McAfee Artemis Claims Protection Online, On-the-Fly

This is why you read the fine print... by pushing-robot · 2008-09-08 15:56 · Score: 5, Informative

TFA basically states that anything behaving "suspiciously" on your PC will be automatically back to McAfee for analysis. There's no mention at all of possible privacy risks.

Sheezus.

--
How can I believe you when you tell me what I don't want to hear?

Re:This is why you read the fine print... by Anonymous Coward · 2008-09-08 16:08 · Score: 5, Funny

No, this is why *you* read TFA and summarize it for us. Real slashdotters can't be bothered, you insensitive clod!
Re:This is why you read the fine print... by narcberry · 2008-09-08 16:09 · Score: 2, Insightful

Sounds like a service for McAfee. This should speed up identification and protection for the customer, but ultimately, what if the customer doesn't want to participate in your R/D?

--
Modding me -1 troll doesn't make me wrong.
Re:This is why you read the fine print... by brucifer · 2008-09-08 16:56 · Score: 5, Informative

I've actually spoken with McAfee about this at length. If a suspicious file is found (not going into what is deemed suspicious out of professional courtesy) a fingerprint (hash) of the file is sent back to McAfee to see if it matches a known malware sample. If it matches, then the file is deleted or quarantined, or whatever the default behavior is. This only takes place if the malware doesn't trigger one of the other protection pieces in place.
There are settings in both the corp and home editions that let you decided if you want to send samples back to McAfee or just turn the feature off. It's a surprisingly cool thing to come out of one of the big players.
Re:This is why you read the fine print... by cgenman · 2008-09-08 17:30 · Score: 1

So if it isn't acting maliciously like a virus, but there are other reasons that it may be a virus and it may not, it gets a local scan and an individual scan from McAfee's private online database?
That's actually quite cool. It introduces a new level of threat rating between safe and deadly, and ensures that emerging threats are protcted against before needing to do a full local virus database update.

--
The ______ Agenda
Re:This is why you read the fine print... by Anonymous Coward · 2008-09-08 18:37 · Score: 1, Informative

If only a hash is sent back to McAfee it seems like it would be trivial to code a virus (or other malware) that will go unnoticed. All you would need to do is add a few extra bytes in the file and fill them with random data when the machine is infected. Because the hash depends on this random data it is not likely to match another hash from the same virus on a different machine, so the virus will go unnoticed.
Re:This is why you read the fine print... by Ed+Avis · 2008-09-08 19:17 · Score: 3, Interesting

Couldn't they just send the list of hashes of malware to your PC and it could be checked locally? It would be a long list and always growing, but not growing fast enough to put any kind of burden on a PC's memory or network capacity. (Suppose 100 new bad programs are identified every day and you need an SHA-256 hash of each one: that's still only about three kilobytes per day.)
The only way their system makes sense is if you send the whole lump of code back for analysis, not just a hash. A hash can just as well be checked locally.

--
-- Ed Avis ed@membled.com
Re:This is why you read the fine print... by arth1 · 2008-09-08 19:53 · Score: 4, Insightful

But a fingerprint used as a unique identifier isn't safe. What's the guarantee that MacAffee won't keep rainbow tables of everything that has turned out to not be viruses, but someone else might find interesting?
What stops e.g. the government or MPAA (but I repeat myself) from demanding to be told of everyone who have files matching a certain fingerprint? The first justification for this might be child porn. How about fingerprinting all known child porn images, and have the AV software notify the servers whenever there is a match? Undoubtedly that will be very effective! No pesky 4th amendment considerations either!
Then, once it's used for that purpose, how about fingerprinting word documents describing how to make pipe bombs? Undoubtedly useful. And how about the communist manifesto? And, since it works against browser caches too, why not check who has browsed a certain page?
I'm sorry, but I see a lot of problems with this.
Re:This is why you read the fine print... by Anonymous Coward · 2008-09-08 21:03 · Score: 0

They will. They are. Such rainbow tables are called "whitelists".
Re:This is why you read the fine print... by WgT2 · 2008-09-08 23:29 · Score: 2, Insightful

Nor do they mention the extra bandwidth that will be used with their 100 ms updates.
Not only so, but the Wall Street Journal version of that story mentions that other malware services companies will be implementing similar models as well.
It just reminds me that the real problem is the current Microsoft hegemony on the desktop and uninformed internet users.
Re:This is why you read the fine print... by hesaigo999ca · 2008-09-09 00:42 · Score: 1

I believe they call this virus definitions files and yes they do this already.
Re:This is why you read the fine print... by ndansmith · 2008-09-09 03:25 · Score: 1

I believe Blizzard's anti-cheating component for WoW did the same thing. People defended "it's only a hash," but there are a lot of static files/programs out there which could easily be hashed and identified. For example: MPAA could just go to Pirate Bay and hash all media files, as you noted. Too much room for abuse. There is no need to send the hashes across the internet.
Re:This is why you read the fine print... by Anonymous Coward · 2008-09-09 03:34 · Score: 0

Anyone here ever seen a random MD5 collision? (raises hand; looks around and sees hundreds of hands in the air)
Now re-read parent's point about flagging people who have files with hashes that match known patterns. THAT is scary.
Re:This is why you read the fine print... by arth1 · 2008-09-09 05:28 · Score: 4, Informative

You're reinventing the wheel here. Viruses that did that were common back in the early 90s.
First, the more stupid AV programs would use a hash. The virus writers countered that simply by including an infection counter. The counter would increase with every infection, modifying the hash.
Then the less gifted AV program writers would hash just certain parts. The virus writers countered that by having the first instruction of the virus be a jump to where the virus was, and the actual virus block being moved at random within a bigger block whenever a new infection occurred.
So then the AV writers scanned for identifiers without looking at the location. The answer from the virus writers was to insert NOP statements at random inside the code, and shuffle these around at every new infection.
Incidentally, my own antivirus program (VScan) would in its deepest mode disassemble the code and emulate the actions of it without executing it, to see whether the result of the code would perform certain actions which only OS routines and viruses would ever do. This foiled some attempts at stealth, like adding numbers to generate an offset, or mutating the registers being used, and also allowed for finding new viruses that used the same techniques but not the same code as older viruses.
Then came XOR'ing the virus, then self-extracting compression, then actual encryption -- and the race is still on.
Re:This is why you read the fine print... by Anonymous Coward · 2008-09-09 06:31 · Score: 0

TFA basically states that anything behaving "suspiciously" on your PC will be automatically back to McAfee for analysis. There's no mention at all of possible privacy risks.
Sheezus.
Will automatically what?
Re:This is why you read the fine print... by badkarmadayaccount · 2008-09-10 02:10 · Score: 1

media files? heard of steganography? it enters data into a media stream without noticably affescting it. so...
$ steg-media-injector popsong.mp3 /dev/random 12%
... or something like that should do the trick.

--
I know tobacco is bad for you, so I smoke weed with crack.

I foresee by Eztli · 2008-09-08 15:56 · Score: 0

In the future, the cloud will be full of false positives.

Artemis is available at no ADDITIONAL charge by G3ckoG33k · 2008-09-08 16:00 · Score: 4, Informative

"Artemis is available at no charge as part of McAfee VirusScan Enterprise or McAfee Total Protection Service for small and medium-sized businesses."

I guess enterprise editions don't come at no charge.

Re:Artemis is available at no ADDITIONAL charge by cryptodan · 2008-09-08 23:48 · Score: 1

That means that it is included as a free feature when you purchase McAfee AV Enterprise. Which means that you do not need to buy it as an extra service or add on.
Re:Artemis is available at no ADDITIONAL charge by Anonymous Coward · 2008-09-09 00:44 · Score: 0

That means that it is included as a free feature when you purchase McAfee AV Enterprise. Which means that you do not need to buy it as an extra service or add on.
Which means that you have to already have bought the enterprise product. Which isn't free, i.e it has a cost.
Which, incidentally, was the parent's point.
I guess you didn't quite get that part?
Re:Artemis is available at no ADDITIONAL charge by cryptodan · 2008-09-09 00:58 · Score: 1

I guess you didn't quite get that part?
To me it means something totally different. Some products you can buy to get the base products, but if you want more advanced features you have to buy those advanced features. But in the case you already the added protection at no extra cost to you.

ugh. by X_Bones · 2008-09-08 16:01 · Score: 5, Insightful

This advertisement^Warticle looks like it was written by some marketing exec's high-school kid. It's chock full of clumsy grammar and useless buzzwords, yet somehow almost completely content-free. Can someone please explain to me again why this belongs on the front page?

--

the coolest club on /.

Re:ugh. by interiot · 2008-09-08 17:20 · Score: 4, Informative

More here:

This new technology (Artemis) looks for suspicious PE files [EXEs, DLLs, etc], and when found it sends some kind of checksum (with no personal/sensitive data) to a central database server hosted by McAfee AVERT Labs. The central database server is constantly updated with new discovered malware, and is McAfee's malware queue for which no official DATs have been created so far. If a match is found in the central database, the scanner will report and handle the malware detection. The files in McAfee's queue have not been[sic] undergone any analysis, but they are crosschecked by McAfee's huge whitelists to avoid false alarms.
By having a remotely maintained blacklist it may be able to provide faster protection to new malware than vendors which release signature updates many times at[sic] day to cover the high amounts of new malware appearing every hour.
...
Update (May 2008): we re-tested Artemis over our clean-set in May 2008 and now that McAfee has expanded its whitelists, Artemis still produces relatively many false alarms, but at least no longer on very important/critical files.
What could go wrong?
Re:ugh. by LS · 2008-09-08 21:45 · Score: 1

Yeah, I don't get it either... Slashdot is a non-profit organi... oh wait

--
There is a fine line between being a cultivated citizen and being someone else's crop. - A. J. Patrick Liszkie

This is why you read the preview. by pushing-robot · 2008-09-08 16:01 · Score: 2, Insightful

TFA basically states that anything behaving "suspiciously" on your PC will be automatically *sent* back to McAfee for analysis.

--
How can I believe you when you tell me what I don't want to hear?

Re:This is why you read the preview. by g0dsp33d · 2008-09-08 22:34 · Score: 3, Interesting

I'm not a fan of sending stuff out to them. I prefer the way PC Tools (free firewall / AV) handles this. They use a product called Threatfire to monitor all processes for unusual activity. It has the usual problem of the click to get rid of messages mentality, but they are fairly infrequent unless you install a plethora of applications. Basically you get the same protection (if you actually read what pops up) and as a bonus that secret document about your buried treasure won't be sent elsewhere if there is a macro in it.

--
lol: You see no door there!

And I bet... by Perseid · 2008-09-08 16:04 · Score: 4, Funny

...it'll only take 128MB of RAM and 30% of your processor!*

* Requirements in Vista may be higher

Re:And I bet... by martinw89 · 2008-09-08 16:22 · Score: 4, Funny

...it'll only take 128MB of RAM and 30% of your processor!* **
* Requirements in Vista may be higher
**Home users and other non-enterprise users may need to sacrifice a goat for acceptable performance. Please send Proof of Sacrifice to:
3965 Freedom Circle
Santa Clara, CA 95054
USA
In the event that you cannot supply a Proof of Sacrifice: Please wait for Earth to acquire a second moon and we may let your browser connect to websites, in which case you can find more about our alternative methods.
Re:And I bet... by whoever57 · 2008-09-08 16:32 · Score: 3, Interesting

...it'll only take 128MB of RAM and 30% of your processor!*
And what percent of your monthly data transfer allowance?

--
The real "Libtards" are the Libertarians!
Re:And I bet... by SurturZ · 2008-09-08 18:00 · Score: 4, Funny

...it'll only take 128MB of RAM and 30% of your processor!*
* Requirements in Vista may be higher
...and as a service to our customers, you will be automatically upgraded to the professional version which takes doubles the RAM and processor requirements for only a 50% increase in your monthly fee. You don't need to do anything*!
* Customers may opt out of this offer by finding checking the disabled checkbox that says "opt out" on the hidden page on our website. WARNING: If you somehow manage to opt out, we'll take it personally.
(I'm just waiting for the day my account gets automatically upgraded to the point where it starts automatically buying shares in McAfee)

Cool ... addvertising by giorgist · 2008-09-08 16:15 · Score: 2, Funny

Wow addvertising in the article as well as below. Maybe slashdot should work together with addvertising so thay match.

G

I guess this is the new "cool thing" by RootWind · 2008-09-08 16:31 · Score: 4, Informative

I guess all the security companies are heading toward community based databases. Other similar products include
F-Secure Deepguard: http://www.f-secure.com/deepguard
Threatfire: http://www.threatfire.com/ (recently acquired by Symantec... so they are in the game now)
DriveSentry: http://www.drivesentry.com/
Prevx: http://www.prevx.com/

"spending karma for community feedback this time." by unity100 · 2008-09-08 16:35 · Score: 0, Offtopic

that means you can mod parent down with an easy conscience.

--
Read radical news here

They *don't* do online analysis by quazee · 2008-09-08 16:39 · Score: 2, Insightful

From the article:

If enough is known about how the malware is behaving to know that it is suspicious, [we will] fingerprint the file and send it in the cloud to AvertLabs so we can look at it, provide people a piece of protection and send it immediately back to them.

They only match the fingerprint (probably a set of some hashes) against an online database and, if there is a match, the "fix" for that malware is downloaded and executed.
Nothing "magic" here, it's just an online signature database.
See http://www.mcafee.com/us/enterprise/products/artemis_technology/index.html

If they actually *did* online analysis, as the article suggests, just sending the alleged malware would potentially violate copyrights/NDAs/etc.
Not to mention that automated online analysis of unknown malware is a very difficult problem.

--
throw new SuccessException("Sig read successfully");

Re:They *don't* do online analysis by QuantumG · 2008-09-08 18:02 · Score: 1

Tell me about it. Ya know there's some idiots who think you can optimize computer programs automatically? Crazy I tell ya. Don't know why they waste their time.

--
How we know is more important than what we know.

Ummm by Le+Marteau · 2008-09-08 16:42 · Score: 1

"If enough is known about how the malware is behaving to know that it is suspicious, [we will] fingerprint the file and send it in the cloud to AvertLabs so we can look at it, provide people a piece of protection and send it immediately back to them," explained Marcus. "We've been analyzing malware for a long time so we know how it acts."

Send it "in the cloud". WTF does that mean? "Internet" maybe. What a sales drone.

"Send it immediatly back". WTF does that mean. I guess their version of "immediate" means "after a human has dissected the malware, we will patch it using 'the cloud'"

I am not seeing anything new here, except that they brag that their wares sends info about your machine back to their 'labs' for analysis and future patches.

--
Mod down people who tell people how to mod in their sigs

Re:Ummm by afidel · 2008-09-08 16:57 · Score: 1

And even if it DID work it would just find new and interesting ways to automatically and quickly break your network. Even the best AV vendors occasionally release a bum dat update even after really thorough testing. Trend is IMHO the best in that regard and even they bit me in the arse once in the last decade =)

--
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.

Online, on-the-fly protection by Artemis ... by Korbeau · 2008-09-08 16:55 · Score: 2, Funny

... sounds like divine intervention to me :)

Close your eyes, praise the Gods, offer them some CPU cycles. If you're a man of moral virtue, don't tackle Eros too much and make your annual trip to the oracle (not the false ones, those that accept VISA), nothing bad will happen!

*runs in sandals with money clinging under his robes*

give it time by floatingrunner · 2008-09-08 16:58 · Score: 0

i mean.. it sounds very promising... i bet it can. *JJJJJUUUUUUUUUUUuuuuuuuuuu....* but really, score one more point for the defenders... let's hope they keep up their bargin

hmmm by drDugan · 2008-09-08 17:03 · Score: 2, Interesting

Active protection, as in - running "fixes" locally automatically downloaded from the InterTubes? Throw in a pinch of DNS poisoning or muxed up routes and you've got yourself a perfect rootkit injection system with the piece of protection and [sent] immediately back to them! Yeah!

Re:hmmm by SanityInAnarchy · 2008-09-08 19:26 · Score: 1

I suppose any company stupid enough to attempt to build antivirus in the first place might be stupid enough to not know about encryption.
Except that I don't think they're actually stupid, just opportunistic. I seriously doubt they wouldn't at least sign them.

--
Don't thank God, thank a doctor!
Re:hmmm by Anonymous Coward · 2008-09-09 00:49 · Score: 0

Except for the fact that PKE in the engine validates all the hits. So the only thing you can do is poison dns to result in nx's.
If you think that mcafee didnt think that one through, then you're a fool.
Re:hmmm by Anonymous Coward · 2008-09-09 04:08 · Score: 0

Code signing can and has been compromised.
Re:hmmm by SanityInAnarchy · 2008-09-10 02:40 · Score: 1

But not through "a pinch of DNS poisoning or muxed up routes".

--
Don't thank God, thank a doctor!

Antivirus software is bullshit by Mike610544 · 2008-09-08 17:09 · Score: 4, Interesting

when a PC gets hit by malicious computer code.

A PC doesn't "get hit" by "malicious computer code" too often these days. The target unintentionally (but by their own action) runs malicious code because they're ignorant. Even running Windows (patched w/ firewall) there aren't many ways you can get pwned without clicking on the "RUN VIRUS NOW" button (admittedly recognizing the ways that button can masquerade itself is a skill.)

Trying to protect people against themselves is futile. Antivirus software is like the Maginot Line. It only works against shit they're expecting.

There's no substitute for educating computer users about what's not to be clicked upon (and/or run as root.)

--
... also, I can kill you with my brain.

Re:Antivirus software is bullshit by Itninja · 2008-09-08 18:29 · Score: 3, Informative

I agree there is not substitute for educating users about the pitfalls of getting click-happy. But it's a bit naive to just call all AV software BS across the board. There are any number of ways to get 'pwned' without ever having to click a single button - especially in Windows. One that comes to mind is our old friend 'autorun'. Every Windows system since '95 has come with this little chestnut turned on by default. You want to put a keystroke logger or other malicious code on someones' Windows system? Just burn it to a CD and write an autorun.inf file to do whatever you like silently and without user interaction. Without any security software running, the user is totally hosed.

You think you can educate the user(s) to remember to always hold down shift when inserting a CD/DVD? Yeah, good luck with that.

--
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
Re:Antivirus software is bullshit by SanityInAnarchy · 2008-09-08 19:34 · Score: 2, Interesting

Or you could, y'know, disable autorun. It's not particularly difficult. (Not particularly easy, either -- at one point, I could only figure out how to do it via the Registry. But not difficult.)
Now, it might be worth it to have a piece of software (a script, really) that ran around a Windows install and tightened up security across the board -- turned the firewalls on, set passwords, disable autorun, install Firefox, grab updates, etc.
While it's at it, it could tune you up -- enabling Hibernate is about the first thing I do.
I'm sure such a thing exists. But I suspect that all antivirus software, or anything that would call itself antivirus software, is also going to include the after-the-fact scanning, and is going to advertise that well before the actual securing of the system.
And it's worth mentioning -- no other OS comes so thoroughly pwnable out of the box, especially via things like Autorun. I suspect that's even fixed in Vista.

--
Don't thank God, thank a doctor!
Re:Antivirus software is bullshit by Kalriath · 2008-09-08 21:58 · Score: 2, Informative

That's wrong, not informative. Any modern Windows OS (XP SP2, Vista) pops up a box asking what you want to do when you insert the disk (which includes the option "Run the program"). It will not, however, automatically run anything.

--
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Re:Antivirus software is bullshit by Anonymous Coward · 2008-09-09 00:48 · Score: 0

My friend, you are a fool. Drive by downloads? SQL Injection of legitimate websites causing them to distribute malware through js etc without the users knowledge? No big button there... Its ok though, sit in your high chair and tell everyone else they are stupid and that you know what to look for so you are fine... Still running windows 98 are we?
Re:Antivirus software is bullshit by ancientt · 2008-09-09 01:25 · Score: 1

Protecting people from themselves isn't even really all that hard, all you do is take away all their power.
Now, politically and philosophically, I'm a freedom lover. I want people to be free to make their own mistakes, free to try new things and free to fail or excel, but when it comes to users of my network, I'm an iron fisted tyrant. No installing. No visiting websites that we haven't pre-approved. No you cannot use your flash whatchamever. Works out pretty well actually.
Maybe I should set up a business for myself: ETRUS - (Evil Tyrants -R- Us) - we keep your computer really, really safe for only dollars a day! Your computer will be re-imaged nightly and you will be protected from all the evilness of teh intertubes! (You know we're technically adept 'cause we can use lolspeak.)

--
B) Eliminate all the stupid users. This is frowned upon by society.
Re:Antivirus software is bullshit by Anonymous Coward · 2008-09-09 04:10 · Score: 0

Wrong. I used to believe it was just an education issue. I've been in this game since before the 'Good Times' hoax that ran around the intertubes. We'd joke at the time - you can't get a virus from email (because at that time there were no attachments).
Then it was 'you can't get a virus as long as you don't download anything'. Because there weren't services exposed to the Internet.
Then it was 'if you're running AV and a Firewall, as long as you stay away from the dodgy sites and don't download anything, you'll be okay'. And then the GIF vulnerabilities came along.
Now, with web browser driven exploits on legitimate sites that have be pwned, you're fucked, full stop. If you are surfing the Internet there is no assurance you will not come across a site that will silently infect you in the background.
'But my browser is patched' you say. Tough cookies. Malware authors buy exploits that haven't been released to the wild yet and take advantage of them to get the upper hand.
Educating a computer user is a good idea. But don't mistake it for a proper defense.
The defense I tell my family to use - buy a Mac, run AV + Firewall. No, they aren't invulnerable. Yes, there is malware. But the probability of you encountering it is lower. Lay education on top of that.
Some people just can't be educated. My sister in law wanted to switch her Mac out for a Windows box. Why? Because she wanted to run programs. Which programs? Well, sometimes people send her .exe files by email and she can't run them on her Mac.
'And that is why you aren't getting a Windows machine'.
Re:Antivirus software is bullshit by Itninja · 2008-09-09 08:14 · Score: 1

An autorun.inf file can be written to bypass this message.

--
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
Re:Antivirus software is bullshit by Kalriath · 2008-09-09 11:05 · Score: 1

No, no it can not.

--
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Re:Antivirus software is bullshit by Anonymous Coward · 2008-09-09 13:38 · Score: 0

Now, it might be worth it to have a piece of software (a script, really) that ran around a Windows install and tightened up security across the board -- turned the firewalls on, set passwords, disable autorun, install Firefox, grab updates, etc
Their called security templates. GPO's can be pretty useful if you use them properly. Granted, security templates don't install FF, but a decently-configured network and install process should cover whatever base software and updates you need/want. If you're not in a corporate environment, check out gpedit.msc > Computer Configuration > Windows Settings > Security Settings.
Combine that with a decent scoring/analysis tool and you can run a decent OS.
Yea, yea: I hear the "band-aid vs. design" argument. What I'm saying is that I know you run into problems when you build an OS that tries to play to the lowest common denominator. If you're using that OS though, you can lock it up properly to not be the lowest common denominator from a security standpoint, provided you manage your users properly ("No, you cannot run Limewire to download that fun new game your buddy told you about...").
Re:Antivirus software is bullshit by SanityInAnarchy · 2008-09-10 03:35 · Score: 1

Good and useful information -- thanks!
And I don't think that the "common denominator" argument holds -- in many ways, people find OS X and even Ubuntu to be more intuitive than Windows -- even when you consider that too often, "intuitive" means "just like Windows, because I already know that." But OS X and Ubuntu both come more secure out of the box than really any Windows desktop OS other than Vista. (I haven't used enough Vista to be sure, and I don't want to.)
I think that the only part of this that causes problems is when Microsoft needs to make Windows behave exactly the way it always has.
A simple example: No, we don't need Autorun to stay exactly the same. Almost every piece of software comes with a manual that includes how to run setup.exe if it doesn't start automatically. Even ignoring that, it would be possible to pop up a list of options when the new disc is detected, based on what's detected, including "run the program on it" -- or simply to open the disc in a new window, thus making it exactly one click (a double-click, if you must) to start the installer, if that's what you intended.
And no, that's not going to cover everything -- but it could at least cover the things that education realistically can't. (Even experienced users can't realistically be expected to hold shift every time they insert a CD.)

--
Don't thank God, thank a doctor!
Re:Antivirus software is bullshit by Itninja · 2008-09-11 10:54 · Score: 1

Sure it can. It's done all the time. Like this:

[autorun] open=Autoplay.exe -auto icon=Autoplay\resdata\install.ico,0

With an out-of-the-box default installation of XP pro SP 2, this will bypass all user interaction.

--
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
Re:Antivirus software is bullshit by Kalriath · 2008-09-11 16:53 · Score: 1

Now try that on Vista.

--
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".

Big Brother gets to examine all your files by Animats · 2008-09-08 17:11 · Score: 5, Insightful

Here's McAfee's explanation of how it works:

A user receives a file that the scan agent deems suspicious (for example, an encrypted or packed file) and for which there is no signature in the local .DAT database.
Using McAfee Artemis Technology, the agent sends a fingerprint of the file for instant lookup to the comprehensive database at McAfee Avert® Labs.
In less than a second, if the fingerprint is identified as known malware, an appropriate response is sent to the user to block or quarantine the file.

In other words, every time you download a binary file, McAfee HQ knows about it and logs it. Was this dreamed up by the RIAA, the NSA, or the anti-child-porno people?

Re:Big Brother gets to examine all your files by dontmakemethink · 2008-09-08 18:11 · Score: 2, Interesting

In other words, every time you download a binary file, McAfee HQ knows about it and logs it. Was this dreamed up by the RIAA, the NSA, or the anti-child-porno people?
All of the above. The submissions will be spidered so the users will receive targeted ads from relevant lawyers to help settle the lawsuits.

--

War as we knew it was obsolete
Nothing could beat complete denial
- Emily Haines
Re:Big Brother gets to examine all your files by SanityInAnarchy · 2008-09-08 19:36 · Score: 1

If the "fingerprint" is a cryptographic checksum, you should be fine -- though you're still trusting McAfee's servers not to just start randomly quarantine-ing your good files with the bad ones.
Knowing McAfee, I wouldn't be surprised.

--
Don't thank God, thank a doctor!
Re:Big Brother gets to examine all your files by Deanalator · 2008-09-08 20:31 · Score: 1

1. you can turn it off
2. do you know a better way to do it? Signature detection is long broken for vx, and anomaly detection has been inevitable, but held back because of much larger chances of false positives.
The code is running on the clients. Anyone who feels like it can check out what files are being reported back, and what files are not. If it starts reporting things like movies etc, you can be sure that plenty of people will be on top of that quick, and then mcafee is fucked.
It seems more like seti@home to combat the vx market. Then again, I know quite a few people in avert, so grain of salt etc :-) Also, there are much better ways for big brother to watch what people are up to.
Re:Big Brother gets to examine all your files by yuna49 · 2008-09-09 02:45 · Score: 1

I take it the point of all this is to catch zero-day exploits?
How about a better approach like having the client AV software update its definitions more frequently like every hour? On my mail servers I update ClamAV hourly now. Of course that means McAfee would need sufficient server resources to handle those requests, but how much did they spend developing this intrusive approach? And how much traffic will it generate if it sends a hash of every ZIP downloaded by McAfee users every day?
Sorry, but I'll pass on the phone-home approaches. You give me the signatures, and I'll determine what to do with them on my end.
Re:Big Brother gets to examine all your files by Rich0 · 2008-09-09 04:03 · Score: 1

If the virus signatures were distributed in a way that minimized server resource conosumption the frequent updates might not be a problem.
The trick is to only transmit changes - not the whole database.
You could even have realtime updates - clients register with a server and get a call-back when a new definition is available.
Re:Big Brother gets to examine all your files by Animats · 2008-09-09 06:05 · Score: 1

If the "fingerprint" is a cryptographic checksum...
That wouldn't be useful. Most modern attacks have at least some variation from copy to copy. "Polymorphic" viruses vary considerably. That's why signature-based recognition doesn't really work any more.

Pet peeve by Anonymous Coward · 2008-09-08 17:14 · Score: 0

methodology = study of methods

Flawed methodology by mcrbids · 2008-09-08 17:25 · Score: 5, Insightful

Using anti-virus to "protect" your computer is like trying to avoid collisions by studying your rear-view mirror. By definition, it only "catches" compromises AFTER THEY ARE SUCCESSFUL.

Then, we have to trust that:

1) The compromise is one of the known viruses, or falls into the realm of "suspsicious activity".

2) The compromise was successfully noticed.

3) All aspects of the virus are known and can be removed.

4) You (the end user) have sufficient system permissions to remove the virus.

5) You (the end user) have all updates applied.

The whole system is woefully fragile and ineffective. Most estimates today seldom put A/V effectiveness above 50% effective, despite the considerable resources consumed by the software. It may be better than poking yourself with a sharp stick, but not by much!

And here's a good example of this: My kids' computer. It's an Athlon XP 3400 with a GB of RAM and an 80 GB HDD. I got sick of reloading the !@#@$ computer every 3 months when it got all horked with god-knows-what so I did the nasty, this time.

I installed ALL O/S patches while hooked up to a private network. I installed AVG antivirus. I let the kids only use the computer as the most limited user available: guest. I installed FF and made it the default browser, along with Open Office and a few legal games. (not warez!) I set WinXP to self-update every single day, and not ask about it. The Windows firewall was on, and the computer is on a NAT network, connected to another highly firewalled DMZ.

Despite all this hassle and inconvenience, the system is STILL behaving rather poorly, 6 months later. Bought me 3 months, but only three more.

Compare/contrast with the Mac. Same kids. Same amount of usage. Same type of usage for the same purposes. Blogging, MySpace, games, homework. All else the same, but I never bothered with antivirus. Yet it works fine! No bogging down. No strange behavior. Same thing with my Linux laptop, which after some 10 years is still using the same /home partition.

Good security isn't something you "band aid", it's something you design from the beginning.

--
I have no problem with your religion until you decide it's reason to deprive others of the truth.

Re:Flawed methodology by slittle · 2008-09-08 18:15 · Score: 1, Insightful

Same kids. Same amount of usage
Bullshit. You must be a retard if you trust anything your kids say. They may be surfing the same sites, but they're downloading and executing ZOMG U MUST SEE THIS!!1 shit on the PC which isn't compatible with any other OS.
I haven't seen a virus on my PCs since my 286, which came preloaded with them, and my own deliberate HPAVC collection from the BBS days.

--
Opportunity knocks. Karma hunts you down.
Re:Flawed methodology by Urkki · 2008-09-08 18:17 · Score: 5, Funny

Good security isn't something you "band aid", it's something you design from the beginning.
Yes, but that still doesn't work. You'd have to remove the human element. Enough nuking from orbit should remove both the virus creator and the hapless user, so as long as you protect the actual computer from the EMPs during the bombardment that's probably the safest way to go.
Re:Flawed methodology by im_thatoneguy · 2008-09-08 18:28 · Score: 5, Interesting

Here here.
I usually run on a DMZ. No firewall local or at the router.
I even have a dynamicDNS directed to my main computer.
I scan regularly. And haven't been infected in over 8 years. (which was my fault for opening an attachment without thinking.)
My current windows install is about 2 years old with LOTS of use. The computer is 5 years old and it's time to junk it. It's also still suffering from a 4 year old Norton uninstall that seems to have never completed and is getting worse. Norton was the worst thing that ever happened to one of my computers and I still haven't completely purged it.
What junks up my Windows PCs aren't the illicit viruses that get installed without my permission. It's all the crap that comes along with little freeware worthless pieces of crap that I need to use once to convert some file or another.
Windows PCs and Macs get used very differently. Having run both of them I used them very differently myself--largely because there just isn't the world of little crappy apps available.
I'm with parent. Your comparison is apples to oranges.
Re:Flawed methodology by Andronicus · 2008-09-08 20:15 · Score: 1

You need to look into Windows Steady State. In combination with some additional storage on another drive or thumb-drive so the kids can store their personal data, your burden will be significantly lessened.
Windows Steady State. Check the show notes over at www.grc.com, Steve and Leo did a show on it.

--
USNG: 14TPU4605
Re:Flawed methodology by rolfwind · 2008-09-08 20:38 · Score: 4, Interesting

Bullshit. You must be a retard if you trust anything your kids say. They may be surfing the same sites, but they're downloading and executing ZOMG U MUST SEE THIS!!1 shit on the PC which isn't compatible with any other OS.
I haven't seen a virus on my PCs since my 286, which came preloaded with them, and my own deliberate HPAVC collection from the BBS days.
He's not trusting what his kids say, he's seeing the results for himself. And who cares what his kids download? They had limited user accounts, it SHOULD NOT HAVE MADE A DIFFERENCE what they downloaded.
Some windows users love closing their eyes to the results and stammer and sputter about marketshare and all that crap - but the fact is that Windows has more attack vectors for whatever reason. Like your parent said, security is a bandaid on windows, not built in. I don't know the entire reasons for that, I heard that in unix, services run as a normal user account, sandboxed away from causing damage while in Windows many services run as root - meaning only one has to be compromised for something malicious to gain control.
There are probably other reasons and the OP may have well talked about Ubuntu instead of a Mac -- but your sample size of one is unconvincing from every angle. You're obviously not the average computer user, nor do you anticipate the truly stupid shit some people do and how kids play with their computers.
Running as root would be just as stupid (something Ubuntu does not have one do by default but I believe Mac does?) but having extensive contact with the administrators in my old school - they let the macs be while the Windows based systems are set to be reimaged every night simply because it's too much of a pain to keep Windows clean for more than a week among groups of students. Default UAC in Vista might have finally changed that, but their machines still run the cheapest form of XP (without UAC) and it also does not get rid of the services issue.
Re:Flawed methodology by Anonymous Coward · 2008-09-08 21:09 · Score: 0

It is naive to think your kid doesn't know the password for the admin account. I was a kid once too, I never had a problem with any kind of barrier my parents tried to throw at the computer.
There is just no way your kids can fuck up a computer with only the guest account. I am somehow skeptical that they could run a browser or let alone a game with this set of rights.
But maybe your kids haven't done anything wrong at all and it is you watching porn sites while logged in as admin that fucked up the computer.
Re:Flawed methodology by Legion303 · 2008-09-08 21:28 · Score: 2, Funny

"By definition, it only 'catches' compromises AFTER THEY ARE SUCCESSFUL."
So if I download "leetwarez.rar" from the intertubes and my AV program flags it as a known trojan, at which point was my system compromised? Was it BEFORE or AFTER I didn't run the infected program?
Re:Flawed methodology by Anonymous Coward · 2008-09-08 22:39 · Score: 0

You made his point! Clicking on this sh1t.exe from the net and it runs? Why the @#$%?
Re:Flawed methodology by slittle · 2008-09-08 23:31 · Score: 2, Interesting

They had limited user accounts, it SHOULD NOT HAVE MADE A DIFFERENCE what they downloaded.
What does limited user accounts have to do with anything? User separation protects users from each other and the system from users but it doesn't protect the user from himself, on any desktop OS.

Like your parent said, security is a bandaid on windows, not built in.
It was built in from the beginning in the NT line. The security system in the kernel is better than any other desktop systems, it's only in userspace that it hasn't been implemented correctly because it's inconvenient to users. But that's a far cry from being a "bandaid" or not built-in. The only bandaid is making shit software work when security features that were always there are actually used.
Even the design guidelines for userspace apps that have been in place since Win95 are blithely ignored - it's only now that the rules are being enforced that problems show.

I don't know the entire reasons for that, I heard that in unix, services run as a normal user account, sandboxed away from causing damage while in Windows many services run as root - meaning only one has to be compromised for something malicious to gain control.
I don't see much difference between my Linux and Windows servers in that regard - both use privileged and non-privileged accounts depending on what resources the service needs to access. But that's pretty much irrelevant since the OP specifically said it was firewalled, so the network services aren't the attack vector.
It also can't be a privilege issue since they're running as guest (and I bet I can get root via local exploit easier on Linux than Windows). It can't be evil Intarweb Exploder because they're using FF. And it probably isn't even a real virus or trojan because they're running AVG, so it's likely that what he's got isn't a virus, worm or anything that AVG would remove, but simply crapware - toolbars, themes, cursors, tray widgets and other bullshit that "normal" people seem to like, things they intentionally install.

Default UAC in Vista might have finally changed that, but their machines still run the cheapest form of XP (without UAC) and it also does not get rid of the services issue.
UAC is privilege escalation. Which is pretty much irrelevant since his system got hosed even as a guest user.
Here's the simple version: as long as users are allowed to run any programs the system didn't come with, it will suffer this problem.
Linux is "immune" because installing software that didn't come from the vendor's own repository is basically impossible for normal people. Hell, most users probably couldn't figure out how to make anything they download executable. That will change if/when Linux gets popular - users will demand the ability to use 3rd party programs.

--
Opportunity knocks. Karma hunts you down.
Re:Flawed methodology by cryptodan · 2008-09-08 23:44 · Score: 1

I run my computer with an account that has administrative rights, because quite frankly i get tired of switching accounts to do updates on hardware and software. I use McAfee Security Center, McAfee Site Advisor, and Spyware Tools. The most annoying things I get are tracking cookies, and I do a lot of research on suspicious and possibly malicious files I see here at work at home. Most of the time the download of the executeables fail, and sometimes they do download but do not install so I can send them to virus total.
It basically boils down to intelligently using your computer to stay away from getting infected with sort of malware. Also it takes smart browsing practices, and not opening up attachments from people who you do not know, and double checking with people who you know that has sent you something. Hell, I dont even bloat my firefox up with un-needed applications like adblock, flashblock, no script, and others. I tried them, and found them to be more annoying then anything so I removed them. Instead I add the offending domain to my hosts file. Does a much better job, and keeps my FF nice and clean and free of bloatedness.
Re:Flawed methodology by stevied · 2008-09-08 23:58 · Score: 4, Interesting
I'm pondering the following set-up:
- 1Gb ageing Athlon box
- Ubuntu installed on the raw hardware
- Virtualbox installed on Ubuntu
- WinXP running in Virtualbox with about 50% of the RAM.
- Auto login set up on Ubuntu and WinXP, so apart from the Ubuntu splash screen, there's nothing particularly scary to see for the dyed-the-wool Windows user I'm jumping through all these hoops for.
This allows various cool stuff: incoming HTTP and IMAP connections could be scanned with ClamAV, for example. What would be really great would be to just discard changes to the main VB disk image at the end of every session. Obviously user docs + data would be somewhere else, and could potentially get infected, but that's a lot less data to periodically virus scan, or to restore if anything does get in to it.
Preliminary tests suggest that virtualized windows without on-access scanning runs quite a lot more smoothly than a bare-metal install does with it. The added bonus is that I can ssh into the underlying Ubuntu system and do admin with the rather richer toolset available there than on Windows (though greater personal familiarity with that toolset is also an issue, I admit.)
Re:Flawed methodology by domatic · 2008-09-09 00:49 · Score: 2, Informative

Running as root would be just as stupid (something Ubuntu does not have one do by default but I believe Mac does?)
What Macs and newer Linux distros, Ubuntu included, do is make the first user created on the system a "computer administrator". Only such a "computer administrator" can install software outside the home directory or change system settings and all such activities are password prompted. Unless that password is supplied for administrative actions, these users have no more privilege than regular users.
It isn't perfect. A nasty could run in the background as that user and silently sniff for that password but such attacks aren't common. It is fairly common practice to mitigate that on Linux systems by forbidding software to execute from the home directories. That would be possible on OS X as well but doesn't seem to be a very common practice.
Re:Flawed methodology by domatic · 2008-09-09 00:52 · Score: 1

Norton actually has a "Removal Tool" for peeling their crap off a system.
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039
It knows about all the regkeys, services, and files their various products employ. Might be worth a shot.
Re:Flawed methodology by BytePusher · 2008-09-09 01:10 · Score: 1

"Linux is "immune" because installing software that didn't come from the vendor's own repository is basically impossible for normal people. Hell, most users probably couldn't figure out how to make anything they download executable. That will change if/when Linux gets popular - users will demand the ability to use 3rd party programs."
Linux has this capability through a recent innovation called a "package management system." A recently development is RPM, which is less than 20 years old. In fact, most web browsers on Linux will now launch a "package installer" for you, if you download a file with the appropriate ending. So, what's the difference between Microsoft Windows and Linux in this regard? It comes down to one word, "passwords." If a user without appropriate permissions attempts to install 3rd party software in a directory they're not permitted to run in, they're not permitted to install it. However, they are free to install software in their own home folder. This is how I tell users to install their 3rd party apps that I don't want to support. Fortunately, most software written for Linux can easily be installed in it's own context and will run properly. With Microsoft Windows, this is not possible. Almost every app needs full control of the system and full access to the registry. Sure, you can turn some security on, but once it's on, you can't install 3rd party apps at all unless you have access to the source code(e.e. PortableApps.com).
So, in truth, there really is a difference. Two desktop OSes enter, one desktop OS leaves!
Re:Flawed methodology by hairyfeet · 2008-09-09 01:43 · Score: 1

Are you allowing IE and OE to run? Because if you don't have a real firewall then they can still be launched. How about Noscript and Adblock? The reason I ask is I have almost the same situation: Two boys,teenagers at that,whom I let loose on the laptop all the time. They are doing the same things as yours,gaming(Games:youngest Lunia,oldest FPS)social sites(Oldest Myspace) and Youtube. I scan the machine monthly with both an online and offline scanner and found nothing. Nada zip zilch squat. So either your kids are clicking on the ZOMG LOOK AT TH1S! kind of junk,or you have a security hole the size of Texas that you missed.
Try logging what is going on to find out what they are REALLY doing,since I am smelling something fishy. But if you don't want to go to the hassle try this which is what we used to sell to those that couldn't quit clicking on the stupid virus emails. With Deepfreeze the machine will revert to however it was when you installed it on next reboot. Takes a little bit to set up but once done you won't have to worry about that PC again.And as always this is my 02c,YMMV

--
ACs don't waste your time replying, your posts are never seen by me.
Re:Flawed methodology by slittle · 2008-09-09 01:58 · Score: 3, Insightful

Linux has this capability through a recent innovation called a "package management system."
Right... we'll talk about this again when Myspace is full of RPMs and DEBs.

So, what's the difference between Microsoft Windows and Linux in this regard? It comes down to one word, "passwords."
Users will enter passwords on command like good little trained monkeys, so nothing has changed.
Password protection only saves you from, eg. browser exploits installing backdoors without your knowledge. Most Windows malware/crapware is installed deliberately at the request of the user, no raindance or blood sacrifice ritual can stop that without turning "their" computer into a black box appliance.

If a user without appropriate permissions attempts to install 3rd party software in a directory they're not permitted to run in, they're not permitted to install it. However, they are free to install software in their own home folder.
The OP already said they were running as Guest, so that's precisely what happened.

Fortunately, most software written for Linux can easily be installed in it's own context and will run properly.
You can install standard RedHat RPMs into your own home directory? And find/install updates automatically, resolve dependencies in your private space, etc? Awesome!
Regardless, it seems we've now established that running/installing software as a normal user, in areas writeable by normal users is acceptable, right? What kind of brain damage is preventing you from seeing how this is not more than enough access for malware/crapware mischief?
Run me through your thought pattern, because I can't understand where you're coming from and how you can possibly you arrive at a non-exploitable conclusion. As far as I can tell, it goes like this: user downloads omgponies.rpm from Myspace and either installs it to ~/omgponies or enters the system password for a root install. The first thing it does is run a post install script which then inserts spyware, crapware toolbars, or whatever into every dotfile orifice in the user's directory, or for a root install every damn where. User doesn't even have to run the program that was in it.
Right? Congratulations, welcome to having an operating system that someone other than nerds gives a shit about. How is this different from what is happening on Windows?
Privilege separation is a red herring on the desktop - administrative access is simply not necessary for most crapware to function. The main reason to run as Admin is purely defensive, to disable anti-virus and/or install hidden drivers, etc. so that the user can't get rid of it, rarely is Admin actually needed to perform its primary purpose. And should it ask for the Admin password, the user will supply the password because you, oh Lord of the System, have been training them to do it.

Almost every app needs full control of the system and full access to the registry.
Complete bullshit.
Have you even used Windows in the last 10 years at all? Especially in a corporate environment, Windows' security features are substantially better than other desktop OSs, the only issue is actually implementing them. Few will, because users scream bloody murder when they're told "you're not allowed to do that any more." But replace Windows with Linux and tell them instead that "it's not compatible," they'll accept it.

--
Opportunity knocks. Karma hunts you down.
Re:Flawed methodology by fredfishwater · 2008-09-09 02:27 · Score: 1

This worked because you know how to set up a system to be used properly. When people finally start to realize that most windows problems can be stopped by running as a normal user all the time, their life will be MUCH better.
Re:Flawed methodology by Anonymous Coward · 2008-09-09 02:58 · Score: 0

I wish I had mod points. +5 intelligence.
Re:Flawed methodology by gad_zuki! · 2008-09-09 03:02 · Score: 1

I have some of the world's dumbest users, who click EVERYTHING, and try to install any smiley/weather/junk they get their hands on. They are set as limited users and the machines they use last years without reimaging. I honestly dont know what youre doing wrong. Perhaps your kids are outsmarting you by logging in as administrator behind your back or you didnt do a proper reimage between infections.
Re:Flawed methodology by asdfghjklqwertyuiop · 2008-09-09 04:41 · Score: 1

The only reason your AV program flagged it was because somewhere, some computer was already infected with it. By relying on AV you're just relying on luck - being lucky enough to only be exposed to bad things a while after the AV company found them.
Re:Flawed methodology by QuoteMstr · 2008-09-09 04:47 · Score: 1

Thank you. This kind of comment is spot on.
While technically all desktop operating systems have technically equivalent security, there are cultural differences. You allude to them yourself: users of other systems are more likely to accept programs that break when upgrading. Windows users, on the other hand, expect backwards compatibility at almost any cost, and in accommodating them, Microsoft has left security holes open. (Also, security patches tend to be pushed when available for other operating systems; Microsoft uses the "Patch Tuesday" system.)
Also, there has been some research into isolating the web browser from the rest of the desktop; I think that approach has some potential even if it doesn't solve the dancing bunnies problem.
Re:Flawed methodology by Annymouse+Cowherd · 2008-09-09 11:26 · Score: 1

A nasty could run in the background as that user and silently sniff for that password
gksudo 'grabs' the keyboard- no other programs can get the keystrokes. You could, however, make an imitation dialog that takes the user's password, and then uses it to sudo.

Re:First Cunt more like it! by dougisfunny · 2008-09-08 18:57 · Score: 2, Insightful

It's a dirty job, but someone has to do it.

--
This is not the funny you're looking for.

So what are we to take from "Artemis"? by Gordonjcp · 2008-09-08 19:27 · Score: 3, Funny

If your computer is infected by a virus, it prays to be shot by one of Artemis's silver arrows so that it may die a swift and painless death? Is that it?

Re:First Cunt more like it! by NoisySplatter · 2008-09-08 19:37 · Score: 1

What good is getting first post if you do it anonymously though? Gotta do that shit logged in properly to get your interblag merit badge.

--
In Soviet Russia meme tires of you!

Artemis by maroberts · 2008-09-08 20:10 · Score: 1

..seems a Fowl plot to me.

This may go over the heads of non Eoin Colfer readers

--

Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon

Mcafee the only virus scanner you have to log in by Anonymous Coward · 2008-09-08 20:15 · Score: 0

ahh Mcafee the Antivirus that makes you log in to use it
not to mention the GUI is based on the most vunerable component on a winPc, MSIE
and then there are the privacy risks of having to login (with personal data) while Omniture/Webtrends (digital stalking companies) watch your every move (a packet sniffer reveals all)

Mcafee and Norton are perfect examples of marketing over substance
and thats why they will never get a penny again from our company or anyone we know

Bwahahaha by Legion303 · 2008-09-08 21:16 · Score: 1

McAfee needs to get their shit together for plain old virus scanning before they start talking about a technology that's "a lot faster than traditional methodologies." The last time I used their scanner it failed to pick up multiple 2- and 3-year-old trojans that were in my BugTraq mailing list attachment directory. Two other virus scanners had no issue. Yay, Artemis can overlook malicious code twice as fast as the competition!

The only AV suite worse than McAfee is Norton.

Only windows let you do it. by DrYak · 2008-09-09 00:54 · Score: 3, Interesting

Bullshit. You must be a retard if you trust anything your kids say. They may be surfing the same sites, but they're downloading and *executing* ZOMG U MUST SEE THIS!!1 shit on the PC which isn't compatible with any other OS. {note:emphasis mine}

Yes, you have a point about the "compatible" part. But you missed something fundamental.

The major flaw that the parent wanted to point is that, because of the sloppy design of Windows XP (partly inherits from its NT ancestrors which had some privileges restriction but never really used it, partly inhertis from its DOS/Win9x inspiration where every software does whatever pleases it),
you *can* download and execute code trivially in the first place.

In Linux, downloading and executing random bit of code isn't trivial, on purpose. Before executing, the use must first manually grant execution rights to the piece that was downloaded (i.e.: "+x" chmod isn't activated by default), and then, the code only runs with the privileges it inherits from the user (non administrative privileges. All the juicy bits like sending raw network packet, deploying a root-kit, etc. aren't accessible).

The only real canonical way to install a software in Linux is going through the package manager and install it from one of the (trusted) repositories. (you can "apt-get", "yum", "YaST", etc. to install additional software)

in short : in linux, you can't download and run a random exe. you can only install an exe from a repository, otherwise you have to do special steps (downloaded material isn't runnable by default).
in windows every idiot could download and run whatever at a simple click.
only the most recent version Vista has an UAC that asks the user to confirm its intent to run foreign code. But, most users either disable UAC because it's too bothersome, or have developed a spinal reflex to "Ok-Yes-click-thru" any thing on the screen as a habit they got from all the repetitive "cancel or allow ?".

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]

gone in 60 seconds by v1 · 2008-09-09 02:04 · Score: 2, Informative

Really can they do that? Code Red (admittedly a worm not a virus) took what, 8 minutes, to do most of its propagation. I don't think they can do anything useful in terms of speedy. Getting out the defs a few days faster protects me from 20% more viruses. That's about meaningless. Unless you're going to knock it down a few orders, you're not helping the situation very much.

--
I work for the Department of Redundancy Department.

Bloat by hendridm · 2008-09-09 02:07 · Score: 1

I wonder how much bloat it will add? I was a loyal AVG user for years until 8.0 - bloated, and that phishing thing it adds to Google searches is annoying and SLOW (I disabled it, but then I get a warning icon saying my computer may not be safe or something). I switched to Avira at that point.

What a timely announcement by GMFTatsujin · 2008-09-09 02:30 · Score: 3, Funny

Spore comes out today: perfect timing!

At last I can install EA games with confidence! And perhaps play a music CD from Sony!

Anonymous Coward by Anonymous Coward · 2008-09-09 04:31 · Score: 0

All this hoopla over a chess computer?

Can't you all see it's really Artemis that becomes SkyNet?!?

Anti-virus software...becomes sentient and sees us pathetic humans as a virus that needs to be wiped out!

Anti-malware is losing, but malware isn't winning! by againjj · 2008-09-09 05:09 · Score: 1

This is so ridiculous:

"If you talk to the anti-malware vendors, they are losing the battle," said Quin. "Not that malware is winning, but they can't keep up with the volume anymore."

Isn't that the definition of malware winning?

Slashdot Mirror

McAfee Artemis Claims Protection Online, On-the-Fly

107 comments