Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bitdefender Disables Anti-Exploit Monitoring in Chrome After Google Policy Change (bleepingcomputer.com)

Posted by msmash on from the tussle-continues dept.

secwatcher shares a report: Last week we reported that Chrome has started displaying alerts more often that suggest users remove programs that are considered incompatible applications with Chrome because they inject code into the browser's processes. These alerts are displayed by Chrome after the browser crashes and suggest the user remove the listed programs because "this application could prevent Chrome from working properly." One of the programs that a lot of users have seen listed in these alerts and is suggested to be removed is the Bitdefender antivirus program as shown above. Having a well known company like Google telling users to remove a security solution is a problem as these programs are important for many users to have installed on their computers in order to protect them from malware, unwanted programs, and malicious websites. Due to these alerts and their suggestion to remove the antivirus software, Bogdan Botezatu, a senior e-threat analyst for Bitdefender, has told Bleeping Computer that as of August 20th, Bitdefender is no longer monitoring Chrome 66 and later with their anti-exploit technology.

5 of 69 comments (clear)

  1. Insecure security solutions by next_ghost · · Score: 3, Informative

    Good, the security solutions vendors will finally learn how to do their job without creating more security holes than they're trying to block.

  2. So some malware won't be infecting Chrome anymore? by robkeeney · · Score: 4, Insightful

    Using anti-virus like Bitdefender is rather like paying a rude thug to live in your house, eat all your food, and hog the TV just to ensure a burglar doesn't break in.

  3. Re:Just One More Reason... by Anonymous Coward · · Score: 3, Informative

    In this case BitDefender is the bad guy. Broadcast-injecting DLLs into processes is *not* safe, and is how Google is able to say what to uninstall. If they did their code-injection correctly there wouldn't be as much issue.

  4. Re:So some malware won't be infecting Chrome anymo by llamalad · · Score: 4, Funny

    If you replace "tv" with "couch", and add "lick your face with the same tongue that just slobbered over a rotting bird wing she found in the bushes" you'll have perfectly described my dog.

  5. What certificate for a home router? by tepples · · Score: 3, Interesting

    Many routers, printers, and network attached storage (NAS) boxes for home use offer a web-based configuration interface. If someone buys one of these devices, where should he or she obtain a TLS certificate to use with said device in order to suppress "Not Secure" messages in web browsers?

    Let's Encrypt and other publicly trusted CAs won't issue a certificate for a private IP or a name in a made-up TLD, such as .internal or .test. It has to be a real domain. Nor do all dynamic DNS providers offer enough features to pass an ACME dns-01 challenge, namely being on the Public Suffix List and supporting TXT records.

    Or should it be the device manufacturer's responsibility to issue a name under the manufacturer's domain and resell a certificate from a known CA, the way Plex does? If so, watch the manufacturer set the certificate's expiry the same as that of the warranty on the device, so that the user has to re-buy hardware in order to renew the certificate. Nor do I see how that would apply to a home-built server made out of a Raspberry Pi or Intel NUC.