|
Kaal posted:I don't know how this thread suddenly ran off the rails, but it should be pretty clear that anti-virus software is a good idea and should be recommended to the average user. Suggesting that it decreases the security of a device is simply foolish and quixotic. Sorry, but you're wrong. The thing with AV is that it hasn't really improved in the last ten years. Both in the ability to detect poo poo, but also in the quality and security of the products themselves. Talented security people who can write code don't stick around at AV companies long. Meanwhile OSes, browsers, and applications in general, have gotten a lot better at sandboxing and not being completely buggy garbage. You should use what your OS provides (e.g. Windows Defender) because those people can at least write code. The easiest thing on your device for me to exploit is your AV. Its cheaper, less effort, easily remotely poke-able and almost always running in a privileged context.
|
# ? Apr 18, 2016 18:08 |
|
|
# ? May 22, 2024 18:17 |
|
Ah, now the explanation for the sudden change of pace in this thread becomes clear. I'm not going to recommend that the average user just teach themselves to be safer (because lol) and I'm not going to tell them to install fourteen different "community-supported" GitHub projects with half-baked GUIs either. I don't care if Snowden and Assange think that NSA could hack Symantec, that doesn't affect the average user. Most people don't need to encrypt all of their data and disable their radio antennae - they need to stop saving all three of their passwords on their phone's notepad. Debating about the merits of paying for AV or using a free-version versus using the onboard AV is one thing - that's always a worthwhile discussion, and the balance changes (slightly) every few years - arguing that all anti-virus programs are bad is another.
Kaal fucked around with this message at 19:48 on Apr 18, 2016 |
# ? Apr 18, 2016 19:37 |
|
https://www.owasp.org/index.php?title=Attack_Surface_Analysis_Cheat_Sheet&oldid=156006
|
# ? Apr 18, 2016 19:48 |
|
Kaal posted:Ah, now the explanation for the sudden change of pace in this thread becomes clear. I'm not going to recommend that the average user just teach themselves to be safer (because lol) and I'm not going to tell them to install fourteen different "community-supported" GitHub projects with half-baked GUIs either. I don't care if Snowden and Assange think that NSA could hack Symantec, that doesn't affect the average user. Most people don't need to encrypt all of their data and disable their radio antennae - they need to stop saving all three of their passwords on their phone's notepad. Debating about the merits of paying for AV or using a free-version versus using the onboard AV is one thing - that's always a worthwhile discussion, and the balance changes (slightly) every few years - arguing that all anti-virus programs are bad is another. Only people who are ill-informed would make a statement like this. Here's the honest truth about anti-virus: it doesn't scale. Any notion that AVG is better at coverage over Symantec or Symantec being better at Cryptolocker than McAfee, or McAfee being better at getting "0-days" dealt with is nonsense. Read this thread I posted which spawned from an earlier discussion where people were making the same statements like you. The reason why I went and did this is because I do happen to know a thing or two about the anti-virus industry and do also understand that statements like yours speak volumes about a lack of knowledge about how things work. I'll gladly answer questions on this but your debating here is not going to get far.
|
# ? Apr 18, 2016 19:53 |
|
Kaal posted:I don't care if Snowden and Assange think that NSA could hack Symantec, that doesn't affect the average user. the fact that a 14 year old bulgarian can get his hands on cryptolocker variants that will bypass it absolutely does, though. enjoy your homeopathic remedies i guess but please stop telling people they'll do anything useful
|
# ? Apr 18, 2016 20:02 |
|
OSI bean dip posted:Here's the honest truth about anti-virus: it doesn't scale. Any notion that AVG is better at coverage over Symantec or Symantec being better at Cryptolocker than McAfee, or McAfee being better at getting "0-days" dealt with is nonsense. The idea that the average user needs to deal with "zero-days" is complete nonsense. That thread is useful for the bored computer tech who wants to lock down their Steam games and Google photos tighter than Fort Knox and seriously discusses things like "state-level adversaries", and is willing to deal with all the inconvenience that goes with that, but realistically that just isn't that practical. For most people, it's a lot more useful to have software that will react when they ignore five different safety complaints by their un-updated browser/OS as they strive to click a link posted by their niece's "hacked" Facebook account. Kaal fucked around with this message at 20:10 on Apr 18, 2016 |
# ? Apr 18, 2016 20:07 |
|
As a person who used to make statements similar to Rathlord/Kaal based on doing a lot of tech support in the XP days, I'll happily say I was wrong as it's an outdated notion. In 2016 a modern OS + modern browser + strict adblocking is probably always less attack surface than a 3rd party AV, even before you look into ways of adding some hardening to it. AVs have started making GBS threads where they eat and are doing it without a care for the security of their product, bolting on lovely revenue-generating services in grossly insecure ways. It's not even minor things like "concerted effort has revealed an edge-case where we can cause a buffer overflow" but "on trivial inspection we found the AV outfaced critical API calls with no checks" or "their 'secure' browser is literally the least secure browser made in the last 5 years" or 'we got kernel-level escalation with three lines of code' or 'we leveraged their root-cert for a MITM attack'.
|
# ? Apr 18, 2016 20:11 |
|
Kaal posted:The idea that the average user needs to deal with "zero-days" is complete nonsense. Recently Exploited Flash Zero-Day Added to Exploit Kits So here we have evidence that you have no clue about what I mean when I say "0-day" but here's a very recent example of where your statement is wrong. This isn't the first time it has happened either, but please continue to believe otherwise. quote:That thread is useful for the bored computer tech who wants to lock down their Steam games and Google photos tighter than Fort Knox and seriously discusses things like "state-level adversaries", and is willing to deal with all the inconvenience that goes with that No. That thread is written for everyone and is written and contributed to by people who actually know what they're talking about. There are many of us who happen to live in reality and like to make sure that others can too.
|
# ? Apr 18, 2016 20:27 |
|
My company has a vast number of the most mainstream users possible. When we detect that they have malware on their computers (through how they interact with the service), we direct them to a tool that removes malware, but does not stay installed or set up shop as AV. Even in cases where we know the user has been compromised, the security risks of modern AV software are too high to recommend for ongoing use. These aren't Tor-using nerds protecting their Bitcoin wallets, they are literally the most average computer users that exist. Our security team is one of the absolute best in the world. All available evidence indicates that AV is a cure worse than the disease.
|
# ? Apr 18, 2016 20:50 |
|
Speaking of those other types of attack (the you're hosed if they pick you), somebody I know received this recently... FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION! We are Armada Collective. http://lmgtfy.com/?q=Armada+Collective You will be DDoS-ed starting Thursday (April 21) if you don't pay protection fee - 20 Bitcoins @ 16DZsU2bmcNkftdFWr9j4L7vVV77stKeCV If you don't pay by Thursday, attack will start, yours service going down permanently price to stop will increase to 40 BTC and will go up 20 BTC for every day of attack. This is not a joke. Our attacks are extremely powerful - sometimes over 1 Tbps per second. And we pass CloudFlare and others remote protections! So, no cheap protection will help. Prevent it all with just 20 BTC @ 16DZsU2bmcNkftdFWr9j4L7vVV77stKeCV Do not reply, we will not read. Pay and we will know its you. AND YOU WILL NEVER AGAIN HEAR FROM US! Bitcoin is anonymous, nobody will ever know you cooperated.
|
# ? Apr 18, 2016 21:25 |
|
Subjunctive posted:My company has a vast number of the most mainstream users possible. When we detect that they have malware on their computers (through how they interact with the service), we direct them to a tool that removes malware, but does not stay installed or set up shop as AV. Even in cases where we know the user has been compromised, the security risks of modern AV software are too high to recommend for ongoing use. You all are pretty rad for not shoving lovely AV software down on those users. Kaal posted:The idea that the average user needs to deal with "zero-days" is complete nonsense. That thread is useful for the bored computer tech who wants to lock down their Steam games and Google photos tighter than Fort Knox and seriously discusses things like "state-level adversaries", and is willing to deal with all the inconvenience that goes with that, but realistically that just isn't that practical. For most people, it's a lot more useful to have software that will react when they ignore five different safety complaints by their un-updated browser/OS as they strive to click a link posted by their niece's "hacked" Facebook account. You seem to think the security people in this thread are talking about state level adversaries, but we're not, the skill required to get past AV is amateur at best and the techniques have been known since the loving 90s. Its trivial. Even the AV industry knows this, why do you think they have been pivoting to "threat intelligence" so hard? People who don't know anything about security parrot ideas they've heard that haven't been true or effective for years if they ever even were.
|
# ? Apr 18, 2016 22:06 |
|
Doctor Malaver posted:Speaking of those other types of attack (the you're hosed if they pick you), somebody I know received this recently... Don't pay these guys can't deliver that threat. The most recent wave of armada collective threats were a copycat group that didn't even do the sample attack let alone the real attack, but even the real armada collective barely broke 15 Gbps IIRC.
|
# ? Apr 18, 2016 23:38 |
|
I too was thinking that some sort of "sample attack" would be needed. What's stopping me from copying this same text and sending it around with my bitcoin address?
|
# ? Apr 19, 2016 00:05 |
|
I just noticed this thread. Since I do research in malware analysis (dynamic binary analysis) for both embedded and desktop, this looks like a good place to compare notes. 1. Has anyone used the QEMU-based analysis platforms, like PANDA or DECAF? What do you like or not like about them? Any thoughts? 2. Anyone working on IDA plugins to do anything interesting? 3. Anyone hacking on QEMU and doing anything interesting with it? 4. Anyone want to get into a wrestling match over static versus dynamic analysis? 5. Anyone augmenting LLVM to automate analysis tasks at build time for code-level analysis? I am interested in hearing your thoughts and opinions.
|
# ? Apr 19, 2016 00:06 |
|
Doctor Malaver posted:I too was thinking that some sort of "sample attack" would be needed. What's stopping me from copying this same text and sending it around with my bitcoin address? Nothing at all because that's exactly what some guy(s) did a few weeks ago.
|
# ? Apr 19, 2016 00:26 |
|
tekproxy posted:I should've been more clear. The app did the exact same thing as the malware, but instead of being controlled by shady Chinese hackers, it was controlled by you. It was advertised as being good for keeping up with old peeps who can't computer too good. I was told by multiple "asian people" that this is indeed a "thing" and that one of them had recently installed some remote control software for their mother's phone so they could fix it remotely or locate her if she needed. I think my skillset is probably more accurately defined as "spent too much time swilling coffee late and night while reading all types of security forums" or something along those lines. I suppose it's a knee-jerk reaction I'd have to encountering embedded code and the aspect of remote operations only piqued my curiosity even more. Good discussion in this thread, though - my two cents on AV stuff is regular updates, unique passwords (numbers, special characters, caps) and a subscription to a decent AV program. Oh, and not immediately opening every single attachment that comes my way - I'll take a fairly well-designed seat belt over no seat belt in a crash.
|
# ? Apr 28, 2016 04:21 |
|
hooliganesh posted:Good discussion in this thread, though - my two cents on AV stuff is regular updates, unique passwords (numbers, special characters, caps) and a subscription to a decent AV program. Oh, and not immediately opening every single attachment that comes my way - I'll take a fairly well-designed seat belt over no seat belt in a crash. Why a subscription and how you define "decent"?
|
# ? Apr 28, 2016 04:24 |
|
as a fellow computer man my pretty deece six figgies is also to pay money for something not objectively better than the free options included with my operating system
|
# ? Apr 28, 2016 04:41 |
|
Adix posted:as a fellow computer man my pretty deece six figgies is also to pay money for something not objectively better than the free options included with my operating system If I'm going to do that I insist on some added value like "trivial privilege escalation", "completely disabling the web security model", or "VNC server? I hardly knew her."
|
# ? Apr 28, 2016 04:50 |
|
seriouspost I use Windows Defender because it's free and I'd have to go out of my way to turn it off though it doesn't have any of these exciting "features" mentioned above
|
# ? Apr 28, 2016 05:11 |
|
Is anything in the current Humble Book Bundle worth getting for someone at the "Big Dumb Idiot Beginner" stage of learning reversing things?
|
# ? Apr 28, 2016 06:03 |
|
Nemesis Of Moles posted:Is anything in the current Humble Book Bundle worth getting for someone at the "Big Dumb Idiot Beginner" stage of learning reversing things? Yeah, I'd say so. Get the one that comes from the full $15 set.
|
# ? Apr 28, 2016 06:07 |
|
|
# ? May 22, 2024 18:17 |
|
FYI anyone who has a Symantec/Norton AV product installed has a remotely triggerable ring 0 (wtf) arbitrary code execution vulnerability that the attacker can trigger remotely with no user interaction at all. You don't need to download a sketchy torrent or click a link or open a email attachment. If you do everything right except having Norton installed, that's the ball game. https://bugs.chromium.org/p/project-zero/issues/detail?id=820
|
# ? May 18, 2016 17:44 |