Slashdot Mirror
McAfee Artemis Claims Protection Online, On-the-Fly
Seems like McAfee has created a new Internet-based service to provide active protection on the fly when a PC gets hit by malicious computer code. "[Artemis] is a lot faster than traditional methodologies and it closes the gap between when a piece of malware is written, discovered, analyzed and protected against ... Artemis is available at no charge as part of McAfee VirusScan Enterprise or McAfee Total Protection Service for small and medium-sized businesses. Artemis is also available for McAfee's consumer products, where the functionality is called Active Protection."
And what percent of your monthly data transfer allowance?
The real "Libtards" are the Libertarians!
when a PC gets hit by malicious computer code.
A PC doesn't "get hit" by "malicious computer code" too often these days. The target unintentionally (but by their own action) runs malicious code because they're ignorant. Even running Windows (patched w/ firewall) there aren't many ways you can get pwned without clicking on the "RUN VIRUS NOW" button (admittedly recognizing the ways that button can masquerade itself is a skill.)
Trying to protect people against themselves is futile. Antivirus software is like the Maginot Line. It only works against shit they're expecting.
There's no substitute for educating computer users about what's not to be clicked upon (and/or run as root.)
... also, I can kill you with my brain.
Here here.
I usually run on a DMZ. No firewall local or at the router.
I even have a dynamicDNS directed to my main computer.
I scan regularly. And haven't been infected in over 8 years. (which was my fault for opening an attachment without thinking.)
My current windows install is about 2 years old with LOTS of use. The computer is 5 years old and it's time to junk it. It's also still suffering from a 4 year old Norton uninstall that seems to have never completed and is getting worse. Norton was the worst thing that ever happened to one of my computers and I still haven't completely purged it.
What junks up my Windows PCs aren't the illicit viruses that get installed without my permission. It's all the crap that comes along with little freeware worthless pieces of crap that I need to use once to convert some file or another.
Windows PCs and Macs get used very differently. Having run both of them I used them very differently myself--largely because there just isn't the world of little crappy apps available.
I'm with parent. Your comparison is apples to oranges.
Couldn't they just send the list of hashes of malware to your PC and it could be checked locally? It would be a long list and always growing, but not growing fast enough to put any kind of burden on a PC's memory or network capacity. (Suppose 100 new bad programs are identified every day and you need an SHA-256 hash of each one: that's still only about three kilobytes per day.)
The only way their system makes sense is if you send the whole lump of code back for analysis, not just a hash. A hash can just as well be checked locally.
-- Ed Avis ed@membled.com
He's not trusting what his kids say, he's seeing the results for himself. And who cares what his kids download? They had limited user accounts, it SHOULD NOT HAVE MADE A DIFFERENCE what they downloaded.
Some windows users love closing their eyes to the results and stammer and sputter about marketshare and all that crap - but the fact is that Windows has more attack vectors for whatever reason. Like your parent said, security is a bandaid on windows, not built in. I don't know the entire reasons for that, I heard that in unix, services run as a normal user account, sandboxed away from causing damage while in Windows many services run as root - meaning only one has to be compromised for something malicious to gain control.
There are probably other reasons and the OP may have well talked about Ubuntu instead of a Mac -- but your sample size of one is unconvincing from every angle. You're obviously not the average computer user, nor do you anticipate the truly stupid shit some people do and how kids play with their computers.
Running as root would be just as stupid (something Ubuntu does not have one do by default but I believe Mac does?) but having extensive contact with the administrators in my old school - they let the macs be while the Windows based systems are set to be reimaged every night simply because it's too much of a pain to keep Windows clean for more than a week among groups of students. Default UAC in Vista might have finally changed that, but their machines still run the cheapest form of XP (without UAC) and it also does not get rid of the services issue.
I'm not a fan of sending stuff out to them. I prefer the way PC Tools (free firewall / AV) handles this. They use a product called Threatfire to monitor all processes for unusual activity. It has the usual problem of the click to get rid of messages mentality, but they are fairly infrequent unless you install a plethora of applications. Basically you get the same protection (if you actually read what pops up) and as a bonus that secret document about your buried treasure won't be sent elsewhere if there is a macro in it.
lol: You see no door there!
I'm pondering the following set-up:
This allows various cool stuff: incoming HTTP and IMAP connections could be scanned with ClamAV, for example. What would be really great would be to just discard changes to the main VB disk image at the end of every session. Obviously user docs + data would be somewhere else, and could potentially get infected, but that's a lot less data to periodically virus scan, or to restore if anything does get in to it.
Preliminary tests suggest that virtualized windows without on-access scanning runs quite a lot more smoothly than a bare-metal install does with it. The added bonus is that I can ssh into the underlying Ubuntu system and do admin with the rather richer toolset available there than on Windows (though greater personal familiarity with that toolset is also an issue, I admit.)
Bullshit. You must be a retard if you trust anything your kids say. They may be surfing the same sites, but they're downloading and *executing* ZOMG U MUST SEE THIS!!1 shit on the PC which isn't compatible with any other OS. {note:emphasis mine}
Yes, you have a point about the "compatible" part. But you missed something fundamental.
The major flaw that the parent wanted to point is that, because of the sloppy design of Windows XP (partly inherits from its NT ancestrors which had some privileges restriction but never really used it, partly inhertis from its DOS/Win9x inspiration where every software does whatever pleases it),
you *can* download and execute code trivially in the first place.
In Linux, downloading and executing random bit of code isn't trivial, on purpose. Before executing, the use must first manually grant execution rights to the piece that was downloaded (i.e.: "+x" chmod isn't activated by default), and then, the code only runs with the privileges it inherits from the user (non administrative privileges. All the juicy bits like sending raw network packet, deploying a root-kit, etc. aren't accessible).
The only real canonical way to install a software in Linux is going through the package manager and install it from one of the (trusted) repositories. (you can "apt-get", "yum", "YaST", etc. to install additional software)
in short : in linux, you can't download and run a random exe. you can only install an exe from a repository, otherwise you have to do special steps (downloaded material isn't runnable by default).
in windows every idiot could download and run whatever at a simple click.
only the most recent version Vista has an UAC that asks the user to confirm its intent to run foreign code. But, most users either disable UAC because it's too bothersome, or have developed a spinal reflex to "Ok-Yes-click-thru" any thing on the screen as a habit they got from all the repetitive "cancel or allow ?".
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]