|
online friend posted:because if you get called out on being wrong about a thing you shouldn't double down on being wrong Thats not a good reason to be angry. Soon you'll only be left arguing with yourself about how good you are at masturbating about security.
|
# ? May 1, 2016 07:28 |
|
|
# ? May 10, 2024 10:11 |
|
Paul MaudDib posted:One rule will never catch 99.9% of anything. You're an idiot who's trying to score points by making an impossible request. Guessing 4 posts before he makes a "kill yourself" post.
|
# ? May 1, 2016 08:01 |
|
Mustache Ride posted:Jesus tapdancing christ, why is everyone so loving angry in these threads? Yeah I don't get it either, I have to wade through 10 posts of bile but I usually learn a thing or get a suspicion confirmed.
|
# ? May 1, 2016 08:07 |
|
Mustache Ride posted:Thats not a good reason to be angry. Soon you'll only be left arguing with yourself about how good you are at masturbating about security. you had me at "masturbating"
|
# ? May 1, 2016 08:09 |
|
Paul MaudDib posted:You're an idiot i was laughing at your naivete earlier but you really shouldn't be throwing around insults when you're running around believing things like "95% of the time, it works every time"
|
# ? May 1, 2016 09:23 |
|
Paul MaudDib posted:Way to beg the question. In the real world, Hmmm yes ransomware wouldn't spread if people stopped doing the things you listed please tell me more.
|
# ? May 1, 2016 15:30 |
|
Rufus Ping posted:Which part of the Data Protection Act mandates AV? The part where the compliance auditor tells you need to have it on all of your workstations. Whether or not its actually a legal requirement means very little if the auditor won't pass you without it. I have seen this happen many times. Its a strange mixture of encouraging, puzzling, and stupid. Antillie fucked around with this message at 18:18 on May 1, 2016 |
# ? May 1, 2016 18:08 |
|
Subjunctive posted:The HIPAA Security Rule has malicious software protection as Addressable rather than Required, and certainly doesn't mandate lovely consumer AV. There are definitely HIPAA compliant shops that don't install AV on end user PCs. And HIPAA auditors look for some way that you have addressed the risk posed by malicious software. Most of them take this to mean that you need AV. You can meet the requirement in other ways. But those tend to be a pain in the rear end. (But so is AV, so meh.) Not talking about consumer grade AV here btw. I have seen hundreds of clients forced to install AV because a PCI auditor told them he wouldn't pass them unless they did. But some auditors overlook it totally every now and then. Its really odd. I will admit that my experience with government contracting is pretty thin. The one client I had that was in that field swore up and down that AV was an absolute requirement. He also had a bunch of other wacky requirements, like only US citizens could work on his stuff, and only after they had been though a background check, so I don't know. Antillie fucked around with this message at 18:22 on May 1, 2016 |
# ? May 1, 2016 18:15 |
|
Mustache Ride posted:Jesus tapdancing christ, why is everyone so loving angry in these threads? Infosec Internet Discussions: 75% "How hack girlfrindz facebook????" 10% "12 year old copy-pasting old 'zine articles about wardialing and acting smug and/or charlatans" 10% "Adults with jobs comparing internet dicks" 2.5% "We made a logo and a name for some real stupid non-exploitable bug to make our resume's look cooler p.s. please hire us" 2.5% "Actual good information and discussion" invision fucked around with this message at 20:32 on May 1, 2016 |
# ? May 1, 2016 20:23 |
|
invision posted:Infosec Internet Discussions: You forgot to add charlatans somewhere in that list.
|
# ? May 1, 2016 20:27 |
|
OSI bean dip posted:You forgot to add charlatans somewhere in that list. fixed.
|
# ? May 1, 2016 20:32 |
|
Good Dumplings posted:Guessing 4 posts before he makes a "kill yourself" post. Why? It's just YOSPOS having some drunken weekend anal leakage. You've got OSI Bean Dip, the Internet Antivirus Expert who once interned at Symantec or something, who just keeps asking someone to explain antivirus to him and who thinks the NSA is going after grandma's cat pictures (the explanation he gave in the thread he linked for why antivirus sucked, after I got past all the "under construction" paragraphs), and a bunch of white noise posters. It would almost be funny if they weren't giving such bad advice. Sure, anyone who posts in this forum can probably avoid clicking any obvious malware links or opening a suspicious attachment. But that's not good advice for a business or for your aunt who loves those FWD: FWD: FWD: emails. Mustache Ride posted:Jesus tapdancing christ, why is everyone so loving angry in these threads? So angry. One of these idiots actually started stalking my posts to yell at me in other forums. Saturday night on Something Awful Dot Com, y'all
|
# ? May 1, 2016 21:31 |
|
Paul MaudDib posted:and a bunch of white noise posters. don't whitewash my noise
|
# ? May 1, 2016 21:33 |
|
Adix posted:don't whitewash my noise sorry, brown noise
|
# ? May 1, 2016 21:39 |
|
Anyways, back on track: If ya'll haven't done OSCP, you're missing out on a stupidly fun time.
|
# ? May 1, 2016 21:41 |
|
Paul MaudDib posted:Why? It's just YOSPOS having some drunken weekend anal leakage. You've got OSI Bean Dip, the Internet Antivirus Expert who once interned at Symantec or something, who just keeps asking someone to explain antivirus to him and who thinks the NSA is going after grandma's cat pictures (the explanation he gave in the thread he linked for why antivirus sucked, after I got past all the "under construction" paragraphs), and a bunch of white noise posters. So why can't you answer the questions I threw at you instead of devolving to throwing insults as if somehow I have maligned you? Surely you know must know more than me so step up here or show yourself out.
|
# ? May 1, 2016 22:56 |
|
Paul MaudDib posted:Why? It's just YOSPOS having some drunken weekend anal leakage. You've got OSI Bean Dip, the Internet Antivirus Expert who once interned at Symantec or something, who just keeps asking someone to explain antivirus to him and who thinks the NSA is going after grandma's cat pictures (the explanation he gave in the thread he linked for why antivirus sucked, after I got past all the "under construction" paragraphs), and a bunch of white noise posters. The YOSPOS crowd here has you far out paced when it comes to security credentials, have you done any work in security?
|
# ? May 1, 2016 23:16 |
|
invision posted:Anyways, back on track: This is truth. A serious blast that is also very challenging in a good way.
|
# ? May 1, 2016 23:22 |
|
Antillie posted:I will admit that my experience with government contracting is pretty thin. The one client I had that was in that field swore up and down that AV was an absolute requirement. He also had a bunch of other wacky requirements, like only US citizens could work on his stuff, and only after they had been though a background check, so I don't know. I can believe the latter half of this. My brother works for a government contractor providing technical support for the Forest Service, and he had to pass a background check for that. (Apparently the Forest Service has people who are technically federal law enforcement, so I suspect that plays a role.)
|
# ? May 2, 2016 00:26 |
|
Yeah, I wrote software that handled all the data on some classified clusters as a foreign national without a background check. The parameters of gov't contracting are broad and varied.
|
# ? May 2, 2016 00:39 |
|
Subjunctive posted:Yeah, I wrote software that handled all the data on some classified clusters as a foreign national without a background check. The parameters of gov't contracting are broad and varied. Were you like sub-sub-sub-sub-contracted?
|
# ? May 2, 2016 00:59 |
|
Paul MaudDib posted:Why? It's just YOSPOS having some drunken weekend anal leakage. You've got OSI Bean Dip, the Internet Antivirus Expert who once interned at Symantec or something, who just keeps asking someone to explain antivirus to him and who thinks the NSA is going after grandma's cat pictures (the explanation he gave in the thread he linked for why antivirus sucked, after I got past all the "under construction" paragraphs), and a bunch of white noise posters. your ability to understand basic english is as good as your understanding of security
|
# ? May 2, 2016 01:28 |
|
Paul MaudDib posted:Why? It's just YOSPOS having some drunken weekend anal leakage. You've got OSI Bean Dip, the Internet Antivirus Expert who once interned at Symantec or something, who just keeps asking someone to explain antivirus to him and who thinks the NSA is going after grandma's cat pictures (the explanation he gave in the thread he linked for why antivirus sucked, after I got past all the "under construction" paragraphs), and a bunch of white noise posters. It's been alleged (but not proven) that NSA put backdoors in Dual_EC_DRBG. For latest news check out the Juniper stuff from last year. (It's almost definitely the NSA) Baxta fucked around with this message at 02:07 on May 2, 2016 |
# ? May 2, 2016 02:05 |
|
Paul MaudDib posted:Why? It's just YOSPOS having some drunken weekend anal leakage. You've got OSI Bean Dip, the Internet Antivirus Expert who once interned at Symantec or something, who just keeps asking someone to explain antivirus to him and who thinks the NSA is going after grandma's cat pictures (the explanation he gave in the thread he linked for why antivirus sucked, after I got past all the "under construction" paragraphs), and a bunch of white noise posters. You talk poo poo about other posters a whole goddamn lot, but you're not really bringing credentials or knowledge to the table here. But let's talk about mine. I'm familiar with infosec, but it's not where my primary experience is at. It's computer janitoring. Cleaning up after home users. And you haven't actually made a case where antivirus helps. Let's take your 95% figure, a number you pulled out of your arse. Aunt Stupid, opening attachments infinitely, will not be helped by antivirus. They're going to get hit by something sooner rather than later unless someone manages to hammer "don't open unknown poo poo you fuckhead" into their head, or somehow prevents them from being able to run malware, be it by disabling poo poo from running at all, handing them an iPad or installing Gentoo. Antivirus would have to be loving perfect to help Aunt Stupid - but you can't fix stupid. I'm sorry. Antivirus can't catch everything, and what it's missing - given the infinite flood of poo poo that is the internet, that's a lot these days - is plenty to ruin your day when cryptolocker hits and the last backups are from 2012. Antivirus relying on signatures is an absurd idea given just how many variations of malware get in. Antivirus relying on heuristics expects the anti-malware company to have a perfectly secure sandbox that's undetectable from the inside - which is quite the tall order given that malware writers can just buy - or more likely pirate - the antivirus and test it until it passes. This is without even starting on the subject security flaws in antivirus products. Everything in this paragraph has been said better by people more experienced than me and you didn't listen then, I don't know why I wrote it. Antivirus is like a communal condom that's a bit leaky and keeps getting reused. You may think it protects you. But anyone with even basic understanding of this poo poo actually works is going to be some mixture of horrified and amused.
|
# ? May 2, 2016 02:43 |
|
endlessmonotony posted:You talk poo poo about other posters a whole goddamn lot, but you're not really bringing credentials or knowledge to the table here. We have ESET on everything in the office. I like it because if a laptop goes missing I can track it and the boss asked for anti virus. Other than that it doesn't do anything because our firewall is good.
|
# ? May 2, 2016 02:49 |
|
thread.mp4 https://www.youtube.com/watch?v=bKgf5PaBzyg /server irc.synirc.org /join #infosec invision fucked around with this message at 03:16 on May 2, 2016 |
# ? May 2, 2016 03:07 |
|
I'm having an annoying argument with our central IT infosec team at the moment over whether Windows client machine AV is even worth the hassle/expense. We (big public sector org) keep getting hit by web and email based malware that the AV does nothing for, yet they insist it's critical for endpoint protection.
|
# ? May 2, 2016 03:17 |
|
Unless your person in charge of IT at the executive level is hip enough to not be susceptible to all the fearmongering clickbait and chain emails, you're probably going to be running AV on everything because WHAT IF WHAT IF WHAT IF and no logic or intelligent discussion will sway them.
|
# ? May 2, 2016 03:20 |
|
You know, most organizations I see constantly have prompts to update Acrobat Reader and Java and whatever. You can argue about antivirus all you want, but regardless, it's not the most important step in security.
|
# ? May 2, 2016 03:24 |
|
Mr Chips posted:I'm having an annoying argument with our central IT infosec team at the moment over whether Windows client machine AV is even worth the hassle/expense. We (big public sector org) keep getting hit by web and email based malware that the AV does nothing for, yet they insist it's critical for endpoint protection.
|
# ? May 2, 2016 04:09 |
|
E: double
|
# ? May 2, 2016 04:19 |
|
dpbjinc posted:You know, most organizations I see constantly have prompts to update Acrobat Reader and Java and whatever. You can argue about antivirus all you want, but regardless, it's not the most important step in security. At least my section is all over this - patches are up to date, Applocker/SRPs have stoped a bunch of drive-bys, Flash is the one you get in Chrome or nothing at all, that one enterprise Java 6 app is published via RDS, etc etc
|
# ? May 2, 2016 04:20 |
|
invision posted:Were you like sub-sub-sub-sub-contracted? No, our invoices were sent to the labs, and I worked directly with their systems staff.
|
# ? May 2, 2016 04:20 |
|
apseudonym posted:The YOSPOS crowd here has you far out paced when it comes to security credentials, have you done any work in security? If they have professional experience, why don't they do more than ask me how antivirus works? I explained it to them, and they said "nah" and asked again. I read the thread they told me to read and their explanation was that the NSA was gonna blast right through consumer antivirus and I guess their edge filtering was gonna stop the NSA in their tracks or something. lol OK
|
# ? May 2, 2016 06:15 |
|
Paul MaudDib posted:If they have professional experience, why don't they do more than ask me how antivirus works? I explained it to them, and they said "nah" and asked again. I read the thread they told me to read and their explanation was that the NSA was gonna blast right through consumer antivirus and I guess their edge filtering was gonna stop the NSA in their tracks or something.
|
# ? May 2, 2016 06:19 |
|
endlessmonotony posted:And you haven't actually made a case where antivirus helps. Let's take your 95% figure, a number you pulled out of your arse. Aunt Stupid, opening attachments infinitely, will not be helped by antivirus. They're going to get hit by something sooner rather than later unless someone manages to hammer "don't open unknown poo poo you fuckhead" into their head, or somehow prevents them from being able to run malware, be it by disabling poo poo from running at all, handing them an iPad or installing Gentoo. Antivirus would have to be loving perfect to help Aunt Stupid - but you can't fix stupid. I'm sorry. Mmm, yes, Aunt Stupid installing gentoo. I'm sure she's gonna be A-OK with compiling kernels and portage and poo poo. Do you actually have any family members? Or at least someone you would describe as close to you? e: Furthermore, security by infinitesimal user-base is not a viable defense mechanism. Seriously, this thread - "forget antivirus, just install gentoo on grandma's computer" Paul MaudDib fucked around with this message at 06:27 on May 2, 2016 |
# ? May 2, 2016 06:20 |
|
Paul MaudDib posted:If they have professional experience, why don't they do more than ask me how antivirus works? because you obviously don't know how it actually works, and what actual detection rates in the real world for AV suites are you were given a perfectly reasonable and accurate explanation by a person who, for all intents and purposes is way smarter than you as to why AV is not the same line of defense it was 15 years ago but you just kept doubling down on being wrong, and then got all pissy because he posts in YOSPOS protip: it doesn't matter where the person who is calling you out on being wrong posts, because at the end of the day you're still loving wrong Paul MaudDib posted:Mmm, yes, Aunt Stupid installing gentoo. I'm sure she's gonna be A-OK with compiling kernels and portage and poo poo. have you ever heard the word "hyperbole" or are you purposely being this stupid
|
# ? May 2, 2016 06:28 |
|
Paul MaudDib posted:e: Furthermore, security by infinitesimal user-base is not a viable defense mechanism. Seriously, this thread - "forget antivirus, just install gentoo on grandma's computer" Subjunctive posted:My company has > 10K end-user machines and we don't run AV.
|
# ? May 2, 2016 06:32 |
|
online friend posted:because you obviously don't know how it actually works, and what actual detection rates in the real world for AV suites are I actually don't have plat and can't look up where he posts. Unlike the guy from this thread who stalked my posts so he could argue with me in another forum. I just could tell because he's a shitposter. Where's the explanation? Link it for me. He told me to read a thread where his explanation was that the NSA was gonna get Grandma's cat pics. There was nothing but "under construction" on the first page of the thread and that was the first explanation he gave in the thread. I'm not joking. online friend posted:have you ever heard the word "hyperbole" or are you purposely being this stupid Yeah, I'm dead serious. Have you ever known someone who wasn't a techie or is this rhetorical? My aunt is afraid to upgrade from her XP machine because Win7 is all different and poo poo
|
# ? May 2, 2016 06:32 |
|
|
# ? May 10, 2024 10:11 |
|
Paul MaudDib posted:I actually don't have plat and can't look up where he posts. Unlike the guy from this thread who stalked my posts so he could argue with me in another forum. I just could tell because he's a shitposter. Afraid to upgrade XP you say? Better give them AV software too, that way when they don't update the AV it can be another threat vector too!
|
# ? May 2, 2016 06:35 |