In Firefox, we've had a number of security issues created by AV. They tend to run as root, patch up our dynamic libraries in-memory, play man-in-the-middle on the network layer, deactivate security updates, rewrite security certificates, block entire processes at every disk access, ....
Some of these practices might make sense if they had the resources to actually follow the update trains (in my experience, they don't, so Bad Consequences ensue). Some, I suspect, are due to them working in secrecy out of fear from other AV vendors – so much secrecy that we actually don't know what kind of APIs they need for their code to work more cleanly. Some suggest that they simply don't care about killing the performance of the entire browser. And I have seen at least one bug that showed a complete misunderstanding of how SSL works.
I hear that the situation is improving. But for the moment, I'm not a big fan of reading crash reports and cleaning up after messes left by AV software.
Some of these practices might make sense if they had the resources to actually follow the update trains (in my experience, they don't, so Bad Consequences ensue). Some, I suspect, are due to them working in secrecy out of fear from other AV vendors – so much secrecy that we actually don't know what kind of APIs they need for their code to work more cleanly. Some suggest that they simply don't care about killing the performance of the entire browser. And I have seen at least one bug that showed a complete misunderstanding of how SSL works.
I hear that the situation is improving. But for the moment, I'm not a big fan of reading crash reports and cleaning up after messes left by AV software.