|
Is Secunia PSI still good? I used it to install on all of my dad's laptops to keep all software up to dateOSI bean dip posted:While fixed it needs to be remembered that the developer killed the original project and left that ominous note. I don't understand this argument against TrueCrypt at all. All software has undiscovered vulnerabilities, doesn't it? To be absolutely fair to TrueCrypt/VeraCrypt, I think you should also mention that:
|
# ¿ Nov 6, 2015 11:52 |
|
|
# ¿ May 3, 2024 07:36 |
|
Khablam posted:I took the original 'warning' as blowing smoke at the ex project, and some general advice that there will one day be published vulnerabilities, which won't be touched. Honestly? I wouldn't trust any open source kernel-mode Windows code. TrueCrypt was much better than average in fact: the recent vulnerabilities were pretty complex to identify and exploit, complex enough that they could have appeared in professionally-developed code. It wasn't something you could find by fuzzing or running an analyzer. Compare with say, pcap for Windows, which has no security whatsoever: if the driver is running, any user can capture all network traffic, no matter how low their privilege (I submitted a patch for it, a long time ago, I wonder if it was ever applied. I bet my rear end it wasn't). I don't even want to think about that tap driver that's used by OpenVPN, and god help you if you are stupid enough to install, say, one of those open source Linux filesystem drivers on a machine of any value While we're at it: the kernel-mode part of anti-virus software is often poorly written, so that having AV actually makes your machine less secure. I can't remember any recent high-profile exploits in AVs, but at the very least there are several tricks to bypass their hooks, sometimes in ways that are impossible to fix (yes, AVs are fundamentally broken, especially those of the behavioral/heuristic kind). Yes, I can elaborate (not from personal experience, but I know a couple of things about kernel-mode Windows) Khablam posted:I'm not rushing to replace my portable TC vaults, but there's also now no compelling reason to use it going into it fresh. I'm not paying for an upgrade just for BitLocker
|
# ¿ Nov 8, 2015 01:11 |
|
OSI bean dip posted:Just look for anything that Tavis Ormandy has written on anti-virus software and you'll find a treasure trove of stuff. drat the spanking he gave to Sophos -- hackbunny posted:Is Secunia PSI still good? I used it to install on all of my dad's laptops to keep all software up to date So, anyone? It's not strictly a security tool, but it keeps all software up to date and it requires almost zero maintenance or human intervention. I was wondering if anyone else used it and if it's secretly terrible
|
# ¿ Nov 12, 2015 10:25 |
|
Three-Phase posted:I have a question about TrueCrypt - I have 7.0a on my system and set up whole-disk encryption of my drive (except for the small Host Protrction Area that TrueCrypt mentioned in the setup). It's the main physical drive I have with C D and E partitions. Truecrypt is unmaintained and at least one serious bug ("full system compromise" serious) has been found since the developers jumped ship. Switch to Veracrypt ASAP, keeping in mind that Veracrypt was forked from Truecrypt and potentially inherited all of its lingering bugs. Also consider that, as an ultra-sensitive software that literally replaces parts of your operating system, Veracrypt/Truecrypt actually makes your computer less secure, because even the smallest, most obscure bug can escalate into full system compromise. Don't let this stop you from using it though, because the same is true of antivirus, or any of the lovely, buggy third party device drivers that plague almost any system. Have a plan B for the inevitable day you'll be compromised For full disk encryption I personally use long passphrases that I can recover from hardcopy should I forget them. No fancy symbols or customization with number/letter/case replacements because I'm guaranteed to forget them (ask me how I know)
|
# ¿ May 25, 2016 10:02 |