>Your AV company's infrastructure is probably a lot more secure than the infrastructure of browser plugins you use and games you play.
Well I'm not a security expert and I'm using Linux, so I don't use a Windows antivirus obviously. A quick test trying to download free or trial Windows antivirus software (I'm not willing to pay for this simple experiment):
Kaspersky:
- google Kaspersky
- google result leads to http site, all the way to the download of the trial version it's http (I'm sure at least 80% of users don't notice this)
- try to type in manually https://www.kaspersky.com
- it redirects to http://www.kaspersky.com !!!!
Ok let's try Avast, it's popular, isn't it?
- ok it's all https, http redirects to https, it could even have HSTS, didn't check.
- download links to http CNET site ...
- I have to allow half the World's third party js to get to the download.
- It's of course http,
- Manually rewrite it to https (not straightforward, it's behind a redirection), invalid certificate (issued to a248.e.akamai.net instead of software-files-a.cnet.com
- Its installer is probably loaded with CNET crapware anyway
Downloading Avira worked fine though, I only tried these three. These companies are supposed to be security vendors, this is freaking ridiculous.
Well I'm not a security expert and I'm using Linux, so I don't use a Windows antivirus obviously. A quick test trying to download free or trial Windows antivirus software (I'm not willing to pay for this simple experiment):
Ok let's try Avast, it's popular, isn't it? Downloading Avira worked fine though, I only tried these three. These companies are supposed to be security vendors, this is freaking ridiculous.