Author Topic: What anti-malware products cannot be longer trusted through media manipulation? (Read 2427 times)

polonus · « **on:** March 01, 2015, 02:03:05 PM »

Quote

Browser companies (Mozilla, Google, Microsoft) limit the usage of Toolbars and browser extension. Soon users will only be able to install extensions approved by Google on Chrome. This has led to media companies to adapt with an almost certain loss of revenues, at an attempt to comply with new challenging regulations. Happily Komodia can help with these challenges via the ad injection SDK. Additionally supporting Safari and Opera, two browsers that are not monetize by current plugins solutions.

quote from article by https://blog.malwarebytes.org/author/jeromesegura/

My question what anti-malware vendors have been abusing such schemes in their cloud technology.
I know now some Bitdefender programns fell through, as did Lenovo, Ad-aware. What companies are also into intercepting content via https, the certificate stays behind as the app is being removed.

Simple who can still be trusted online, as Google browser already was stripped of certificate revocation checking in 2012.
Did they know what was coming: http://arstechnica.com/business/2012/02/google-strips-chrome-of-ssl-revocation-checking/

I think this is undermining end-user trust. Anyone?

polonus

polonus · « **Reply #1 on:** March 01, 2015, 03:22:34 PM »

There is a utility program for downloading and dumping the current Chrome CRLSet: https://github.com/agl/crlset-tools
This in the light of what we may read here, (article author = Adrian Dimcev) ->
http://www.carbonwind.net/blog/post/Inside-Google%E2%80%99s-pushing-revocation-list-approach.aspx

Also read: https://www.eff.org/deeplinks/2015/02/dear-software-vendors-please-stop-trying-intercept-your-customers-encrypted

This is what firefox plans: https://wiki.mozilla.org/CA:RevocationPlan

polonus

essexboy · « **Reply #2 on:** March 01, 2015, 03:27:14 PM »

Myself I would never use Chrome as it is becoming very easy to subvert. Note the number of instances where I have asked for Chrome to be uninstalled whilst I fix the problems... The main one is developer mode

Secondmineboy · « **Reply #3 on:** March 01, 2015, 03:32:23 PM »

Im using Chrome and its pretty much borked with one of the last updates.

But never had big issues like these before.

I might go back to IE/Spartan later down the road.

polonus · « **Reply #4 on:** March 01, 2015, 03:41:32 PM »

Hi essexboy and Steven Winderlich,

That is why I switched to Sleipnir6, because I can have my favorite Chrome extensions there as well without this apparent chrome developer manipulation. Google Chrome bended the browser curves quite a bit, because of their main revenue stream interests, while IE, because of incompatibilty of their earlier browser versions, sticked with old(er) technology and did not adopt new more secure technology in an attempt to please all global users' experience. So we find ourselves in between Scylla and Charybdis, and how to steer clear of Gibraltar then (read your classics, it is very actual sometimes)

polonus

polonus · « **Reply #5 on:** March 01, 2015, 04:09:27 PM »

Here I stumbled upon that google chrome bork- the proof of the pudding is always in the eating":
https://groups.google.com/a/chromium.org/forum/#!topic/chromium-os-dev/hT1ZTMPac-M
and the solution: https://codereview.chromium.org/239553004/

pol

polonus · « **Reply #6 on:** March 01, 2015, 05:18:21 PM »

More on SDK beacon hacking: http://beekn.net/2014/01/can-estimote-be-hacked/

polonus