Slashdot Mirror
Ask Slashdot: How Dead Is Antivirus, Exactly?
Safensoft writes: Symantec recently made a loud statement that antivirus is dead and that they don't really consider it to be a source of profit. Some companies said the same afterwards; some other suggested that Symantec just wants a bit of free media attention. The press is full of data on antivirus efficiency being quite low. A notable example would be the Zeus banking Trojan, and how only 40% of its versions can be stopped by antivirus software. The arms race between malware authors and security companies is unlikely to stop.
On the other hand, experts' opinions of antivirus software have been low for a while, so it's hardly surprising. It's not a panacea. The only question that remains is: how exactly should antivirus operate in modern security solutions? Should it be one of the key parts of a protection solution, or it should be reduced to only stopping the easiest and most well-known threats?
Threats aren't the only issue — there are also performance concerns. Processors get better, and interaction with hard drives becomes faster, but at the same time antivirus solutions require more and more of that power. Real-time file scanning, constant updates and regular checks on the whole system only mean one thing – as long as antivirus is thorough, productivity while using a computer goes down severely. This situation is not going to change, ever, so we have to deal with it. But how, exactly? Is a massive migration of everything, from workstations to automatic control systems in industry, even possible? Is using whitelisting protection on Windows-based machines is the answer? Or we should all just sit and hope for Microsoft to give us a new Windows with good integrated protection? Are there any other ways to deal with it?
On the other hand, experts' opinions of antivirus software have been low for a while, so it's hardly surprising. It's not a panacea. The only question that remains is: how exactly should antivirus operate in modern security solutions? Should it be one of the key parts of a protection solution, or it should be reduced to only stopping the easiest and most well-known threats?
Threats aren't the only issue — there are also performance concerns. Processors get better, and interaction with hard drives becomes faster, but at the same time antivirus solutions require more and more of that power. Real-time file scanning, constant updates and regular checks on the whole system only mean one thing – as long as antivirus is thorough, productivity while using a computer goes down severely. This situation is not going to change, ever, so we have to deal with it. But how, exactly? Is a massive migration of everything, from workstations to automatic control systems in industry, even possible? Is using whitelisting protection on Windows-based machines is the answer? Or we should all just sit and hope for Microsoft to give us a new Windows with good integrated protection? Are there any other ways to deal with it?
How many more questions could they fit in a My Slashdot submission? One? Two? Three? Four? Five more? Six more questions? Seven? Eight? Nine?
"only 40% of its versions can be stopped by antivirus software" Take a general case. What proportion of crime is stopped by the police?
the solution is virustotal... one client to scan all ur files... but it is forbidden lol
the other solution is whitelist...
Dead as a security layer - not really. Also not dead as a profit source for other companies.
What are virus writers looking to get out of writing malware? Money? Fame? Absolute Power?? Well neither of the last two are ever going to happen.
We should incentivize the reporting of bugs... Getting recognition as being a prolific bug finder, and fixer in a positive light would be a start. Also being paid is another avenue. Optional fame, and a steady reliable source of money would be very appealing to most people.
Am I just being naive?
Whitelisting already works pretty well.
As much as people like to bash Windows, I'd estimate that 99% of malware can be avoided if the user knows what he's doing. (It's not just not running sexy_babe.avi.exe, but also not installing the Java browser plugin, for example.)
As long as the OS leaves the user freedom to install software, malware is inevitable. And that's fine by me. For the rest, the best solution is "centralized whitelisting" done through an app store, as practiced in iOS, WP and such.
Never seen viruses on Linux.
I have. And that's on desktop GNU/Linux with its ~2% market share. If you look at mobile Linux (Android) the situation is much worse.
Which will last exactly as long as it isn't profitable to make a virus for it. If everyone swapped to a certain distro of Linux, I'd be willing to bet you'd have major problems within a week.
I'd say security in the future will converge on three lines:
a) Sandboxed browsers/apps: Different browsers for mail access, general browsing and sensitive browsing (banking, using credit card, etc). All browsers revert to base state after closing, or allowing just a limited set of changes (bookmarks, cookies). The browsers are possibly stored in a USB stick with a physical write protection switch for part of the storage.
b) Trust structure: The OS will only execute programs with a certain signature, based in a chain of trust. You can choose who to trust or not.
c) Closed devices: (See Apple iPhone and iPad, but with paranoid-mode).
Well implemented, these strategies can reduce the malware threat, and they are implementable with current technology. I really don't see the anti-virus surviving much. It's an after-the-fact tech that was born as a patch for systems unprepared for a new threat. The playing board is now set and the structure of the systems must change to reflect that.
Rome taught me patience and assiduous application to detail. Virtues which temper the boldness of great, general views.
I happen to work in a company with roughly 5000 employees, all with antivirus installed. About 30% of the work force are on customer sites, use flash drives and connect to customer networks all the time. In short, it's a potential horror story.
We keep detailed statistics about the health of each system, and while I won't disclose which antivirus solutions we use (it's mainstream), I can tell you they do important work for the 30% that's exposed to "hostile" environments as they quarantine about 10 virii per month.
Let's translate the OP's question:
I have this insecure by design environment, while there are more secure by design environments available (yeah, probably not completely secure, but much more secure than what I'm using now). I'd like to patch my grossly insecure environment to get at least an illusion of security instead of considering the alternatives.
I apologize for the lack of a signature.
Simple, when you try to use the state to force people not to be greedy, you end up building it into the greedy control freak you wanted to avoid in the first place.
When everyone has universal income, few will actually want to produce anything worth buying beyond basic necessities, which they will just produce for themselves. When the state sees this, it will step in and redistribute, demoralizing these producers as well. This is what happened to consumer goods in the soviet union.
I've seen malware kernel modules on Linux. That was 12 years ago.
Its not dead, its just resting.
I saw similar posts before the web existed, let alone Slashdot. A policy of "allow all" was seen to be easiest so the malware problem persists despite all the lessons of the past and good advice like the above.
Java was supposed to be sandboxed entirely with zero chance of malware getting to anything other than it's own litter tray. Look how that turned out when it was seen as all too hard and compromises were made. Then there's the opposite that was born stupid, things like Active-X from MS that were such a stupid idea that a librarian (not a programmer) was telling me how stupid it was before launch. Then things like allowing execution of arbitrary code in images, another case of MS fucking up in a truly astonishing way - how the hell do things like that end up as anything other than SF novel plot points in a large corporation that is supposed to be competantly managed?
The answer as always is to learn from the lessons of the past instead of throwing together a pile of bits that look software shaped and rushing it out the door.
Actually, OS X's system is even better than that. It has a setting allowing only white-listed apps from the store, a setting allowing only apps signed with an Apple-supplied certificate (everybody can get those, but they can and are quickly and easily revoked), and a setting allowing everything. The default is (currently) the middle level, probably moving on to the strictest.
To put it bluntly, the hardware and OS makers have "banded together" to make it impossible to create an easy solution to this problem: a read-only OS.
I have not seen any harddisks with a physical* read-only switch on them (even USB sticks with them are hard to find these days) and the Windows OS has been created in such a way that makes it near to impossible to function from such an read-only drive.
*Software solutions to this extend are not worth their development time. To easy to tamper with.
To Javascript or anything THEM can run against US.
Mostly 'cause it's not profitable. Too small a market. Same reason why business software is rare for Linux (desktop, at least): No market.
As for "but it's more secure because you don't need root for every shit": The current big thing, cryptolocker, would work just as well on Linux. It needs no special privileges, all it needs is to run as the current user to encrypt all of the current user's documents and hold them for ransom.
I don't want to start the flamewar of whether Linux is more secure than Windows. Mostly because it does not matter jack. Linux could be the most insecure OS on the planet and still Windows would get the bigger share of malware. Simply because it is the bigger market.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
The most important piece of equipment for computer security is the one positioned between the chair and the keyboard. Learn to not click on stupid shit and its entirely possible to remain virus and malware free. I don't run AV software and I've never had a virus or malware on any Windows machine that I didn't purposely infect to see what happens (I work in IT, I'm expected to know that kind of stuff, so I have a machine specifically for the purpose of infecting :) ). And I run Windows almost all the time on my main daily-user machines (I run Linux on a couple of personal servers.) My just-barely-computer-literate 76 year old mother also does not run AV software, and has never had a virus or malware...and various flavors of Windows is all she's ever used.
Yes, Microsoft needs to do a better job on security. But saying its a Windows problem is a polite way of saying 90 percent of computer users are too embarrassed to take responsibility for their own stupidity.
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
It's been tried before and failed miserably. The experiment was called Communism and basic human nature precluded it from the being successful.
In an ideal world we would be a bunch of smurfs helping each other out when needed. However, this would simply be utopian. This lifestyle might work for small communities of 5-25 people where everyone is dependent upon each other for friendship, socialization, and survival.
Even at the beginning of the "industry" it was obvious that anti-virus applications were useless.
Was there malware in 60s? you bet. Even designed one around 1973 to steal passwords.
How were they handled - by fixing the vulnerability. My password stealer was fixed by requiring the user to do a control C to get the attention of the system. The password stealer could run... but could not trap the control C as it was not the controlling job of the terminal.
No antivirus product can detect the malware that hasn't been seen. If the virus has been seen, then logically the vulnerability being exploited should be fixed. For most systems, creating a patch takes about the same amount of time as it takes to analyze the malware and generate a new signature identity, (which is less time than it takes to develop a "behavior recognition").
No matter what the malware detection system, it ALWAYS lags behind the attack.
The only way to stop malware is to fix the system.
The point is that many companies still rely on signature technologies which are dead. Comprehensive endpoint protection with reputation and behavioral protection is still very valuable, but underutilized.
In order for a country to provide a basic income, without itself going bankrupt, it would need to keep the number of citizens from rapidly rising.
When you look at how high the stakes are, it should be clear that basic income is only viable if excessive reproduction and illegal immigration were both capital crimes.
Something to think about when you propose basic income as a solution.
I've never seen a black swan != black swans don't exist.
The more Windows is dead, the more antivirus dies.
Anti-virus is still extremely useful. It is not an end in and of itself, it isn't a panacea that will keep you safe from everything, but it is a useful layer of security. The only true defense that has any chance is defense in depth, layers of security. So that when one layer fails, and they WILL fail there's no perfect security, other layers stop the problem.
AV is a useful layer. It screens for known threats and good AV gets that list updated multiple times per day. So it can flat out stop any known threat from getting on a system. It can scan things as they download, before they execute, and block known threats.
That is useful, particularly against the kind of threats normal users face. They don't usually face highly specialized and targeted threats, they face something that sneaks in through a bad ad in a compromised ad network or the like.
We make plenty of use of AV at work and it has done a great job cutting down on compromised systems, and cleaning up systems that do get compromised (which generally don't have AV). I certainly wouldn't rely on it as the be-all, end-all, but it is a good layer of security.
It's also a pretty cheap one. You can have MSE for free, which has about a 90% catch rate, or for $40ish per year you can get one with a much higher catch rate (NOD32 being my preference). That's not a bad price for a useful layer of security.
Anti-virus software is unfortunately still needed; even if a user can only mess up their own machine, it's still a huge drain on support resources. At the same time, anti-virus software has completely fucked up the Windows eco-system. We're forced to constantly run a whole cluster of parasite de-celerator applications that constantly just randomly makes other, real work, software fail.
The biggest flaw with Windows is it's reliance on antivirus. No matter what computer system I install Windows onto, the antivirus software makes it slow. In some cases the antivirus software is worse than the virus itself.
Just use Linux. Not that nobody writes viruses for Linux, but your chances of getting one is slim. Also distros like Unbuntu/Mint/etc tend to update more then the OS itself. Update Manager will update Java, Firefox, Flash, and everything in between. Windows needs background programs to update the software in your computer, which is why so many vulnerabilities are left exposed in Windows machines.
The experiments in large scale communism have been the opposite of what the GP requested. They typically have reinforced selfishness and greed even more than capitalism as they are needed to survive rather than just to thrive.
... The current big thing, cryptolocker, would work just as well on Linux. It needs no special privileges, all it needs is to run as the current user to encrypt all of the current user's documents and hold them for ransom....
There is a solution for this class of malware, but it isn't anti-virus. Since cryptolocker only damages user data, the operating system should provide a secure and automatic backup of the user's data. Any time a user's file is changed, the new version is recorded on the backup, with its date. From the user's point of view, the backups are read-only, so malware can't damage them, and the user can retrieve an old version of a file at any time.
Which will last exactly as long as it isn't profitable to make a virus for it.
If everyone swapped to a certain distro of Linux, I'd be willing to bet you'd have major problems within a week.
This old Trope again; completely belied by the facts that:
There are several major things;
Each of these are deisgn differences and the problems come down to commercial choices by Microsoft to increase their profit at risk their own user's safety. Microsoft invented the executable email attachment making email spreading viruses, previously thought of as just a joke, a reality. Note, that these are not technical problems. The Windows NT kernel, a design copied from VMS, is a perfectly fine base for security. What is needed to get rid of viruses is to start to see competing companies who actually care about their users and not just the lockin and immediate profit they can extract from those users.
It already is profitable.
Getting a linux PC onto a botnet is far more useful than windows because they generally have more bandwidth and processing power available
All of these are necessary and none are a substitute for one-another. And even in concert and combination, they are not 100% effective and never can be.
The fact is, there are people who think the ability to get beyond security measures is tantamount to the "right" to break, enter and utilize. That is the source of the trouble. And until those humans are addressed effectively, there cannot be any progress against the problem. And why isn't that happening? Should be obvious.
With government writing themselves laws exampting themselves from prosecution (and simply ignoring laws, and refusing to prosecute themselves) and business of every kind, everywhere "lobbying" [read: buying] legislation which enables them to legally circumvent personal privacy and security measures while at the same time criminalizing circumvention of playback control measures? Well the picture sure be clear enough. They can't easily go after anyone without potentially offending the people who support them -- their sponsors.
The establishment itself is the problem. The establishment problem is best addressed by a mob of rebellion. Start with simple things: MS Windows for work and Linux/BSD for home. I don't care which flavors of Linux/BSD anyone uses and variety is a great thing -- no one-virus/malware to rule them all. Similarly to "the truth" Open Source will set you free. It's simply harder and less frequent to get malware through in any consistent and predictable way. With Windows and MacOS, consistency and predictability is far greater.
We preach "defensive driving" in motor vehicle traffic. But we ignore it where communications, privacy and data flows are concerned? And of the two, which are presently more important? (Still a contest but it's not about which is "more" important... that's a matter of context)
Excessive reproduction isn't really a problem in countries with relatively high standards of living, lack of reproduction is closer to being a problem.
Illegal immigration wouldn't be a problem if the basic income were only provided to citizens. Especially if it meant that jobs paid considerably less.
The bigger problem is paying for it. Since workers wouldn't need to be paid as much, employers would be the likely targets. However, taxing by headcount would result in under-the-table employment. Taxing by income would be bad for companies with few employees as they wouldn't be able to take advantage of the savings.
And we reduce resource consumption as well for the sake of achievement? Keep in mind that cost savings have driven most of the conservation as well as most of the extraction of earth resources. Risking capital investment for the sake of achievement isn't something many would buy into.
Gently reply
Rather then looking for and identifying bad software... look for and identify good software. White lists deal with zero days. Set up security so that all unknown code is forbidden. Obviously let the user if they have permissions exempt unknown code from the security. But anything else... no execution.
Include scripts, etc.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
I've been using for 10 years and haven't seen it either.
Oh, wait, you're one of those ... that installs apps from all kinds of sources and is surprised when something bad actually does happen ...
One question that should've been first. Is your username root by any chance?
Which will last exactly as long as it isn't profitable to make a virus for it. If everyone swapped to a certain distro of Linux, I'd be willing to bet you'd have major problems within a week.
Actually, compromised Linux systems are in high demand because they make great botnet command and control servers. They're far more valuable than a compromised Windows box.
Also, the assumption behind your assertion is easily demonstrated to be untrue. MacOS had major virus problems, in spite of being much less popular than Windows. OS X has almost no viruses, in spite of being much more popular than MacOS. Android is a great case study: The dominant Android versions, using the Google Play store only, have no significant virus problems, while the much, much less popular Chinese devices have lots. iOS, of course, has basically none, and it's a far more attractive and profitable target than Chinese Android devices. It's less popular than mainstream Android, but given the demographics of the platforms is probably more attractive.
Market share has basically nothing to do with vulnerability to malware.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
It seems to me that anti-virus would be a waste of time in a well designed system. Binaries should be protected from modification. Applications with built-in VMs (like browsers) should be secure and with separate memory protection (like Safari). If a vulnerability is discovered in one of these puzzle pieces then the correct solution is to patch the vulnerability. The patch should be provided with the same speed as any upgrade to anti-virus signatures. And if you don't patch a major vulnerability in time... well all bets are off anyway, you can't be sure the virus didn't disable your anti-virus anyway, so you're screwed in any case.
I don't believe I've ever got a virus on my Mac. When I tried to help friends out with their malware on Windows, anti-malware software did a poor job. It didn't prevent infections, and couldn't repair them. My conclusion is you have to stop them at the border with good system design, not with band-aid anti-virus anti-malware.
"Or we should all just sit and hope for Microsoft to give us a new Windows with good integrated protection?"
What is there in MS history that would lead anyone to believe that MS could possibly make a secure Windows OS? I am flabbergasted!
He said universal basic income, which is certainly not high enough to allow anyone to buy anything they want. There would still be a divide between rich and poor with such a policy.
BTW I don't think basic income has ever been tried. Certainly massive nationalisation of all industries a la Soviet communism is not it.
Humans are a whole loadda tabula rasa.
No they aren't. Not even close. Kids come out largely as they will be. I have 4 myself. They are all great kids. We raise them to be good citizens and just good people in general. My wife uses her doctorate in sociology to help "at risk youth", so she is adamant about teaching empathy for others and service to those less fortunate.
But they are pretty much who they are when they are born. You can nurture them in a certain direction, but they are not going to change their core personality no matter what you do. At least not for the better. All of our kids are great kids, top students with lots of friends and volunteer in the community. But they are also very different. Two are alpha dogs who *must* be in control. Bossy is the word you would use. They didn't get that way because we trained them - they were born that way. Teaching them when to suppress that urge is an ongoing battle. One of their brothers is a born lieutenant. He would never be bossy. The other could go either way, depending on what the situation required.
And pretty much every kid is going to take advantage when they can. Even our super-nice pleaser who is always trying to help others and would give you the shirt off his back. The same kid who will give away all of his candy to his friends will try to trick his sister into giving him her candy if the mood strikes.
In fact, kids are a great example of what "free basic income for all" teaches you. They don't understand that things cost money, and that money is hard to get. They don't worry about breaking something because you can just go get another one at the store. These are the things that you have to spend years teaching a kid - work ethic, personal responsibility, etc. They are born with the notion that everything is theirs and the world is centered on them. This changes as they grow and develop, but the default state is not an absence of greed and selfishness.
In all the US states I checked it is necessary to "knowingly provide assistance" or similar wording. New York had "believing it probable" your actions would aid a crime. That said, leaving a car with the key in the ignition is kind of like leaving out a loaded firearm for anyone to use. In most places legal, but not the wisest idea.
Not necessarily image formats, but they DID do that with the word formats.
You say that like it'd be a bad thing.
As for "but it's more secure because you don't need root for every shit": The current big thing, cryptolocker, would work just as well on Linux. It needs no special privileges, all it needs is to run as the current user to encrypt all of the current user's documents and hold them for ransom.
Hmmm... You have a regular user called user who has their docs in /home/user. You surf the web with a different user, say webuser, who has their docs in /home/webuser. If webuser is dumb enough to run a script that encrypts /home/webuser what has the hacker accomplished?
They haven't touched anything in /home/user. You can log in as root and run: 'rm -rf /home/webuser' then 'mkdir /home/webuser'. Copy a few files from /etc/skel then run 'chown -r webuser:webuser /home/webuser' and you are back in business. Or you can run 'userdel -r webuser' and 'useradd-d webuser' and you are good to go.
Either way whoever encrypted webuser's files just wasted their time with very little to show for it as the problem can be easily fixed by you at the cost of just a couple of minutes of your time.
Also just about every Linux user I know has good backups of their documents. If you happen to be stupid enough to get your home directory encrypted and you don't have good backups then you probably shouldn't be using a computer much less using Linux.
I don't want to start the flamewar of whether Linux is more secure than Windows.
Yeah right. Every single racist I have met has told me "I am not a racist". Just because someone claims something is true that does not necessarily mean that that something is actually true.
A man who wants nothing is invincible
There are currently two solid alternatives to traditional AV. Unfortunately, one is not suitable outside of a well-managed (i.e., corporate) environment and the other probably would not work in a full-featured computer environment.
1. Whitelisting: Application whitelisting is really, really effective. There are ways to circumvent it, but that's true of just about any technical security control. The problem with it is twofold: one, someone needs to develop exactly *what* that whitelist is, and the average home user isn't really up to the task. Bit9 (the leader in the space) has gotten around this to some degree with a cloud-based archive of "known good" files and processes, but your standard home user will still run into a lot of things they don't recognize when they install. And what if one of those things is actually an existing infection? Then they will probably add it to their whitelist...or, on the other hand, err on the side of caution and end up breaking valid software on their systems. The odds of them hitting it exactly right are very small. And even then, they have to maintain the whitelist...so if they're taken in by that "YOU NEED TO UPDATE YOUR VIDEO CODEC LOL" popup window, they'll invariably end up authorizing whatever file gets downloaded ("'Trojan_video.exe'...sounds legit to me!") and infecting their system anyways.
2. The "Walled Garden" Model: In a lot of ways, this is like whitelisting built into the underlying OS, with the OS manufacturer being the custodian of the whitelist. This is how iOS works, so it's actually a proven model. There's only been one discovered instance of malware that's slipped into the App Store, and that was easily eradicated with the press of a button back at the Apple mothership. But on the other hand, there are ancillary effects to forcing all devs to go through a single clearinghouse for software. Apple's cut of the profits, and their cut of any revenue passing through any app sold through the App Store, are obvious issues, but the antitrust risk of a PC OS with only one place to go for software is a latent...and larger risk, going forward. One court decision can break the model entirely; if Apple doesn't collect at least some money from developers, then there's no money to support the App Store and the activities around it. But if there's no central authority, then there goes the chain of trust that's necessary to maintain the safety of the OS. And there's complexity in a PC-based OS environment that you don't find in a tablet or smartphone; in the tablet/phone model, each application is an island, separate onto itself for the most part. You don't have browser plugins, underlying execution environments or interpreters (Air, Java, .NET, Python, Perl, etc.).
Either way, the "blacklist" approach doesn't work. It's all fine to point out that other things (firewalls, IPS, etc.) need to be in place, and that's true...but malware is its own threat, and cannot be fully addressed by solutions that only focus on the attack. Applications will have vulnerabilities; railing against this hasn't accomplished anything in two decades. People will make mistakes, or be social-engineered into doing things they should not do. Supply chains will become infected (remember cameras, USB drives, etc. that have come with malware?) and sometimes those mistakes will affect people besides the mistake-maker. So there needs to be a way to address malware itself.
There are two approaches that, while theoretical, also hold promise. The issue is that they are pretty much theoretical; there's no existing implementation of either of them on any scale, or as a deployable off-the-shelf technology today.
3, The Managed Immunological Response: Assume that malware will exist, and somehow get onto systems. Most complex organisms hold pathogens within themselves that are harmful...and in many cases, even contain them in a symbiotic relationship. Eradicate E. Coli from a human's lower GI tract and they'll develop problems, for example...but E.
For your security, this post has been encrypted with ROT-13, twice.
I've been using for 10 years and haven't seen it either.
Would you even know? Perhaps if it's like Windows malware, where you end up with so much of it that the computer is unusable, but what if you only end up with one piece of malware which is careful to do things covertly?
Ten years ago you may have been able to spot malware with a simple "ps -A" but I don't even look at the output of that command anymore. There's so many processes running on my computer that any of them could be malware and I'd have no idea. ...and that's talking about malware that doesn't bother to hide itself by infecting another executable or at least adopting the same executable name as a daemon that's supposed to be running.
One question that should've been first. Is your username root by any chance?
I'm curious why everyone thinks this matters. The only way I could see it making any difference is if you had a virus scanner, which could then run as root and be immune to any BS that the malware attempted as a normal user. ...but who has a Linux virus scanner? I know there's ClamAV, but I get the feeling it isn't for finding malware in Linux, it's for finding malware in email that passes through Linux. So what exactly do you prevent malware from doing by not allowing it access to the root account? Does it prevent it from accessing the internet to send spam? Does it prevent it from recording your keystrokes and sending them to someone else? Does it prevent it from accessing your microphone and bugging your house? Last I checked, I could record audio without 'sudo' and so I'm pretty sure a non-root piece of malware could do it too.
Telling people not to run processes as root is just ignoring real security solutions. Every application should be sandboxed, no matter what it is. For example, when I use a word processing application, why should it be able to read/write any file anywhere on my hard disk that I'm allowed to access? If it wants to read or write a file, it can make an API call that brings up a file open/save dialogee provided by the OS, which ensures that I'm giving it permission to access the files it reads or writes. As for storing settings and other random bits of data, the OS can provide it with a folder on the filesystem it has free access to, but to access anything outside of that, it needs to use the API for the file open/save dialogue. With this kind of security, you can open documents with all kinds of stupid scripting that takes over the entire application, but it's largely stopped right there, and can't access anything on the computer that you don't give that application permission to access. ...and it's all entirely transparent to the user, because they already open/save their files via a file open/save dialogue provided by the OS. The only thing that changes is that the open() system call is limited to a specific directory for each application to store it's settings/history data in. Very few applications need that sort of free access to the computer, and essentially all of them are provided by the OS itself, like the basic file manager, file archive/compression tools, etc. So it'd be easy to do, it'd provide real security, and yet rather than do that, all we do is tell people "as long as you don't run as root, you'll be perfectly secure" as if that makes any difference at all.
I mean, just imagine how secure Adobe Flash would be if it were sandboxed such that all it can do is get the web browser to perform HTTP requests on its behalf, and output audio and video? What would any exploit for it be able to do, besides make HTTP requests and display audio and video? ...but that's not how our computers work. For some reason our OSs allow applications we run to do anything at all that we ourselves are allowed to do on our computers, and everyone thinks that's not a problem.
If any modern OS had real security, you'd be able to download malware intentionally, run it just like you'd run any other application you want to use, and still remain safe since the malware would be unable to access anything you don't want it to access.
No communist state I know of had an universal base income for all. So this experiment actually wasn't performed at all.
Who's employee build image is so laden with agents and management software it renders the notion of having a functioning laptop obsolete. In fact if they hadn't made their workforce work from home they'd probably have built a Citrix XEN environment and handed out slim clients. Who knows, they probably will and drive 'productivity' all the way to zero.
In the future most if not all products will be produced by robots. I doubt that the robots will be demoralized enough to quit. I think people will live underground in almost 100% secure buildings. The shell of these buildings will last for centuries and require less than half the energy of today. Every need will be delivered to the occupants. It will not be utopia since there will be little need for the occupants to leave their dwelling. They will become bored with their existence since there will be no problems that require their assistance to solve. Drugs will be used to alter the reality and there will be a demand for the drugs to be dangerous so that there will be an excitement in taking them. People will soon see little need to reproduce and the population will quickly be reduced.
Antivirus IMO is made to stop bottom feeders and on down to script kiddies. Most infections are cause by lack of common sense and when you have employees/family/friends clicking email links, banner ads, and downloading/installing anything like it's going out of style it doesn't help.
I block all ads and have done so for years and yes it might be dickish but I've not been hit with a drive-by infection in years. I verify every email sent to me especially emails with attachments. I've not been infected from any email related malware since 2001-2002.
We live in an age of technology and it's not going to get better until people learn how to protect themselves. The most dangerous part of hacking these days is social engineering and antivirus software is worthless when someone gives the hacker keys to the castle. One gullible users can bring an entire corporate firewall to its knees.
Umm... last time I checked, I admit it has been a while, pretty much the same is possible in Windows. But people are lazy and they are clueless of the dangers around them. People could do what you suggest in Windows. They just don't. Changing the OS won't change a thing, if you put the same people in front of the machine with the same lack of a clue, it will not change shit.
As for the racist bit, if you read the line to the end you'd have noticed the reason why it doesn't matter. Please do so next time and save me the need to point out the obvious.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Mostly 'cause it's not profitable. Too small a market. Same reason why business software is rare for Linux (desktop, at least): No market.
Get ready for it........Bullshit.
Linux could be the most insecure OS on the planet and still Windows would get the bigger share of malware. Simply because it is the bigger market.
How long you guys going to declare an insecure system secure because it's popular?
Tell us all about the linux servers. If they are as secure as Windows, we should see an equal number of viruses. Lots of those servers out there. But your reasoning is that no one is writing virii for them because there are a lot more windows machines in the ecosystem.
Instead of spouting microsoft fanboi swill, why don't you do a little research. Don't simply look at the desktop numbers, look at the total numbers of computers. Look at the server side of computing while you are at it.
There are plenty enough of OSX and Linux machines out there to make them an attractive target.
The reasons that Windows is used more often is that it is more insecure to start with, and for whatever reason, more of it's users are likely to enable malware that they see on a website or gets mailed to them.
You might not believe that. That does not make it untrue.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Which will last exactly as long as it isn't profitable to make a virus for it.
If everyone swapped to a certain distro of Linux, I'd be willing to bet you'd have major problems within a week.
Then why isn't there "major problems" with CentOS / RHEL which are on the majority of computers connected to the internet? Because they are running an Apache webserver instead of a Gnome desktop?
The truth is, Linux computers are heavily represented on the internet yet we still don't see anything significant in the way of Linux malware.
It is dangerous to be right when the government is wrong.
Trusted apps need no censorship and away to have censorship and away to have things like user add ones.
Do you really want games with NO user maps or plugins / mods?
What about no more emulators? Other then the few paid ones that are very locked down and due to censorship issues can't have all games in a system.
No more open source apps?
NO VM's as well.
Oddly, I've never seen a virus on Mac OS, while I have seen trojans that targeted OS X. It could just be internet exposure though - I know more people connected to the net with OS X then I did with OS 8 and 9.
I'm starting to think GNU is the problem with "GNU/Linux" these days.
Unless of course, the script has an exploit to give itself root access - which plenty of such are frequently being patched.
I'm starting to think GNU is the problem with "GNU/Linux" these days.
Most developed countries do have soem kind of basic income: It's called the social safety-net, welfare, income support, unemployment insurance, job seekers' allowance, SNAP, or whatever you want to call it. Nowadays, corporations have worked out that they can pay less than a living wage and let the tax payer pick up some of the slack (only some of the slack because we love to blame, berate, and punish the poor for being poor without any regard for the causes of their poverty, and claiming that it's some kind of "life style choice"). Corporations are making record profits in the midst of a poverty crisis and still refuse to pay taxes or pay their workers a living wage. What this has to do with the future of anti-virus software, I have no idea.
Let's see. Ok, we'll bullshit and strong-arm our way into PC operating system dominance by hook or by crook, dodging anti-trust penalties along the way, and in the process turn the OS into a marketing and data collection platform for all kinds of goods and services, consuming as much user resources as required. Our colleagues at DoD, meanwhile, have this Internet thingy we can apply similiar enhancements to, for a total package of full-spectrum anal probing of witless users all over the globe. The more pointy the hair, the better it works. Hell, if we do it right, clueless lusers will even reinstall the malware vectors immediately after having paid to have it removed when it clogs up the system beyond any semblance of usefulness (to the user, that is.)
Don't mean this to be strictly an anti-MS rant, either. "Open" apps and OS'es seem unable to resist the tempatation as well, and the pull of the web is strong enough to corrupt. But Redmond did show the way.
Thurprise, thurprise, thurprise!
For a given quality, malware can be a good indication that your system is open and free.. Be it the press, government or software. To paraphrase a great quote, Those who would give up essential freedom in their software for "security" deserve neither. What can prepare a person for freedom? The ability to be responsible leads to a rich and diverse education.
As long as it kills the existence of Javascript engines in browsers, it sounds like a good deal to me.
(being sarcastic, but WTF? when I want to read something it doesn't mean I want to RUN something, nor does it means it will impress me that trying to read something takes 40% of my processor's resources.)
You have to accept some moderation is done by mouth breathers. I put a full technical explanation of why something would not work in a national newspaper comment and got more downvotes than almost every other comment I had submitted combined.
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
First, let me start off with the Notion that All Antivirus sucks. Regardless of the brand, or the Reputation, If you gave me an hour or less and a windows PC with any Antivirus app on the market on it, pay or free, I will give you an infected box. So why does this happen?
1) Hot, Fresh, Just for you! This is not just a slogan you see on McDonalds made to order burgers anymore. Today's Virus Obfuscation techniques are so fast and random, that when you activate an payload dropper (whether it be a Flash, Java, Website, Browser exploit or even a Trojan installer) The Payload that you get will only be statistically seen only once. You and only you will get that version of the virus even though it's using a well known virus kit that would be detected if it was not obfuscated. This technique is the reason why no AV firms detect the Fake antivirus variants or FBI Warnings or cryptolockers of the past even though all of the major codebases were detected by most AV Firms.
2) I'm an Necessary App! People need me to change their search engine, hijack their DNS, spy on them, and pop up ads randomly all over the screen and websites! Read the Slashdot Journal link for some insight on how adware gets on people's PC. Let me make something clear here. Adware is a Virus When a customer comes into my shop and has something like Conduit searchprotect, or Wajam on their machine, I tell them that's a virus because it is. They didn't want it, they got it and it's doing things they don't want. Sounds like a virus to me, yet just about every AV Firm ignores these and lets them gleefully install because they're afraid of getting sued by one of these companies so instead they make guidelines to let them slip through. The first AV I find that reliably removes all Adware as well as viruses without me having to manually remove them or fallback to a removal tool (like ADWCleaner, which is now starting to miss stuff as of late) I will sell in my store.
3) In Soviet Russia, Trojan Exploits You! This Journal link has been on my sig for years now, and is the primary reason why AV doesn't work anymore. This week alone I had no less then three of my customers Directly call Fake Support Scammers because their PC / Printer / Camera didn't work, and they called the phone number on the first link (The Ads) they saw when they searched for "(PC / Printer / Camera) Support" and if you're letting the bad guys in to physically touch your own box you're already screwed and no AV on earth is going to save you.
Right now, I'm telling people three things:
1) Install MSE All AV sucks, The only question is how much do you want to pay for something that sucks. MSE is free, at least blocks most of the ultra bad stuff and doesn't pop up ads of any kind so it's what I install.
2) Install Adblock on all browsers I install Adblock Plus on any machine that leaves the store. if you're going to infect yourself chances are an Ad is going to lead you there. Blocking the ads blocks most of the infection vectors off the bat.
3) Don't Download or Install anything. There is no safe place I can direct people to download files without getting some sort of Adware Virus. This is easier to tell users rather than pay attention to what you download. (See #3 to understand) If they protest, go to your PC, go to ask.com with your adware blocker turned off, type in any program you would think they would download (I use VLC Media player. It never fails to show me adware links) and have them pick the download link, when they get it wrong (chances are they will) download the file and send it to virustotal.com. chances are one of the scanners will detect the Adware dropper from the fake site, Then drill it home about not downloading anything.
4)
In Soviet Russia, Trojan exploits YOU!
Mostly 'cause it's not profitable. Too small a market. Same reason why business software is rare for Linux (desktop, at least): No market.
Get ready for it........Bullshit.
Linux could be the most insecure OS on the planet and still Windows would get the bigger share of malware. Simply because it is the bigger market.
How long you guys going to declare an insecure system secure because it's popular?
Tell us all about the linux servers. If they are as secure as Windows, we should see an equal number of viruses. Lots of those servers out there. But your reasoning is that no one is writing virii for them because there are a lot more windows machines in the ecosystem.
Instead of spouting microsoft fanboi swill, why don't you do a little research. Don't simply look at the desktop numbers, look at the total numbers of computers. Look at the server side of computing while you are at it.
There are plenty enough of OSX and Linux machines out there to make them an attractive target.
The reasons that Windows is used more often is that it is more insecure to start with, and for whatever reason, more of it's users are likely to enable malware that they see on a website or gets mailed to them.
You might not believe that. That does not make it untrue.
Wrong...
The argument that "Linux is more secure because it gets less viruses when there are as many Linux boxes (or more) in the wild vs Windows when you consider servers and clients" simply falls flat on its face when you consider the attack vector, infection rate, and profitability.
The part that you are assuming in your argument is that it would be just as profitable to target servers (Linux, Windows, etc.) as it is to target clients. This is simply an incorrect assumption. The difference is that very few server Admins use their servers to browse the web, download files, bank, etc. This lowers the possible infection vectors by a lot. The vast majority of virus, trojan, botnet, and other infections today happen due to user activity. Also, the majority of the profits come from either getting credit card information and/or banking information. This is the low hanging fruit of the virus writers. They have found that the best attack vector is the user through spam and malicious web pages. There just are not enough everyday users on Linux for it to be worthwhile writing for.
If you were talking about hacking, that's a different story. It does seem like hackers are targeting online credit card databases more often. The problem here is that most companies tend to not report such breaches and, when they do, they tend to provide little detail. As such, we have little idea if the majority of breaches are caused by Windows systems, Linux systems, buggy server Apps, poor network security design (i.e. there is no firewall between client and server networks), or social engineering (i.e. having someone inside).
Finally, there are iOS and Andriod users. Most people use Apps from the App Store. Presumably the App Store for both Google and Apple review the Apps before they are placed online for malicious code. You could argue that the lack of virus for these systems prove that Linux/Unix is more secure. But one could also argue that they are more secure simply because the user doesn't have root access and tend to stay within the walled garden (i.e. strictly use Apps instead of generally surfing the web and loading java apps).
As a follow-up, I'm not saying that Linux isn't more secure than Windows. It probably is. All I'm saying is that the argument that it's more secure because there are less viruses is a poor one. All this means is that it is attacked less.
run as many programs as a regular user so that User Account Control can stop malware. user needs password to run most setup programs. might work if administrator creates a user account for people who use computers. Caveat: setup programs won't run under user accounts though. Many people don't even think of creating a limited user account on windows though. Just a thought.
Or maybe I can switch my computers to Linux or use Chrome books. I never did run into any malware on Linux or PC-BSD. I actually got a suspicious app from the Google Play store one day. I forgot the name of the app. It was bundled with a game I think. The extra app slowed my tablet down.
Apple alone shifted $54B offshore to avoid US taxes. If we closed tax loopholes but LOWERED corporate taxes, we would have more than enough to pay for it.
Not utopian. Biblical, maybe. Garden of Eden. Or maybe "Runts of 61 Cygni C". Well, "Clan of the Cave Bear", anyway.
Pretty damned boring after a while. Sorry to play Lucifer, but I can't help thinking that.
How long will it take compliance bodies etc like PCI to not require AV for scoped-in machines? Til then, AV is and will be alive and well.
> The current big thing, cryptolocker, would work just as well on Linux.
Nope, tried that. The windows version needs some dotnet 4 fx stuff that doesn't run in wine and the native version works on older versions of 32bit linux with libpng12 1.2.51 only. The hackers promised to fix the problem after I asked for help on their forum and I gave them ssh access to my machine, but they logged in only once, wrote some rude things about busybox and my choice of custom aliases / directories into a random file in /tmp and then I then never heard from them again :(
anti-virus is alive and well; and in my view the best sliding piece puzzle ever!
Hmm, Maybe it is a better idea to block outgoing traffic from countries that do not comply to standards in chasing the culprits in stead of punishing the victim.
BI is different to social security in one crucial way - you get it regardless of need. Even rich people get it. That's why it fundamentally can't reduce the divide between rich and poor. The idea is to break the cultural link between receiving income from the state and being a layabout.
Wups, forgot about Ayla. Or Darryl Hannah, anyway. So, not "boring", but those Neanderthal clans sure must have been claustrophobic. Can't see any post-human smurfdom being much different. Do like being out in the woods, though.
Right now, is there any OS where you feel you couldn't find a privilege escalation exploit if you worked hard enough at it? With such a big attack surface into root, userland is root.
"First they came for the slanderers and i said nothing."
The vast majority of virus, trojan, botnet, and other infections today happen due to user activity. Also, the majority of the profits come from either getting credit card information and/or banking information. This is the low hanging fruit of the virus writers. They have found that the best attack vector is the user through spam and malicious web pages.
Do linux users not get spam? Do Linux users not go to web pages? If Linux and OSX are only "secure via obscurity", would not the user activity be absolutely equal regardless of OS?
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
ICE?
Sure, I'm a hoarder, chances are I might have something I no longer use but would be happy if it helped you. Maybe you have the same situation?
I'm in Montreal.
Mostly random stuff.
Unlike the server market which well over 50% are linux. Which potentially have hundreds of credit cards piping through them and sit on big, fat, juicy pipes. Your insinuation that Linux isn't a valuable target is all poop.
Umm... last time I checked, I admit it has been a while, pretty much the same is possible in Windows.
This is how flamewars begin. If you are really talking about the problem being users (which I agree with) then you need to keep it general and you do not need to reference ANY operating systems.
As for the racist bit, if you read the line to the end you'd have noticed the reason why it doesn't matter. Please do so next time and save me the need to point out the obvious.
I did not call you a racist, I only implied you were not being truthful. You need to learn how to parse what you read better.
As far as the truth, you keep referring to individual operating systems when it sounds like you are trying to say they don't really matter. If they don't really matter then why do you keep mentioning them?
In order to get your ideas across better you need to improve your English writing skills (i.e., don't say stupid shit like you are not trying to start a flamewar). If you are not trying to start a flamewar then it should go without saying (i.e., it should be "obvious").
And yes, the operating system does matter. You are only looking at Linux usage on the desktop, how many servers run Linux? If you add them into the total Linux usage then then the "market" is pretty big. Linux servers can get compromised too, in fact the only Linux boxes running AV these days tend to be servers.
Anecdotally none of the friends who I set up with Linux (and NO antivirus) for surfing porn have gotten owned, so I would say contrary to your assertion the OS you run DOES matter.
A man who wants nothing is invincible
I haven't used Norton/Symantec in a long time, way too many processes and just bloat in general. NOD32 was one I liked for a while, but now I'm happy using MSE combined with Malwarebytes and a few extras: Process blocker, WiFi Guard, herdProtect, a good hosts file and Windows 7 Manager used to check all the startup apps, services and task manager. All together this takes less memory and CPU than McAfee or Symantec and hasn't let me down yet. Apply updates immediately and watch for any new directories, running processes, startups, turn off remote connections, etc. Even with UAC turned off (It annoys the hell out of me) I've still been issue free for a long time.
I never seen oxygen, but im pretty fucking shure its there
I read somewhere that the average wal-mart relies on over $420,000 dollars a month of public assistance for each store for their employees.
The root cause is that the security model of Unix that everyone copied isn't compatible with the modern world. The OS never asks what resources you want to allow a given program to access, instead it ass-u-me-s that it should have full run of everything, and just trusts the program to do the right thing.
So antivirus programs were invented to serve as a "no-fly-list" type system.... only programs on the list are stopped. This worked well until methods for changing the signature of programs got up to speed. Imagine a terrorist being able to make up a name before trying to buy/board a flight... this is where we are now.
Until we get the OS to ask what resources a program should be allowed... things will keep getting worse.
Unless of course, the script has an exploit to give itself root access - which plenty of such are frequently being patched.
Very true, I glossed over the whole exploit gaining root access thing because the hypothetical webuser should not have root or sudo access. If the webuser could possibly click on an exploit to activate it then they really should not have any sort of root access. Why would a user who only exists to surf porn on the web need that sort of access anyway?
As far as taking advantage of a buffer overrun to gain root access, that is a crappy programming problem that can affect any OS, not just Linux. if you are that worried about that problem then run Linux in a VM and have no important data either on the VM or on the VM's host. If you do get compromised then you can revert to a prior snapshot. You can copy the compromised VM for further forensic study before you revert if that kind of thing interests you.
Contrary to the OP's assertion I think that the OS you run absolutely matters. I would use a reverted Linux VM for further porn surfing without a second thought. With Windows if you have a special VM and host for porn surfing then it would probably be OK too if it was on an isolated porn surfing VLAN. Otherwise you run the risk of Windows reaching out to other Windows boxes and doing a drive-by and infecting those too. If you are that paranoid about security then it probably would not hurt to use an isolated porn surfing VLAN for your Linux VMs too.
Of course I am only referring to criminals trying to exploit your boxes. Once you start talking about state actors working under the auspices of a nation's government then everything goes out your Windows (pun intended).
You could air-gap any boxes you want to protect but then then that information can become pretty useless to you because it is hard to access when you need it. And air-gaps (as well as fine-grained access controls) will not prevent INSIDERS from compromising your systems, which makes me wonder why more criminals don't try bribing insiders to accomplish their nefarious ends like governments have been known to do in the past.
A man who wants nothing is invincible
I know this will make me sound like a Microsoft hater, but the problem is the ability for anyone to develop viruses and malware for windows based systems. That is simply the nature of the "openness" of the platform. look at the other major computing platforms OSX, Linux, IOS, Chrome OS, and Android; which don't have the overwhelming security issues Windows does. Android, IOS, and Chrome OS, use a vertical application ÃoestoreÃ. While there are methods to side-load potentially malicious code, they are far and above more secure Platforms than windows. Apple is moving in the same direction with its desktop operating system OSX. OSX also handles application with better sandboxing than windows does. Most linux system use a software repository that is well documented and open source so the code can be reviewed for malicious code.
These other platforms have in common a single feature which alone increases their security. The user by default does not operate with root or admin privileges. When setting up a new windows system it always defaults to making the initial account an administrator account. Personal computers often only have this single account. Windows administrator accounts can run any code without requiring a password. Single account machines are thus easily compromised. OSX now requires a password on all accounts and requires a root password be entered when installing all software.
I am the store manager of a Computer and Mobile repair shop. I always advise my clients to password protect an admin account and use the computer with a user account. The clients that heed my advice are in far less frequently than those who don't. personally I use mostly my chromebook or my android tablet but i do use both my win7 laptop and desktop. I don't even run any AV software on my laptop, on my desktop I run MSE and Malwarebytes only because my son and nephew play games on it.
Yeah, it probably is due to that effect. The only time I've ever had an infection was on a Mac OS 9 box, which got infected via a downloaded file that was loaded onto the computer via floppy disk. I've seen a handful of OS X trojans and whatnot (though haven't been infected by any), but from what I've read in reference material, they're FAR less common than they were back in the Mac OS days, despite the fact that OS X is significantly more popular and significantly more accessible to black hats than its predecessor. As I recall (there used to be a Wikipedia page on the topic...don't know if there still is or what it's called), the difference between the two is something like two to three orders of magnitude.
Big difference in a lot of things anyway - just think how much legacy stuff was dumped for one when OS X came out that OS 9 still had. Another thought (although minor) is that OS X will no longer run PPC programs - any malware that was built for PPC is gone. Third, I think that everyone in general takes security more seriously these days.
I'm starting to think GNU is the problem with "GNU/Linux" these days.
This is disingenuous. The majority of linux machines connected to the internet are managed by other machines, and almost never handle interactive browsing sessions. Malware is mostly a problem on windows servers because shitty admins surf the web from them as administrator, not because windows is inherently terrible technologically.
If you have never gotten a virus, then you don't have enough man hours using a computer.
The difference is that servers aren't usually operated by tech-illiterate people. Targeting servers isn't the same as targeting systems used by casual users.
BTW, I don't see Windows servers getting flooded with malware either.
Market share has basically nothing to do with vulnerability to malware.
It's a combination of factors, one of which is market share.
As long as you can freely run any _software_ on an OS you can run malware as well.
"as long as antivirus is thorough, productivity while using a computer goes down severely"
Where by 'severely' they mean 'negligibly in most cases'
Are you seriously asking why Windows software (malware) doesn't run on Linux?
The OS you run matters not because of the OS or its inherent (or possible) security but just because of its market share. Imagine you wrote the most insecurity OS possible which can be remote controlled easily without any user consent, and yet you will not become a target (unless you are "interesting" enough as a singular target that warrants the investment of time and resources to hack you and only you) if you're the only one running this system.
The point I was trying to make, and I'll try to be as clear as I possibly can be now, is that it is moot to say "$OS1 is more secure than $OS2", because all that matters is market share. Whether or not something becomes an attack surface is mostly dependent on its distribution and only in a secondary way on how hard or easy it is to overcome its security. That's the reason why Windows is a more attractive attack surface than Linux, why Adobe Flash is a more attractive attack surface than MS Silverlight, why Android is a more attractive attack surface than Blackberry. It's not the security of the system. Only its market share.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Are you seriously asking why Windows software (malware) doesn't run on Linux?
Of course not. But when he writes:
Also, the majority of the profits come from either getting credit card information and/or banking information. This is the low hanging fruit of the virus writers. They have found that the best attack vector is the user through spam and malicious web pages. There just are not enough everyday users on Linux for it to be worthwhile writing for.
The concept of spam response (if they respond but the malware doesn't have a place to latch onto because it's Linux) or social engineering, which depend on exactly what you are giving them, because if it's malware installation, then again, it's Linux not Windows, and if it's just phishing for account numbers, anyone could fall for that, no matter the OS. Users being idiots is a whole different argument. I'll admit that a Windows user is a lot more likely to fall into that category by virtue of popularity.
Regardless - on my systems now, it's a lot more pleasant. On Windows, it was a constant, and losing battle. That's enough for me. And if for some reason or other, the security through obscurity folks are correct, and Linux is every bit as non-secure as Windows, I'll switch to another secure but obscure system.
Knowing what I know - I'm not going to hold my breath.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Are you seriously asking why Windows software (malware) doesn't run on Linux?
Under WINE maybe?
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Are you seriously asking why Windows software (malware) doesn't run on Linux?
Of course not. But when he writes:
Also, the majority of the profits come from either getting credit card information and/or banking information. This is the low hanging fruit of the virus writers. They have found that the best attack vector is the user through spam and malicious web pages. There just are not enough everyday users on Linux for it to be worthwhile writing for.
The concept of spam response (if they respond but the malware doesn't have a place to latch onto because it's Linux) or social engineering, which depend on exactly what you are giving them, because if it's malware installation, then again, it's Linux not Windows, and if it's just phishing for account numbers, anyone could fall for that, no matter the OS. Users being idiots is a whole different argument. I'll admit that a Windows user is a lot more likely to fall into that category by virtue of popularity.
Regardless - on my systems now, it's a lot more pleasant. On Windows, it was a constant, and losing battle. That's enough for me. And if for some reason or other, the security through obscurity folks are correct, and Linux is every bit as non-secure as Windows, I'll switch to another secure but obscure system.
Knowing what I know - I'm not going to hold my breath.
Just to be clear, by more or less "secure" I mean that an OS has more or less vulnerabilities, not more or less viruses. It may seem like I am splitting hairs here, but there is a world of difference in the meanings when you get into Computer Science.
It seems to me, though, that your meaning of "secure" is that Linux/OSX is safer for the user. Which I would agree with. But it's also a much more limited software eco-system (which is a whole other discussion).
The attack surfaces for servers and client machines are very, very different. It's not really possible to simply lump them together. How many people read their email on a server? How many stuff USB sticks into a port? How many surf the web? Hell, most servers (at least in a halfway professional setting) today are routinely accessed via remote shell or desktop, and going to them physically is something that is usually limited to situations that are far, far from routine work.
In short, none of the contemporary main infection ways could possibly work on a server that is at least halfway decently run. And if you know of a single one then please enlighten me, because every single infection routine that is at least halfway often employed today I could think of is geared towards desktop useage. Which leads to the next reason why servers differ from desktops big time: Servers usually have admins that deserve that name. They don't open webpages to see dancing bunnies. And even if, then certainly not FROM THE SERVER.
Of course there is "hacks", i.e. direct attacks to a server, but that's a completely different beast entirely. But targets for malware tend to be rather desktops. Preferably with clueless, click-hungry users.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
At the sources (you can't be infected by them) via hosts adding security, speed, reliability, + more & does more, more efficiently by FAR vs. addons + fixes DNS' security issues:
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?o...
(Details of benefits in link)
Summary:
---
A.) Hosts do more than:
1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/commen...
B.) Hosts add reliability vs. downed/redirected dns (& overcome redirects on sites, /. beta as an example).
C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less added "moving parts" complexity/room 4 breakdown,
D.) Hosts files yield more:
1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs Fastflux + dynamic dns botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).
---
* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).
* Addons = more complex + slow browsers in message passing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray is destroying Adblock.
* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption too + hugely excessive cpu use (4++gb extra in FireFox https://blog.mozilla.org/nneth...)
Work w/ a native kernelmode part - hosts files (An integrated part of the ip stack)
APK
P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"
...apk
You can't be infected by what you can't touch is why & hosts stop modern threats (from online) + worst kinds in fastflux, dynamic dns, & "dga" utilizing types:
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?o...
(Details of benefits in link)
Summary:
---
A.) Hosts do more than:
1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/commen...
B.) Hosts add reliability vs. downed/redirected dns (& overcome redirects on sites, /. beta as an example).
C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less added "moving parts" complexity/room 4 breakdown,
D.) Hosts files yield more:
1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs Fastflux + dynamic dns botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).
---
* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).
* Addons = more complex + slow browsers in message passing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray is destroying Adblock.
* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption too + hugely excessive cpu use (4++gb extra in FireFox https://blog.mozilla.org/nneth...)
Work w/ a native kernelmode part - hosts files (An integrated part of the ip stack)
APK
P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"
...apk
You can't be infected by what you can't touch is why & hosts stop modern threats (from online) + worst kinds in fastflux, dynamic dns, & "dga" utilizing types:
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?o...
(Details of benefits in link)
Summary:
---
A.) Hosts do more than:
1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/commen...
B.) Hosts add reliability vs. downed/redirected dns (& overcome redirects on sites, /. beta as an example).
C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less added "moving parts" complexity/room 4 breakdown,
D.) Hosts files yield more:
1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs Fastflux + dynamic dns botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).
---
* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).
* Addons = more complex + slow browsers in message passing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray is destroying Adblock.
* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption too + hugely excessive cpu use (4++gb extra in FireFox https://blog.mozilla.org/nneth...)
Work w/ a native kernelmode part - hosts files (An integrated part of the ip stack)
APK
P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"
...apk
On a simple principle: You can't be infected by what you can't touch & hosts stop modern threats (from online) + worst ones in fastflux, dynamic dns, & "dga" types:
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?o...
(Details of benefits in link)
Summary:
---
A.) Hosts do more than:
1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/commen...
B.) Hosts add reliability vs. downed/redirected dns (& overcome redirects on sites, /. beta as an example).
C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less added "moving parts" complexity/room 4 breakdown,
D.) Hosts files yield more:
1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs Fastflux + dynamic dns botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).
---
* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).
* Addons = more complex + slow browsers in message passing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray is destroying Adblock.
* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption too + hugely excessive cpu use (4++gb extra in FireFox https://blog.mozilla.org/nneth...)
Work w/ a native kernelmode part - hosts files (An integrated part of the ip stack)
APK
P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"
...apk
You can't be infected by what can't be touched: Hosts stop the worst modern online threats (fastflux, dynamic dns, & "dga" types) via 12 reputable security community sources:
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?o...
(Details of benefits in link)
Summary:
---
A.) Hosts do more than:
1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/commen...
B.) Hosts add reliability vs. downed/redirected dns (& overcome redirects on sites, /. beta as an example).
C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less added "moving parts" complexity/room 4 breakdown,
D.) Hosts files yield more:
1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs Fastflux + dynamic dns botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).
---
* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).
* Addons = more complex + slow browsers in message passing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray is destroying Adblock.
* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption too + hugely excessive cpu use (4++gb extra in FireFox https://blog.mozilla.org/nneth...)
Work w/ a native kernelmode part - hosts files (An integrated part of the ip stack)
APK
P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"
...apk
One major problem with security is that the permission model on both Windows and Unix doesn't really give you the tools you need to keep yourself safe. We're still stuck in the 1970s university mentality where the user is assumed to have written or at least compiled the program themselves, and is supposed to have a good understanding of what it does. The program is assumed to be operating as an agent of the user, so it inherits all the user's permissions. On modern systems, with semi-trusted and untrusted code downloaded from the Internet, this assumption is absurd and dangerous.
Rather than the program inheriting the user's permissions by default, a decent modern security model would instead restrict it to a sandbox unless it was explicitly given permission to get out – and even then the user should be given veto power over specific sandbox breaches. (Android used to work like this, but Google dumbed it down for reasons that are not clear.)
By default, a program should only be able to do the following:
Anything else – Internet access, ability to freely read and write to files/folders, ability to get keyboard input when not in focus – should require explicit user permission. And the user should have the option of unchecking any or all of these authorizations and continuing to run the app without it being able to do those things. These permissions should be as fine-grained as possible, so an application could have permission to only read certain specific folders, or could be allowed to access the Internet only through a particular API (say, for handling registration or online high scores) and only for certain domains.
The part that you are assuming in your argument is that it would be just as profitable to target servers (Linux, Windows, etc.) as it is to target clients. This is simply an incorrect assumption. The difference is that very few server Admins use their servers to browse the web, download files, bank, etc. This lowers the possible infection vectors by a lot. The vast majority of virus, trojan, botnet, and other infections today happen due to user activity. Also, the majority of the profits come from either getting credit card information and/or banking information. This is the low hanging fruit of the virus writers. They have found that the best attack vector is the user through spam and malicious web pages. There just are not enough everyday users on Linux for it to be worthwhile writing for.
You overlook that these malicious web pages have to be hosted somewhere. So, it's essential that they can compromise web servers. Hosting their own is too risky, since there will be a money trail. Also, getting users to download/install stuff from sites they think are trustworthy is much easier. Therefore it is much *more* profitable to target web servers, even when they are more difficult to compromise.
My experience was that disk-borne viruses were just about as common on Mac OS as they were on DOS, on a per system basis. There were many more DOS viruses in absolute terms, of course.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
As it gives them an easy way to check to see if their creations are detected or not.
I was actually easier that mucking with AV software. At least my PC ran fast for a while.
Sadly, MS has made that too difficult these days.
The idea is to break the cultural link between receiving income from the state and being a layabout.
Ah, so its not about solving a problem, its about being Politically Correct and pretending we care about fellow human beings rather than actually doing anything about it.
Much like minimum wage, the only thing you'll accomplish is raising the cost of living until the BI no longer does anything useful.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
This is called the earned income tax credit. Combined with other tax credits it can add up to quite a bit of money. Add in subsidies for healthcare and food and housing assistance, many working poor in this country make more than double their earned income.
Barriers to such assistance are largely ignorance driven - the state can be an opaque beast even though they spend millions advertising these programs. Very few people in this country should want for their basic needs - even given the shit economy we have been slogging through for the last 6+ years.
Of course this doesn't mean it is easy. Once you fall below a certain level of poverty after a certain age your odds of being able to pull out of poverty dramatically fall. Being 40+ and indigent is a tough way to go. And we have an entire system designed to create this situation: our criminal justice system. Primarily aimed at the poor and particularly poor minority men, the criminal justice system is very good at creating 40 year old men with no hope of moving beyond a subsistence lifestyle. But at least we have eradicated drug abuse....
The thing is though, Linux servers are high value targets. They tend to have big pipes and they tend to serve many clients.
It was seen as a "feature" and designed in.
There were even articles about it here so I'm somewhat astonished that so many are deciding that I must be wrong and making up their own ideas of what they think I mean.
http://en.wikipedia.org/wiki/W...
MS should be praised for getting rid of it.
I was using it as an example of the worst stupidity at the peak of the "just left everything run" mindset that we are thankfully getting away from.
You will see above that I mentioned Java. You even referred to it yourself. How can you with a straight face scold me about "petty attempts at laying this at the door of MS"? I suggest less cheerleading and more learning from past mistakes.
How's about choice in the service that advices whether an .apk is safe or not? At the moment we generally have to choose Apple or Google. Apple abused their position by blocking Bitcoin apps and others already. If there was a free market in this choice then the market could correct the problem.
A blog I run for the wealth
So all your web browsing is under webuser, how do you refer to web manuals while using an application as user?
How would this whitelisting be made practical for high school students doing programming homework while remaining effective?
"If Poverty Level $5k)."
Hmmm. It looks like a part of my post may have been lost in the post. I wonder if that somehow got my score knocked down to -1.
If one's federal AGI is less than the poverty level for one's family size (according to filing on one's income tax return), then...
take Poverty Level - AGI then divide by 2. With a $5k cap. This would be the credit.
Now, let me explain the EIC. I don't think you understand it.
EIC may help family sizes with 2+ people. I'd have to check the table.
EIC may just cover the FICA taxes taken out for single individuals.
EIC doesn't cover all taxes taken from those who work as sole proprietors. So a self-employers person scraping by, who doesn't make enough to pay income tax, may still end up having to pay something back despite the EIC knocking it down some.
EIC doesn't help the unemployed (not recently unemployed who would have hope of unemployment insurance) or the homeless.
My idea is a new credit. It shouldn't cost more than $300 billion per year assuming $5k/person cap. This is per person, not per family. So a family of 2+ shouldn't hit the cap, since I think 2 person family size has a poverty level of $15k or so ($7.5k if income is nothing).
I'd restrict it to legal residents.
I may restrict it to someone who has earned at least $1000 (one thousand dollars) in their whole lifetime.
And 22+ years old,
18-21, must be living away from relatives
17 and under, must be living away from relatives and be emancipated.
There is also the fact that much of the commercial AV software is barely less worse than the viruses they purport to protect you from. From consuming resources in a bloated way, to advertising, to constantly trying to extort money from you, to conflicting with other programs, etc...
Personally I have taken a light approach and the only ones I touch are MSE and Spybot Search and Destroy on specific issues that might come up. Much of the malware you get (and most of it is adware now) take over other applications such as browsers and the like and are not easily removed by AV packages.
As many have probably mentioned, the best AV is the education of the person sitting in the chair, and until that is addressed, no amount of AV is going to be effective and there are so many ways around it by simply getting the user to allow it anyway.
Enough said.
Antivirus has never been viable as a defense against unknown threats. The only correct way to do security is to build it in at the lower levels and prevent applications from exploiting the system in the first place. Unfortunately this means tradeoffs - such as apps not being able to see each other and communicate with each other. Sandboxing. Even then we can exploit communications to get around this by opening tunnels and proxies.
Nope, we're going to have to airgap things. There's no reason your fart app should be able to read the filesystem and GPS.
The question is not "what does it miss" but "what does it catch". Full protection is impossible, the ecology of the network is too dynamic.
We use Anti-virus because it is better than not.
Whether it should be a user choice or built into the OS, is again another question. But having a choice is a good thing.
As opposed to that time I was glad to be carrying my own MacOS (7?) anti-virus on a disk. There were widespread viruses. I rather admired the WDEF virus, which took neat advantage of an Apple setup that doubtless looked safe enough at the time.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
I'd considered this, but these days it isn't just juvenile prank software that ends up running. If you just accept viruses on your network you get issues like:
1. You're part of the spam problem. I prefer not to be a leach on society.
2. They're stealing your personal info, including stuff like banking credentials. I like having money, and would prefer to hang onto it.
3. Somebody could use your PC to attack something else, perhaps something important. I don't like guys kicking down my doors in the middle of the night.
4. Somebody could use your PC to host warez/music/etc. I don't like getting sued and having to prove my innocence, and heaven forbid any of my PCs actually contain warez/music/etc in the first place when this happens.
I could see regular wipes as an inconvenient ADDITIONAL layer of security on top of keeping garbage out. I just don't see it as a substitute.
A bulletproof vest can't stop every and all bullets, but would you step into a gunfight without one?
Re: "Much like minimum wage, the only thing you'll accomplish is raising the cost of living" -- An example of another fallacy promoted by the neo-liberal, free market, faith-based (faith in the invisible hand, that is) end of the spectrum. How many studies and examples in the real world does it take to put this one to rest? Check: https://search.disconnect.me/s...
If you phase out corporate wage subsidies from the govt., corporations will have no choice but to pay their workers a living wage. Add to that manditory, single payer health insurance and the costs for both employers and employees go down dramatically. Raise the minimum wage and workers get a bigger share of corporate profits which goes back into the consumer economy boosting demand for consumer goods and the economy as a whole. Everyone wins. We're continuing to push all the money up to the 1% and they aren't spending it in the real economy. They aren't creating any substantial demand and demand is what drives consumer economies.
Actually, there is more to it than just market share. It's a combination of market share, proportion of that market share that is logged into via interactive sessions and the perception of a predominant lack of technical abilities (OK, not just abilities... A suitably sceptical/paranoid attitude also falls within this category).
Simply put, it's easier to write malware to do things when a user runs it than it is to get the malware in through an exploit and get it to run itself. You therefore target not the platforms with the most installs, but the platforms with the most interactive sessions. To target more specifically within this group, you then consider which platform's users are more likely to be susceptible to social engineering.
This is likely to be the main reason that Windows is the preferred target platform for most malware. Arguments about the sheer volume of Linux servers on the net are somewhat moot when you consider the rarity with which a "typical user" logs into them interactively.
Truth is, without users, PCs are largely useless. As such, the most effective form of malware prevention (removing the user) is impractical. Moving to a different platform will only work until the tipping point is reached and your new choice of platform has an equal or higher proportion of less-technically-able users in interactive sessions than the one you moved from. As such, the only long-term solution is to upgrade your users. Best of luck in achieving that!
Just my $0.03 (At current exchange rates, my £0.02 is worth more than your $0.02)