|
|
|
|
|
|
by detaro
2296 days ago
|
|
|
> And yes, I do expect security companies to have well-written and well-tested code. Your expectation makes no sense, given the vulnerabilities we've seen in AV software in the past decade. If they insist that executing suspect JS is a good idea, they a) probably should use an established interpreter unless there's good reasons not to and b) not run it privileged. EDIT: Avast appears to have deactivated this now: https://twitter.com/avast_antivirus/status/12376853435807539... |
|
|