Kaspersky BENCHMARKS the shit out of Norton, McCrapee and most others reliably over longer periods of time.
Show us the code, the detail and the proof it has a backdoor or exploit. An open availability of technical explanations proving there is an exploit makes it credible. We've got them for just about everything else so this one stands at odds as an outlier which should ring alarm bells that its political and not founded.
There are two layers of logic to this:
You take the risk Kaspersky installs malware via some backdoor because Kremlin (no proof yet still waiting). Considers your desktop machine a valid target. Under this situation assuming everyone has a ticking time bomb installed on their computer for the Kremin to manipulate is not unprecedented. Welcome to the last 20+ years of insecure by design Adobe flash products.
You ARE ACTUALLY running something that is of state,corporate 'secret' level, controls a national grid, controls some real world system that could kill people, controls governmental sensitive emails. Then why is it running anything other than a hardened lunix BSD OS anyway?!?
Even more specifically, there have been any number of incidents of AV vendors pushing bad updates too. Now, who's to say that at least *some* of those bad updates were not done deliberately to cause disruption to one or more of their recipients? It would be trivial for a vendor in the pocket of a state actor to work out when Target #4796617's next AV update is due and start pushing out a bad patch just before that scheduled update then pull the update once they know they've got a hit.
Yeah, but the insidious problem with Kaspersky is the Russian government is so corrupted with the Russian Mafia who are tied to the criminal ramsonware and malware that you can't trust them especially! Even if you use an American one that the US has the private keys for you can be assured there is no Mafia or criminal gangs associated with them as well.
Not saying I agree with what you are saying but I would rather drink a poison of an American corporation (I am American) than the Russian government/hackers anyday.... actually to give me a +mod 5 Linux would be the best way but even Ubuntu was caught doing telemetry. Yes, I am using Chrome too typing this but no other good modern browser exists so what choice do I have?
But in the real world I want a usable desktop and be able to edit my resume and work on spreadsheets that look the same on my bosses Windows based PC. That means Windows like many users.
Israelis caught them being used to spy upon it's users which is why it is banned by the US government. In addition it replaces SSL certificates with their own doing MITM attacks and sniffing de-encrpyting your data.
I noticed Google Chrome even hides certificates now in the address bar after AV software was caught doing this! Coincidence?
Not only would I uninstall it. I would re-image too if you have to use Windows. You can't trust whatever backdoors or spyware Kaspersky could have changed in the Windows Registry or done to your system.
If Microsoft ported Edge to other major OSes, then I think we'd start to see its usage grow. A lot of us are sick and tired of Firefox and moz://a shitting all over us users, and we don't really want to use Chrome, either, because of Google's involvement. And we sure as fuck won't go anywhere near Opera, now that the Chinese are allegedly involved with it. Pale Moon destroyed its reputation during the AdNauseam debacle. So we're stuck using browsers like those until Microsoft gets Edge ported to other OSes.
Looking at the rest of the site (I am not a web architect but others reading this post who are please reply) show some red flags. Curl shows it uses IIS 7.5 which went EOL in 2015!
Not sure what you're talking about - IIS 7.5 is win2008R2, and Microsoft will be releasing patches for that for many years to come:
No. The solution is that there should be such backlash and such bad press from advertising on sites for high profit companies centered around highly sensitive information, like Equifax and Transunion, or sites which contain HIPAA protected information, etc., that risking malvertising should result in the immediate firing of a CEO, CIO and CTO.
They should not be forgiven for this. Forgiving them only encourages negligence in the name of profit. What benefit is it to the consumer to have their data and personal computer put at unnecessary risk? What benefit is there to the economy to increase the amount of micromanagement required of every citizen?
You can't change human nature my friend. Money talks shit walks is an old 1980s saying that rings so true. Greed wins everytime throughout history and is part of our human psyche. Even if you make a new HIPAA act you still have the problem of the rest of the web including the 1,000 other sites.
Website owners have a right to want to be paid and not host things for free. The solution should be a safe way to do this and an organization like we do with SSL certificates monitor it. I still will use an ad blocker, but am not opposed for ethical safe ads to help out sites like slashdot.org who I want to help. I can't because before I used Adblock my AV scanner caught a malvertisement with a banking trojan here on www.slashdot.org in 2011!
I am not opposed to more regulation. I think using old browsers, unpatched WWW software, and not using standard good security practices should be a hefty penalty with HIPPA or PCI (credit cards). But that is not going to happen with the Trump Whitehouse and Republicans owning both houses.
Are you actually saying that it's not their fault because A) the ads make them money, and B) the contracts are too hard to understand? Is that really what you are claiming? Because that is laughable at best and moronically idiotic at worst.
No. What I am saying basically is the CEO can't turn off the adnetworks as he would be fired immediately. What we have in my other post is a broken system that even if you sign such a contract with an ad network it is still out of their control as they outsource to someone and so forth. I am sure they have clauses in these to prevent them from being sued due to incompetence down the chain.
We need to verify the identity similar to how DNS is being used to prevent spam/phising in Email with DKIM keys in the DNS records. Even then all someone has to do is hack one of the *trusted* partners or channels to infect the whole chain.
I would be in favor of the government forcing insurance on websites for liability. This would force auditors to put in security but it won't happen as the US government is way too far to the right now to believe in regulation not to mention Silicon Valley is in the district of the top Democrat Miss Finstein who also don't want to be sued or pay for insurance and will fight tooth and nail via campaign contributions.
We need a solution to keep the ads in (as sorry but you will never see anyone say no to money), but verify content has not been altered via a man in the middle and to verify the identity of each player and a trust needs to be setup similar how we use certificates for websites today. Just a few ideas.
Scripts are completely unnecessary. The web worked perfectly fine back before all these bells and whistles were added. Things loaded fast, they didn't need so much bandwidth, and things were much more stable - I still have sites where I see the unresponsive script error.
Some sites have so much crap that they are just unusable. The web is becoming this big fat slow thing that I find myself spending less and less time on.
... yeah as you type this comment with a reply button using logic run in JavaScript.:-)
That is unrealistic. Slashdot as an example can't sort through thousands of comments, let you post, filter by score, etc without Javascript. People keep saying this over and over again but I do not want a 1996 Mindspring page with sparkly jpegs in the background with just colored text.
The web is a platfrom and has been since the late 1990s when Javascript took off. It will not be usable without and not to mention how can you tell a CEO he has to say no to $100,000,000 a year in from the ad networks on a site that costs money to produce?? It ain't gonna happen even if the CEO is not a moron who understands a little about security. You can't say no to money when you are publicly traded company.
We need to get rid of JavaScript. We need to use a more secure language in our web sites: Rust. Web browsers should only support running Rust scripts, and only Rust scripts from the same origin as the web page that refers to them. That would avoid a lot of these problems.
Rust can just as easily display a page asking to install something. A language by default is designed to execute code.
HA! Good luck buddy. I read Trans-Union makes $233 million a year from these adnetworks. You think they will sit and take this or fight out tooth and nail!
We have a political party who feels any regulation === communism and we will turn into Venezuela if we secure people quite literally! Diane Feinstein who is the leader of the other party is based in Silicon Valley.
You think Silicon Valley who makes up her district which makes money off these slimy ad networks and supplies her with voters and millions of campaign contributions is going to put an end this? Hell no!
I would not be surprised if the new tax bill includes sections to PREVENT litigation in order to help secure the job creators and Miss Finstein will side with the Republicans on this based on her district and money from the.COMs she has received who do not want to be sued.
The corruption is so bad it stinks and everyone who is doing the ill deeds are selfish to the nth degree and only care about their own interests.
If it's your website, you are responsible for the ad content you serve on it. This ridiculous "pass the buck" ecosystem that we've allowed to be created is the problem. End users who get infected by a bad site are told "Oh, gee, well I guess you should just use an antivirus. Also, pretty please turn off your ad blocker so we can make a little money to keep the site running for you?". The end user has no way of knowing who the ad network is, nor do they have any way to hold that network responsible.
No, this is ABSOLUTELY Equifax and Transunion's fault. THEY are serving bad ads on their site. THEY are the ones who contracted with companies with terrible security. THEY are the ones inserting that bad security into their web site. THEY are responsible for any breaches as a result of that negligence. It's time to stop allowing these sites to keep getting away with this behavior over and over.
They are a for profit company. A comment in the parent URL mentioned they make $233,000,000 a year in ads. That is alot of cash. They can't just say no. The shareholders have a right to demand a return and not make their website for free as it costs money to produce and Trans-Union has a fiduciary responsibility .
Who they outsource with has no control who they outsource with and they bid with another sourcer and so on. It's impossible to keep track and secure.
Each site freaking horrible 20+ ad networks, brokers, analytics, and marketing networks middleman who are the ones being compromised. It is the fireclick.js which directs data from somewhere that uses data from somewhere which then piggybacks from somewhere else until BAM the malware JS gets executed and the pop up appears.
This system is totally unacceptable and retarded! All it takes if you use 20 different ad networks with ad brokers gettings things from the highest bidder is JUST ONE compromised or malicious player and the the trust is done.
Looking at the rest of the site (I am not a web architect but others reading this post who are please reply) show some red flags. Curl shows it uses IIS 7.5 which went EOL in 2015! No COR headers so cross domain shit can be run from anywhere from the network of players, and no forcing HTTPS to prevent snooping in a man in the middle attack.
This is why we run adblockers. And website owners have the gullibility to call us thieves for doing so. I mean even the bad SSL certificates have trusts in a chain. There is no trust when anyone can insert themselves in without encryption.
We need a better solution from the IEEE or W3C or something to address the problem.
Of course, robots cannot take most jobs completely, but if they take 95% of a job, you still have just one human of 20 that gets to keep that job. As to actual "wisdom", you will find that the average person has close to none, and that those that have more find it is not in high demand.
Yeah, but you aren't looking at that one human who has a job value? With 19 desperate starving people willing to work below minimum wage to feed their malnurished children you think the boss is going to want to pay a middle class salary and lifestyle??
We all suffer just like the H1B1 visa to this day has brought wages below 2000 17 years ago across the board in I.T. outside of programming. Even if you speak english and were never outsourced you are competing with those who were who are desperate for a job and will do anything to get and keep one!
No raise for you and by the way I want you to do the work of 2 men for 70 hours a week and get no vacation. If you don't like it I have 5 more candidates right here ready to work for less and kiss my feet etc.
The president is an example of people with below 100 IQs voting for things like moral values and less educated being over represented in the electoral college and districts which the GOP likes to keep them in power.
The problem is the public turned on them with Trump.
With the far right win in the US I think we know the answer. They will blame the workers for being lazy and not being smart CEO's like the rest of the people and they should go get jobs
Only Briebart and Fox is unbiased if you ask any Trump supporter. If any news outlet talks about Russia it is a lie by the libtards and part of the fake news if it doesn't agree with their ideology.
This range of very active volcanoes have been discovered. Perhaps no one put the 2 together? Or maybe steam from one that is about to erupt could be sending heat beneath the ice pack.
One Island on Antarctica's shores has a Caldera supervolano similar to Yellowstone that produces hot springs for warm bathing by humans. Even if there is no eruption some steam and hot water ahead of one can give off an incredible amount of heat under an already stressed ice pack.
TLDR; Web servers, 33.5% Windows, the rest are Unix/Linux variants. Supercomputers, 99.8% Linux Mainframes, 72% Unix
Lots of references on that page if you want to check up the sources.
These are webservers. I stand by my comment. I see I have been modded down already by Linux ethusiasts but I am not a troll. In reality I see Windows Server in large deployments in every company I ever worked for. I do not buy it that WIndows Server is a minority in a fortune 1000 company and especially a small business. Slashdotters maybe mobile developers are speciality engineers but outside of the niches I just do not see it.
I could be an outliner and I want someone to refute me. The suits LOVE Microsoft unfortunately in the MDF too and not just the on the desktop. A byproduct from a different era but still valid.
Show me a counter study? Sure Linux is there in bigger companies to run things like maybe their website and a few customized apps. But I always see racks and racks of Windows Servers clustered running everything else.
Maybe I am an outliner? I have seen a few AS 400s back in the day and my previous employer had 2 ancient sunfire Solaris boxes they were planning to retire to WIndows Server 2016 this fall. But, they all ran Windows Server.
Slashdot Mirror
Absolute FUD.
Kaspersky BENCHMARKS the shit out of Norton, McCrapee and most others reliably over longer periods of time.
Show us the code, the detail and the proof it has a backdoor or exploit. An open availability of technical explanations proving there is an exploit makes it credible. We've got them for just about everything else so this one stands at odds as an outlier which should ring alarm bells that its political and not founded.
There are two layers of logic to this:
Here is the citation of proof of Kremlin involvement
Even more specifically, there have been any number of incidents of AV vendors pushing bad updates too. Now, who's to say that at least *some* of those bad updates were not done deliberately to cause disruption to one or more of their recipients? It would be trivial for a vendor in the pocket of a state actor to work out when Target #4796617's next AV update is due and start pushing out a bad patch just before that scheduled update then pull the update once they know they've got a hit.
Yeah, but the insidious problem with Kaspersky is the Russian government is so corrupted with the Russian Mafia who are tied to the criminal ramsonware and malware that you can't trust them especially! Even if you use an American one that the US has the private keys for you can be assured there is no Mafia or criminal gangs associated with them as well.
Not saying I agree with what you are saying but I would rather drink a poison of an American corporation (I am American) than the Russian government/hackers anyday. ... actually to give me a +mod 5 Linux would be the best way but even Ubuntu was caught doing telemetry. Yes, I am using Chrome too typing this but no other good modern browser exists so what choice do I have?
But in the real world I want a usable desktop and be able to edit my resume and work on spreadsheets that look the same on my bosses Windows based PC. That means Windows like many users.
Man things are depressing these days.
Israelis caught them being used to spy upon it's users which is why it is banned by the US government. In addition it replaces SSL certificates with their own doing MITM attacks and sniffing de-encrpyting your data.
I noticed Google Chrome even hides certificates now in the address bar after AV software was caught doing this! Coincidence?
Not only would I uninstall it. I would re-image too if you have to use Windows. You can't trust whatever backdoors or spyware Kaspersky could have changed in the Windows Registry or done to your system.
Oh really?
Looking at the rest of the site (I am not a web architect but others reading this post who are please reply) show some red flags. Curl shows it uses IIS 7.5 which went EOL in 2015!
Not sure what you're talking about - IIS 7.5 is win2008R2, and Microsoft will be releasing patches for that for many years to come:
https://blogs.technet.microsof...
win2008R2 is out of "mainstream" support, but is in "extended" support.
Not that Equifax & Transunion don't have lots of other flaws...
Server 2008 R2 is, but IIS 7.5 is not.
No. The solution is that there should be such backlash and such bad press from advertising on sites for high profit companies centered around highly sensitive information, like Equifax and Transunion, or sites which contain HIPAA protected information, etc., that risking malvertising should result in the immediate firing of a CEO, CIO and CTO.
They should not be forgiven for this. Forgiving them only encourages negligence in the name of profit. What benefit is it to the consumer to have their data and personal computer put at unnecessary risk? What benefit is there to the economy to increase the amount of micromanagement required of every citizen?
You can't change human nature my friend. Money talks shit walks is an old 1980s saying that rings so true. Greed wins everytime throughout history and is part of our human psyche. Even if you make a new HIPAA act you still have the problem of the rest of the web including the 1,000 other sites.
Website owners have a right to want to be paid and not host things for free. The solution should be a safe way to do this and an organization like we do with SSL certificates monitor it. I still will use an ad blocker, but am not opposed for ethical safe ads to help out sites like slashdot.org who I want to help. I can't because before I used Adblock my AV scanner caught a malvertisement with a banking trojan here on www.slashdot.org in 2011!
I am not opposed to more regulation. I think using old browsers, unpatched WWW software, and not using standard good security practices should be a hefty penalty with HIPPA or PCI (credit cards). But that is not going to happen with the Trump Whitehouse and Republicans owning both houses.
Are you actually saying that it's not their fault because A) the ads make them money, and B) the contracts are too hard to understand? Is that really what you are claiming? Because that is laughable at best and moronically idiotic at worst.
No. What I am saying basically is the CEO can't turn off the adnetworks as he would be fired immediately. What we have in my other post is a broken system that even if you sign such a contract with an ad network it is still out of their control as they outsource to someone and so forth. I am sure they have clauses in these to prevent them from being sued due to incompetence down the chain.
We need to verify the identity similar to how DNS is being used to prevent spam/phising in Email with DKIM keys in the DNS records. Even then all someone has to do is hack one of the *trusted* partners or channels to infect the whole chain.
I would be in favor of the government forcing insurance on websites for liability. This would force auditors to put in security but it won't happen as the US government is way too far to the right now to believe in regulation not to mention Silicon Valley is in the district of the top Democrat Miss Finstein who also don't want to be sued or pay for insurance and will fight tooth and nail via campaign contributions.
We need a solution to keep the ads in (as sorry but you will never see anyone say no to money), but verify content has not been altered via a man in the middle and to verify the identity of each player and a trust needs to be setup similar how we use certificates for websites today. Just a few ideas.
Scripts are completely unnecessary. The web worked perfectly fine back before all these bells and whistles were added. Things loaded fast, they didn't need so much bandwidth, and things were much more stable - I still have sites where I see the unresponsive script error.
Some sites have so much crap that they are just unusable. The web is becoming this big fat slow thing that I find myself spending less and less time on.
... yeah as you type this comment with a reply button using logic run in JavaScript. :-)
That is unrealistic. Slashdot as an example can't sort through thousands of comments, let you post, filter by score, etc without Javascript. People keep saying this over and over again but I do not want a 1996 Mindspring page with sparkly jpegs in the background with just colored text.
The web is a platfrom and has been since the late 1990s when Javascript took off. It will not be usable without and not to mention how can you tell a CEO he has to say no to $100,000,000 a year in from the ad networks on a site that costs money to produce?? It ain't gonna happen even if the CEO is not a moron who understands a little about security. You can't say no to money when you are publicly traded company.
We need to get rid of JavaScript. We need to use a more secure language in our web sites: Rust. Web browsers should only support running Rust scripts, and only Rust scripts from the same origin as the web page that refers to them. That would avoid a lot of these problems.
Rust can just as easily display a page asking to install something. A language by default is designed to execute code.
This.
NOTHING will change until litigation kicks in.
HA! Good luck buddy. I read Trans-Union makes $233 million a year from these adnetworks. You think they will sit and take this or fight out tooth and nail!
We have a political party who feels any regulation === communism and we will turn into Venezuela if we secure people quite literally! Diane Feinstein who is the leader of the other party is based in Silicon Valley.
You think Silicon Valley who makes up her district which makes money off these slimy ad networks and supplies her with voters and millions of campaign contributions is going to put an end this? Hell no!
I would not be surprised if the new tax bill includes sections to PREVENT litigation in order to help secure the job creators and Miss Finstein will side with the Republicans on this based on her district and money from the .COMs she has received who do not want to be sued.
The corruption is so bad it stinks and everyone who is doing the ill deeds are selfish to the nth degree and only care about their own interests.
If it's your website, you are responsible for the ad content you serve on it. This ridiculous "pass the buck" ecosystem that we've allowed to be created is the problem. End users who get infected by a bad site are told "Oh, gee, well I guess you should just use an antivirus. Also, pretty please turn off your ad blocker so we can make a little money to keep the site running for you?". The end user has no way of knowing who the ad network is, nor do they have any way to hold that network responsible.
No, this is ABSOLUTELY Equifax and Transunion's fault. THEY are serving bad ads on their site. THEY are the ones who contracted with companies with terrible security. THEY are the ones inserting that bad security into their web site. THEY are responsible for any breaches as a result of that negligence. It's time to stop allowing these sites to keep getting away with this behavior over and over.
They are a for profit company. A comment in the parent URL mentioned they make $233,000,000 a year in ads. That is alot of cash. They can't just say no. The shareholders have a right to demand a return and not make their website for free as it costs money to produce and Trans-Union has a fiduciary responsibility .
Who they outsource with has no control who they outsource with and they bid with another sourcer and so on. It's impossible to keep track and secure.
Each site freaking horrible 20+ ad networks, brokers, analytics, and marketing networks middleman who are the ones being compromised. It is the fireclick.js which directs data from somewhere that uses data from somewhere which then piggybacks from somewhere else until BAM the malware JS gets executed and the pop up appears.
This system is totally unacceptable and retarded! All it takes if you use 20 different ad networks with ad brokers gettings things from the highest bidder is JUST ONE compromised or malicious player and the the trust is done.
Looking at the rest of the site (I am not a web architect but others reading this post who are please reply) show some red flags. Curl shows it uses IIS 7.5 which went EOL in 2015! No COR headers so cross domain shit can be run from anywhere from the network of players, and no forcing HTTPS to prevent snooping in a man in the middle attack.
This is why we run adblockers. And website owners have the gullibility to call us thieves for doing so. I mean even the bad SSL certificates have trusts in a chain. There is no trust when anyone can insert themselves in without encryption.
We need a better solution from the IEEE or W3C or something to address the problem.
Who says it was Cubans doing it? Maybe Russian spies? Or a conflicted Cuban Government with some departments or factions wanting no deal
Or by the Russians?If the Cuban government didn't want them there they would simply ask them to leave. Cuba is one of Russia's few allies
Of course, robots cannot take most jobs completely, but if they take 95% of a job, you still have just one human of 20 that gets to keep that job. As to actual "wisdom", you will find that the average person has close to none, and that those that have more find it is not in high demand.
Yeah, but you aren't looking at that one human who has a job value? With 19 desperate starving people willing to work below minimum wage to feed their malnurished children you think the boss is going to want to pay a middle class salary and lifestyle??
We all suffer just like the H1B1 visa to this day has brought wages below 2000 17 years ago across the board in I.T. outside of programming. Even if you speak english and were never outsourced you are competing with those who were who are desperate for a job and will do anything to get and keep one!
No raise for you and by the way I want you to do the work of 2 men for 70 hours a week and get no vacation. If you don't like it I have 5 more candidates right here ready to work for less and kiss my feet etc.
The president is an example of people with below 100 IQs voting for things like moral values and less educated being over represented in the electoral college and districts which the GOP likes to keep them in power.
The problem is the public turned on them with Trump.
With the far right win in the US I think we know the answer. They will blame the workers for being lazy and not being smart CEO's like the rest of the people and they should go get jobs
A robot can do this
I disagree.
Only Briebart and Fox is unbiased if you ask any Trump supporter. If any news outlet talks about Russia it is a lie by the libtards and part of the fake news if it doesn't agree with their ideology.
All you have to do is create a will and text whoever is dead to steal all the assets wahoo!
This range of very active volcanoes have been discovered. Perhaps no one put the 2 together? Or maybe steam from one that is about to erupt could be sending heat beneath the ice pack.
One Island on Antarctica's shores has a Caldera supervolano similar to Yellowstone that produces hot springs for warm bathing by humans. Even if there is no eruption some steam and hot water ahead of one can give off an incredible amount of heat under an already stressed ice pack.
Unfortunately the MBAs and PHBs love their free/busy on Outlook. IMAP is just not a real option for these types.
Maybe you should look at Usage share of operating systems.
TLDR;
Web servers, 33.5% Windows, the rest are Unix/Linux variants.
Supercomputers, 99.8% Linux
Mainframes, 72% Unix
Lots of references on that page if you want to check up the sources.
These are webservers. I stand by my comment. I see I have been modded down already by Linux ethusiasts but I am not a troll. In reality I see Windows Server in large deployments in every company I ever worked for. I do not buy it that WIndows Server is a minority in a fortune 1000 company and especially a small business. Slashdotters maybe mobile developers are speciality engineers but outside of the niches I just do not see it.
I could be an outliner and I want someone to refute me. The suits LOVE Microsoft unfortunately in the MDF too and not just the on the desktop. A byproduct from a different era but still valid.
Show me a counter study? Sure Linux is there in bigger companies to run things like maybe their website and a few customized apps. But I always see racks and racks of Windows Servers clustered running everything else.
Maybe I am an outliner? I have seen a few AS 400s back in the day and my previous employer had 2 ancient sunfire Solaris boxes they were planning to retire to WIndows Server 2016 this fall. But, they all ran Windows Server.