Some info about it here https://www.ghacks.net/2018/08/20/about-google-chromes-incompatible-applications-warning/ Seems quite a few users are not happy about the things that Chrome are listing at the moment as incompatible eg, Dropbox, MBAM etc. now that the warnings seem to have restarted again after a break. https://productforums.google.com/forum/#!topic/chrome/pTxH3Yu7XVc
Bitdefender Disables Anti-Exploit Monitoring in Chrome After Google Policy Change August 24, 2018 https://www.bleepingcomputer.com/ne...itoring-in-chrome-after-google-policy-change/
Good point! I am pretty sure that Bit Defender, MBAE, & other apps that "hook" browsers are hooking ALL browsers, not just Chrome. Are other browsers blaming instability issues on hooking, or is it only Chrome? Is Google using hooking as an excuse for an area of instability that affects Chrome more than it does competing browsers? IMO, this is yet another instance of Google's arrogant elitism whereby they seek to banish problems rather than solve them.
Yes all browser developers have been vocal about hooking being a source of crashes. You need reminded that Chrome is not the first to block them, Edge was. When all browsers block these idiotic "security" suites the web will be a better place. Great. They will all fall in line slowly and be forced to clean up their act.
Mozilla also doesn't like all that AV code injection: https://www.zdnet.com/article/ex-to...tch-all-antivirus-except-microsofts-defender/
While it's said Edge was blocking injection as well. If you look into MBAE with process explorer you can see that interestingly it stil injects in Edge.
They must have MS code signed their .dll. Edge has CIG enabled and will block any image code injection not MS code signed, WQL, or higher.
This link says nothing about hooks causing instability in Firefox. Instead, it's simply a Windows Defender plug that totally ignores comparative test reports by saying "...there's little evidence non-Microsoft AV improves PC security". It sounds like this former Mozilla guy may be fishing for a job at Microsoft. IMO: (1) MS submits WinDef to comparative tests primarily because other AVs do so, and (2) MS primarily improves WinDef because it has competition from other AVs. For a goodly long time I have used MBAE & Firefox, so I am pretty sure FF is hooked -- but in all this time FF has never crashed, even though I usually have 12-15 tabs open. Thus, I would very much like to see links to attributable statements, by proponents of other browsers, to the effect that hooking is an insurmountable problem relative to maintaining browser stability.
I understand not agreeing with him on effectivity of Windows Defender. Just don't focus on that part.
Yes, it's a dumb decision, they should allow code injection of trusted security apps. I'm wondering what this means for apps like HMPA and Sandboxie. On the other hand, certain apps have no business hooking the browser, think of Acronis True Image, Dropbox and FileZilla.
I see your point. Finally. What is of concern, I think, is O'Callahan's statement that "antivirus vendors don't follow standard security practices..." The exploiters of browser weaknesses are ALSO "not following standard security practices." Maybe O'Callahan should give them a good scolding. My point is, I doubt that any AV vendor is using new approaches for any reason other than trying to take aim at the exploiters, who are a MOVING target. Browsers are a primary entry point for computer infections. Both the vendors of AVs and the proponents of browsers have a shared goal for preventing exploits. Any conflict between them, such as that begun by Google on behalf of Chrome, benefits the exploiters of browsers much more than the users of browsers. Instead of being a leader toward coordinating efforts to prevent exploits, Google says "it's my way or the highway." IMO, that arrogant attitude benefits NO one except the exploit hacks.
I agree with that. Companies that monopolize some market, tend to develop this (arrogant) attitude. Just look at MS. That's one of the reasons why monopolies are not in best interest of end users, no matter how "good" or "not evil" they try to present themselves.