|
I think we're agreeing?  Yes AV is useless, no I dont personally pay for or use any AV myself. I guess my question was more about what to recommend to users who I know will not run a system without any AV because they think that would be like barebacking it in a Tijuana brothel. I know they are going to use it so I might as well find the one that is the most unobtrusive and wont take up a ton of system resources.
|
#
?
Jul 31, 2015 16:08
|
|
|
|
| # ? Jun 3, 2024 06:09 |
|
|
BaseballPCHiker posted:I think we're agreeing? They all use the same amount of resources give or take. Just get a free one and be done with it. Here, I made a choice at random for you: Microsoft has an AV so use that.
|
|
#
?
Jul 31, 2015 16:30
|
|
|
BaseballPCHiker posted:Has anyone tried using this Tron script yet: Please do not use something that installs flash, adobe reader, and java automatically.
|
|
#
?
Jul 31, 2015 17:50
|
|
|
BaseballPCHiker posted:I think we're agreeing? They should all be updating to Windows 10 over the coming year, and that has MSE built in as Windows Defender and it's impossible for them to disable it. So just tell them to do that.
|
|
#
?
Jul 31, 2015 17:52
|
|
|
BaseballPCHiker posted:Has anyone tried using this Tron script yet: I've thrown it against 3 infected machines. One it fixed (this machine was just some adware and other garbage), second machine had some flavor of trojan and Tron would lock and then reboot the computer after running for ~3-4 hours repeatedly, third computer it ran and cleaned but the computer re-infected itself a few hours after it was reconnected to the internet. IMO it's largely useless, the automation is nice but the time it takes to run (8+ hours typically) is insane when you could get similar results doing it manually over 90 minutes or so. As for free AV go with MSE, it's as useless as everything else but it doesn't advertise to you. The free copy of Norton/Mcafee for Comcast/ATT customers also works.
|
|
#
?
Aug 2, 2015 04:09
|
|
|
uPen posted:I've thrown it against 3 infected machines. One it fixed (this machine was just some adware and other garbage), second machine had some flavor of trojan and Tron would lock and then reboot the computer after running for ~3-4 hours repeatedly, third computer it ran and cleaned but the computer re-infected itself a few hours after it was reconnected to the internet. I was mostly interested in it for relatives/friends computers but after looking at it and hearing some feedback, formatting and reinstalling is totally the way to go. Quicker and more effective. After arguing back and forth with OSI bean Dip I've just continued with my advice of installing ublock and telling people to watch what they click on, that and MSE running unobtrusively in the background. If someone really bugs me because they think free=bad I'll just tell them MalwareBytes or Kapersky.
|
|
#
?
Aug 3, 2015 15:37
|
|
|
BaseballPCHiker posted:I was mostly interested in it for relatives/friends computers but after looking at it and hearing some feedback, formatting and reinstalling is totally the way to go. Quicker and more effective. After arguing back and forth with OSI bean Dip I've just continued with my advice of installing ublock and telling people to watch what they click on, that and MSE running unobtrusively in the background. If someone really bugs me because they think free=bad I'll just tell them MalwareBytes or Kapersky. make them give you $20 and then pretend to install MSE
|
|
#
?
Aug 4, 2015 00:55
|
|
|
Oracle security chief to customers: Stop checking our code for vulnerabilities
|
|
#
?
Aug 11, 2015 20:57
|
|
|
One of the Ars posters had a great retort. "Oh, so this means that Oracle is assuming all liability for their software? That's great!"
|
|
#
?
Aug 11, 2015 21:23
|
|
|
This was my favourite response to that
|
|
#
?
Aug 13, 2015 11:34
|
|
|
Netflix is dumping their AV: http://www.forbes.com/sites/thomasbrewster/2015/08/26/netflix-and-death-of-anti-virus/quote:For years, nails have been hammering down on the coffin of anti-virus. But none have really put the beast to bed. An industry founded in the 1980s, a time when John McAfee was known as a pioneer rather than a tequila-downing rascal, has survived despite the rise of umpteen firms who claim to offer services that eradicate the need for anti-virus. And where Netflix goes the rest are soon to follow. Bye bye lovely AV!
|
|
#
?
Aug 26, 2015 17:33
|
|
|
I posted this in Hardware but maybe this is a better spot to ask: I just got my computer back from the shop after getting infected with Malware. I've changed all my important passwords and requested a new credit card, but I'm worried about plugging in my External Hard Drive. Is it possible for it to be infected? What can I run to put my mind at ease?
|
|
#
?
Aug 26, 2015 18:41
|
|
|
Professor Shark posted:I posted this in Hardware but maybe this is a better spot to ask: I just got my computer back from the shop after getting infected with Malware. I've changed all my important passwords and requested a new credit card, but I'm worried about plugging in my External Hard Drive. Is it possible for it to be infected? What can I run to put my mind at ease? Two things: 1) Just boot off of an Ubuntu disk and see what's on there. If you see anything malicious on there, remove it or somehow neuter it. 2) Make sure AutoRun is completely turned off. If AutoRun does not pick up on your drive, you should not have an issue plugging it in even if it is infected. I guess the third thing could be don't have it plugged in at bootup too.
|
|
#
?
Aug 26, 2015 18:51
|
|
|
Professor Shark posted:I posted this in Hardware but maybe this is a better spot to ask: I just got my computer back from the shop after getting infected with Malware. I've changed all my important passwords and requested a new credit card, but I'm worried about plugging in my External Hard Drive. Is it possible for it to be infected? What can I run to put my mind at ease? In addition to what OSI bean dip said, you could also see if an offline scanner like Windows Defender Offline will recognize the external disc and use that to scan it.
|
|
#
?
Aug 26, 2015 19:02
|
|
|
Mustache Ride posted:Netflix is dumping their AV: http://www.forbes.com/sites/thomasbrewster/2015/08/26/netflix-and-death-of-anti-virus/ Honestly as much as I hate AV, we're not there yet. But I eagerly await some C level exec at Netflix taking half the network down because he browsed the wrong porn site.
|
|
#
?
Aug 26, 2015 20:20
|
|
|
Space Gopher posted:Previously, encryption software was either a closely held government secret, or an astoundingly expensive (and likely broken) commercial product. Anybody could download PGP and get NSA-grade encryption, in a fairly simple user interface that kept the details of the two-step process under the hood.This led to all kinds of political battles, including an arms-control investigation of its original programmer (who had, ironically, written it in support of anti-nuclear activism).These days, PGP isn't used that much anymore as a standalone product, but you can trace a direct line from PGP to online credit card transactions and easy-to-use full disk encryption at the OS level. Phil Zimmerman drove around uploading the code to BBS' because the American government classified strong encryption as munitions, which led to people tattooing RSA onto their arms in protest. They attempted to prosecute him for doing so, but it led to a realization that it was dumb. Didn't stop the idea getting refloated last year. Public/private key pairs were the real benefit. That first version of PGP was limited to 1024-bit keys that could take a couple of minutes to encrypt on the computers of the time; I could encode MP3s in about 3x their play time with a Pentium back then. Pedantic note: Stop saying SSL. Poodle killed SSL. It's TLS.
|
|
#
?
Aug 27, 2015 18:08
|
|
|
Hav posted:Pedantic note: Stop saying SSL. Poodle killed SSL. It's TLS. Except TLS is just what Netscape let a committee rename SSL to in order to prevent Microsoft from taking their ball and leaving the browser encryption game.
|
|
#
?
Aug 28, 2015 06:14
|
|
|
Yeah, it was a hysterical concession, but not even Taher minded.
|
|
#
?
Aug 28, 2015 06:25
|
|
|
TLS isn't even an accurate name. It secures the Application layer, not the Transport layer.
|
|
#
?
Aug 28, 2015 18:25
|
|
|
Yeah well, ALS was taken.
|
|
#
?
Aug 28, 2015 20:26
|
|
|
dpbjinc posted:TLS isn't even an accurate name. It secures the Application layer, not the Transport layer. How so?
|
|
#
?
Aug 28, 2015 20:31
|
|
|
OSI bean dip posted:Two things: If you really want to be sure that your computer is clean, Boot up another OS (for example ubunto from live CD) transfer all important files to a new hard drive or burn them on a DVD (better back up your stuff on a regular basis). Afterwards, wipe the drive inside your computer ( http://www.dban.org/ offers a nice tool for this). This ensures that the so called master boot record is also erased. One could argue that a fresh install of ubuntu would als do the trick, but I simply prefer to nuke HDDs from orbit. Now you install a fresh copy of windows on the wiped drive and load you backed up files onto it. This might be overkill (even tho you could go further down the rabbit hole and wrap even more tinfoil around your head). There ARE some nasty things that might survive this treatment this, but that's pretty exotic stuff not regularly encountered in the wild. Also, autorun should generally be disabled on your system.
|
|
#
?
Sep 8, 2015 11:29
|
|
|
Does someone have a good idea of what additional things Malwarebytes Anti-Exploit does over the main Malwarebytes Anti-Malware product? My work just rolled out both, so I'm wondering if there's a good reason to have both at home.
|
|
#
?
Oct 2, 2015 16:35
|
|
|
Kafeine has a good write-up on it (they paid him to test it) here: http://malware.dontneedcoffee.com/2014/06/mbae.html. It should block exploit kits like Angler and Nuclear which deliver ransomware among other things.
|
|
#
?
Oct 3, 2015 01:41
|
|
|
An old router I plugged in to test for something became infected with Linux.Wifatch within minutes, which... hardens the router against further attacks? 
|
|
#
?
Oct 3, 2015 02:05
|
|
|
-Troika- posted:An old router I plugged in to test for something became infected with Linux.Wifatch within minutes, which... hardens the router against further attacks? Doesn't it also create some backdoors? In theory the creator could act all nice until he gets enough routers infected to flip the switch and make them all
|
|
#
?
Oct 3, 2015 20:47
|
|
|
-Troika- posted:An old router I plugged in to test for something became infected with Linux.Wifatch within minutes, which... hardens the router against further attacks? Throw it out. While sure this malware may have protected you from something, the fact that this happened and the fact that foreign software was installed on your device without your consent does mean that you cannot trust it. Just buy a new D-Link or something router and don't plug it into the Internet until you're certain that nothing can access the device from the outside.
|
|
#
?
Oct 4, 2015 16:13
|
|
|
OSI bean dip posted:Throw it out. While sure this malware may have protected you from something, the fact that this happened and the fact that foreign software was installed on your device without your consent does mean that you cannot trust it. To be fair, it infects devices via insecure telnet passwords and removes itself upon reboot. Flash the router with a newer firmware, set some passwords that aren't 'password', save some money.
|
|
#
?
Oct 5, 2015 20:51
|
|
|
OWLS! posted:To be fair, it infects devices via insecure telnet passwords and removes itself upon reboot. To be fair, you're assuming that you know exactly what the third-party code did and assume that it removed itself at reboot. You are also assuming that the flashing mechanism hasn't been touched either. Please don't take offence but don't give lovely advice like this. It's what makes my job much harder. Thanks.
|
|
#
?
Oct 5, 2015 20:58
|
|
|
Do you also incinerate laptops if they get owned, or do you just reinstall the software stack? If you don't reuse compromised hardware after restoring from a known source, can I have your old stuff? I promise to be very careful with it.
|
|
#
?
Oct 5, 2015 21:02
|
|
|
Once a system like that gets infected, you're relying on the malware to allow you to flash the firmware. There's nothing you can do to verify that it isn't installing hooks into it when you upgrade and even reporting an MD5 that indicates that the image is clean. You don't know what dark corners of the device that hooks may or may not have been hidden in. Unless you can wipe every bit of writable memory on the thing without missing anything you have no guarantee that you fully removed the malware.
|
|
#
?
Oct 5, 2015 21:19
|
|
|
Prosthetic_Mind posted:Once a system like that gets infected, you're relying on the malware to allow you to flash the firmware. There's nothing you can do to verify that it isn't installing hooks into it when you upgrade and even reporting an MD5 that indicates that the image is clean. This is exactly the thing I am bantering about. For the majority of you in this thread, you're all likely going to try and flash the device via the web interface. You have no assurances that the flashing tools included with the software haven't been compromised and you definitely cannot tell me that the settings stored within the router's NVRAM will not persist after a flash and restart. Even trying to fix it using TFTP and whatnot does not provide you a guarantee that the problem has been mitigated. The purpose of such software is to remove the problem from the public Internet. It's a bandaid and an improper one at best. If you find out your device is affected, the best course of action is to outright remove it from your network and pick up another one. Someone has gone and modified your device without your consent and even if you think it was for the best you cannot be ascertain of that. Lain Iwakura fucked around with this message at 21:27 on Oct 5, 2015 |
|
#
?
Oct 5, 2015 21:23
|
|
|
Can I have your stuff? I was thinking of reflashing like one does after bricking a device, but if you don't have a trusted channel for the reflashing then I can see the concern. Of course, I don't think I would reflash my PC BIOS (and video card, and so forth) as part of eradicating malware either, so maybe I'm just insufficiently paranoid.
|
|
#
?
Oct 5, 2015 21:24
|
|
|
Subjunctive posted:Of course, I don't think I would reflash my PC BIOS (and video card, and so forth) as part of eradicating malware either, so maybe I'm just insufficiently paranoid. Can your PC BIOS potentially subvert all communication going between your network and the internet to do things like steal banking and other information, as well as act as part of a botnet?
|
|
#
?
Oct 5, 2015 21:52
|
|
|
Prosthetic_Mind posted:Can your PC BIOS potentially subvert all communication going between your network and the internet to do things like steal banking and other information, as well as act as part of a botnet? My PC BIOS can potentially subvert anything, it controls the way the OS gets loaded. It was in the NSA's catalog of dirty tricks that got leaked a couple years back, and Equation Group was doing it with drive firmware too. E: http://www.wired.com/2015/02/nsa-firmware-hacking/ has a good overview. I don't even know how to reflash my drive firmware in a trusted way, so I guess I really should be pulverizing equipment and hitting NewEgg from a trusted device if I get owned... Subjunctive fucked around with this message at 22:14 on Oct 5, 2015 |
|
#
?
Oct 5, 2015 22:11
|
|
|
Subjunctive posted:My PC BIOS can potentially subvert anything, it controls the way the OS gets loaded. It was in the NSA's catalog of dirty tricks that got leaked a couple years back, and Equation Group was doing it with drive firmware too.
|
|
#
?
Oct 5, 2015 22:29
|
|
|
I've always wanted one of those BIOS's where you could press a button and it would reflash it from ROM, but I dunno if they are a thing nowadays. Also a usb flash drive with an actual hardware write protect switch, they don't seem to be manufactured now either in modern sizes.
|
|
#
?
Oct 5, 2015 22:36
|
|
|
wyoak posted:It's certainly a matter of risk assessment vs cost but new routers are like $80 so pony up lol at your peasant router I bet it doesn't even have an app But yes, I was responding to the "potentially" aspect. I think I would be OK with tftp reflashing versus landfill for this case myself.
|
|
#
?
Oct 5, 2015 22:41
|
|
|
Didn't it come out that intelligence agencies were intercepting shipments of hardware and reflashing them with compromised firmware before they hit the market?
|
|
#
?
Oct 5, 2015 23:19
|
|
|
|
| # ? Jun 3, 2024 06:09 |
|
|
yes
|
|
#
?
Oct 5, 2015 23:45
|
|