Well for one thing, I use Eset antivirus and for another it wasn't my av that blocked, it was Firefox.
It could be, but Eset usually shows a different pop up box with the warning. I just re-checked and the web page loads up normally now
I personally highly dislike AV browser integration, since it's contra-productive to have an instance that enables new attack vectors by interferring with browsers https connections .
Next time I run into the Eset security alert I'll post a screen shot, It's different than the one I got from LostEd's link
This is what an Eset security alert about a web page looks like: which isn't anything like the alert I got the first time I went to LostEd's link, which leads me to think it was FF instead? Edit...yup. It is Firefox; https://support.mozilla.org/t5/Fix-slowness-crashing-error/Troubleshoot-the-quot-Secure-Connection-Failed-quot-error/ta-p/681 I too am using the latest update of FF 52.0.1
Almost all newer AV installing their own SLL certificate which is pretty dangerous. Why? Because: * The user gets confusing warnings and try to fix it, and possible run into more malware because he uses some 'tools' * The entire traffic goes over this certificate * If the certificate is compromised 'somehow' your AV can't inspect/see the traffic (talking about SSL traffic) After reading + understanding this 'article' I only can say it's bulls**t. Entire article and their 'facts'. It's not a security risk or an 0-day at all it's a mechanism from Windows itself which can't be abused. This mechanism is designed to load program libraries on autostart. This even helps to detects hacker attacks, without it you can't detect it. The main stuff is loaded by the registry itself, this also can/loads additional libraries/binaries. The processes running with the same privileges as the .executable. Again everything is fine here. This can be checked here. The thing starts here, every autostart entry theoretically can load malware. This is well known. An real exploit would try to get additional rights. This will never be patched, it's by design, if you get already infected it would be anyway too late. Sr, but this shows how dangerous it is if non-experts writing such articles.
Weren't similar concerns raised with the "shatter" attack? https://security.stackexchange.com/...in-the-days-of-user-interface-privilege-isola
My particular formula is: No Malwarebytes No Anti-virus Mozilla Firefox v42 (I think my browser is too dumb for a pesky AI to interact with). No Ad-blocker Nothing. And no intrusions. I use a single firewall. That's it. (I do not save browsing history and I do run CCleaner daily.) I come from the school (and this particular classroom is fairly empty) which says that if you are not willing to do the learning curve on a piece of technology then you should not use it, for it is likely harmful. And I do believe this to be the case. It would behoove people to visit Black Viper's website for 12 months straight until they become a master at the information he provides. The trick here is to learn and do the following. Run a legacy OS (anything pre-Windows 10). And then disable the following: Remote Registry and all un-needed services including Windows Updates IPv4 IPv6 Teredo Tunneling adapters SMB And install a firewall. This represents only a small portion of what can be done to lock a machine down; but doing these things alone will reduce your exposure immensely. You can't video-conference on a machine like this, but you can do everything else. And if you need to run such intrusive apps then you should use a dedicated machine for that. Less is more.
Well, I am running W10 18298, and have completely uninstalled Windows Defender. I do use an ad blocker, and use Chrome v72. That's it. No problems.