
Kaspersky in the Middle – what could possibly go wrong? - robin_reala
https://palant.de/2019/08/19/kaspersky-in-the-middle-what-could-possibly-go-wrong/
======
mosselman
Which other AntiVirus vendors do this? How can you opt-out and is there a
point to installing anti-virus software to begin with?

~~~
zaarn
If you use Windows, use Windows Defender. It doesn't MitM your connections and
has a comparable detection rates for 0days and common malware to all other
modern AVs. Microsoft has put a lot of work into making Defender as secure as
possible (you can even run it inside a VM so any exploit of defender is just
trapped inside a HyperV VM instead of your system).

There is no point in installing any other AV vendor; they all suck, their
software sucks, they ask way more than it's worth (nothing) and they
frequently break security measures of software all over the ecosystem (some
AVs still disable ASLR/KASLR to make injecting their DLL into all processes
easier)

~~~
JohnStrangeII
Windows Defender is on every machine, so what would be the point of writing a
virus that is detected by it? The same for Kaspersky. These programs are easy
to test against and well-known. They are designed to work against old viruses
that have already been detected and analyzed.

It's better to use lesser known antivirus products with good heuristic
detection. I will not mention names but there are a number of products out
there, including ones that block every executable not on a whitelist.

~~~
ziddoap
You can't just wave your hand and say that some lesser known "no names
mentioned" product is better than Defender because you want it to be. If you
have evidence that some AV product is out-performing Defender, it's extremely
selfish and negligent to keep that information to yourself.

I'd much rather trust MS with Defender over some lesser known AV product which
likely doesn't have billions of dollars, unfathomably large samples/datasets,
and extensive experience with APT's.

As pointed out, no one really has a better incentive to detect and eliminate
virus's than MS does in an effort to make their OS virus free.

~~~
JohnStrangeII
Fair enough, but I _did_ give a concrete reason why I believe some "no name
mentioned" products may be better than Defender and other common antivirus
products.

------
amelius
The diagram doesn't show a data link from the AV software to the AV vendor
headquarters. Is that correct?

~~~
palant
Yes, the data is being messed with locally. The article is about a well-
intended security downgrade.

------
based2
[https://www.reddit.com/r/programming/comments/cs2x8x/kaspers...](https://www.reddit.com/r/programming/comments/cs2x8x/kaspersky_av_injected_unique_id_allowing_sites_to/)

~~~
palant
That's an unrelated issue and linked from the article.

