I tried 4 AVs on my laptop. 3/4 installed a browser extension, in each case I was unable to uninstall the browser extension within firefox. I was never asked about permission to add anything into Firefox. Just straight out surprise.
Yes, I don't like that also. At least they are not enabled by default, but I would still prefer not to install it at all.
I am not going to mention by name in here because it will turn into A vs B thread. But I think most users here can figure it out from experience :0 That is not excuse for supposed reputable antivirus company to install extension without my permission. There is another issues...1/3 of those antivirus' left a running service after using build in uninstaller. This is unprofessional.
welcome to the real world of antivirus snakeoil behavior. and some pay money for this crap... but - it does not matter which one of them. kaspersky, avira, avast, avg and more Put them all in a sack and flog it: you'll always hit the right one!
Must say this is the first time I have heard of this one. Many AV's inject .dlls into the browser to filter activities. As such, don't know why they would have any desire to fool around with plug-ins/add-ons/etc..
Pick your top performing brands and try them in virtual machine. Honestly I wouldn't mind it so much if there was a way to uninstall extension or stop certain behavior. But it seems like the only way to get rid of an extension or turn off certain activity is by completely uninstalling an antivirus. And then there are still some processes left running. It's a mess.... So now i have to get another software to uninstall an antivirus. To me this kind of behavior is equivalent to spyware and us downloading anti-spyware to get rid of spyware. See the problem here? Now my AV#4 (let's just call it like that to avoid promoting one over another), works just as I need it to work. No extensions in the browser, uninstalls cleanly, lets me decide what i want to run and what I don't.
Disabling is not good enough when i didn't give permission for the extension to be there in the first place. Yes
AV's that scan SSL/TLS traffic don't need browser extensions to do so. They either use a network adapter mini-port filter driver to do so or more recently, use the Windows Filtering Platform. In other words, the traffic is being scanned before it even hits the browser.
Here's a great article on AV browser extensions naming the "culprits" that do so: https://www.howtogeek.com/239950/do...ensions-they-can-actually-make-you-less-safe/ -EDIT- Add Kaspersky - Safe Money - https://support.kaspersky.co.uk/general/safemoney/12782 -and- TrendMicro: https://esupport.trendmicro.com/en-us/home/pages/technical-support/premium-security/1104600.aspx to the list of AV vendors.
Good read. But one has to think about risks vs benefits. In other words what is the risk that malicious script will bypass my browser protection and infect me versus what is the risk that a malware will use AV to bypass browser protection and infect my computer. Throw in noscript in there or ublock origin with script blocking...
I think the point should be the AV's should give the user the option, and just force it in. I am just glad EAM doesn't do any of that stuff. And yes, Noscript really allows you do lock down the browser.
Yup. Hence, the first 3 AVs got uninstalled... even thou they have better detection rates than my AV#4.
Fair enough: AV #1,2,3 = Kasperky , Bitdefender AV #4 = ESET AV#3*, I counted for some reason Bitdefender twice. Kaspersky - Installed Firefox extension without letting me know - Turning off Web Protection did not uninstall the extension in Firefox - I was able to disable Firefox extension - I was able to completely remove Kasperky services with windows uninstaller Bitdefender - Installed Firefox extension without letting me know - Turning off Web Protection did not uninstall the extension in Firefox - I was able to disable Firefox extension - I was left behind with running Bitdefender service after using windows uninstaller Kaspersky/Bitdefender One of them offered HotSpot Shield as a "secure" VPN service, HotSpot shield is known to be a privacy nightmare. Both have lost trust with me due to the behavior as above. Any software that installs extensions, tool bars, etc without my permission in my eyes is a PUP. Even worst when it leaves running services after using its build in uninstaller. Both companies lost my trust and I won't be doing business with them. Offering hotpsot shield as secure VPN does not help their cause either. ESET - Did not install any Firefox extension - I did not try uninstalling ESET to see if all services are removed
Yes, Kaspersky installs Secure connection component that gives you VPN functionality. Luckily it can be removed from Add/Remove programs, but I would prefer if it was possible to not install it at all. Here is also a statement from Kaspersky posted here: https://forum.kaspersky.com/index.p...ed-by-kaspersky-accused-of-snooping-on-users/ I have no wish to use their VPN service.
It doesn't bother me one way or another because the user ultimately has control over whether or not the extension is enabled. I'd rather have web filtering handled by a browser extension that communicates with the product than have the product MITM HTTPS connections (even if some sites are excluded, I don't care, it's not a good practice, imo). I trust the security model of a modern browser more than the code quality of most AV products. I suppose it also should be mentioned that Chrome/Chromium will be blocking all third party code injection by release 72
