How Security Experts Are Protecting Their Own Data

Today the San Jose Mercury News asked several prominent security experts which security products they were actually using for their own data. An anonymous Slashdot reader writes: The EFF's chief technologist revealed that he doesn't run an anti-virus program, partly because he's using Linux, and partly because he feels anti-virus software creates a false sense of security. ("I don't like to get complacent and rely on it in any way...") He does regularly encrypt his e-mail, "but he doesn't recommend that average users scramble their email, because he thinks the encryption software is just too difficult to use."

The newspaper also interviewed security expert Eugene Spafford, who rarely updates the operating system on one of his computers -- because it's not connected to the internet -- and sometimes even accesses his files with a virtual machine, which he then deletes when he's done. His home router is equipped with a firewall device, and "he's developed some tools in his research center that he uses to try to detect security problems," according to the article. "There are some additional things I do," Spafford added, telling the reporter that "I'm not going to give details of all of them, because that doesn't help me."
Bruce Schneier had a similar answer. When the reporter asked how he protected his data, Schneier wouldn't tell them, adding "I'm kind of a target..."

gotta stay paranoid..

Hey, we were just wondering how you secure your data?

I don't have any data.... What is this "data"

Re: gotta stay paranoid..

I am not worried about security. I run Systemd and store my sensitive data as log files.

Re: gotta stay paranoid..

So, basically you encrypt it with a key not known to anyone, including yourself?

Re: gotta stay paranoid..

[HexaByte]

All my data is stored on a CPM machine with no networking capability. I hand code all binaries in Assembly Language. Never had a breach.
This machine is used for Internet surfing only, and I re-load the OS every day from a secure thumb drive.
I
also sell bridges in Brooklyn, if you're interested!

Re: gotta stay paranoid..

[lgw]

All my data is stored on a CPM machine with no networking capability. I hand code all binaries in Assembly Language. Never had a breach.

For a long time, the GAO ran all its internet-facing servers on Netware. I don't think they had a breach during those years. I've always thought that was a clever strategy, if only because the list of people who could hack on the Netware kernel was so small.

These days I'm not sure if there really is a platform you could make work in production but is so obscure that no one bothers developing exploits for it. Maybe a mainframe OS, now that the financials have left mainframes behind? But then, government-funded attackers can develop expertise in whatever oddball system they need to, so maybe those days have passed.

Re: gotta stay paranoid..

https://www.riscosopen.org/content/

AV only helps if you are bad

[AK+Marc]

The only times I've ever gotten a virus were when I had AV running. Without AV, I don't run anything that's untrusted. Worked out well so far.

Re:AV only helps if you are bad

You don't run AV therefore you've never had a virus? The force is strong with this one.

Re:AV only helps if you are bad

[tsa]

Same here. I hate AV software with a passion bcause it slows your computer to a crawl, gives a false sense of security and once it's on your computer it takes a complete reinstall of the OS to get it off again. The best AV practices are:
Never use MS software to browse the internet and read email
Use an ad blocker
Never even read email from unknown sources, let alone open attachments from there.
MAKE BACKUPS of your files.

Re:AV only helps if you are bad

You don't truly appreciate AV until it saves your ass - I had mine detect a malicious ad before I started using an adblocker

Re:AV only helps if you are bad

[AK+Marc]

If you can't tell whether you have a virus without an AV, then you are dumber than you look. I've cleaned many friend and family computer where they got a virus without an AV, then asked for help. Turns out it's quite easy to get a virus without an AV, and from my experience, not to hard to get one with.

Re:AV only helps if you are bad

[HBI]

Precisely. It's like the idiot light on your car for gas/overheating/whatever. If you failed to note the problem, it might warn you. Find a lightweight program and suck it up. I ran without AV from the late 80s to about 2011, and then I gave in based on the more subtle threats that were becoming common. Just not running scripts and untrusted attachments wasn't feeling entirely safe in an age of hidden filesystems that could get past air gaps.

For the record, i'd never gotten anything I knew about and no AV was ever able to find malware on my personal systems. No guarantees, but it was a pretty good record.

Re: AV only helps if you are bad

The most insidious viruses aren't obvious. They hide their presence in the background, taking your personal information and your data, silently sending it to who-knows-where while not alerting you to their presence. If the malware responsible for data breaches announced its presence, data breaches would be a lot less common and would be stopped quickly. You could correctly say you've never known yourself to be infected with malware. However, your arrogance about the matter leads me to seriously doubt whether you've truly not been compromised.

Re: AV only helps if you are bad

Your arrogance in the belief that Microsoft products are more risky than others would be laughable if it wasn't so dangerous.

All software is a possible attack vector, and you're no more safe using whatever bullshit you've convinced yourself is better.

Re: AV only helps if you are bad

I dont know. I think AV is a great deterrent against skiddies. I woul much rather get owned by new undetected malware than a decade old one.

Re: AV only helps if you are bad

You mean the only time you ever got a virus that you know about is when you were running AV.

Re: AV only helps if you are bad

[blavallee]

I get virus warnings WITHOUT running AV. Should I download and install their advertised AV software?

Re: AV only helps if you are bad

Never ever!
But install an Adblocker Browser plugin

Re: AV only helps if you are bad

I never use AV too, I am just using a standard user account. If my standard account is damaged by a malware I just destroy the account and create a new one. So far I have not created a new one due to malwares ince 2010 without an AV. I monitor with the command 'netstat -noa' both in Windows and Linux. Discovered some software calling home with that simple check.

Re:AV only helps if you are bad

[hcs_$reboot]

I don't run anything that's untrusted. Worked out well so far.

Or you could run an OS that doesn't vehiculate viruses.

Re:AV only helps if you are bad

I've maintained Linux computers for my family which tend to seem to be clean after a long time, or at the very least still performing as if they were. The windows ones, even with antivirus usually seemed to be slow and likely malware ridden after a similar time. At work, the only one i'm sure about was transmitted via a USB drive from what I can tell. The root cause was none of those system were up to date as they were used offline. I assume someone using the systems plugged the drive into an infected system. I've gone without some AV on work for systems that had to be real time and very responsive, but were also on fairly isolated yet continually updated networks. I don't see any big issues there, but those machines were very limited in what was done to them and only could see the internet through a very restricted proxy.

That being said, basic AV is probably a net plus to at least catch old stuff. The risk is the basic AV tends to run as full admin and itself increases the attack surface, so updating it is just as important as updating anything else...

Firewalls have the most potential to break anything network enabled at work, at which point one tends to switch them off rather than keep updating rules. McAfee's on access scan is a favorite culprit, since if i'm trying to process a lot of data, I don't want McAfee to be filtering every drop of it. I tend to think that it would be better to firewall perimeters in Labs and such and just keep the perimeters small, so people can actually work. Sure that just moves the problem outward but at least you can work unimpeded for most things. I suppose you could also just accept the hit in performance, but that is easier said than done when your always pushed to do more with less, particularly when getting rid of higher paid people is now very common.

Re: AV only helps if you are bad

I believe AV helps indicate some non-obvious infections.

As far as Microsoft software being more vulnerable: I have NEVER been infected with a drive-by download on Linux or Mac.

Re:AV only helps if you are bad

[TheRaven64]

You got lucky. There are two problems with most Antivirus software:

Most of them still use system call interposition. They're vulnerable to a whole raft of time-of-check to time-of-use errors, so the only part that actually catches things is the binary signature checking, and that requires you to install updates more frequently than malware authors release new versions - it's a losing battle.

They run some quite buggy code in high privilege. In the last year, all of the major AV vendors have had security vulnerabilities. My favourite one was Norton, which had a buffer overflow in their kernel-mode scanner. Providing crafted data to it allowed an attacker to get kernel privilege (higher than administrator privilege on Windows). You could send someone an email containing an image attachment and compromise their system as long as their mail client downloaded the image, even if they didn't open it. It's hard to argue that software that allows that makes your computer more secure.

Re:AV only helps if you are bad

What part of "don't run anything that's untrusted" didn't you understand? Ads are *never* trusted.

Re:AV only helps if you are bad

[mwvdlee]

Profit in a visible virus; very little.
Profit in a virus that acts as a slave in a botnet and monitors your computer usage; a lot more.

Re:AV only helps if you are bad

[mwvdlee]

Same here. I hate AV software with a passion bcause it slows your computer to a crawl, gives a false sense of security and once it's on your computer it takes a complete reinstall of the OS to get it off again.

Good AV software would have prevented you installing Symantec.

Re: AV only helps if you are bad

[Anonymous+Brave+Guy]

The trouble is, all of that remains true if you have anti-virus software installed. Your odds might be slightly better overall, but AV software doesn't catch everything. In a few cases, AV software has even opened additional vulnerabilities itself.

It's surprisingly difficult to be sure that you're only running what you think you're running in 2016 and that your data is safe and private. That's a real and serious problem regardless of which if any AV tools you run.

Re:AV only helps if you are bad

[Anonymous+Brave+Guy]

That's cute, but logically it means you can never run anything, which doesn't make for very useful computers.

IT security is mostly about risk management, and probably always will be.

Re:AV only helps if you are bad

In my experience, you can have a Windows VM with a good third party AV program and no adblock, and get nailed in less than ten minutes from visiting "legit" sites (no pr0n, no dark web, etc.) Or, you can use an adblocker and no AV, and have a VM that can run unpatched for years, and when the VM is snapshotted and its RAM and disk images scanned (as well as autoruns looking at the system drive in an offline capacity), it would be clean.

Malvertising is a primary infection vector these days. View your web pages in an isolated, secure VM, as well as don't run executables willy-nilly, and you have made yourself quite secure from all but the most targeted attacks.

I personally use a few precautions:

1: Browse the web in a VM, where the VM is on an isolated network segment and can't touch anything local. Reload back to a known safe snapshot often.
2: Backups. Veeam is free and doesn't suck for Windows. Linux, cron and borg backup. macOS, Time Machine is useful, as well as cron and borg backup.
3: Stash backups on a NAS that can snapshot or do backups, and has separate shares for each machine. This protects against ransomware.
4: I do use an AV program on Windows, Malwarebytes, but it is one of the very few that actually is useful, as opposed to a CPU/RAM drag.
5: For documents that need to be archived, they get burned to optical media, and then verified on another machine.
6: Even though Git doesn't store metadata, I use a Git repository for storing documents. This allows me to completely reload a machine and have all my files back quite quickly.
7: I use a decent router and firewall (both separate devices.) This way, if someone nails my external facing device, there is still a layer of protection running a different OS and vendor.

Re:AV only helps if you are bad

Obviously not a regular slashdot reader -> https://science.slashdot.org/story/16/08/25/2341210/the-big-short-security-flaws-fuel-bet-against-st-jude

Re: AV only helps if you are bad

[Gr8Apes]

Your arrogance in the belief that Microsoft products are more risky than others would be laughable if it wasn't so dangerous.

All software is a possible attack vector, and you're no more safe using whatever bullshit you've convinced yourself is better.

Yes, all software has holes, Linux and Mac are like a house with open but screened windows. Microsoft is like a bunch of window frames suspended on sheer will.

Re:AV only helps if you are bad

[geekmux]

...The best AV practices are...Never use MS software to browse the internet and read email...

...which of course is great technical advice to act upon right away, and so easily accomplished for the average US corporation addicted to Microsoft products...

Re: AV only helps if you are bad

[tsa]

I've been reading Slashdot and the like for more than twenty years now and the relative amount of vulnerabilities reported for MS products, especially IE and Outlook is so significantly higher that not using that already makes a huge difference. Of course other software is also not without its faults but I could say that your approach of treating all software as equally bad is paranoia.
Now that we've both insulted each other I think I can safely say that we agree that you have to find software that gives the best balance between risk and usability for the situation you use it in.

Re:AV only helps if you are bad

[tsa]

Guess what I use at work :)

Re: AV only helps if you are bad

[jbmartin6]

The advantage of AV is it will eventually catch the malware, unless you wipe and reinstall. Sure, it might have been on there for years but eventually you will get it. That's a little better at least than never catching it at all.

Re: AV only helps if you are bad

[Anonymous+Brave+Guy]

Sometimes, but there are no guarantees these days. Once a system has been compromised, it is now almost impossible to make sure it's clean again no matter what you do to recover. In a world with the likes of UEFI and "hidden" secondary processors within CPUs, even wiping the hard drive and reinstalling from known good media isn't a reliable fix. It's all rather depressing, this so-called progress.

Re:AV only helps if you are bad

[aaarrrgggh]

Good point on the firewalls; compartmentalization is an important tool.

Personally, I use a little firewall (an Ubilquiti EdgeRouter X - $50) in my office to block access to my backup NAS from the remainder of my company, and to be able to do DPI on traffic coming to my machine.

As systems become more complicated and interconnected though, security gets very difficult. A good part of my workflow is now using Terminal Services/Remote Desktop, and I am limited in how I can protect myself from that side, beyond relying on Microsoft's host-client security provisions.

Re: AV only helps if you are bad

[jbmartin6]

Don't forget device firmware alterations, especially on storage drives. But my point was, finding out that you have already been compromised for years is better than never knowing. At least you have a chance to recover something.

Re:AV only helps if you are bad

I hate AV software with a passion bcause it slows your computer to a crawl

Your either using 20 year old anti-virus software or a 20 year old computer, or both. No one has the problem you're describing. Newly written/modified files are scanned and then sometimes a weekly scan is done while you're sleeping. The load is essentially non-existent.

Re: AV only helps if you are bad

Docker + Tails anyone? Why not just rebuild your entire system from an encrypted cloud storage and script file every time you sit down at the desk?

Re: AV only helps if you are bad

[Type44Q]

Your arrogance in the belief that Microsoft products are more risky than others would be laughable if it wasn't so dangerous.

Actually, you have a point: it would be terrible - possibly even dangerous, I suppose - for microsoft, black hats and gov'ts everywhere if people were to truly grasp the risk of using Microsoft products, as they'd quickly switch to something else and all that insidiousness would have been for nothing...

Signed,

A Microsoft-Certified Systems Engineer with a far better grasp of reality than yourself... and/or simply not on the take, unlike yourself.

Re: AV only helps if you are bad

I hate to say this, but, in the end.. windows, osX, linux, bsd, whatever you run, once the marketshare becomes interesting enough vor virii creators, you'll get a virus for you platform... so for all the ubuntu users, beware... (and/or run an obscure self-mangled BSD variant with an obscure self made shell, where ls is an alias for a script wich catches your ip and bans it.. )

Re:AV only helps if you are bad

[edtice1559]

That's not entirely true. If your willing to use TPM, secure boot, and only run signed binaries, you have some level of trust.

Re:AV only helps if you are bad

"signed binaries" does not buy you security. They may have flaws - and they will, if the vendor have a history of flaws. Such a signed binary may suffer a buffer overflow while running, letting someone take control of the machine. The signature won't prevent that at all.

Alll the signature gets you, is a confirmation that the binary is not altered on disk. Assuming that the signature checking software isn't already compromised, of course.

Re: AV only helps if you are bad

Don't forget device firmware alterations, especially on storage drives.

This is why I store all my data on 5.25" floppies, you insensitive clod. Good luck altering the firmware of those.

Although it is a bit of pain needing a few rackfuls (over a thousand drives) for each gigabyte...

Re:AV only helps if you are bad

Oh look, another fuckstick that hasn't updated his knowledge in 20 years.

Re:AV only helps if you are bad

Meanwhile, there's an entire business model in the malware community around the use of 'antis' and 'crypters' which is a process of unit testing code to ensure it cannot be detected by AV software or heuristics and will not run on virtual machines. The primary value of AV software is to prevent known, obvious attacks.

Re: AV only helps if you are bad

[XXongo]

The trouble is, all of that remains true if you have anti-virus software installed. Your odds might be slightly better overall, but AV software doesn't catch everything. ...

The advantage of AV is it will eventually catch the malware, unless you wipe and reinstall. Sure, it might have been on there for years but eventually you will get it. That's a little better at least than never catching it at all.

Exactly. Sooner or later, most viruses are found and their characteristics added into the AV software.

Re: AV only helps if you are bad

Not if you use Live distros in a machine without disk-writing capabilities.

Re:AV only helps if you are bad

[Anonymous+Brave+Guy]

Sure, but that trust only extends as far as whoever implemented those security measures and signed those binaries. We live in an era when your own OS may well be spying on you, your new laptop may be shipped with vendor-installed spyware right out of the factory, your new PC's CPU almost certainly has secondary functionality built-in that you can't examine or control, any of those things potentially lead to not just privacy but also system control vulnerabilities, and that's just the threats your chosen commercial partners openly-ish advertise before you get into criminals or state security services physically modifying something between the manufacturer's facility and yours.

Re: AV only helps if you are bad

[Anonymous+Brave+Guy]

That's no better than reinstalling on a new hard drive. You still lose to any adversary who has direct firmware/CPU access and gets to run their code before you get to run yours.

Re:AV only helps if you are bad

[Nunya666]

I hate AV software with a passion because it slows your computer to a crawl

Your either using 20 year old anti-virus software or a 20 year old computer, or both. No one has the problem you're describing. Newly written/modified files are scanned and then sometimes a weekly scan is done while you're sleeping. The load is essentially non-existent.

The GP is right, AV software can slow your computer to a crawl. But that only happens if it does a full system scan while you are actively using your computer.

For those of us who are stuck with anal-retentive IT departments who schedule full system scans at noon, we are stuck with that exact same problem. Their argument is that "nobody leaves their computer on overnight" so they "have no choice."

My response was to install Linux, run Win7 in a VM, and not put the VM on the domain. Since that's one less computer for IT to manage, backup, or rebuild, they don't care that it's not on the domain.

Re:AV only helps if you are bad

[Rakarra]

If you can't tell whether you have a virus without an AV, then you are dumber than you look. I've cleaned many friend and family computer where they got a virus without an AV, then asked for help. Turns out it's quite easy to get a virus without an AV, and from my experience, not to hard to get one with.

I've had a lot of Windows machines that act "funny" without any virus involvement at all. Sometimes it's a failing piece of hardware that neither windows nor the hardware driver detects as being a problem. Sometimes Windows just f's itself up in weird ways, whether it's the registry, a bad windows update, both, or something else.

Re:AV only helps if you are bad

[Rakarra]

Never even read email from unknown sources, let alone open attachments from there.

Or if you do, make sure all attachments are turned off. No auto-loading flash or linked images. There's nothing wrong with text-only email.

Re: AV only helps if you are bad

[Gr8Apes]

I'd say from the virus perspective, having more than 2/3s of the worlds servers running non-windows makes non-windows servers a big appealing target. Malware and trojans won't directly get you on most servers.

Re:AV only helps if you are bad

[cfalcon]

Many of the comments miss your very valid point- that without a false sense of security granted by an AV, you are likely to NEVER run anything untrusted, because you know it could absolutely ruin you, and you have no reliable out. That's referenced in the story. And it's a fact that people adjust risk to match their perceived security- seat belts save lives, but not as many as they should, because people drive with less care when seatbelted (statistically- though probably everyone reading this does too). With antilock brakes, the delta is large enough that ABS seems to overall be a neutral tech, safety-wise.

But I'll share my story: at one point, several years ago, I downloaded Opera. I had used Opera before: it was my go-to choice for awhile, but I hadn't used it in awhile, and wanted to check it out. I browsed to a site that was, in my head, secure- a gaming news website. But it was only secure in my head because I normally browse it with limited (domain-only) scripting and a good set of ad blockers. Since I had JUST installed Opera, I had no safeguards active. I saw that the site was a nest of vipers without that, and went to close it, but in doing so I must have moused THROUGH an ad.

I was owned IMMEDIATELY. Malware called "Anti Malware Doctor" began an "install procedure", meaning, of course, that it was already in, and running code. These days, all the good AVs can tear this thing out- at the time, it was brand new (as presumably was whatever scripting exploit they used- I'm not trying to shit-talk Opera here). I killed power as soon as I knew what was going on.

For the next several weeks, I did almost all my computing on my laptop, and much of it was devoted to removing said malware. All these terrible little binaries to try to yank the damned thing out. Eventually, I did so- by running stuff from bleeping computer and other great forums, the computer was back up and Anti Malware Doctor was no more.

Or so I thought.

A couple years later, I had reinstalled Windows on a fresh drive, and still had the old one around for archival purposes. One day, after updating I think Microsoft Security Essentials, it suddenly starting finding that damned malware on the old drive. It had curled itself up in some places that I guess weren't known at the time. It was sheer luck that I had never ran them, or that they didn't work as intended, or something. At the time I blew up the malware, I guess no one had discovered all the places it could hide.

Anti Malware Doctor is the sort of malware that gets in your face and eventually tries to get you to spend money. It's flashy and visual and is intended to get money through that route. If the malware was instead of the "botnet" variety or the "remote access" variety, I would not have found it for YEARS, and I would have ONLY found it by running an anti-virus.

So some of the posts saying "how would you know", while sort of missing your big point, are still pointing out a really valuable thing: it's entirely possible to be infected and not know it. In my case, it was yet another stupid javascript problem combined with a fresh browser I hadn't configured extensively for security. But it could be ANYTHING.

Re: AV only helps if you are bad

[cfalcon]

> the belief that Microsoft products are more risky than others

You've been correctly downmodded as troll, but I want to point out that he never said that MS products are more risky than others. What he said was:

"Never use MS software to browse the internet and read email"

This is good advice. Whether you believe that Microsoft products are shoddy and full of holes, or whether you believe they are targeted to an unbelievable and unprecedented degree, or a mix of the two, it's solid advice. I would say at this point, it's better advice to avoid Outlook than Edge / IE, because Microsoft is not leading the pack in terms of browser numbers any more, AND they have really redoubled their efforts on browser security in the last six years or so- while Outlook has a much crappier record, and requires a bunch of advanced settings to be safer.

Re: AV only helps if you are bad

I'm a malware hipser, you insensitive clod! Nothing better than a Stoned.Empire.Monkey.b virus, but you have to go through some effort to get it into your MBR these days.

Re:AV only helps if you are bad

[cfalcon]

>> I don't run anything that's untrusted. Worked out well so far.
> Or you could run an OS that doesn't vehiculate viruses.

He said he doesn't run anything that's untrusted, so obviously he's not on Windows, geesh!

Re: AV only helps if you are bad

[fizzup]

I haven't run Windows for over a decade. For all that time, and much more, folks have been writing exactly what you just wrote. I think you imagine that this is an iron-clad point: that the additional security I get from Linux and OS/X is somehow illusory because both are just about as vulnerable as Windows.

The truth is that Linux and OS/X are about as buggy or security-deficient as Windows. And they are also safer.

Re: AV only helps if you are bad

So what your saying is 90% of businesses in thus decade are safe? I mean if our entire infrastructure is virtualized and we're using citrix or rds to connect from a thin client to our virtualized env... we're good right??????

Re:AV only helps if you are bad

[edtice1559]

Yes, all of those things are true. But those organizations have a vested interest in protecting your data. Maybe not much of an interest, but they aren't adversaries.

Re:AV only helps if you are bad

[Anonymous+Brave+Guy]

But those organizations [...] aren't adversaries.

Unfortunately, I don't think that's a safe assumption any more. For example, my businesses can't use Windows 10, because installing it on anything that touches client/customer data would immediately contravene assorted contractual and statutory obligations we have regarding confidentiality and data protection. Microsoft's policies regarding telemetry and forced updates appear to mean using their new software is literally impossible for us.

Whether or not their intention is to use data collected via telemetry for anything other than looking for ways to improve Windows, and whether or not they intend to collect any confidential or personal data via those tools, don't really matter. The facts are that technically they certainly could collect that data, their terms and privacy policy appear to allow them to, and even some of the biggest tech firms in the business have suffered both scope creep and serious security leaks in connection with data they've collected.

As I said before, security is mostly about risk management. For anyone working with sensitive data, using systems running Windows 10 or buying systems from laptop manufacturers that covertly preinstall insecure remote "support" functionality or phone-home reporting are way off the scale of acceptable risks in my professional opinion.

Re:AV only helps if you are bad

I follow these practices and add that I never access the internet as an administrator. Also, I do not mount any hard drives while connected.

My default download directory is a ramdrive mounted as nodev, nosuid, noexec.

So far I have no problems with ipv6 disabled.

Re:AV only helps if you are bad

re "For those of us who are stuck with anal-retentive IT departments who schedule full system scans at noon, we are stuck with that exact same problem. Their argument is that "nobody leaves their computer on overnight" so they "have no choice."

Our anal-retentive IT department scheduled our full system scans for 10am every Tuesday. My PC slowed to the point I couldn't do any work at all. They refused to change the scan time saying it was in their ISO documents.

I think the real reason they chose 10am was so everyone in the company could see that IT was "protecting" us and they would not be blamed if McCrappy missed something. Of course it may be coincidence that the weekly IT conference call is at 10am on Tuesdays.

Is he going for irony, here?

[mark-t]

The EFF's chief technologist revealed that he doesn't run an anti-virus program, partly because he's using Linux, and partly because he feels anti-virus software creates a false sense of security.

By virtue of the fact that he has even mentioned that using Linux is part of his reason to not run antivirus software, wouldn't the fact that he is using Linux be considered to be lulling him into exactly the same sort of false sense of security that he is accusing antivirus software of creating?

Re:Is he going for irony, here?

[Black+Parrot]

Yes.

I think my Linux is more secure than my Windows, but honestly it only takes one exploit.

If the spooks or large organized crime want in, they're in. Small fry *may* be kept out by best practices, but I wouldn't bet on it.

Anything secret shouldn't be on a computer, let alone a computer on the internet. But then there's the eternal trade-off between security and convenience.

Re:Is he going for irony, here?

I also hope his user and maybe even kernel space is fully stack guarded and heap protected, address space fully randomized with enough entropy, and all his memory pages are either executable or writable, but not both at the same time. If that is the case, and his kernel and daemon configuration is sane and all the known configuration mistakes taken into consideration, and he is using lynx to surf his porn, and vi to edit his Word documents, then maybe he could indeed sleep reasonably well at night. At least tomorrow night. .. ;)

Re:Is he going for irony, here?

This. Exactly this.

First, running Linux is not a silver bullet, and it's not virus or malware free. Plenty of Linux computers become botnet slaves. Second, even if this practice works for him he should absolutely not advocate that other people follow his example. Not everyone has the technical expertise to recognize when they've been compromised, or how to deal with such a situation.

Re:Is he going for irony, here?

[tchdab1]

These security experts wouldn't recommend it, but they're relying on security through obscurity.
Think about it, but don't actually think about *it* because that might endanger the security experts.

Re:Is he going for irony, here?

No. Security is a process, not a product. in this sense, the article's focus on products is entirely misleading.

Re:Is he going for irony, here?

[thegarbz]

Yes. No. Have you seen the success rates of current Anti-virus? It's a bit like preventing STDs by asking potential mates to submit to a screen after sex and keeping a set of drugs in the fridge to treat a few of the diseases we share.

Anti-virus despite coming pre-installed on every out of the box machine and being present on every corporate network has really done little to actually stem the spread of viruses on computers.

Re:Is he going for irony, here?

agree
https://www.youtube.com/watch?v=U5Ndzxp2lEU

Re: Is he going for irony, here?

So what free AV is there fir linux that dos realtime scanning? Clam has no realtime and the corporations seem to have stopped building for Linux.

Re:Is he going for irony, here?

[TheRaven64]

In terms of Linux, it's not classical security through obscurity, it's security through diversity. One of the reasons Slammer was so painful a decade ago was that most institutions had a Windows monoculture. The time between one machine being infected on your network and every machine on your network being infected was about 10 minutes (a fresh Windows install on the network was compromised before it finished running Windows Update for the first time). If you'd had a network that was 50% Windows and 50% something else, then it would only have infected half of your infrastructure and you'd have been able to pull the plug on the Windows machines and start recovery. It's possible to write cross-platform malware, but it's a lot harder (though there's some fun stuff out of one of the recent DARPA programs writing exploit code that is valid x86 and ARM code, relying on encodings that are nops in one and valid in the other, interspersed with the converse). Writing malware that can attack half a dozen combinations of OS and application software is difficult.

This is why Verisign's root DNS runs 50% Linux, 50% FreeBSD and of those they run two or three userland DNS servers, so an attack on a particular OS or particular DNS server will only take out (at most) half of the machines. Even an attack on an OS combined with an independent attack on the DNS server will still leave them with about a quarter functional, which will result in a bit more latency for Internet users, but leave them functioning.

Re: Is he going for irony, here?

Really - because my Linux computer has dozens of people from around the world trying to log in to ssh with a list of usernames and passwords. You are an ignorant fool.

Re:Is he going for irony, here?

[tburkhol]

These security experts wouldn't recommend it, but they're relying on security through obscurity.

The wouldn't recommend that obscurity be your only security, but I think they would all agree that obscurity can be a useful component of a comprehensive security plan.

For example, if you run a web server, everyone knows it. Controlling the server signature to not obscure the specific version or modules that server runs means an attacker can not target known version-specific vulnerabilities, but has to try a bunch of them. This gives the server the opportunity to detect multiple exploit attempts and ban the source (or whatever). Using unpopular/obscure software, like ngnix or lighthttpd instead of apache/IIS, may also reduce the attack profile (ie, worms or script kiddies), while being less intrinsically secure.

Re:Is he going for irony, here?

[naughtynaughty]

They aren't relying on the secrecy of their implementations as their main method of providing security, therefore they are not using security through obscurity.

I'd recommend you read up on what security through obscurity really is.

Re:Is he going for irony, here?

[jeffmeden]

The icing on the cake is that several of them (notably Bruce) basically saying security by obscurity really is a thing (well at least if you're famous)

Re:Is he going for irony, here?

[Gr8Apes]

Then you're making an ignorant assumption.

Yes, you are.

Every other OS out there for server and end user use is more secure than Windows. Windows is flawed by design. Here's why: windows is built on top of an inverted security model that requires the process token to have all permissions required for every aspect of the program running, and then masks that token for child threads and processes. That means that any thread or child-process that has an exploit can automatically run at the highest security level of the process. Add to that the ability of almost any process to inject code into DLLs, and you see why pwning windows is almost trivial. I submit that windows will never be secure until they fix these 2 fundamental architectural mistakes.

Meanwhile, Linux, BSD, and other *nix OSes have a sane least permissions security where a token can be elevated upon authentication/authorization as needed. If a process manages to escape its code path via a buffer overflow, damage is limited to whatever permissions that thread has at that time. In *nix systems, that's usually very little. If you're still not convinced, try to modify a system library in *nix from your own program or some javascript in your browser via a drive by scenario. No fair using the Java plugin, as that shouldn't be installed on any browser.

Re: Is he going for irony, here?

Spooks can do better than banging at your sshd with random passwords. They may have zero days.

Re:Is he going for irony, here?

[naughtynaughty]

There is no irony because you misunderstand what security by obscurity really is.

Re:Is he going for irony, here?

[Rakarra]

These security experts wouldn't recommend it, but they're relying on security through obscurity.

Yes, it's an acknowledgement that obscurity IS an additional layer to security. It's not the means to security, it's just an additional roadblock to throw up. When discouraging hacking, if your target is hard or obscure, most people will look elsewhere. Sure, it won't dissuade the truly dedicated who are looking to take you in particular down, but some obscurity is better than no obscurity.

Re:Is he going for irony, here?

[aaarrrgggh]

There is a difference by making a targeted attack (slightly) harder and using obscure means to hope for security.

Re:Is he going for irony, here?

The EFF's chief technologist revealed that he doesn't run an anti-virus program, partly because he's using Linux, and partly because he feels anti-virus software creates a false sense of security.

EFF disappoints me. Can we trust an important role in a security institutions to a clown wearing a nose ring? It's worrisome.

Re:Is he going for irony, here?

It's bitztream, the autism-hating Slashdot troll!

(Thought I was gone didn't you, you fucking troll!)

AV programs are like condoms...

They're only doing their job if you have a reason to use them. If you spend your time avoiding visiting unsavoury websites and have the knowledge not to downloading/open questionable files, then they're just costing you space on your PC (or in your wallet).

Also, sometimes they break.

Re:AV programs are like condoms...

[RealityGone]

They're only doing their job if you have a reason to use them. If you spend your time avoiding visiting unsavoury websites and have the knowledge not to downloading/open questionable files, then they're just costing you space on your PC (or in your wallet).

Also, sometimes they break.

This completely ignores the fact that sometimes (often?) advertising networks are used to spread viruses on completely legit sites. Or those sites could be exploited themselves and start spreading malware.
Just because you only check your email and read the news doesn't make you completely safe. Safer, sure. But not completely safe.

Re: AV programs are like condoms...

Thanks to ads all of the internet is unsavoury.

Re: AV programs are like condoms...

Why are you here if you don't visit unsavory websites?

SLASHDOT IS FULL OF ADVERTISEMENTS AND TRACKERS

If you're here, you're risking infection from any one of the many trackers and advertisements on this site. It wasn't too long ago that SourceForge was serving out malware bundled in installer programs.

That's why I take additional precautions. The sites I visit, like this one, cannot be trusted. While I use judgement as to which links to click on, the risk is still very significant.

Re: AV programs are like condoms...

I may use Linux but I still do not let unknown shit run in my browser. Turn that shit off for normal surfing. It isn't complete security but it is another layer.

Re:AV programs are like condoms...

AC said you should avoid visiting unsavoury websites. Ad networks are unsavoury websites. Competent people don't let their browsers connect to ad networks.

enough said german boy

google books hosts infected pdf files with spyware.

Neener Neener

I had an incident at work when my coworkers found out I didn't run anti-virus software on my computer. They went so far as to change company policy to make it a requirement to use the company network. I rolled my eyes and installed MSE to make them happy.

A couple years later, I plugged that same machine's hard drive in as an external USB 3.0 device and antivirus still couldn't find anything wrong!

I'd always assumed I was running a compromised system from "Go" and used two-factor authentication to prevent unauthorized logins even if someone had my password. I pretty much just accepted there was a keylogger on that machine.

Either I had some sort of rare APT infection, or I was scared into taking unnecessary precautions by my lack of a security blanket. Meanwhile: the AV pimping co-workers probably didn't use two-factor authentication because their precious AV was protecting them.

Between the two schools of thought: their operating procedures were fragile and encouraged complacency. My operating procedures left me cautious and paranoid and I never caught an infection as a result.

What are you guys doing?

I have a BIOS lock to annoy thieves if my laptop is stolen. I have clamav but I barely ever run it. I run noscript and ghostery on a Linux Mint LTS and I run the Firewall GUFW in it's default config. I have firefox set not to accept 3rd party cookies and to clear cookies at the end of a session. I lock my documents up with truecrypt, it's an older version but I am just trying to stop criminals if my laptop is stolen and it's the version that was reviewed for security, so I guess that's okay. I am thinking of setting up firejail on my next install and if things get much worse on the internet I might start using more VM's to do most of my work.

Mercury News

One of the last "real" newspapers / websites.

Doesn't make sense

All operating systems and system software have bugs that, when exploited, can allow the system to be compromised. If you're a user, you're probably running software like Firefox, which certainly can be exploited. While servers generally don't have instances of Firefox running, they do get compromised, and you hear about it in data breaches. While some of these data breaches certainly occur because if incompetent administrators, there are still plenty of Linux systems being compromised because of the software running on them. Linux provides a false sense of security because the software running on it does get compromised somewhat frequently.

As for antivirus, software on Linux is vulnerable to attack. MS Office has had plenty of vulnerabilities that were exploited. It would be foolish to assume that LibreOffice can't be exploited, too. There's no harm in running clamav to scan files that you download to a Linux system before you open them in software like LibreOffice. I use antivirus software on Linux for precisely that purpose. It's one line of defense, one of many, but why would you remove a legitimate line of defense?

Basically, there should be many lines of defense that include:
1) Firewalls that monitor incoming and outgoing traffic, blocking undesired and potentially harmful traffic
2) Turning off unnecessary services and restricting the privileges given to essential services
3) Using strong passwords that are hard to guess
4) Encrypting and backing up data
5) Running antivirus software to monitor likely threat vectors, especially files from outside sources
6) Monitoring the system for unusual activity that might indicate a breach

The real problem with many antivirus systems is that they run with too many privileges, are too vulnerable and miss too many threats, such that they actually become a liability for the user. That doesn't mean you should avoid using antivirus software, but that you should be smarter about the antivirus software you do run.

Re:Doesn't make sense

...and with your Linux virus scanner, which virus does it scan for?

Re: Doesn't make sense

Clamav is open source. You can see exactly what clamav scans for by looking at its source code and virus definitions. The purpose of clamav is to scan files to see if they contain malware, which is something you might to if you're running a mail server and want to protect your users from threats. Let's say my boss emails me a Word document, which happens somewhat frequently. I don't know my boss's security practices, so I scan the document prior to opening it. While I'm opening the document in LibreOffice, I still think it's good practice to scan the document first. It's definitely a good idea to scan PDF files before opening them. I would prefer to not open infected files, even if the specific vulnerability doesn't affect me. I certainly don't want to pass those files along to other people. You would have to be a complete fool to think that applications running on Linux are immune from vulnerabilities. It is hardly the only line of defense, but I choose to keep it in place because the cost of scanning files is low but the damage that could be caused by losing my data to, say, ransomware is very high.

Re:Doesn't make sense

Running ClamAV will absolutely do harm. Reports from that thing are so full of false positives that you cannot automate anything: You have to check the reports manually, or else you'll keep wrecking a working system every other day. But manually checking AV reports with so many false positives is a waste of time, so no, don't run ClamAV except to get a third opinion.

Different protections for different threats, envir

[raymorris]

If he did -nothing- about security, that would be true. That's not likely the case. More likely, he's using protective strategies that are appropriate for his environment and the threats most prevalent in that environment. The most common threats for Linux machines aren't viruses. Viruses specifically are more of a Windows thing. Not that there are no threats that affect Linux, they are -different- threats.

On Linux, he may use the firewall, Tripwire or another IDS, some form of IPS if only fail2ban, SELinux, etc. Also of course browser-specific things like an adblocker and NoScript. Linux has long had good support for good partition and file encryption, so he might use that, and scheduled offsite pull backups protect against ransomware.

ClamAV runs -on- Linux, but normally -for- Windows - you install on on your Linux mail server to remove viruses before your Windows clients download their mail, etc.

#1 source of malware is ads on mainstream sites

[raymorris]

> If you spend your time avoiding visiting unsavoury websites and have the knowledge not to downloading/open questionable files

The number 1 source of infections is compromised ads on mainstream sites like Slashdot. Avoiding "unsavoury websites" isn't protecting you. Noscript and an ad blocker would provide much more protection, along with automated offsite backups in a pull configuration (your computer must not be able to delete/overwrite the backups, for ransomware protection).

Re:#1 source of malware is ads on mainstream sites

Hmm, I thought the #1 source was still - for 20 years running - idiots who open every attachment and click every link in every shady email their spam folder ever sweeps up. *shrug*

Anyway, gotta support those content creators. Even if it does mean sending off $500 in bitcoin to some russian hackers every now and then.

Re:#1 source of malware is ads on mainstream sites

[rrohbeck]

You also want a hosts file that blocks all the usual ad services.

The only time I ever had malware on a system when we had a worm at work - and it only infected my Windows VM.

Re:#1 source of malware is ads on mainstream sites

[houghi]

My backup process is
1) Incremential
2) Mount RX, backup to NAS, mount RO
3) Backup from NAS1 to NAS2. NAS2 is not directly connected to the PCs and is dedicated for backup of the backups.

Data like music and movies and pictures are always RO as soon as they are sorted. Process:
1) rip or download or copy
2) mount RW and moving of data
3) Remount RO

As much as possible is left as RO. Not so much because I am afraid of hackers, but to protect me from my own stupidity.

Re:#1 source of malware is ads on mainstream sites

[jbmartin6]

It's not idiots. It is just regular people. I've seen people who forward scam emails to the security team religiously fall for a fake email once in a while. On a bad day, just back from vacation with thousands of emails piled up, and they just happen to be expecting a package. The typical tale I hear is something like 'I knew right away I should not have opened it. But...' I've even come close a couple time and I protect against this sort of thing for a living.

Re:#1 source of malware is ads on mainstream sites

Going to "unsavoury websites" is also part of the fun of the Internetzwerks.

A bit optimistic

There are viruses/malware/whatever's aimed at Linux platforms. If you're smart about it you operate like you don't have anti virus but you still use one.

I wonder how many "extras" they have on their PC but have no clue about because of the lack of AV. No one can cover all vectors on an OS nor can they predict what a file contains. Unless they're some kind of superhuman they won't even notice the majority of wares out there as the majority aren't destructive and are designed to hide from the operator.

Re:A bit optimistic

It is easy to verify if you're infected. Just check your machine if it has some weird TCP connections which you didn't initiate. You can take it to another level if you don't trust your OS by checking all TCP connections on your router.

ONLY apps can app apps!

This LUDDITE is using LUDDITE Linux, which means LUDDITE hackers can steal all of his files!

Modern app appers ONLY app apps, and only apps can app apps, NOT LUDDITE hackers!

Apps!

Re:ONLY apps can app apps!

This COW is using MOO Linux, which means COW hackers can steal all of his files!

Modern app cows ONLY app moos, and only moos can app cows, NOT COW hackers!

MOO!

Re:ONLY apps can app apps!

....Can your cow app 16 hot grits?

I can't tell you commoners what I do

I'm kind of a big deal.

Re: #1 source of malware is ads on mainstream site

GP: Well duh, I assumed AdBlock/Noscript was installed on every Slashdot reader's device anyway.

Let me guess, you're vegan too?

Say nothing

[pigsycyberbully]

Malware/virus scanners have root access and they are spyware. people avoid U.S. virus scanners, they are mentioned in the GCHQ and NSA documents.
Two companies are named Sophos, McAfee. And wasn't there a scandal a couple of years back with a company called "F-Secure Corporation"
who threatened to report people if they were looking at unacceptable pornographic images. Your virus scanner scans what you see, it scans were you visit it sees all that you see and it as root access.

I think a group called anonymous blamed Panda Security, for informing on them. If you have a virus scanner on your computer they see what you see.
Kaspersky Lab, At the virus conference used the slogan "say nothing".

Re: #1 source of malware is ads on mainstream site

I don't understand why people consider some sites more unsavory than others. And yes, some sites are more dangerous to visit than others, but people do an awful job of assessing the danger. Even nerds do a poor job of this, otherwise we wouldn't be on Slashdot.

Consider this: Slashdot loves to post stories that criticize other sites for abusive practices involving ads and tracking. You'd think that such a site wouldn't be engaging in the same types of behavior. However, if you look, Slashdot loads numerous advertising and tracking scripts. Trackers monitor your browsing activity across multiple sites, making a record that can be used to profile you. Ads are an extremely common vector for distributing malware. If that's not unsavory behavior, I don't know what is. We love to criticize other companies like Facebook and Microsoft for deceptive and dangerous behavior. Why should Slashdot get a free pass? This isn't the news for nerds, stuff that matters, geek site that Rob Malda, Jeff Bates, and Jonathan Pater started in the late '90s. Its changed tremendously and engages in many of the same harmful behaviors that other news sites do. And while we're at it, there's nothing anonymous about Anonymous Coward posts, either. Slashdot, its advertisers, and its trackers are all monitoring you.

So why do we consider Slashdot to be less unsavory than most other sites? It doesn't make any sense to me. Any site that engages in behaviors like that can't be trusted and puts its users at risk. We can reduce that risk by blocking scripts and ads, but even that doesn't guarantee safety. I just think even nerds, who are quite educated about the security and privacy issues, do a terrible job of deciding what's safe and what isn't. The fact that we're here posting on this site is proof enough.

I.e., DO AS I SAY NOT AS I DO-

Do!

heh-heh

Re:Different protections for different threats, en

[tlhIngan]

If he did -nothing- about security, that would be true. That's not likely the case. More likely, he's using protective strategies that are appropriate for his environment and the threats most prevalent in that environment. The most common threats for Linux machines aren't viruses. Viruses specifically are more of a Windows thing. Not that there are no threats that affect Linux, they are -different- threats.

Just because Linux doesn't have as many viruses for it, doesn't mean it's immune to viruses. In fact, Linux probably a very popular carrier for viruses - Linux host gets broken in (usually via a PHP exploit) and some files are dropped onto it and files modified so whenever a Windows host accesses it, it obtains the payload and gets infected.

Linux may not be harmed by it, but it certainly is an active participant in the propagation of viruses. Mostly because the malware authors want to target users, and 90% of them run Windows. But they can't target Windows servers, because 75% of the servers out there run Linux. So they will exploit those Linux-running servers to plant some WIndows malware on there so the Linux host distributes the Windows malware to everyone.

Linux is a carrier, and perhaps having an anti-virus may be handy if nothing more than to ensure that you're not being part of the problem and serving up stuff that infects other users. The best part is, these scanners need not be intrusive since the host can be assumed to be free of malware, so you're really just looking for bad files.

Same thing on MacOS - there's no reason to have a antivirus scanner other than to make sure you're not serving up infected files, or to alert you in case you get an email that won't infect you, but may infect someone else if you forward it on or something.

Google, for example, scans emails and documents for viruses and other malware, not because they can infect Google, but to prevent spread.

Re:Different protections for different threats, en

[mark-t]

That's not my point.... the simple fact that he would even mention it as a contributing factor to not bother with AV software *IS* evidence that it is lulling him into the exact same sense of security that might happen with AV software.

I run Linux, and I don't bother with AV software either, but it's not because I run Linux, it's because AV software is shit.

The reason why Schneier is a target

[jensend]

It's common knowledge that if you knock out Chuck Norris with a roundhouse kick you become the new Chuck Norris.

Similarly, if you manage to steal Bruce Schneier's identity, you become the new Bruce Schneier.

No wonder he's a target. Everybody wants to be him.

My personal favorite Bruce Schneier Fact: "Most people use passwords. Some people use passphrases. Bruce Schneier uses an epic passpoem, detailing the life and works of seven mythical Norse heroes."

Re:The reason why Schneier is a target

Sounds more like he's using the old "security through obscurity" fallacy.

Re:The reason why Schneier is a target

[Opportunist]

Bruce Schneier uses an epic passpoem, detailing the life and works of seven mythical Norse heroes."

That's amazing. I've got the same security for my luggage.

Re:The reason why Schneier is a target

If you've got security, you might as well pile some obscurity onto it. All we know is that he's using obscurity. We have no indicators of his security or lack thereof, because he didn't answer the question.

Re:The reason why Schneier is a target

[Carewolf]

Sounds more like he's using the old "security through obscurity" fallacy.

You mean passwords?

I am afraid you don't understand what "security through obscurity" means.

Re:Different protections for different threats, en

You're assuming that Linux and OS/X systems can only be public servers. But you shoudn't run things like a public PHP based website on the computer you use for highly confidential stuff, and if you don't it's unlikely to become a carrier for Windows viruses. Not running such services in the first place is one of the most appropriate security measures you would take on such a system. More public functions you can implement on separate machines that you protect in ways appropriate for their purposes.

Re: Different protections for different threats, e

Linux, the kernel, is pretty secure and reliable. But can you trust the applications running on top of it?

Firefox and LibreOffice have had plenty of vulnerabilities and are also pretty good attack vectors. If they are exploited, anything on that account could be stolen by an attacker, encrypted with ransomware, or deleted (probably the least evil of the three, assuming recovery of deleted files is possible).

It's actually pretty remarkable to me that Linux users aren't bigger targets. I work at a state university doing scientific research. (I don't trust Slashdot's anonymity, so it's very possible the editors could disclose which one.) You'd think that an enterprise user of that size would have good facilities for backing up data, programs, and other files. We don't. We don't have policies to ensure frequent backing up of data, especially our most valuable research data. We protect homework and assignments from students more than we protect research data funded by million dollar grants. And in my experience, that's pretty common at other universities. We run Linux. Our data is highly valuable. And we're extremely vulnerable. Its remarkable that we're not targeted a lot more than we are.

You might think we receive security updates, at least, but even that's a myth. In reality, the administrators don't like rebooting some of our systems because they're attached to hardware RAID systems, and the administrators are afraid that the RAIDs won't come back up if we reboot the system for things like kernel updates. On one system, I was told to install Mediawiki on it many years ago as a way of collaboratively documenting a rather large project. Afterwards, it became someone else's problem and I moved on to different projects. I'd bet that there haven't been any updates in several years. While I did properly configure Mediawiki, Apache, and the MySQL backend, it's still almost certainly vulnerable because of its age and the lack of updates. Again, this situation is far more common than you might expect.

Can we please shatter this idea that Linux is inherently secure? The kernel is, indeed, very solid. But that only gets you so far. And it's truly remarkable that we're aren't targeted far more often.

I keep my data...

[fahrbot-bot]

... inside a locked box that requires a 10-digit code + retinal scan + penis imprint, stored at the bottom of a lake, filled with sharks, wearing lasers.

Someone once made it to the lock-box, but... I just didn't have to feed the sharks that day.

I even have a sign posted: Do not look at sharks with remaining good eye.

Re:I keep my data...

[mysidia]

... inside a locked box that requires a 10-digit code + retinal scan + penis imprint, stored at the bottom of a lake, filled with sharks, wearing lasers.

One of these days team A is going to dive down there with anti-shark enclosure and anti-shark weaponry wearing diving suits with laser-proof Googles,
and haul the box away to be dissected.

Re:I keep my data...

I've been advocating penis and vagina imprints for a long time now, even at work. Glad I finally now have company!

... inside a locked box that requires a 10-digit code + retinal scan + penis imprint, stored at the bottom of a lake, filled with sharks, wearing lasers.

Your penis imprint (and thus your penis) wears lasers? Man, that sure one-ups me!

Re:I keep my data...

[MiniMike]

... inside a locked box that requires a 10-digit code + retinal scan + penis imprint, ...

One look at the crusty penis scanner should scare most people away.

Re:I keep my data...

[jbmartin6]

Grammar nazi strikes: your use of the comma indicates the box is wearing lasers. Or maybe that is what you meant. It might be smart to have both the box and the sharks wearing lasers, as long as they could not be fooled into lasing each other.

Re:I keep my data...

Not to worry, that same (mis)use of commas indicates that the sharks are inside the box.

Re: Different protections for different threats, e

You're talking about webservers running php apps. The question seems to be about desktop Linux.

I don't run AV and I tell people I don't run AV

...but I still install AV on every single system which I set up for other people, and I recommend that they keep using AV. Why? Because it would be considered negligent to omit it. If they get infected, which they inevitably do, then not installing AV would put me in an indefensible position. Asking a professional how they protect their data is a useless endeavor. It doesn't teach you how to keep your data secure, because you don't know all the other things they know which stop them from doing stupid things.

Moron Monday

[simplypeachy]

"I don't take precautions because they make me complacent." I'm glad that the idiots in that article aren't the ones making any decisions in the computer security industry. Note how the CEO of MalwareBytes is the exception in that article - that's the person who's worked with exploits and viruses. Kudos for not having your head in the sand.

Re:Moron Monday

I'm glad that the idiots in that article aren't the ones making any decisions in the computer security industry.

You know who makes decisions in the security industry? Morons!

Poor security is worse than no security at all because some moron will assume that's all he needs to do. Complacency is a bitch.

It turns out those very morons tell you all day every day to not waste time and money on security because it already has $SECURITY_BUZZWORD[$RND]. Or nobody would ever think to try $THREAT. Or nobody would want to hack us - we aren't important, etc.

Those same morons ask you to fix their slow computer ten times a day.

Those same morons have all their private personal, personal private things exposed on the Interwebs.

Sometimes even the security agencies are exposed as a result of complacency and hubris.

Don't be so quick to cast judgement on those who obtain the bulk of their security by careful configuration and constant diligence rather than sloppy behavior and complacency.

Re:Moron Monday

[naughtynaughty]

Putting quote marks around something that wasn't said is dishonest.

Nobody said they didn't take precautions.

What one person said, referring to anti-malware software on his Linux computer:
"I don't like to get complacent and rely on it in any way,"

He's critical of NSA/GCHQ

He's now also on the Tor board (which is a declared target of his own governments rogue agency - read the memo, they planned on expanding the number of tor nodes they provide and attacking the interconnects to force routing, control exit nodes, and so on.).

Isn't it a problem that we're targets of our own (and 'friendly') countries government hackers? It's not like some *foreign* agency sent a spy into Juniper that changed the code to disable one of the random number generators (leaving NIST's backdoored random number generate as the only one). You don't see FBI kicking down doors and making arrests, so you can be sure it was our own lot.

Slashdot was targeted, not because it was/is an extremist board, it was targetted (and its readers targetted) to find out which ones worked in telecoms networks like Belgacom. So of course they'd infiltrate Tor just as they did to Juniper.

Do you buckle up?

[Opportunist]

And if so, do you drive more reckless now that you know that you're more likely to survive a crash because of seatbelt and airbag? Most likely not. Your car is still a wreck if you crash.

The same applies to malware. I do have an AV kit running. But I also know that it ain't no silver bullet. It's not my first but my last line of defense, another layer of security that is there in case everything else failed. Treating it any different is dumb (and yes, I know, there are people out there who go by the logic that they can turn their brains off now that they turned their AV kit on), but simply saying that you don't need it because it gives you a false sense of security isn't too smart either.

Re:Do you buckle up?

[KozmoStevnNaut]

And if so, do you drive more reckless now that you know that you're more likely to survive a crash because of seatbelt and airbag? Most likely not. Your car is still a wreck if you crash.

Actually, several studies have shown that the number of accidents and fatalities tend to drop when new safety equipment is made mandatory, but starts to rise again a while later, when people get complacent.

For instance, when ABS brakes were introduced on a significant number of new cars sold, the accident rate dropped because people were still driving as if they didn't have ABS. Some years later, everyone had gotten used to the shorter stopping distances and started driving much close to the cars in front, so the accident rate went up again.

Re:Do you buckle up?

[Opportunist]

ABS brakes are a different kind of beast because they do make drivers actually get more reckless due to them noticing they can get away with it. It's different with equipment that only engages once you already wrecked your car.

Re:Do you buckle up?

ABS brakes are a different kind of beast because they do make drivers actually get more reckless due to them noticing they can get away with it. It's different with equipment that only engages once you already wrecked your car.

I don't believe it. I bet most people's first reaction to ABS going off is "stupid machine I knew what I was doing" type of over confidence.

Have there been studies?

Re:Do you buckle up?

That's not a fair comparison, because it assumes that, if everything else is equal (i.e. if we ignore all the "false sense" bullshit, which I agree is 100% bullshit) that running AV software is safer than not running AV software.

I think that's dubious position which requires support.

If someone asks me to run software which:

• doesn't directly serve any of my uses cases; it's "additional" software which presents greater attack service than was previously required by the application
• requires a high priv level since it wants access to everything
• hooks into everything; it's using the above-mentioned hightened privs to the hilt
• uses blacklist subscriptions
• is proprietary closed-source so it can't be audited

it's reasonable for me to be skeptical that this software is going to increase my security, rather than decrease it. At least at first glance, you have to admit it looks like something that is going to decrease security, no? Only the last point (that it can't be reviewed) is necessarily a dealbreaker, but every single one of them is at least a warning sign.

Maybe this software is going to make the situation better, but that's a pretty extraordinary claim.

On top of that, nobody has ever explained why I would install malware in the first place. So why are we talking about how to remove it?

Re:Do you buckle up?

A very valid presentation. I think it's more like not using your seat belt because any accident over a certain speed with a solid object will be fatal or you might not be able to get out of it in a water situation. True, but what about all the other types of accidents it can and will save you from?

Re:Do you buckle up?

[DreadPiratePizz]

"And if so, do you drive more reckless now that you know that you're more likely to survive a crash because of seatbelt and airbag?"

I've been a skydiver for many years, and this is absolutely true in the sport. The gear is much safer than it used to be and is continually improving, but the fatality and injury rate remains fairly steady. People absolutely take bigger risks knowing their gear is safer, which cancels it improvements in safety. It's called Booth's law.

Technology

Yes Good how can security provded
https://www.youtube.com/watch?v=U5Ndzxp2lEU

Slashdot served a bit of malware recently

I noticed my internet was very slow only a few days back, and a bit of investigation it was something from a Slashdot visit that caused Firefox to be filling memory up (like its memory was going through the roof, normally about 200MB, it was up in the 12GB and constantly rising). It looks like an exploit attempt running as Javascript .

A kill of Firefox and a repeat visit to Slashdot and it did the same. A connection through a temp 4G account and it was fine, so I turned off the LAN router, to get a new IP address and it was fine again.

I assume its a MITM attack aimed at Slashdot readers, but it could also be a malware advert aimed at my IP.

Re:Different protections for different threats, en

[a_n_d_e_r_s]

Which means that for a normal user of Linux. Running anti-virus is useless.

You only run anti-virus on Linux mail servers.

Re:Different protections for different threats, en

[tburkhol]

That's not my point.... the simple fact that he would even mention it as a contributing factor to not bother with AV software *IS* evidence that it is lulling him into the exact same sense of security that might happen with AV software

I interpreted it more along the lines of "AV software targets vectors that are generally not relevant or redundant on linux, so I don't bother with it." Kind of like how you might choose not to run OpenGL or a multitasking scheduler on a DOS box - you can think of some edge cases where it might be helpful, but it's not generally going to do anything. You would definitely be justified in saying, "I don't run openGL because I'm on DOS," but it wouldn't be that you think DOS has great graphics.

Short answer: They do esoteric things

[mysidia]

And replicating what they do like monkey-see-monkey-do is not an advised way to protect yourself, even if you learned what they aren't telling you.

You can do things differently and recognize/avoid risks other people would not be
able to avoid, when you're the security guy.

Protecting an organization's endpoints and servers, OR someone else's computers against themself... is very different than protecting your own computer that nobody else is allowed to touch (although you might put it on a hostile network).

Don't get complacent

[AxeTheMax]

The EFF's chief technologist revealed that he doesn't run an anti-virus program, partly because he's using Linux, and partly because he feels anti-virus software creates a false sense of security. ("I don't like to get complacent and rely on it in any way...")

He's quite right. We lull ourselves into a false sense of security all the time. I try to avoid it, complacency is a killer.

I drive at night without any lights on, because then if I'm in an accident it will probably be my fault. This keeps me wide awake and aware of all possible hazards.

During the day this doesn't work of course. Hence I have to drive in bare feet, so if there is an accident I'm not going to get very far trying to run away.

Stay away from the pr0n

[RoscoeChicken]

Or establish a sacrificial computer that you use just for getting your strange on.

Re:Stay away from the pr0n

That computer should probably be used to access religious sites as well. People can be much too trusting when it comes to religious belief. Religious web sites are actually more dangerous than porn sites, probably has something to do with the voluntary nature of religious institutions.

Security isn't hard

[LichtSpektren]

For your average workstation, the easy way to lock it down is by examining all of the vectors that malware can take. From there it's usually simple.

Probably about 95% of malware comes through malicious websites. Solution: use tools like NoScript and an adblocker. Also use SELinux/AppArmor/grsecurity etc. to make sure that whatever slips by cannot do anything that your browser doesn't have permission to do. If you want to be really safe, only run your browser in a virtual machine (this is the premise of Qubes OS, by the way).

Also apply SELinux (or whatever you're using) to any programs that have listening Internet ports, like SSH and CUPS.

If you use a local email client instead of webmail, don't be dumb and allow your client to auto-execute JavaScript or attachments in emails. Also, don't be dumb and mount random peoples' portable drives without some precautions.

Re:Security isn't hard

[somenickname]

You can also use something like firejail (https://firejail.wordpress.com/) for this. I'm not involved in the project but, it's very simple to use compared to something like SELinux. It comes with a number of pre-configured profiles for major pieces of software and, by default, things like Firefox can only see a limited view of the filesystem. For example, by default, Firefox can see ~/Downloads but not ~/Documents. I haven't noticed any performance or stability issues with it so, it has been a welcome extra line of defense.

"of course i'm protected, i just cant say how"

[jeffmeden]

"There are some additional things I do," Spafford added, telling the reporter that "I'm not going to give details of all of them, because that doesn't help me."
Bruce Schneier had a similar answer. When the reporter asked how he protected his data, Schneier wouldn't tell them, adding "I'm kind of a target..."

So... security by obscurity is apparently highly regarded by the pros. Good to know.

Re:"of course i'm protected, i just cant say how"

[LichtSpektren]

Obscurity can be an effective additional layer of defense. On its own it's insufficient.

Re:"of course i'm protected, i just cant say how"

[bws111]

Exactly this. You can tell how little someone knows about actual security by how they trot out the old 'security by obscurity' meme.

Re:"of course i'm protected, i just cant say how"

[chispito]

"There are some additional things I do," Spafford added, telling the reporter that "I'm not going to give details of all of them, because that doesn't help me." Bruce Schneier had a similar answer. When the reporter asked how he protected his data, Schneier wouldn't tell them, adding "I'm kind of a target..."

So... security by obscurity is apparently highly regarded by the pros. Good to know.

That's not so-called "security through obscurity." Typically, that term refers to taking the same (ineffective) measures as everyone else so that you don't stick out. On the contrary, he's saying that he does take special measures but chooses not to disclose them.

Re:"of course i'm protected, i just cant say how"

Typically, that term refers to taking the same (ineffective) measures as everyone else so that you don't stick out.

That's not what security by obscurity means. It means you use secret crypto algorithms, instead of openly-tested ones with a secret key.
You can have more confidence in ciphers and protocols that lots of experts have published their unsuccessful attacks against.

Re:"of course i'm protected, i just cant say how"

Schneier is my guru. But he ain't no Angel. He's just a man. The math that works for him works for everybody else.

Re:"of course i'm protected, i just cant say how"

[cfalcon]

> So... security by obscurity is apparently highly regarded by the pros. Good to know.

Security by obscurity is fine. The problem is relying on it primarily or exclusively, or executing it in a way that diminishes or eliminates standard security, which are all common issues.

Re:"of course i'm protected, i just cant say how"

[cfalcon]

> It means you use secret crypto algorithms, instead of openly-tested ones with a secret key.

Right, but even then you can make a case for it. What would be more secure:

> Your encrypted drive exists as encrypted.hc. You load encrypted.hc with Veracrypt, and it uses AES, Twofish, and Serpent.

> Your encrypted drive exists as encrypted2.hc. You load encrypted2.hc with Veracrypt, and it uses AES, Twofish, and Serpent. Inside the mounted encrypted2.hc is encrypted.hc. You load the encrypted.hc with Veracrypt, and it uses AES, Twofish, and Serpent.

> Your encrypted drive exists as yolo.proprietary. You mount this with a loopback, using a special cipher you have devised and no one has looked at. Inside the mounted yolo.proprietary, is encrypted.hc. You load the encrypted.hc with Veracrypt, and it uses AES, Twofish, and Serpent.

As long as your proprietary junk is implemented in a way that it layers on top of the standard stuff without interfering or replacing, you have added security. And whether the second or third case is more secure is interesting: you can assume that the proprietary cipher is trash compared to the three that Veracrypt implements, but a theoretical attack that is able to get through the first Veracrypted drive has good odds of getting through the second.

So there can be a use for it even in crypto, arguably- as long as that crap is somewhere else, and YOU are the one making it happen.

What we see instead is stuff like "well, we based our algo on AES and..." or otherwise borking it in some fashion that you can't actually be verified as actually applying the community-trusted ciphers in a useful fashion- that's the common problem we have seen a lot of, and all of those "solutions" are just more problems.

Re:"of course i'm protected, i just cant say how"

[chispito]

I must have been thinking by anonymity? Then does a honeypot rely on security through obscurity because it is less effective if attackers are aware of it?

Was going to ask...

[Dareth]

Was going to ask...how do you make use of it, but then I figured out it was connected to your open wireless router.

Lol, really?

[JustAnotherOldGuy]

"the San Jose Mercury News asked several prominent security experts which security products they were actually using for their own data."

And while you're at it, tell us where you hide your cash and other valuables...

Never do anything on the actual computer

[myowntrueself]

Do everything Internet-related in a guest VM.

I learned this from Joanna Rutkowska; you have at least 3 virtual machines.

One is 'green' and you only ever use it for very sensitive things like online banking.
One is 'yellow' and you only ever use it for semi-sensitive things like social media.
One is 'red' and you do this for random web browsing, searching etc. This one gets re-imaged or reverted to snapshot regularly.

If you like (and have the system resources for it) you can have multiple 'yellow' VMs for multiple social network sites or email accounts.

You can set these VMs up on separate networks with routers/firewalls between them. You can use egress filtering on the green VM so that literally the only sites it can possibly reach are your online banking sites.

You NEVER EVER read email in your green VM or on your host. You NEVER use a web browser in your host.

The basic red,yellow,green VM setup is very very easy to build, doesn't take a lot of skills. Modern PC's and laptops are quite capable of running these 3 VMs.

Re:Never do anything on the actual computer

Or, you know, you can stop being paranoid....

Re:Never do anything on the actual computer

[myowntrueself]

Or, you know, you can stop being paranoid....

Just because you are paranoid doesn't mean they aren't out to get you.

Re:Never do anything on the actual computer

[Qzukk]

If it costs 10 cents to run an ad that infects your computer and captures your bank account information, then as long as your bank account has 11 cents in it, they turned a profit.

Re:Never do anything on the actual computer

[Qzukk]

I did exactly this, using Qubes at home. It took a little getting used to, but once you get the hang of it, it makes sense. It greatly reduces the risk of things like XSS and browser exploits leaking banking or other important information. I don't particularly consider myself the enemy of any state, but the increasing number of drive-by exploits targeting Joe Nobody for the purpose of extracting money (whether ransomware, stealing card numbers, whatever) makes this a reasonable course of action even for people not participating in espionage or whatever.

Shame that trying to game in a VM sucks hard, but that's the tradeoff.

Re:Never do anything on the actual computer

Interesting idea. Couple of small issues:

1) The main computer still needs access to the internet for the VMs to work. Sure, if that computer runs *ix it's unlikely to be directly attacked (unlike Windows), but it does still leave a few avenues that if used could effectively own all the VMs on that machine.
2) From a user convenience standpoint, the VMs need to be set up so they can be started and automatically run the application you want to use in them. Yes, relatively trivial, but that doesn't happen by itself. Too bad there isn't a way (as with DOSBox) to just have some (read-only after creation and testing) config files that can be used to run the VMs from a menu (shades of DOS itself!).

There is no perfect security. But as Jerry Pournelle famously said "Better is the enemy of Good Enough." I like the multiple-VM idea - offshoot of the way I do testing of new or alternative OSs and configurations. It's definitely Better than running everything in one browser as an administrative user (the default if logged in using a MS Account at setup time) in Windows 10. If only Linux power management worked as well as Windows' in the laptop ... that would be the ideal place for the multiple-VM approach described above because of its use in unprotected network environments, and locking Win10 up in a VM would allow better control of its chattiness.

Used unthinkingly, VMs for internet access could be like some businesses that have a hard firewall around the network but, for "management" reasons, insist on no firewalls on computers within the network. The result of that is left as a LOL for the reader. It doesn't have to be that way (even with Windows - and shouldn't be that way especially with Windows), since most management software works fine with firewalled client computers. Don't be that business - include basic security in the VMs.

Re:Never do anything on the actual computer

[joboss]

VM is stage one, there are a lot of ways to do things. If you're really serious about security there are a few things, excluding physical access threats: Separate offline machine, use sneaker net to communicate. Ensure process is one way! You can also have one way systems using public/private key in a pinch. How you backup is also actually important. Backup everything from disks to firmware. Incremental backups are a great way to detect changes that viruses might leave around. Isolate the various machines on your network and definitely secure your router. Allow then deny (whitelisting) is great and can be taken to extremes if you're really security conscious but it can be rather inconvenient for general browsing even if you have a prompt system. Advert blocking including DNS lists can be productive. It would actually suggest having at least some basic anti-virus, just not one of those modern horror suites. With this you can at least double check if you missed something.

Re:Never do anything on the actual computer

And we hope that nobody is ever able to slip a rootkit that will bypass your lovely VM green/yellow/red system and compromise your system at the hard drive / CPU kernel / keyboard hardware level undetected, effectively creating its own "black" system on your machine that will spy on green processes. But I agree it's probably the best thing to do today.

Re:Never do anything on the actual computer

Gaming might suck even with the host system with direct access to hardware. The presence of the (Hyper-V) hypervisor causes stuttering with some system configurations and games.

Re:Different protections for different threats, en

So what if you're a carrier? I don't give a fuck if my human body is a carrier of octopus plague, because I'm almost certainly never going to meet an octopus. (And if an octopus ever breaks into my house, that's his problem.)

This so-called "virus" is just dumb data. I'm not going to chmod +x it, ever. I didn't get it from my distro, so I'm not running it.

Saying I should worry about carrying viruses for niche OSes, is like saying I should worry about one of my TV show videos containing "subversive" messages. If you're watching my videos and you're impressed by Major Frank Burns' world view, that's your fault, not mine. I didn't tell you to +x that, either.

Running without AV may be safer in some instances.

With the recent vulnerability in Symantec End Point protection you were less secure with it than without it.

I just run Kaspersky

And since I'm not a target for the Russian government that means I'm as safe as its possible to be. I don't trust American AV apps because of the NSA and because in my experience the people who write them are not the best in our field whereas security and breaching security is all the Russians do. Simplistic -- maybe, but whatever.

Surf fully sandboxed

[ITRambo]

I only surf fully sandboxed. Twice in the past four years zero-days told me I was infected. A reboot said otherwise as the sandbox was deleted. There is no reason to surf the web other then virtualized.

Re:Surf fully sandboxed

My laptop has 2 GB RAM and a dual-core processor. I can't surf virtualized. But that's OK; what browser exploits are there that don't target Java, Flash, or a Microsoft browser?

Re:Surf fully sandboxed

[cfalcon]

> what browser exploits are there that don't target Java, Flash, or a Microsoft browser?

Anything that exploits Javascript on Chrome (or Firefox, or blah blah blah)...

Just Ctrl+F here for "javascript":

https://www.cvedetails.com/vul...

Re:Different protections for different threats, en

[Carewolf]

That's not my point.... the simple fact that he would even mention it as a contributing factor to not bother with AV software *IS* evidence that it is lulling him into the exact same sense of security that might happen with AV software.

I run Linux, and I don't bother with AV software either, but it's not because I run Linux, it's because AV software is shit.

No I think he mentions it because there ARE no anti-virus software FOR Linux, there AV software running on Linux but they are all against viruses targetting other platforms, primarily because while Linux get targetted by many different types of exploits, so far there haven't been any traditionally viruses.

The one and only reason to run AV

[twms2h]

There is exactly one reason to run Anti Virus software: To be able to say you did, if something bad happens. E.g. your bank account gets hacked. Your bank will ask whether you were running AV software. Even it the software is crap, you have to run it otherwise they will try to put the blame on you. Same with your work computer: Somebody in the intranet (not necessarily you) catches a virus. The admin will check whether everybody runs AV. If you don't, you will be blamed. Even if the admin knows that AV is mostly snake oil, he will still try to put the blame on you so it isn't on him. Or if you are the admin yourself, you also probably want everybody run AV because otherwise the PHB will blame you.

Re:The one and only reason to run AV

[eaglesrule]

If your system gets compromised by years-old known malware because you think that %100 detection rate for all future malware is necessary to consider AV effective, then yes I'd say PHB has ever reason to blame you. If you're an admin, likely you have better things to do than restore user's files from backup because last year's version of cryptolocker found its way onto the system.

Re:Different protections for different threats, en

[mark-t]

Yes, there is... the place where I used to work had a Linux antivirus program on their email server that would check any atttachments for Windows viruses (most of the computers on the network ran windows).

Re: Different protections for different threats,

I don't think you realized it or not but you are making the case FOR Linux. You stated you have Linux workstations and servers that are never updated because they are scared something might break. And yet, you still haven't gotten a virus or been owned.

Try doing the above with a Windows machine and see what that gets you.

So they're going for security through obscurity

Neither of them wants to talk about their own setup because it would make them more vulnerable... in other words they feel they are more secure if the obscure their practices from their adversary...

Re:Different protections for different threats, en

[CannonballHead]

so far there haven't been any traditionally viruses

What are these?

Autoruns - Windows Sysinternals

[Trax3001BBS]

It won't stop malware from being installed but it will sure show you where it's at (root-kits iffy).
https://technet.microsoft.com/...

If you use a Mail reader like Forte Agent: Options unhide Microsoft entries, and save resources by disabling all of MS's email sub systems (and there are many).

It will also show any files missing (mostly Codec's),

But well worth running (as admin) often.

I haven't run an AV in ages, I put a lot of trust in my HOSTS file, and autoruns just to keep check.

Not what you think they are

[raymorris]

> What are these?

The first one is an Intel processor instruction. Nothing really to do with either Linux or viruses.

The second points out that executables contain unused bytes. In theory,there is space for someone to add code without making the file bigger.

The third never existed in the wild, as far as I can tell.

The fourth is a legit virus.

The fifth is another research curiousity - it allows root to break files. It's supposed to demonstrate a concept for a trojan, but instead if makes them not run at all.

The sixth is somebody's homework, which they titled "a good natured virus". Again, not a virus ever seen in the wild.

The seventh is in a language I can't read.

The eighth is the same site as the second - again talking generally about how someone could go about adding a trojan to an executable. Not a virus.

So one actual virus, in the first eight. I got bored after that. On the other hand, there are over 100,000 known Windows viruses.

Re: AdBlock = inferior + 'souled-out' vs. hosts

fuck off you useless piece of shit!

Re: Best hosts file creator?

fuck off your so called hosts program is a fucking fraud as are you

Re: Best hosts file creator

release the code you fucking fraud and let us determine if the code is safe. no one uses your crap software except for you and your mom, who is a shitty lay by the way

Email encryption and the damn network effect

[Rexdude]

He does regularly encrypt his e-mail, "but he doesn't recommend that average users scramble their email, because he thinks the encryption software is just too difficult to use."

How on earth do you use encrypted mail unless all your recipients also do the same, i.e. have public/private keys of their own that are configured in their email clients? He probably does communicate with other security minded folk who also use encryption, but the vast majority of ordinary people neither know nor care about these things.
The biggest drawback to encrypted anything is that it requires everybody to use it. There's plenty of open source and secure alternatives to popular apps but there's no point in recommending say, Signal or Toxwhen all the people you know couldn't be bothered to get off Whatsapp.

VM, even games

Shame that trying to game in a VM sucks hard, but that's the tradeoff.

Ultra high end games might suffer some in VM but most games run just fine for me. VMWare 12 and the equivalent Free VMPlayer work great with up to DirectX 10 and a version of OpenGL that I don't recall atm. version 12 also allows pass-through of up to 2GB of Videocard memory for the games. Hell, I even run Steam in a VM. There are some DRM heavy games that actually check to see if they are in a VM and will refuse to run if they are but there are sooo many games that run fine.

Re:VM, even games

[Qzukk]

One of many guides for it that I've read using a second video card and monitor hookup with the card itself assigned to a VM using IOMMU with something like 97% benchmark performance of bare metal, but I don't have a second video card to try it with, so I'm stuck with playing 2D games in a window.

It's been audited by a respected security pro

Who hosts + recommends it proven safe @ VirusTotal (all in my post - learn to read). I won't release my code to be abused as Google Chrome was https://thestack.com/security/2015/10/20/efast-malware-hijacks-browser-with-chrome-clone/ & /.'ers like & use it https://news.slashdot.org/comments.pl?sid=9533491&cid=52744939/

APK

P.S.=> I've got good code others like + use. You don't. You wouldn't know how to code much less audit it & I see you can't prove my points wrong on hosts' superiority to adblock either... apk

/.'ers disagree outnumbering you

his hosts program is actually pretty good by xenotransplant

his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg

I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon

take a look at the APK hosts file engine by SuperKendall

APK is kinda right. I've tried his hosts file generating software. It works by bmo

APK is totally right on this count. Adblock Plus on Firefox mobile is a dog on older, or lower end, phones. A hostfile based adblocker makes for a much better experience by chihowa

I like your host file system by Karmashock

I find your hosts file admirable by vel-ex-tech

* My code's liked/used + recommended & hosted by Malwarebytes' hpHosts - how about you?

APK

P.S.=> See subject & those quoted /.'ers - want more? apk

"Raging foaming @ the mouth's" best ya got?

See subject: Then it's been a pleasure reducing you to it seeing you fail @ validly technically proving me wrong https://it.slashdot.org/commen...

* :)

APK

P.S.=> Maintain your dignity trolling unidentifiable worm & have you considered decaf? Lmao... apk

Best adblocker & far more bar-none

APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?...

Ads rob speed, security (malvertising), privacy (tracking).

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively.

Works vs. caps & PUSH ads.

Avg. page = big as Doom http://www.theregister.co.uk/2... & ads = 40% of it.

Hosts != ClarityRay blockable (vs. souled-out to admen inferior wasteful redundant slow usermode addons)

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus (slows you) + less security issues/complexity.

Compliments firewalls (blocking less used IP addys vs. hosts blocking more used domains) & DNS (lightens dns load).

Gets data via 10 security sites.

APK

P.S. - Safe https://www.virustotal.com/en/... (Verified by Malwarebytes' S. Burn "seen the code & it's safe" http://forum.hosts-file.net/vi... )

AdBlock = inferior + 'souled-out' vs. hosts

Adblock can't do (or do as well) 16 things hosts do 4 speed, security & reliability:

1.) Protect vs. bad sites (past ads)
2.) Protect vs. fastflux botnet C&C servers
3.) Protect vs. dynamic dns botnet C&C servers
4.) Protect vs. DGA botnet C&C servers
5.) Protect vs. downed DNS (reliability)
6.) Protect vs. DNS redirect poisoned/downed dns
7.) Protect vs. trackers
8.) Protect vs. spam payloads
9.) Protect vs. phish payloads
10.) Protect vs. caps
11.) Get past dns blocks
12.) Keep off dns request logs
13.) Speed up 2 ways (adblocks & hardcodes)
14.) Work on anything webbound multiplatform.
15.) Ez data edit
16.) Block ads more efficiently in cpu/ram/I-O use

APK

P.S.=> Ab+ does less vs. hosts less efficiently (a 128-151mb memory hog http://cdn.ghacks.net/wp-conte...)

ClarityRay defeats it

Ab+'s bribed not to work by default http://www.businessinsider.com...

AdBlock's SLOWER: http://superuser.com/questions...

Re:AdBlock = inferior + 'souled-out' vs. hosts

[Coren22]

You do realize that spamming the same message won't get you noticed more don't you?

Also, since I have technically disproved numerous parts of your spam, does that mean you have to change your spam?

Coren22 off-topic stalking me AGAIN? LMAO!

Coren22 let's revisit what you constantly "Run, Forrest: RUN!!!" from, ok?

"APK, I have done so much more than you" - by Coren22 (1625475) on Thursday August 11, 2016 @12:19PM (#52684621)

Coren22 what commercialware's your code as mine's is? Does malwarebytes host + recommend your work as mine currently is? What trade show did your work do well in like mine? What books, magazines, newspapers articles in computer science feature your work like I've done? You say you've done more in middle school. Ok, what was that?

What I notice is you ALWAYS RUN from that (since you're a do-nothing "ne'er-do-well" LIMITED menial), lmao - Jealous, Coren22? Yes.

APK

P.S.=> "... And silence reigned in heaven for about the space of an hour..." (silence is TRULY golden: Priceless in fact & yes, coren22 WILL avoid that as he has zero to show for himself (except more bullshit on how he hides behind his fake name online reflecting his fake life))... apk

Additionally - it's not spam: I'm on topic

See subject Coren22: It's a fact along w/ another fact - you'll never be noticed. Why? You haven't done anything noticeable https://it.slashdot.org/comments.pl?sid=9582135&cid=52799295/

APK

P.S.=> Lastly, you've never proven anything wrong of mine - you're incapable of it since you're unskilled in the art & science of computing... but I have totally BLOWN YOU AWAY many times, should I list a few with quotes of your utter screwups? Just ask... apk

Re:Additionally - it's not spam: I'm on topic

[Coren22]

Um, it is spam, you posted it 3 times because you were down modded. That is spamming, and it is spam also because you are advertising a commercial product when people are not requesting your advertisement. Spam is defined as "Unsolicited commercial advertisement", so can you show how your posts are not spam? Spam can also be the process of sending numerous duplicate messages, which is also what you are doing here, how is this series of posts not spam?

Have you figured out a addon for Chrome we can run to filter out your garbage yet?

Hosts block those trackers... apk

See subject: star.slashdot.org (iirc, that's 1 of them) can be added to a custom hosts file to block more tracking done here (or elsewhere) by monitoring what sites Slashdot.org or its scripts redirect or send you thru using tools like wireshark or NirSoft's Network Latency Viewer (or other tools of his will also) - once you determine their hostname, they're bypassed/nullified (& you go faster as well as a bonus)!

* Yes, it's that simple to cut those other tracking systems off that you noted here (or elsewhere online again) too!

APK

P.S.=> You can cut the script sources (or not use scripts OR cookies in your browser) to finish the job off completely also... apk

Best hosts file generator

APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?...

Ads rob speed, security (malvertising), privacy (tracking).

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively.

Works vs. caps & PUSH ads.

Avg. page = big as Doom http://www.theregister.co.uk/2... & ads = 40% of it.

Hosts != ClarityRay blockable (vs. souled-out to admen inferior wasteful redundant slow usermode addons)

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus (slows you) + less security issues/complexity.

Compliments firewalls (blocking less used IP addys vs. hosts blocking more used domains) & DNS (lightens dns load).

Gets data via 10 security sites.

APK

P.S. - Safe https://www.virustotal.com/en/... (Verified by Malwarebytes' S. Burn "seen the code & it's safe" http://forum.hosts-file.net/vi... )

It's on topic unjustifiably downmodded

See subject - Prove my points in that post validly technically wrong OR quit stalking me.

APK

P.S.=> Your 6 pm to 10 pm sockpuppet must be exhausted of modpoints... apk

Additionally it's not "commercial" ware

See subject: It's 100% FREEWARE & you're the one downmodding me (you cheat the mod system https://slashdot.org/comments.pl?sid=9588415&cid=52804645/ to do it in that post of yours) so I just repost my posts - your "downmod points" aren't valid UNLESS YOU PROVE ME VALIDLY TECHNICALLY WRONG & you cannot do it (no more than you can show us you've done anything good in the art & science of programming which is the ultimate evolution in our field, NOT being a mere techie/admin menial who are helpless minus coders creating tools for them to use - which I do & folks here like + use it - how about YOUR creations? Zero)

You've stalked & trolled me TWICE lately using your account here COMPLETELY OFF TOPIC https://slashdot.org/comments.pl?sid=9577115&cid=52791605/ and https://it.slashdot.org/comments.pl?sid=9582135&cid=52799295/ which is proof of who does what here (you're the stalker troll do nothing).

APK

P.S.=> Keep blowing those "downmod points" Coren22 - as usual, I'm smart enough to get you to do that & then as usual? You have NOTHING but egg on your face as a "ne'er-do-well" stalking harassing libeling lying do nothing blowhard that can't back up your bullshit and you use a fake name online to do it because you are nothing (& you know it - you prove it to us by not being able to show a damn thing to your credit but I can to mine, lol)... apk

Re:Additionally it's not "commercial" ware

[Coren22]

No, that post specifically proves that I don't. If I was the one down modding you, as soon as I posted as me, the mods would disappear. Your ignorance does not imply me cheating anything.

I don't need to down mod you, plenty of others down mod your offtopic trolling shit on their own.

Nobody proves my points wrong though

See subject: So your bogus downmods are exactly that - bogus (& you know it)...

APK

P.S.=> Coren22, you're a trolling scumbag hiding behind a fake name online harassing others & you're a do nothing "ne'er-do-well" - & THAT is the real reason you use a fake name online for your FAKE miserable failure of a life... apk