect them from malware, unwanted programs, and malicious websites. Due to these alerts and their suggestion to remove the antivirus software, Bogdan Botezatu, a senior e-threat analyst for Bitdefender, has told Bleeping Computer that as of August 20th, Bitdefender is no longer monitoring Chrome 66 and later with their anti-exploit technology.
This is actually good news. It means your antivirus is not MitM-ing all your web traffic and downgrading HTTPS connections.
Good, the security solutions vendors will finally learn how to do their job without creating more security holes than they're trying to block.
Using anti-virus like Bitdefender is rather like paying a rude thug to live in your house, eat all your food, and hog the TV just to ensure a burglar doesn't break in.
From treating perfectly good encryption algorithms as 'not good enough and warn the user immediately even though it's still perfectly safe', even though Google's own keys use the same algorithm but don't trigger a warning, to trying to freak the user out about 'this totally static site that doesn't use HTTPS must be insecure even though you can't submit info to it because it's totally static', Chrome has become the worst browser to use by a company throwing its weight around like a bully to get everything done its way.
AC comments get piped to
That's what you got from this? You're a genius.
Google is starting to sound like Microsoft. "We own your computer, not you, you should do as we say when we say to do it because we say so".
Also, he jams all the doors and windows unlocked and open so that it's easier for him to get in and out. Despite that, he only ever actually stays in the living room, and burglars are somehow all aware of that fact.
In this case BitDefender is the bad guy. Broadcast-injecting DLLs into processes is *not* safe, and is how Google is able to say what to uninstall. If they did their code-injection correctly there wouldn't be as much issue.
If you replace "tv" with "couch", and add "lick your face with the same tongue that just slobbered over a rotting bird wing she found in the bushes" you'll have perfectly described my dog.
... a senior e-threat analyst for Bitdefender ... [said that] ... Bitdefender is no longer monitoring Chrome 66 and later with their anti-exploit technology.
I entirely understand their chagrin -- but this response might be a mistake. For an anti-virus/anti-malware package to blatantly state that they're not monitoring a browser, just because the makers of that browser are getting a bit paranoid about plugins (rightfully so, mind you) ... yeah, that's not going to sit well with a lot of people. Some people will blame Google, and some will blame Bitdefender... and both will lose face to some degree -- as well as lose users. Thing is, Google can afford to lose both of those to some degree, as they'll regain those numbers long before they run out of cash to throw at their reputation reparation PR folks.
Can Bitdefender afford that, though?
for the last several years, bitdefender has been one of the good antivirus applications.
you should update your meme collection. bitdefender and norton are good; avast, avg, and kaspersky are bad. mcafee is always shit, so no change for that one.
Still pretty impressive that your dog manages your antivirus, tbh.
Bitdefender users can happily switch to FF and never look back, you meant.
I couldn't disagree more. Whatever Bitdefender was doing to Chrome is exactly the kind of thing that needs to be protected against!
If Bitdefender's developers want Chrome to have some special feature, they should use the same APIs as everyone else, not just go in and act like malware by messing with its binary or the running process' memory. And if there isn't an API for what they need, they should make a persuasive case for why there should be one, and how it should work.
Keep interfaces well-defined!
Or they can always add their modification to the source, in their forked Chromium. If it's good, maybe upstream will want it.
The elephant in the room is that every process (not just Chrome) should be protected from what Bitdefender was doing, but it's silly for every program to have to protect itself; the OS should already be doing that. So I assume this Bitdefender thing runs at some kind of elevated privs. And reducing the number of things that run with elevated privs is what we all need. Maybe if users weren't in the habit of giving elevated privs to software (like, ahem, Bitdefender!) all the time, then they would have a lot less malware!!
What is it that you're so sure you need, that you can't do as a normal user process?
Whitelisting is always out of date by definition. Meaning it can only find that, which is already falling out of use quickly. Never that which is currently the hot malware shit.
The right way, would be a proper OS that does not allow anything but what is absolutely necessary to do what you want. And of course well-designed, and well-programmed (so avoiding C/C++ due to everyone re-inventing the memory/pointer wheel, badly, or JS/PHP, for even more obvious reasons), with quick bug fixing responses.
The browser as a OS platform always was a concept of the utterly clueless cargo cult "programmers" of the current generations anyway, that should die quickly.
Using an editor like M'Smash is like paying a neckbeard to throw bowls of alphabet soup onto the walls.
Can Bitdefender afford that, though?
Probably more so than getting a reputation of being spyware, because that's what ignorant bumblefucks will tell people on support forums. After all, Google told them so.
Still pretty impressive that your dog manages your antivirus, tbh.
At least as well as Bitdefender.
Sorry, I need more information, to trust that. A LOT more information.
Also, if Bitdefender even free?
What about Avira? Which one was the super-annoying one? Avast and Avira both?
Also, just for the record: Any Microsoft anti-malware "solution" is complete and utter garbage. It is popular only because it is "fast". And it is fast only because it does nothing to protect you. Last time I checked it couldn’t even find 60% of the recent malware.
We wonder why Google dumped WebKit for Blink and why Google has basically pushed everyone to use Chrome to access anything Google related. They have slowly created a closed ecosystem and sadly much of it based on open source code. Such as Linux, Chromium, and their obvious influence in the direction of the web with web apps that even Microsoft has jumped on the wagon is very disturbing. Time to start dumping Google stuff become its too late.
What good photo/video anything does Google have? You mean sites, like YouTube, or do you really mean applications, like Photoshop/Gimp, or PainterX/Krita, or Irfanview/Gwenview, or Premiere/Kdenlive?
I nuked Bitdefender because at seemingly random intervals, it regards gcc++ as a hacking tool and quarantines parts of it. Good riddance.
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
Your pencil and your socks are not secured. You don't have any locks in your socks to keep other feet out. Anyone can use your pencil.
The reason they aren't secured is because there is no significant strong reason to do so. They aren't security sensitive. It's not that your pencil or your socks are INSECURE, they just are not secured because there is no reason to.
Similarly, a cat video isn't security sensitive. It's neither secure nor insecure.
This matters because if you get confused and start trying to secure your socks, pencils, and flower bushes, you won't have time and energy left to secure your security-sensitive items properly.
In my line of work, I see outdated TLS (SSL) configurations daily and have to tell the customer to update it. 80% of them are pointless - there is no reason for it to be TLS in the first place. If the admins weren't busy upgrading public marketing videos to eleptic curve cryptography, they might have time to update the security of the payment portal.
...Not to use anything Google-related.
You're an imbecile.
What's that like?
Sounds like you're confusing whitelisting with it's opposite, blacklisting.
Blacklisting says "this person isn't allowed to do this to that". Anyone can do anything, except for the listed blocks. Blacklisting has been outdated for 20 years.
Whitelisting says "only this person can do this thing to that". Nobody can do anything unless they have been explicitly approved. Whitelisting is fundamentally the most secure approach you can ever have.
For public resources, including accessing the public internet, the right approach is generally much more complex, a matrix of different parameters.
https://tech.slashdot.org/comments.pl?sid=12520486&cid=57184660 Ray Morris has less intellectual integrity or ability to spot hoax stories than Donald Jumpsuit Drumpftard.
If they did their code-injection correctly there wouldn't be as much issue.
Is there even a "correctly" in Chrome's extension API?
Many routers, printers, and network attached storage (NAS) boxes for home use offer a web-based configuration interface. If someone buys one of these devices, where should he or she obtain a TLS certificate to use with said device in order to suppress "Not Secure" messages in web browsers?
Let's Encrypt and other publicly trusted CAs won't issue a certificate for a private IP or a name in a made-up TLD, such as .internal or .test. It has to be a real domain. Nor do all dynamic DNS providers offer enough features to pass an ACME dns-01 challenge, namely being on the Public Suffix List and supporting TXT records.
Or should it be the device manufacturer's responsibility to issue a name under the manufacturer's domain and resell a certificate from a known CA, the way Plex does? If so, watch the manufacturer set the certificate's expiry the same as that of the warranty on the device, so that the user has to re-buy hardware in order to renew the certificate. Nor do I see how that would apply to a home-built server made out of a Raspberry Pi or Intel NUC.
Monitor when the browser is exploited and crashes horribly. You can't get that information via API cause the browser is f$cked by the time it is supposed to report. That's what process monitoring by the AV is meant to do: detect anomalies and contain them when the browser gets subverted.
If only... The last time tried, I had to whitelist the temp directory in BitDefender to be able to download anything with Firefox because the background scanner prevented Firefox to reopen the damn thing.
Store your data at home on your own hardware.
That has a few drawbacks. First, it does nothing to protect the data from fire, flood, or another disaster that renders electronics in your home inoperable. Second, many home ISPs ban running a server at home or block incoming connections or both, as do their direct competitors in the same geographic market (if any even exist). Third, if your dynamic DNS provider isn't on the Public Suffix List or doesn't support TXT records, you still have to buy a domain and keep it renewed in order to qualify for a Let's Encrypt certificate for your home server.
USB flash drives come in gigantic capacities these days. So do SSDs.
Colocation facilities in which to store and access USB flash drives and SSDs offsite aren't quite as cheap.
Hosts blacklist did well today vs. a threat https://it.slashdot.org/commen... & in the recent past too https://it.slashdot.org/commen... + https://it.slashdot.org/commen... + https://it.slashdot.org/commen... & that's only recently while I've been on Linux (few months now only) & 100's of times vs. MANY other botnets/malwares etc. in the past circa 2006-early 2018 while I was on Windows raymorris.
* :)
(That's as far as WHITELISTS on online access - whitelists on applications BLOW since you can slip a lib/dll into say, Explorer.exe OR a browser like IE & BLOW RIGHT PAST a software whitelist that way).
APK
P.S.=> Blacklists don't produce the horrendous amount of false positives (or rather "false negatives") you get in whitelists (a maintenance nightmare when users start complaining)... apk
to trying to freak the user out about 'this totally static site that doesn't use HTTPS must be insecure even though you can't submit info to it because it's totally static'
The sentiment that Chrome is trying to get across in that case is "Chrome cannot guarantee that your Internet service provider has refrained from injecting malicious JavaScript code into the static site that you are viewing." Xfinity by Comcast, for example, has been caught doing this. What would be a better way to express this in a manner short enough to fit in the location bar?
That's art.
Google sucks at security. Certain individuals have rootkit their network for years and have stolen all of their intellectual property and sold it to the highest bidder.. It's very amusing.
After totally owning those assholes marks like you still preach how amazing Google is at security. lololololololol
I am APK the great "LORD of HOSTS", a.k.a. AlecStaar from ArsTechnica or Alexander Peter Kowalski.
See subject & APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / I . a m . a . f u c k i n g / a s s h o l e . r e t a r d . z i p (remove spaces between characters & download).
I am the godlike creator of various GUI front-ends for other people's configuration files.
When presented with facts I rebut them with wild speculations, false support, and out of context quotes
All of my accomplishments revolve around me being proven to be an annoying spamming asshole
See me be proud of my inability to be a functional adult
I think only one person responds to me as I shitpost and that I dusted them on another site, but in reality I am widely hated but just can't admit it to myself.
Mistaking mockery and parody for impersonation is how I think people flatter me because I can't possibly understand that they detest me.
Don't call me out on anything unless you are willing to prove you too can write some strings to a file programmatically
Calling people ne'er-do-wells or Jealous JOWIEs is how I think I win every argument
I just don't understand why every site I post on everyone makes fun of me, it can't be because I am a shit stick but instead because they are all Ne'er-do-well SOYboy Jealous JOWIEs.
Witness my descent into madness
APK
Yes, you can install it as an extension with the proper permissions to read and change your data on the page. Many ad blocking extensions already use similar permissions. You can then have the extension talk to the bigger program using an allowed IPC, if you want something not available to or too slow with a JavaScript extension.
APK just can't stop lying
Like how he claims the Chinese copied him but can't produce any evidence.
How about when he states that hosts does port filtering but again can't backup his statement which was shown to be false.
There is also his list of "experts" who support him but it turns out they don't say what he is claiming.
This also ignores his out of context quotes he uses to lie by omission.
The problem with APK is that his entire reputation is built upon the lie he told years ago that hosts is an effective security solution. It has been exposed numerous times as being a lie and when exposed APK fails to argue logically and instead will try to deflect criticism, change the subject, move the goal posts, return to a previously disproven statement, demand you prove you did better than his file concatenator, or just call people names. He will continue to lie by stating that he won or "dusted" you while failing to refute anything you said, will never provide real evidence, and generally try to dodge the issue.
Face it APK is one of the most detested individuals here for good reason. When ever his poor behavior, awful logic, over statements, and horrendous writing are called out he has a fit and has done so for years across the internet. He is a spammer, and is an abusive insecure little man who is washed up and never amounted to anything. Until he produces actual verifiable facts supporting his case nothing he says should be taken seriously.
Who did it 1st: China or me? I did - dates are my proof http://theregister.co.uk/2017/... w/ the FACT China rampantly STEALS U.S. Intellectual properties & military secrets!
* See subject: NOBODY TRUSTS YOU as you STALK ME by UNIDENTIFIABLE anonymous - real "trustworthy" you are, lol (not)!
When you've done BETTER than I have in a ware that protects & speeds folks up online?
THEN, they might (you never will though & you KNOW it JEALOUS "Lil' Jowie").
Arstechnica = losers who stalked me (as you do now anonymously unidentifiably) to NTCompatible.com & Windows IT Pro magazine forums to their public dismay in Jeremy Reimer & Jay Little + Jarrett DeAngelis (who posts here on /. until I drove his ass off too) when their websites were REMOVED by their hosting providers in Shaw Canada & CrystalTech (for both email harassing me caught on a tracking ticket + stalking me & posting lies about me on them AFTER I destroyed them both PUBLICLY @ Windows IT Pro on Exchange Servers memory being freed UNHALTING them (which tells you Exchange is HEAVILY POINTER ORIENTED linked list driven, which leads to memory fragmentation that CAN halt a serverware)).
Jay Little the "self-proclaimed 'EXCHANGE EXPERT'" HAD TO CONCEDE IT from MICROSOFT'S OWN DOCUMENTATION proving it FOR me there (where they as usual stalked me AS YOU ARE NOW)
Thor SCHMUCK?
Ask him WHY his false accusation of an old ware of mine was 1st taken down to NO threat & CA sold off the SHITTY antivir he sold (as a paid pawn of theirs) & they are GONE, done. dead... lol!
Lookup "CA Accounting Scandal" on Google - scumbags & THEIR BIRDS OF A FEATHER just go down vs. me everytime!
APK
P.S.=> TONS of Security experts KNOW blacklists work (no questions asked) & 3 things show I do it right:
1st = User praise my hosts engine https://tech.slashdot.org/comm... (so much for ME being "detested" but I'm not here to win a popularity contest - just here to WIN so everyone does).
2nd "ATTACKS" I GET (from UNIDENTIFIABLE ac as Elon Musk got https://tech.slashdot.org/stor... )
3rd BEING IMITATED = "Imitation = sincerest form of flattery" https://linux.slashdot.org/com... JUST LIKE CHINA DID ME TOO... apk
See subject: As you IMPERSONATE me proving you WISH you were me though, lol - poor imitation though but sincerest form of flattery!
Despite YOU trying to "put me down" while impersonating me & in your other posts STALKING me (where I destroyed you w/ ease mind you)? Well - when YOU have done BETTER in software than I have? THEN, you can TALK talker.
(Otherwise you're just JEALOUS "Lil' Jowie" doing your usual BLOWHARD hotair talking out your ASS!)
APK
P.S.=> The only "mockery" here is you w/ your OBSESSIVE stalking or impersonating me - you're the one descending into madness (can't blame you since I blow you away constantly, I can see you getting a "wee bit 'FruStRaTeD'" (w/ your constant FAILS vs. me, lol))... apk
See subject & answer: 1.) Do hosts stop threats served by hostname (the way threats are done most) by blocking them? Yes. 2.) Do hosts speed you up 2 ways in adblocking (preventing more infection/tracking/slowdown) & via hardcoded favorite sites resolving faster + protecting vs. dns down or redirect poisoned? Yes.
My hosts program's the only 1 that does the latter @ TOP of hosts cached in RAM (for best performance) & only 1 of its kind on Linux/BSD in easy to use flexible configuration GUI form.
(I also did that latter part LONG before the Chinese & 1st http://theregister.co.uk/2017/... )
APK
P.S.-> Have you done work that is that effective doing far more for far less faster in kernelmode speed (cpu priority) w/ less complexity with excess overheads & for exploit vs. solutions KNOWN to be security-issue riddled (like addons (souled-out to NOT work by default OR easily detected & blocked that are BYPASSABLE & EXPLOITABLE), DNS & Antivirus)? No... apk
That doesn't work with something like exploit detection... which relies on hooking function calls, checking the call stack, and examining the assembly code of higher-level callers for sensitive functions.
Basically chrome doesn't want anyone else playing around with their software or providing features that don't go through their internal API. Except fuck that, it's my computer and if I want to run security software that changes the way chrome works then I have the right to do that.
who knew sophisticated Hillary supporters would turn into blubbering meme's who troll slashdot and post ridiculous shit like this^^, off-topic i might add, on every article's comment section? i mean, they're not even smart enough to at least make it somewhat on-topic so it wasn't so obvious that they are just butthurt. and, to think, they said the trump supporters were the retards. i had no dog in that fight, but it is still too funny to read the crying that happens on both sides.
AV vendors inject DLLs into browser processes and monkeypatch browser machine code in crazy ways to monitor browser activity. Predictably, this has created all kinds of problems. It's common for browser updates to invalidate some assumption made by the AV developers, causing frequent browser crashes. It's also common for the AV hooks to have terrible performance properties. It's also common for the AV code to introduce security vulnerabilities.
AV vendors know that when the browser crashes or is slow, users will inevitably blame the browser, not the AV vendor, because the AV software is not visible when the problem occurs. Thus, they have few incentives to fix their issues.
A few concrete examples from Firefox:
* For a long time an AV vendor injected ASLR-disabled DLLs into Firefox, making browser exploits much easier.
* An AV application parsed Firefox DLLs to find the right places to apply patches. Their PE-format DLL parser had bugs; a small and completely legal change to a Firefox DLL triggered a parser bug, causing the AV patch to be applied at the wrong place, i.e. randomly corrupting Firefox code.
* An AV application patched Firefox code, obtained a pointer to a Firefox object, and started using it on another thread. That object was only safe to use on the main thread. Result: random crashes.
Of course people argue that all AV vendors shouldn't be tarred with the same brush. But no-one agrees on who that mythical "good" AV vendor is.
Kinda like paying for sex, expecting it to be better
Hiding behind technical reasons.. SHAME.