January 2nd, 2012 09:55 AM
i hate to disagree with you and horsey but i have seen actual viruses recent as last years up on a site someone sent me to look at , i looked at it in a sandboxed browser on a a virtual os as precaution ,but im not gonna put the link on here eventhough it is safe ill contact horsey tomorrow so he can look at it tell me what he thinks
Originally Posted by gore
im a Steve Wozniak in a bill gates world
January 2nd, 2012 05:41 PM
I stand by my comments. APT malware is way better than any AV product on the market, hence my statements.
In simple terms, you're fighting with marshmellows. The bad guys are fighting with nukes. That's how wide the gap is in threat detection vs. professional criminal grade malware.
No further debate needed on my end. I know what the threat landscape looks like today. AV is not a part of the response anymore.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
January 5th, 2012 01:32 PM
There might be malware that each vendor misses from time to time but it does stop most of your everyday malware. Lets be honest - you need policies in place as well as av in a windows environment.
You cant have one and not the other, its not going to work.
I appreciate your comments TH but I think its pretty radicial unless you are looking after a unix environment.
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
January 14th, 2012 09:41 AM
Yes Cider: a software/hardware and user Policy must be in place.. But user education is the most expensive, $ them, Time and stress for US.
Personally I do not use any AV on my personal PC. SWMBO and the guests PC has MS Security essentials... but only because I have to assume they do not know a good deal from a Nigerian Gift.
That being said, My business PC's are a different story – 13 of the 17 have AV software, but that is to do with something called "Compliance", for insurance and Statutory requirements – as well as the need to comply with the requirements of client network administrators.
My home and business networks are protected by a hardware firewall. Business is Cisco, home is Smoothwall/IPCop or whatever my f/w flavour of the month is..
I do not use my ISP's assigned DNS Servers on any of my networks.. Currently using OpenDNS.
I use an tool to automatically keep my Web facing/accessing applications patched/up to date. Out of policy this tool is installed into every one of our domestic client's PC that goes through our workshop .
On the subject of the “average non-PC-savvy Joe”. Most of the domestic PC issues that we have encountered over the past few years are attributed to issues DIRECTLY related to Vulnerabilities in Java, Flash and the Browser. Each of IE, FF, Opera and Chrome/Safari stand condemned.
Anyone on a Windows XX system that is running any browser unpatched, and or not running the current build of Java, Flash or PDF reader, REGARDLESS of their AV of choice are an open target to any of the Drive-by Parasite feasts.
Who remembers the Blaster worm.. OK if a certain port was being blocked on the firewall it was a non-issue.. but for those who didn’t - it was able to install it’s payload in spite of the Antivirus. AND THAT ISSUE STILL STANDS TODAY..
Now instead of knocking at the door (vis: attacking a vulnerable network facing service/port) they romp in via whatever Port your browser has open, as a bit of Java, Flash, or even a PDF file, stun and piss all over the AV then run off and download the balance of the package, to have the PC Owned in 60 seconds.
An anti-virus will not protect against that. They only do a half-hearted effort at the old email viruses. But Updating web facing apps will help reduce the risk, using a DNS service that at least locks out the known compromised IP addresses, a user friendly Script Blocker and, yes, a good Firewall – software and hardware.
The only real use for an AV for me, after "Compliance", is to assist in clean-up of client pc's after infection removal. Some of the “Security Suites” are now including update tools and “Intelligent Script Blocking” … not there yet.. but by the time they are.. the attack vector will be elsewhere.
BTW: the 4 of my Business PC's that do not have AV? 2 are *nix - 2 windows : on a isolated sub net ..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
January 14th, 2012 05:57 PM
You know, I was wondering when someone would pop in and finally say something about the issues Web Browsers put you in the way of when it comes to Security.
I was gonna do it myself, but I simply didn't have the time until Today really; Between My Wife being accepted into Her Program at the College, and me ****ing up my knee AGAIN, and being in MORE excruciating pain than usual (I think I've gone over my back problems with most people here before so I don't think I need to type out a book about my life and how I'm NOW a Chronic Pain Patient, and need **** that would knock most people right out just to get out of bed every day....) So yea, I went to the Doctor today, and got my 120 4MG Dilaudid Tablets, and 1 MG Xanax Tablets Early because I'll be to busy to do it next week when I was gonna go.
So, now that I can finally sit down here and not be screaming blood curdling screams of pain and contemplating suicide, I can take a few minutes and talk about this... Thank God for Opiates and Opioids is all I can say.
Web Browsers back in the day were something we all used to look at web sites, and that was it. Every once in a while, you'd have an update available, and you'd download and install a new version, or, a patch for your version already installed, and that was the end of it.
Today, we have Flash, Java up the ass, and PDFs doing drive by **** that makes some gangs look lazy.
I mean seriously, who here in this thread, reading this, can Honestly say they don't EVER use Flash? Or Java? Or Read PDFs?
Any of you? Probably not....
And yet that is one of the biggest holes we now have. I admit that I'm currently a little rusty after the last few years; I used to sit here all day looking up things, reading about Security, trying to find new way to exploit the **** out of Computers, and now? I haven't rooted a box in a long time. I haven't done much of anything in a long time other than keep up in the Unix World.
I'm not a 20 year old without much responsibility anymore, and like everyone else here who has responsibilities and a Family, I'm figuring out how to Balance it all. When I do, great, but I haven't found it yet.
I'm now a Married Man, with a Wife, a House, a Car, and Bills. I also live in Michigan, so finding work is making finding Waldo seem like a simply task lol.
But anyway, my point is; I might be rusty, but I'm not totally crusty either; And I know damn well that my Web Browser, has more potential for security risks, that almost anything else does here.
Remember the good ol' Days? When you had to actually CLICK on **** to get infected? When someone Emailed you a Virus, and you had to not only open the ****ing thing, you had to be stupid enough to download it, and then double click on it, and THEN you were infected? Remember that?
Now, you go to a Website with embedded video, and BANG.
I'm not surprised or anything.... I wish I had proof of over 10 years ago when I thought about this... I'm not kidding either; Over 10 years ago, I was talking with a friend of mine, and we were discussing how Computers were currently exploited, and I was building a Web Site, and writing out some Code, and I said to him "Dude, I wonder if I can manage to make a Web Site, where all you have to do is VISIT this web site, and it automatically infects a machine".... "Think it's possible?".
He said "Dude seriously? A WEB SITE where you don't click on ANYTHING and just visiting it is enough to infect a machine? Are you high?".
I got laughed at, but I kept on going for a while, and at the end of.... Maybe three hours, I had a Web Site that could read Data from a person's Hard Drive, and add data to their Start Up.
Visiting that web site would add something to the Windows Startup saying "Gore owned you" or something along those lines.
But I couldn't actually infect it. I wasn't trying to destroy anything; I could just have easily made it add something to startup that deleted everything, but I didn't.
But I couldn't quite figure out a way to actually infect, or own a system, merely by clicking on a link. But now? It's exactly what's happening. I really should have figured out a way to get a patent on my idea, lol, every Malware ***** on Earth would owe me money lol.
By gore in forum Operating Systems
Last Post: May 29th, 2009, 05:11 PM
By mohaughn in forum Microsoft Security Discussions
Last Post: May 13th, 2006, 10:17 PM
By gore in forum Other Tutorials Forum
Last Post: October 5th, 2004, 08:26 AM
By warl0ck7 in forum Microsoft Security Discussions
Last Post: August 14th, 2003, 12:23 PM
By Remote_Access_ in forum Security Archives
Last Post: January 12th, 2002, 02:02 AM