Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It'll work no better than for windows. When the browser crashers after it's been updated, users will blame the browser not the shit AV.


Windows would never call out a vendor in their ecosystem. It's suicide.

Browsers don't have to play by those rules. I'm basically saying they should come out and say "your av is shit". Though obviously with better phrasing.

Browsers do have the mandate of system compatibility, but it shouldn't be to the detriment of evolving their product. I guess my strategy would be to find something to patch vs an antivirus vendor with a low install base and put the industry on notice.

Edit: Big honking popup that says "Detected Antivirus software X is modifying our software without permission. This compromises the security of your system and the stability of our software."


I think starting that war will just end up putting users (especially unknowledgable users) at greater risk.

Think about it from a layperson's perspective. A browser maker is saying that the security software isn't secure, but the maker of the security software whose entire company is formed around security says it's fine. Which would you believe if you didn't have the knowledge you have?

In the end, if browsers started this fight publicly, AV vendors might start "making" their own browsers which are horribly insecure (Comodo does exactly that already, and about a year ago they shipped it with the same-origin policy disabled [0]).

Not to mention that uninstalling/removing AV software is difficult at best and impossible at the worst (If norton is on a machine, i'm reinstalling the OS, because I don't think there's another way to get it off of there), and in some cases people have paid money for their AV through shady upsells and FUD. And they aren't going to give up their paid software (and in their heads their security) for a free browser when there are several others to choose from.

It's a shitty situation all around.

[0]https://news.ycombinator.com/item?id=11021633


Yes, but then if AV companies build their own browsers and crash yours, you can have the government step in and prosecute them for their anti-competitive business practices.

I can't imagine any of the AV vendors getting a web browser right to the point that they'd have widespread user adoption. And from the perspective of the Firefox or Chrome or Opera, that user probably wasn't using an updated version of your browser anyway...


> Browsers don't have to play by those rules. I'm basically saying they should come out and say "your av is shit".

> Edit: Big honking popup that says "Detected Antivirus software X is modifying our software without permission. This compromises the security of your system and the stability of our software."

So you think what the world needs is an arms race of AV detection?


It's hard though. If we publicly call out specific AV vendors like that, they might be less motivated when we ask them to fix said shit.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: