|
hackbunny posted:Honestly? I wouldn't trust any code. There. And yeah, writing
|
# ? Nov 12, 2015 10:59 |
|
|
# ? May 6, 2024 03:35 |
|
hackbunny posted:So, anyone? It's not strictly a security tool, but it keeps all software up to date and it requires almost zero maintenance or human intervention. I was wondering if anyone else used it and if it's secretly terrible I don't know about security, but I stopped using it because it was slow as hell (i.e. tens of minutes to update a handful of programs). I've been using PatchMyPC instead and have been much happier with it.
|
# ? Nov 12, 2015 13:11 |
|
hackbunny posted:So, anyone? It's not strictly a security tool, but it keeps all software up to date and it requires almost zero maintenance or human intervention. I was wondering if anyone else used it and if it's secretly terrible Like hooah said it's very very slow. But other than that it works pretty good. Sometimes it comes up with things like ancient MSXML core services or whatever that are part of some program or something, or random old versions of programs you have laying around but not installed, but you can ignore those.
|
# ? Nov 12, 2015 18:08 |
|
My experience with Secunia PSI was that it was so slow it wasn't worth using. It would take forever to respond to just clicking around on the interface. PatchMyPC worked pretty well for me for a while, but anyone feel free to shoot it down immediately if it's not really good. These days I just use Ninite and avoid apps that aren't integrated with it, or try to find ones in the PortableApps catalog, since those'll update as well. Grumble time, since MS started its "let's make it difficult not to upgrade to 10" campaign, I find that I now have to check each new patch they roll out to make sure it isn't installing something I didn't ask for and don't want. So I'm checking ghacks.net and windowssecrets.com every patch Tuesday. I don't think I've read a tech blog since the early aughts. I've been using WSUS Offline to install patches in the hopes that their administrative focus steers them away from this kind of nonsense. (edit: yes I am a cane-waving luddite running Win7) I guess if the OS provider is rolling out stuff you don't like it's technically not a security risk, but it somehow feels the same to me: actions beyond your control, without your leave. doctorfrog fucked around with this message at 21:48 on Nov 12, 2015 |
# ? Nov 12, 2015 21:45 |
|
My Win 7 is fine because it seems to think my PC doesn't support 10 due to some missing drivers (bullshit) but it's fine by me because it doesn't bother me now.
|
# ? Nov 12, 2015 21:50 |
|
doctorfrog posted:Grumble time, since MS started its "let's make it difficult not to upgrade to 10" campaign, I find that I now have to check each new patch they roll out to make sure it isn't installing something I didn't ask for and don't want. So I'm checking ghacks.net and windowssecrets.com every patch Tuesday. I don't think I've read a tech blog since the early aughts. I've been using WSUS Offline to install patches in the hopes that their administrative focus steers them away from this kind of nonsense. (edit: yes I am a cane-waving luddite running Win7) Your worst-case scenario is you get a taskbar icon saying you are compatible. There's no forced updates. A small number of people auto-updated on launch day who had reserved their copy, but this was a bug. Maybe this is enough to make your ludditeness rage you out but there's no real cause for concern. I hit the button to upgrade a couple of weeks ago. It's markedly quicker than Win 7 at booting and resuming, and there's no compatibility issues, even on the one machine where it says it isn't. Synthetic benchmarks put it on-par with 7 in nearly all things, better in others, give it a slight edge in gaming performance and is generally quicker at disk access. Windows 10 is the new Windows 7 in the "it's just quick and works" factor.
|
# ? Nov 14, 2015 13:47 |
|
Khablam posted:Your worst-case scenario is you get a taskbar icon saying you are compatible. There's no forced updates. A small number of people auto-updated on launch day who had reserved their copy, but this was a bug. Maybe this is enough to make your ludditeness rage you out but there's no real cause for concern. I'm not really angry about it, I just don't like it. So I grumble. That icon's done more than sit there, and some users have had it, and its attending services, come back even after removal. This, plus telemetry--something "harmless" but still, something I didn't ask for and don't want--and a rumored future push to make the Windows 10 upgrade a higher level update, means I feel like I have to comb through all their patches just in case. There may be a difference in philosophy here also. I view the PC as a sort of digital house that I own. All my stuff is on there, work, play, family photos, stuff I've written, etc. I do all my work on PC. I prefer to have a level of control over this house of stuff that maybe you don't feel you need. I also have an HP Stream laptop running Win 8.1, a cheap but decent machine, with a tiny SSD. I haven't a clue what W10's storage demands will be, or how it will perform on it. This is all stuff that's my problem, but I view these as practical concerns.
|
# ? Nov 14, 2015 20:32 |
|
I'm glad they're putting Windows 10 upgrade to a more important update level. This is their way of preventing the thing that happened with Windows XP, where millions of computers were still running on this old system, even after support completely dropped, leading to security problems everywhere. And they're doing it for free too. While their Windows 10 data-grabbing from computers is concerning, an 'enforced' upgrade will in the long run be helpful for all those people who don't understand computer security at all.
|
# ? Nov 14, 2015 22:18 |
|
Carbon dioxide posted:I'm glad they're putting Windows 10 upgrade to a more important update level. This is their way of preventing the thing that happened with Windows XP, where millions of computers were still running on this old system, even after support completely dropped, leading to security problems everywhere. And they're doing it for free too. While their Windows 10 data-grabbing from computers is concerning, an 'enforced' upgrade will in the long run be helpful for all those people who don't understand computer security at all. Right, and this is the heart of the reason for the push. Supporting 6-year old software, twice superseded, is a drain on resources keenly felt by a company struggling to bring their books back to where they want them to be, and 99% of the issue is people simply not wanting to for *reasons*. People, who could put the same effort they're putting into avoiding the update (being active in it is just bizarre) into researching their current compatibility and would end up with something that was a win-win for all. My desktop upgraded in about 25minutes with zero issues. I've had java patches take longer. This is the most seamless upgrade of an OS I've seen. To their credit, MS have largely seen the problem with optional, paid, effort-laden upgrades, and have adopted the "buy once, keep forever" model. Win 10 might then kill OS luddites, but sadly not soon, as 7 goes EOL in 2020.
|
# ? Nov 14, 2015 23:05 |
|
Thanks for all the info, I'm paranoid now and going to take a bunch of this advice. I have a question about password managers, though. I need to log into stuff from all sorts of different computers in my daily life. How does that work with KeePass? You mention that it can be sync'd with dropbox or other services but do I then have to carry a USB drive with the KeePass program/vault file with me wherever I go, and can only log into poo poo if I can get to that computer's USB ports? Or do I have to download it on every new computer, and then connect it to my vault file from dropbox? Sometimes that's not possible or practical (wall-mounted presentation boxes in conference rooms at work etc.). Would I just put it on my phone (iphone, sorry) and pull it up in plaintext and type it in manually when I'm at a new computer, or what? Sorry if this is dumb.
|
# ? Nov 15, 2015 17:32 |
|
sneakymango posted:Thanks for all the info, I'm paranoid now and going to take a bunch of this advice. So you have a couple of options but in the case of a machine where downloading the password file to the machine is not an option, sending the file to your mobile device is definitely one way you can go about doing it. You'll need a copy of KeePass on any machine that you want to read the password database itself. KeePass themselves provide links to portable versions however.
|
# ? Nov 15, 2015 18:54 |
|
As someone who looks at hella PDF's, what should I be using instead of adobe reader?
|
# ? Nov 18, 2015 11:22 |
|
Loving Africa Chaps posted:As someone who looks at hella PDF's, what should I be using instead of adobe reader? Depends if you're looking, or searching / manipulating. I use whichever browser is default. Firefox, Chrome and Edge can all open PDFs, and they're all kept up-to-date more often than anything Adobe shits out.
|
# ? Nov 18, 2015 13:28 |
|
I really like Foxit Reader myself.
|
# ? Nov 18, 2015 15:43 |
|
Loving Africa Chaps posted:As someone who looks at hella PDF's, what should I be using instead of adobe reader? If you must use Adobe Reader (Canadian government ), you should disable the auto-approval of Javascript, as well as the trust of external links, assuming your PDF sources aren't broken enough to require those things. But there are a ton of "not Adobe" options and they're all pretty solid by virtue of not being Adobe.
|
# ? Nov 18, 2015 15:48 |
|
Fruit Smoothies posted:Depends if you're looking, or searching / manipulating. I use whichever browser is default. Firefox, Chrome and Edge can all open PDFs, and they're all kept up-to-date more often than anything Adobe shits out. Re Firefox PDF.js: https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/ OP should use chrome's because it's sandboxed
|
# ? Nov 18, 2015 16:55 |
|
univbee posted:If you must use Adobe Reader (Canadian government ), you should disable the auto-approval of Javascript, as well as the trust of external links Also you should be running EMET (not that it can't be circumvented)
|
# ? Nov 18, 2015 16:57 |
|
Rufus Ping posted:Also you should be running EMET (not that it can't be circumvented) OK, let's check the link to it.
|
# ? Nov 18, 2015 17:01 |
|
Carbon dioxide posted:I really like Foxit Reader myself. It's bloatware. Use chrome imo. SumatraPDF works and is nice and lightweight, but looks like rear end.
|
# ? Nov 18, 2015 17:36 |
|
spankmeister posted:SumatraPDF works and is nice and lightweight, but looks like rear end. And that's why I like it
|
# ? Nov 18, 2015 17:55 |
|
I bought a new laptop recently, but never bothered to migrate old files off of my old one. I'm interested in using some type of Remote desktop software or something so that I basically use my old laptop like an external HD (i.e. just go into Explorer, open up the folders and such from the other laptop and control it from my new laptop). All the stuff with remote desktop and all of that has me paranoid. What's the safest and easiest way to do this without installing some hokey software that has a thousand exploits?
|
# ? Nov 18, 2015 20:48 |
|
Melian Dialogue posted:I bought a new laptop recently, but never bothered to migrate old files off of my old one. I'm interested in using some type of Remote desktop software or something so that I basically use my old laptop like an external HD (i.e. just go into Explorer, open up the folders and such from the other laptop and control it from my new laptop). Migrate the files.
|
# ? Nov 18, 2015 21:43 |
|
Khablam posted:Migrate the files.
|
# ? Nov 18, 2015 22:00 |
|
Khablam posted:Migrate the files. There's too many. I have an SSD on my new laptop that while is much faster, doesn't have a lot of storage. Do I need to just bite the bullet an buy an External HD? It just feels like an unnecessary expense given that my old laptop is just acting like an external HD right now, collecting dust.
|
# ? Nov 18, 2015 23:00 |
|
You can get an enclosure and slap your old drive in it.
|
# ? Nov 18, 2015 23:03 |
|
Melian Dialogue posted:There's too many. I have an SSD on my new laptop that while is much faster, doesn't have a lot of storage. Do I need to just bite the bullet an buy an External HD? It just feels like an unnecessary expense given that my old laptop is just acting like an external HD right now, collecting dust. You have lovely transfer speed and have to power a whole laptop just to run it as a HDD, it's also an ageing 2.5" which isn't a great bedrock of reliability. How much storage do you need? External drives are cheap. All storage basically is.
|
# ? Nov 18, 2015 23:32 |
|
Khablam posted:Right, and this is the heart of the reason for the push. Supporting 6-year old software, twice superseded, is a drain on resources keenly felt by a company struggling to bring their books back to where they want them to be, and 99% of the issue is people simply not wanting to for *reasons*. People, who could put the same effort they're putting into avoiding the update (being active in it is just bizarre) into researching their current compatibility and would end up with something that was a win-win for all. My desktop upgraded in about 25minutes with zero issues. I've had java patches take longer. This is the most seamless upgrade of an OS I've seen. I've tried to upgrade my laptop twice, waited 8+ hours and got nowhere. The first time it at least reached the install and reboot stage... and then booted into 7. Second time it never got past the spinny 'preparing your computer' screen. I guess I should try again. Seamless isn't the word I'd use. Khablam posted:You have lovely transfer speed and have to power a whole laptop just to run it as a HDD, it's also an ageing 2.5" which isn't a great bedrock of reliability. This. The likelihood of a drive dying ticks up slightly every year, crossing over 'more likely than not' around year five--and that's assuming you had a high-quality drive to begin with. Your files are becoming less and less likely to survive the longer you keep them on an old drive.
|
# ? Nov 19, 2015 00:29 |
|
Melian Dialogue posted:I bought a new laptop recently, but never bothered to migrate old files off of my old one. I'm interested in using some type of Remote desktop software or something so that I basically use my old laptop like an external HD (i.e. just go into Explorer, open up the folders and such from the other laptop and control it from my new laptop). You could buy 3TB of external storage for like 60-100 depending on deals etc, if you need something faster than external USB3.0/2.0 storage will provide, you can buy a 1TB internal for like 40-60, depending on if you have an extra slot for a second drive. Your other option is to fire up the other laptop and share out whatever folders you need files from, RDP is way overkill for what you're trying to do, you can share the folders/give permission for your new laptop/user to access those files (or the whole file system!)
|
# ? Nov 19, 2015 01:01 |
|
Fuschia tude posted:I've tried to upgrade my laptop twice, waited 8+ hours and got nowhere. Not to get too sidetracked (there's a Win thread) but clean installs now work from USB using the Windows 7 CD keys. It should fix the few people who fail the restart-upgrade.
|
# ? Nov 19, 2015 02:00 |
|
So with SSL fuckery (thanks Dell) and manufacturers doing MITM attacks on their own customers, bad AVs self-signing your requests (breaking EV) should we talk about SSL security? The GRC page probably best outlines the basics and offers a way at testing your results: https://www.grc.com/fingerprints.htm The perspectives project is available for firefox which seeks to do the same on the fly - http://perspectives-project.org/ There also seems to be a few tools to check your existing stores - http://www.wilderssecurity.com/threads/rcc-check-your-systems-trusted-root-certificate-store.373819/ Does anyone know of a better means of verifying a systems SSL integrity?
|
# ? Nov 25, 2015 13:26 |
|
Khablam posted:So with SSL fuckery (thanks Dell) and manufacturers doing MITM attacks on their own customers, bad AVs self-signing your requests (breaking EV) should we talk about SSL security? That GRC page is absolutely garbage. SSL Labs is pretty much the go-to for validating the strength of a web-servers TLS implementation/configuration. Edit: it appears that you are actually talking about PKI and validation of client-side trusted root/intermediate CA certificate stores, not SSL/TLS. Just keep your OS, web browsers and any other applications which maintain their own trusted CA certificate stores up-to-date (e.g. JRE). If you've bought a new machine then it really depends whether or not the OEM is a massive rear end in a top hat so format and reinstall the OS I guess. Pile Of Garbage fucked around with this message at 14:20 on Nov 25, 2015 |
# ? Nov 25, 2015 14:02 |
|
There are funnier pictures of him to use, but thanks for the 10 carebux spent. And yes I'm specifically talking about the certificate stores. As more of the web transitions to HTTPS it seems more likely some ad-supported software is going to start loving around with trying to read that traffic by installing their own.
|
# ? Nov 26, 2015 00:57 |
Hey OSI Bean Dip, I faintly remember you writing a post about how you used to work in an anti-virus firm and how anti-virus is just trash. Do you know where I could find that? If you never wrote this, could you write it? My boss refuses to accept that anti-virus is dead and hearing from an expert might change his opinion.
|
|
# ? Nov 27, 2015 06:58 |
|
Segmentation Fault posted:Hey OSI Bean Dip, I faintly remember you writing a post about how you used to work in an anti-virus firm and how anti-virus is just trash. Do you know where I could find that? If you never wrote this, could you write it? My boss refuses to accept that anti-virus is dead and hearing from an expert might change his opinion. Was it this post? OSI bean dip posted:Traditionally, anti-virus works through a few ways: I should add that almost all endpoint software is really garbage as they tend to just be different shades of poo poo. Lain Iwakura fucked around with this message at 19:31 on Nov 27, 2015 |
# ? Nov 27, 2015 19:28 |
OSI bean dip posted:Was it this post? Thanks! I felt like you wrote a post that specifically mentioned your time working at an AV firm but I couldn't find it. Oh well, in any case that's going to help out big time.
|
|
# ? Nov 27, 2015 22:32 |
|
Question is do you still need it to deal with the low hanging fruit? And depending on your environment and user base the answer may still be yes.
|
# ? Nov 27, 2015 22:37 |
spankmeister posted:Question is do you still need it to deal with the low hanging fruit? And depending on your environment and user base the answer may still be yes. sure, but MSE/Defender is good enough for everybody in that department
|
|
# ? Nov 27, 2015 22:39 |
|
Segmentation Fault posted:Thanks! I felt like you wrote a post that specifically mentioned your time working at an AV firm but I couldn't find it. Oh well, in any case that's going to help out big time. I might have but this is the only post that comes to mind.
|
# ? Nov 27, 2015 23:13 |
|
Segmentation Fault posted:Thanks! I felt like you wrote a post that specifically mentioned your time working at an AV firm but I couldn't find it. Oh well, in any case that's going to help out big time. You may be thinking of this other guy in the same business: http://forums.somethingawful.com/showthread.php?threadid=3731439#post447828487
|
# ? Nov 28, 2015 02:00 |
|
|
# ? May 6, 2024 03:35 |
|
Pretty certain they're thinking of this post from the prevoius thread which is more or less why we ended up with a new thread in the first place.
|
# ? Nov 28, 2015 02:48 |