|
Rufus Ping posted:Uninstall Flash. If you actually got infected with something, this is almost certainly how it happened. Win 10 supersedes emet iirc
|
# ? Oct 8, 2016 08:43 |
|
|
# ? May 17, 2024 21:32 |
|
It's worth mentioning that uBlock Origin supersedes uBlock, too.
|
# ? Oct 8, 2016 10:46 |
|
Samizdata posted:Also, as far as expertise goes, I think it makes more sense to stick with a company that specializes in AV as opposed to it being yet another in a line of products. Malcolm XML posted:Win 10 supersedes emet iirc
|
# ? Oct 8, 2016 11:01 |
|
MS' own literature suggests EMET is useful for older applications that haven't been recompiled for Win10 specifically.Samizdata posted:How's this from last year? Even if you assume this is 100% true, which it isn't, 3rd party AV introduces more problems than it solves. From those test sites: Industry average slowdown for web: 21% (AVG 33%) Industry average slowdown for common programs performance: 6% Industry average slowdown for common program launch: 15% Industry average slowdown for file access: 13% Industry average slowdown for installation: 30-50% Number of 3rd party AVs without major root-level access exploits in the last 12 months: 0 The whole free-AV industry has been repeatedly broiled in controversy after being caught doing MITM attacks on your browser, and selling browsing data to third parties. Now if you were to define a program that worsened system performance by 15-50% per scenario, opened backdoors to exploits, reduced browser security and sold your data, would I be talking about an AV or the malware it's designed to stop?
|
# ? Oct 8, 2016 13:34 |
|
Khablam posted:Now if you were to define a program that worsened system performance by 15-50% per scenario, opened backdoors to exploits, reduced browser security and sold your data, would I be talking about an AV or the malware it's designed to stop? Both. Relevant side-question from the discussion on the last page, anyone got a good breakdown of HTML5 vs. Flash in terms of security and vulnerabilities? Is it sandboxed better to prevent egregious poo poo, less long-standing known security flaws, smaller current userbase, etc.?
|
# ? Oct 18, 2016 20:33 |
|
Mo_Steel posted:Relevant side-question from the discussion on the last page, anyone got a good breakdown of HTML5 vs. Flash in terms of security and vulnerabilities? Is it sandboxed better to prevent egregious poo poo, less long-standing known security flaws, smaller current userbase, etc.? They're really two different things entirely. HTML is just a markup language which your browser parses and feeds into its layout engine to render the page. Videos are simply embedded using the <video> element which contains a URL to the video file which the browser downloads and plays back. The browser doesn't actually "execute" anything (Ignoring JS). On the other hand, Flash objects (SWFs) are essentially compiled applications which are executed by the Flash Player plug-in. This is the main reason why Flash is inherently dangerous, you're executing untrusted code on your machine.
|
# ? Oct 19, 2016 03:26 |
|
cheese-cube posted:They're really two different things entirely. How do games in HTML5 work then?
|
# ? Oct 19, 2016 03:29 |
|
Squeegy posted:How do games in HTML5 work then? HTML5 introduced the <canvas> element which allows you to draw graphics using javascript.
|
# ? Oct 19, 2016 06:28 |
|
Isn't Javascript also notoriously insecure?
|
# ? Oct 19, 2016 06:32 |
|
Squeegy posted:Isn't Javascript also notoriously insecure? What gave you this impression?
|
# ? Oct 19, 2016 06:35 |
|
Jabor posted:What gave you this impression? Like a decade of hearing it slagged by people who hate Java.
|
# ? Oct 19, 2016 06:36 |
|
Squeegy posted:Like a decade of hearing it slagged by people who hate Java.
|
# ? Oct 19, 2016 06:57 |
|
Squeegy posted:Like a decade of hearing it slagged by people who hate Java. Java and JavaScript are about as similar as car and carpet. Java browser applets are horribly insecure because they can do way more to your computer than you might like, and Oracle (company that owns the Java language) actively discourages them, partially by making it nearly impossible to run them. Java is one of the most popular languages for businesses because for back-end applications such as webservers it's a perfectly fine language. Of course, in that case they're mostly running code they're familiar with on machines they own or rent, so there's no point in using it to gently caress up a server. And in that case the code itself isn't executed on the end-user's machine so he's safe too. To be clear, both Java browser applets and Flash run their own code on your computer, which means that with a little bit of trickery they can get into your file system. JavaScript is basically executed by your web browser. That's one of the reasons why you hear webdevs complain about older version of Internet Explorer so often: it doesn't understand a lot of JavaScript syntax, breaking loads of modern websites. On most sites, JavaScript does tiny stuff like validate if a form is filled in correctly, or dynamically showing parts of the page if you click on "view more". But it is possible to run complete applications in JavaScript. Because the browser executes it, it's basically up to the browser to not allow a script to do any evil things. But you have to trust browsers anyway because they are programs installed on your computer which means they can access your filesystem no matter what. And browsers have a reputation to keep up. It doesn't run on its own like Java or Flash so the risk isn't as high.
|
# ? Oct 19, 2016 16:40 |
|
Subjunctive is a really good person to comment on JavaScript's past and present really.
|
# ? Oct 19, 2016 16:44 |
|
OSI bean dip posted:Subjunctive is a really good person to comment on JavaScript's past and present really. I hate you.
|
# ? Oct 19, 2016 16:47 |
|
OSI bean dip posted:Subjunctive is a really good person to comment on JavaScript's past and present really.
|
# ? Oct 19, 2016 16:48 |
|
OSI bean dip posted:Subjunctive is a really good person to comment on JavaScript's past and present really.
|
# ? Oct 19, 2016 16:51 |
|
AV is bad and I wont defend it. To the AV defenders though.... at least don't rely on some report which is touting insane levels of detection (99%+ lol). Here is the data from VirusTotal, detection rates on the entire corpus for files with a detection rate of 5+ of the scanners listed: yoloer420 fucked around with this message at 09:19 on Oct 24, 2016 |
# ? Oct 24, 2016 09:15 |
|
I shouldn't be surprised that there are that many AV products and they have stupid names like "ALYac" but here I am.
|
# ? Oct 25, 2016 07:00 |
|
yoloer420 posted:Here is the data from VirusTotal, detection rates on the entire corpus for files with a detection rate of 5+ of the scanners listed: Qihoo-360 is the third best AV? This Qihoo 360? I'm sceptical. The first- and second-placegetters are the latest additions (two months ago, according to the blog), so they probably have a temporary advantage, but Qihoo's been there for much longer... e: Going back and reading the picture description properly, the 'temporary advantage' I suggested doesn't actually make sense, at least in the way I assumed. Still suspicious of Qihoo though. uvar fucked around with this message at 04:11 on Oct 26, 2016 |
# ? Oct 26, 2016 03:32 |
|
uvar posted:Qihoo-360 is the third best AV? This Qihoo 360? I'm sceptical. The first- and second-placegetters are the latest additions (two months ago, according to the blog), so they probably have a temporary advantage, but Qihoo's been there for much longer...
|
# ? Oct 26, 2016 04:25 |
|
Plenty of those top-scoring AVs on VT will just flag almost any unsigned exe as a virus. So not surprising they catch most.
|
# ? Oct 26, 2016 10:25 |
So I'm a retard and accidentally clicked on a spam link in Skype one of my friends sent me after he had his account stolen. Should I assume my computer now has mega aids or is that the sort of thing that typically is less immediately harmful? It linked to a mostly blank page that was presumably full of blocked adds, so I'm sort-of hoping it was just aiming to rack up views, and anything more malignant would've gotten blocked by adblocker.
|
|
# ? Nov 4, 2016 21:37 |
|
Cuntellectual posted:So I'm a retard and accidentally clicked on a spam link in Skype one of my friends sent me after he had his account stolen. Change your passwords and do a scan. Did you friend tell you what they found? I'd be weary that it could be a timed crypto malware so you may want to make sure your backups are in order. Also can you PM me the link? I'd like to see its contents.
|
# ? Nov 4, 2016 21:41 |
OSI bean dip posted:Change your passwords and do a scan. Did you friend tell you what they found? I'd be weary that it could be a timed crypto malware so you may want to make sure your backups are in order. I sent you the link. I haven't actually talked to the friend since that happened, as they've been at work. Anyways I'm doing a scan now, and I'll change my passwords once I have access to something that isn't potentially compromised to do it on. I disconnected my computer from the internet, but I'm computer illiterate and not entirely sure what that timed crypto malware thing means.
|
|
# ? Nov 4, 2016 21:47 |
|
Cuntellectual posted:I sent you the link. I haven't actually talked to the friend since that happened, as they've been at work. I look at the URL you sent me and it looks like it may be sending you to a fake Forbes news site. The fact that it didn't do anything is interesting. If anyone is curious: code:
The URL in question redirects to a random spam page that looks like this: It looks like your friend is infected but a cursory look at the page shows nothing that jumps out at me that'll lead you to getting infected yourself--I am sort of crunched for time here so I cannot go further. I'd just change the password to your computer, Skype, and anything else that was logged in at the time and just keep an eye on your computer to ensure that no funny business is going on. Regarding the crypto stuff, I meant ransomware that encrypts the data on your storage.
|
# ? Nov 4, 2016 22:17 |
|
Apparently I'm also a retard since I drunkenly opened a link from a bot on Twitch chat to a sketchy image site. I'm running NoScript and uBlock on my browser and I was faced with a white page with nothing on it before I exited out. Scanning brought up nothing and it doesn't look like any of my accounts have been compromised, but how paranoid should I be about something stealthy being on my system?
|
# ? Nov 4, 2016 23:02 |
|
If you've got noscript and ublock and you didn't allow anything you should be okay.
|
# ? Nov 4, 2016 23:25 |
|
Rexxed posted:If you've got noscript and ublock and you didn't allow anything you should be okay.
|
# ? Nov 4, 2016 23:45 |
|
remember kids even the run of the mill exploit kit allows for single-serve exploits, don't trust a second check on an url
|
# ? Nov 5, 2016 00:27 |
Yeah, the fact it didn't seem to do anything is part of what concerned me, being neanderthal who can barely figure out how to turn a computer on. Regardless I did a scan with MSE (am I going to get laughed at for that ) which didn't show anything and changed my passwords. I don't do any banking on my computer but I've bought stuff off of Amazon and Steam with a credit card. Going off my limited knowledge, that should be encrypted and probably okay even if I got a keylogger since I haven't re-entered it? I'll keep an eye out, at any rate.
|
|
# ? Nov 5, 2016 04:00 |
|
I was gonna post here because I was having weird issues with embedded redirects, ads at the end of posts, and the inability to view SA pages that had &userid involved. But then I cleared my cookies and that fixed it. :welp:
|
# ? Nov 5, 2016 04:57 |
|
Very helpful.
|
# ? Nov 5, 2016 20:05 |
|
Forgall posted:Very helpful.
|
# ? Nov 5, 2016 21:10 |
|
What's better security for a gmail account, 2 step verification where you need a password and a code, or using my phone to sign in where it asks for my fingerprint? Is the phone sign in easy to spoof? Are they both easy to spoof?
|
# ? Nov 8, 2016 13:40 |
|
BigFactory posted:What's better security for a gmail account, 2 step verification where you need a password and a code, or using my phone to sign in where it asks for my fingerprint? 2 step authentication is always better. Many phone manufactures have been caught storing fingerprints as unencrypted bmp files.
|
# ? Nov 8, 2016 13:44 |
|
BigFactory posted:What's better security for a gmail account, 2 step verification where you need a password and a code, or using my phone to sign in where it asks for my fingerprint? Phone has a lot of benefits and is easier since you'll probably have your 2fa on that phone. E: fingerprints aren't secrets
|
# ? Nov 8, 2016 19:27 |
|
apseudonym posted:Phone has a lot of benefits and is easier since you'll probably have your 2fa on that phone. Biometrics aren't secrets.
|
# ? Nov 8, 2016 19:29 |
|
OSI bean dip posted:Biometrics aren't secrets. If I never go outside of my basement my face is totally a secret. Goons are secure!
|
# ? Nov 8, 2016 19:31 |
|
|
# ? May 17, 2024 21:32 |
|
I have a stupid question -- I'm trying to finally get a password manager, and I was looking into KeePass cause it's free. I have a windows desktop, a mac laptop, and a linux machine at work. Is KeePassX legit? It seems to cover all of my platforms and people seem to hate KeePass less than the other free options. Edit: Actually nevermind, 1Password has a family option so I'm just gonna go in on it with my parents. Seems like the best way to go at the moment. Neurostorm fucked around with this message at 17:39 on Nov 23, 2016 |
# ? Nov 23, 2016 17:13 |