Author Topic: Google Discloses Flaws in Avast, Comodo and Malwarebytes Products  (Read 1699 times)

Online VinDSL

  • Administrator
  • Hero
  • *****
  • Posts: 5902
  • Karma: 1160
  • Team Peppermint
    • View Profile
  • Peppermint version(s): Developmental Builds
Quote
Google is publicly disclosing multiple vulnerabilities from vendors that have forked the Chromium Web browser to build their own secure browsers.

LINK:  http://www.eweek.com/security/google-discloses-flaws-in-avast-comodo-and-malwarebytes-products.html

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26437
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Google Discloses Flaws in Avast, Comodo and Malwarebytes Products
« Reply #1 on: February 04, 2016, 05:21:40 am »
That should tell Microsofties something about the "security" companies they're putting their trust (and money) in.

These are not "discovered" vulnerabilities in the original software, these are vulnerabilities the so called security companies introduced themselves ::)

They then have the cheek to charge for the privilege of running their less secure version .. Incredible (yet sadly not surprising).
« Last Edit: February 04, 2016, 05:34:04 am by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Online VinDSL

  • Administrator
  • Hero
  • *****
  • Posts: 5902
  • Karma: 1160
  • Team Peppermint
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Google Discloses Flaws in Avast, Comodo and Malwarebytes Products
« Reply #2 on: February 04, 2016, 03:33:30 pm »
I was running out the door when I posted the above, this morning, and couldn't finish my thoughts ...   ;D

If one reads the text of the article, I *think* there's a warning for Linux users, too -- users that like to experiment with Chromium forks on Peppermint, for instance:

Quote
That said, Grossman noted that building and supporting a Chromium-based browser is not easy. Google patches and updates Chromium rapidly, and that makes it challenging for any fork to keep pace. "If you just fork the Chromium browser, and added zero features but just try to keep pace, it's very difficult and very expensive," Grossman said. "You have to build an update infrastructure, and we were budgeting between $300,000 and $500,000 in developer costs per year, just to keep pace."

I run the regular builds of Chromium, most of the time, but I also run the raw trunk builds on this Ubu test machine.  And, I can assure you that the quote above is true.  They update that build several times a day.  It's highly unlikely that anyone forking Chromium can keep up with the security changes, and so forth, and so on, on a daily basis.

Put another way, anyone that's using a Chromium fork is probably running the risk of having their arse handed to them by perps, not just the winders community.

I'm not trying to be an alarmist.  I just wanted ppl to be aware of the possible security risks when playing around with Chromium forks   ;)


Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 4030
  • Karma: 379
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: Google Discloses Flaws in Avast, Comodo and Malwarebytes Products
« Reply #3 on: February 04, 2016, 05:58:37 pm »
Hi VinDSL,

I take it you think we're playing with fire when we play with these Chromium-based privacy knockoffs.  I've wondered about this type of thing myself, VinDSL.  But wouldn't this mean, if we think about this even more, that Chrome Stable would most likely be the safest bet for security and privacy for us Peppermintites --if we factor in addons and advanced configuration options too?

And this from a guy who's using Opera Stable most of the time these days --with "advanced power user" settings! ::)

(I know that sounds ridiculous, but that's what Opera calls some basic advanced settings.)

In Opera 35 Stable, I cannot yet install EFF's Privacy Badger --an addon I really believe in for added privacy -- which may become available for Opera's version 36, however.

Iridium Security Browser's argument is that Chromium and Chrome are always calling home to Google --hence the need for a browser such as Iridium. 

Quote
Iridium is a free, open, and libre browser modification of the Chromium code base, with privacy being enhanced in several key areas. Automatic transmission of partial queries, keywords, metrics to central services inhibited and only occurs with consent. In addition, all our builds are reproducible, and modifications are auditable, setting the project ahead of other secure browser providers. -- iridiumbrowser.de

perknh






 
[T]here are a lot of people happily running Peppermint ICE which hasn't been receiving ANY updates for a while now .. and I personally would STILL consider that MUCH more secure than any version of Windows with up-to-date AV/Anti-malware ;)

--  PCNetSpec, Cornwall, Eng.  Dec 03, 2013 5:18 pm