Re:Where the hell were the anti-malware vendors?
on
Bad Day To Be Sony
·
· Score: 2, Informative
The Sony Mac malware, as far as I can tell, required the user to look at the CD in Finder, double-click Start.app, and provide the administrator username and password. This is too much like work, especially since all I do with audio CDs is open iTunes, ping Gracenote (-- am pathetic traitor, conceded), and rip the CD to mp3. I doubt many Mac users go looking for the data track of an audio CD so they can install random unexplained Start.apps.
I may be wrong in my characterization of the Mac version. I haven't seen it. But that's what the interwebs tell me.
Where the hell were the anti-malware vendors?
on
Bad Day To Be Sony
·
· Score: 4, Interesting
These CDs have been out since mid-2004, according to Sony. Why hasn't this been noticed? Were they all bought off?
This is what really disturbs me. Not "What was Sony thinking?" -- businesses can be really stupid. Not "How could they do this?" -- businesses can be really evil. Shit happens. Get over it. Bad security happens, whatever.
However, I did have some trust (not much, but some) for the anti-malware establishment. I'm in infosec; I believe that even in the biggest and stupidest infosec company, there will be people with the hackerish instincts (i.e. lower-than-average sense of self-preservation) to blow the whistle. However, the failure of all the big anti-whatever companies to notice and/or do anything about this, with full year of lead time, demonstrates that they are incompetent at best, unethical at worst.
I don't care, personally; I use a Mac. It's not a security panacea but it's a pretty darn good line of defense. Professionally, however, I feel downright ill.
Kudos to F-Secure and Sysinternals. Where the hell were the rest of them?
No, one does not need NAT to close vulnerable ports. No, NAT is not good security. A rational person would argue this. However, whether something is "security through obscurity" or a part of "defense in depth" is often in the eye of the beholder; I do think NAT has a valid place as one of many possible defenses.
NAT _does_ help with the background radiation of automatic exploits on the Net. It's one of the few forms of security that Gramma's Broadband will have, because it comes in the cable/dsl router.
And anyone who thinks it's a good substitute for IPv6 needs to share what they're smoking with the class, ok?
Windows Media Player for Mac OS X is not a useful solution. I am on a number of Mac fora, and I can't count the number of times I've seen posts about it not working, not playing particular files, etc. When it does "work," people are tearing their hair out at it....
Bobby, blessed be his name, says he'll bring legal action to make it happen. He's accepting donations. However, I pray to His Noodliness that those donations will not be necessary, and that the ACLU will fighting alongside us all for Flying Spaghetti Monsterism.
If someone is paying for something and they're not happy - then you're going to hear about it.
Yes, tell that to every Office Space worker who's watched management throw good money after bad. God forbid that we admit we're unhappy with the results of all that spending....
I believe that it's an issue, not because I think Symantec deserves a break, but because I think profiting from one's own security flaws results in even worse security. (That's a nice OS you got there, eh? Shame if something were to...'appen to it.) If all of this were free and guaranteed to stay that way, it would bother me less. I still think it would be security band-aids, and not helpful in the long run, but not actively evil.
The problem with that is there is no way to tell whether someone's money was stolen because they gave their identity credentials away in a phishing scam, or because someone in the bank sold it to scammers, or because ChoicePoint/Accurant/Wells Fargo/CardSystems/universities/SSA/etc./etc. lost it, or someone took it from a trash can, or a relative stole it, or....
You could guard your own identity information absolutely perfectly and never ever make a mistake, and you could still lose it. Because it is not in your control. But the banks can, however, control whether or not they give out your money in return for information that is so easily obtained.
But they seem to be getting off on _preventing_ people from being helpful. The Red Cross. Other nations. National guard units for other states that keep mobilizing and having nowhere to go. Now this radio station.
Niche malware is entirely doable. It saturated nearly the entire vulnerable population -- users of BlackICE firewall -- really fast. I'm not sure how the marketshare of BlackIce users compares to Macs, but it's probably the same order of not-so-magnitude.
You know, it looks like the entire disaster operation is being run on the premise that it's very, very important that minor officials be allowed to be officious.
"But this doesn't mean that Mac users shouldn't have current AV/malware protection and use standard computer security best practices."
I agree with the latter, but I disagree with the former. A lot. The tradeoff for antivirus on Macs is simply horrid, and I don't believe there is any point to it at the moment.
1. There are no Mac viruses or worms. Sure, there probably will be. But there aren't any NOW, which means we have no idea if Symantec/MacAfee/whoever is going to be any good at getting out a signature for the first one in a timely fashion. Or if the signature will be any good. Or if the automatic update will get the signature in time. Or....
2. On the other hand, the first Real Mac Virus Or Worm is going to be a big deal. You'll see it on Slashdot, CNN, your local news, your fellow Macheads, everywhere. You may well see it before the signatures get out, and can probably do something about it (like unplug your network while you figure out a fix, in the worst-case Worm of Death scenario).
3. How damaging is the first Mac virus/worm likely to be? Most malware isn't really all that damaging. Bad, yes, but destroying your disk? Making your computer burst into flames? Killing your network bandwidth by sending out lots of baby virus emails is sad, but fixable. Because remember, the First Real Mac Virus or Worm is going to be a big deal. If you're reading this, you'll find out about it.
4. So, when the first virus/worm comes out, what are the chances that the AV software is going to protect you more than good old Mr. Power Key? This depends, I suppose, upon your faith in Symantec/MacAfee/whoever.
5. That said, what are the chances that your AV software will cause problems on your computer? Pretty good, actually. They add complexity to a system. They take up processor cycles. Symantec AV is notorious for destabilizing systems -- and even if it weren't, I personally won't trust AV software from a company that makes Norton Disk Doctor (Kevorkian edition). MacAfee ate people's data -- I can't recall if it was the hard disk or the Mac.com iDisk, but it was bad. And the current trend in malicious code is to target the security applications. Witty Worm, anyone?
6. Yeah, it will keep you from being a Typhoid Mary and forwarding on Windows viruses. I'm not that good a neighbor, and you shouldn't have to be either.
Given that AV software costs money, currently protects your computer against nothing whatsoever, adds complexity to the system, and may well cause problems or eat your data, I don't consider it a good tradeoff. At all.
I consider backing up your data religiously a much better solution, as it protects your data against all kinds of threats -- not just particularly mean viruses, but also hardware problems, chair-keyboard interface issues, etc.
Me, I watch the headlines, pray to my external hard disk every Sunday, set my plushy Cthulhu on my monitor to protect my computer from physical access, and trust to Apple's security updates. If and when there is a Real Mac Virus or Worm, I will reevaluate my strategy. But I bet I won't change it, because sufficiently current backups are indistiguishable from magic. (And before anyone says that regular users can't do this: I say, regular users can't cope with Norton/MacAfee squirreliness, either, and they're still much more likely to run into that.)
Chirality...that's easy. The Coriolis effect takes care of that. That's why we have left-handed molecules above the equator and right-handed molecules below the equator, right?
"These fraudulent, free personal Web sites have an average lifespan of two to four days, making them difficult to trace," said an executive from the company."
Well, of course all the fraudulent ones are going to have a quick turnover! It's not like Websense doesn't have anything to sell here. Nooooooo.
In the long ago, I would have suggested DeBabelizer. It was once the king of image batch scripting, and may still be. Now I am not so much suggesting it -- I've been out of the business for a while, and don't know how it's regarded now -- as recommending it for your consideration. So, consider.... And if you ever convince them to move to Mac, the fact that there are both Mac & Windows versions may make the transition easier.
The problem is not competing on the basis of money. Anyone who takes that job will, upon leaving it, have the Platinum Lobby Parachute that our administration kindly provides all its personnel. The problem is that many of the people who would actually be good at the job would have too much integrity to take it, or -- to be fair -- if they did take it, probably have too much integrity to do very well at it. That is why so many of the previous cybersecurityczarwhatevers resigned.
And the competition is NOT large corporations, who don't necessarily pay their in-house security staff very well (she said bitterly). It's the consulting firms that are the competition.
O.E. freo "free, exempt from, not in bondage," also "noble, joyful," from P.Gmc. *frijaz (cf. M.H.G. vri, Ger. frei, Du. vrij, Goth. freis "free"), from PIE *prijos "dear, beloved" (cf. Skt. priyah "own, dear, beloved," priyate "loves;" O.C.S. prijati "to help," prijatelji "friend;" Welsh rhydd "free"). The adv. is from O.E. freon, freogan "to free, love." The primary sense seems to have been "beloved, friend, to love;" which in some languages (notably Gmc. and Celtic) developed also a sense of "free," perhaps from the terms "beloved" or "friend" being applied to the free members of one's clan (as opposed to slaves, cf. L. liberi, meaning both "free" and "children"). Cf. Goth. frijon "to love;" O.E. freod "affection, friendship," friga "love," friðu "peace;" O.N. friðr, Ger. Friede "peace;" O.E. freo "wife;" O.N. Frigg "wife of Odin," lit. "beloved" or "loving;" M.L.G. vrien "to take to wife, Du. vrijen, Ger. freien "to woo." Sense of "given without cost" is 1585, from notion of "free of cost." Of nations, "not subject to foreign rule or to despotism," it is recorded from 1375. Freedman "manumitted slave" first recorded 1601. Colloquial freeloader first recorded 1930s; free fall is from 1919, originally of parachutists; free-hand is from 1862; free-thinker is from 1692. Freebie dates back to 1942 as freeby, perhaps as early as 1900. Free-for-all "mass brawl" (in which anyone may participate) first recorded 1881. Freebase (n. and v.) in ref. to cocaine first recorded 1980.
Slashdot Mirror
The Sony Mac malware, as far as I can tell, required the user to look at the CD in Finder, double-click Start.app, and provide the administrator username and password. This is too much like work, especially since all I do with audio CDs is open iTunes, ping Gracenote (-- am pathetic traitor, conceded), and rip the CD to mp3. I doubt many Mac users go looking for the data track of an audio CD so they can install random unexplained Start.apps.
I may be wrong in my characterization of the Mac version. I haven't seen it. But that's what the interwebs tell me.
These CDs have been out since mid-2004, according to Sony. Why hasn't this been noticed? Were they all bought off?
This is what really disturbs me. Not "What was Sony thinking?" -- businesses can be really stupid. Not "How could they do this?" -- businesses can be really evil. Shit happens. Get over it. Bad security happens, whatever.
However, I did have some trust (not much, but some) for the anti-malware establishment. I'm in infosec; I believe that even in the biggest and stupidest infosec company, there will be people with the hackerish instincts (i.e. lower-than-average sense of self-preservation) to blow the whistle. However, the failure of all the big anti-whatever companies to notice and/or do anything about this, with full year of lead time, demonstrates that they are incompetent at best, unethical at worst.
I don't care, personally; I use a Mac. It's not a security panacea but it's a pretty darn good line of defense. Professionally, however, I feel downright ill.
Kudos to F-Secure and Sysinternals. Where the hell were the rest of them?
And that marvelous book was...?
No, one does not need NAT to close vulnerable ports. No, NAT is not good security. A rational person would argue this. However, whether something is "security through obscurity" or a part of "defense in depth" is often in the eye of the beholder; I do think NAT has a valid place as one of many possible defenses.
NAT _does_ help with the background radiation of automatic exploits on the Net. It's one of the few forms of security that Gramma's Broadband will have, because it comes in the cable/dsl router.
And anyone who thinks it's a good substitute for IPv6 needs to share what they're smoking with the class, ok?
Sometimes, it's good that NAT impedes some forms of communication. Like, say, exploits.
El Reg says that Sony UK says they are not selling them in the UK.
Windows Media Player for Mac OS X is not a useful solution. I am on a number of Mac fora, and I can't count the number of times I've seen posts about it not working, not playing particular files, etc. When it does "work," people are tearing their hair out at it....
Bobby, blessed be his name, says he'll bring legal action to make it happen. He's accepting donations. However, I pray to His Noodliness that those donations will not be necessary, and that the ACLU will fighting alongside us all for Flying Spaghetti Monsterism.
Imagine the lawyers in full pirate regalia!
If someone is paying for something and they're not happy - then you're going to hear about it.
Yes, tell that to every Office Space worker who's watched management throw good money after bad. God forbid that we admit we're unhappy with the results of all that spending....
I believe that it's an issue, not because I think Symantec deserves a break, but because I think profiting from one's own security flaws results in even worse security. (That's a nice OS you got there, eh? Shame if something were to...'appen to it.) If all of this were free and guaranteed to stay that way, it would bother me less. I still think it would be security band-aids, and not helpful in the long run, but not actively evil.
The problem with that is there is no way to tell whether someone's money was stolen because they gave their identity credentials away in a phishing scam, or because someone in the bank sold it to scammers, or because ChoicePoint/Accurant/Wells Fargo/CardSystems/universities/SSA/etc./etc. lost it, or someone took it from a trash can, or a relative stole it, or....
You could guard your own identity information absolutely perfectly and never ever make a mistake, and you could still lose it. Because it is not in your control. But the banks can, however, control whether or not they give out your money in return for information that is so easily obtained.
Yeah, that happens (though marshing someone's mallow sounds completely obscene, ok?).
But they seem to be getting off on _preventing_ people from being helpful. The Red Cross. Other nations. National guard units for other states that keep mobilizing and having nowhere to go. Now this radio station.
Niche malware is entirely doable. It saturated nearly the entire vulnerable population -- users of BlackICE firewall -- really fast. I'm not sure how the marketshare of BlackIce users compares to Macs, but it's probably the same order of not-so-magnitude.
You know, it looks like the entire disaster operation is being run on the premise that it's very, very important that minor officials be allowed to be officious.
"But this doesn't mean that Mac users shouldn't have current AV/malware protection and use standard computer security best practices."
I agree with the latter, but I disagree with the former. A lot. The tradeoff for antivirus on Macs is simply horrid, and I don't believe there is any point to it at the moment.
1. There are no Mac viruses or worms. Sure, there probably will be. But there aren't any NOW, which means we have no idea if Symantec/MacAfee/whoever is going to be any good at getting out a signature for the first one in a timely fashion. Or if the signature will be any good. Or if the automatic update will get the signature in time. Or....
2. On the other hand, the first Real Mac Virus Or Worm is going to be a big deal. You'll see it on Slashdot, CNN, your local news, your fellow Macheads, everywhere. You may well see it before the signatures get out, and can probably do something about it (like unplug your network while you figure out a fix, in the worst-case Worm of Death scenario).
3. How damaging is the first Mac virus/worm likely to be? Most malware isn't really all that damaging. Bad, yes, but destroying your disk? Making your computer burst into flames? Killing your network bandwidth by sending out lots of baby virus emails is sad, but fixable. Because remember, the First Real Mac Virus or Worm is going to be a big deal. If you're reading this, you'll find out about it.
4. So, when the first virus/worm comes out, what are the chances that the AV software is going to protect you more than good old Mr. Power Key? This depends, I suppose, upon your faith in Symantec/MacAfee/whoever.
5. That said, what are the chances that your AV software will cause problems on your computer? Pretty good, actually. They add complexity to a system. They take up processor cycles. Symantec AV is notorious for destabilizing systems -- and even if it weren't, I personally won't trust AV software from a company that makes Norton Disk Doctor (Kevorkian edition). MacAfee ate people's data -- I can't recall if it was the hard disk or the Mac.com iDisk, but it was bad. And the current trend in malicious code is to target the security applications. Witty Worm, anyone?
6. Yeah, it will keep you from being a Typhoid Mary and forwarding on Windows viruses. I'm not that good a neighbor, and you shouldn't have to be either.
Given that AV software costs money, currently protects your computer against nothing whatsoever, adds complexity to the system, and may well cause problems or eat your data, I don't consider it a good tradeoff. At all.
I consider backing up your data religiously a much better solution, as it protects your data against all kinds of threats -- not just particularly mean viruses, but also hardware problems, chair-keyboard interface issues, etc.
Me, I watch the headlines, pray to my external hard disk every Sunday, set my plushy Cthulhu on my monitor to protect my computer from physical access, and trust to Apple's security updates. If and when there is a Real Mac Virus or Worm, I will reevaluate my strategy. But I bet I won't change it, because sufficiently current backups are indistiguishable from magic. (And before anyone says that regular users can't do this: I say, regular users can't cope with Norton/MacAfee squirreliness, either, and they're still much more likely to run into that.)
"Alternative Browsers Impede Stupid Investigators"
Chirality...that's easy. The Coriolis effect takes care of that. That's why we have left-handed molecules above the equator and right-handed molecules below the equator, right?
"These fraudulent, free personal Web sites have an average lifespan of two to four days, making them difficult to trace," said an executive from the company."
Well, of course all the fraudulent ones are going to have a quick turnover! It's not like Websense doesn't have anything to sell here. Nooooooo.
In the long ago, I would have suggested DeBabelizer. It was once the king of image batch scripting, and may still be. Now I am not so much suggesting it -- I've been out of the business for a while, and don't know how it's regarded now -- as recommending it for your consideration. So, consider.... And if you ever convince them to move to Mac, the fact that there are both Mac & Windows versions may make the transition easier.
So what you're saying is that Mac OS X is really Canada?
Peace, order, good government, limited world-domination tendencies, some areas that want to secede....
Happy as a clam -- and just as fast as one, too!
Planned obsolescence is not a virtue. Why is not buying new hardware a bad thing? That's what the question implies.
The problem is not competing on the basis of money. Anyone who takes that job will, upon leaving it, have the Platinum Lobby Parachute that our administration kindly provides all its personnel. The problem is that many of the people who would actually be good at the job would have too much integrity to take it, or -- to be fair -- if they did take it, probably have too much integrity to do very well at it. That is why so many of the previous cybersecurityczarwhatevers resigned.
And the competition is NOT large corporations, who don't necessarily pay their in-house security staff very well (she said bitterly). It's the consulting firms that are the competition.
Sure it does. Free software is not in bondage.
When software was in MS land
Let my software go
Opressed so hard it could not stand
Let my software go
free (adj.)
O.E. freo "free, exempt from, not in bondage," also "noble, joyful," from P.Gmc. *frijaz (cf. M.H.G. vri, Ger. frei, Du. vrij, Goth. freis "free"), from PIE *prijos "dear, beloved" (cf. Skt. priyah "own, dear, beloved," priyate "loves;" O.C.S. prijati "to help," prijatelji "friend;" Welsh rhydd "free"). The adv. is from O.E. freon, freogan "to free, love." The primary sense seems to have been "beloved, friend, to love;" which in some languages (notably Gmc. and Celtic) developed also a sense of "free," perhaps from the terms "beloved" or "friend" being applied to the free members of one's clan (as opposed to slaves, cf. L. liberi, meaning both "free" and "children"). Cf. Goth. frijon "to love;" O.E. freod "affection, friendship," friga "love," friðu "peace;" O.N. friðr, Ger. Friede "peace;" O.E. freo "wife;" O.N. Frigg "wife of Odin," lit. "beloved" or "loving;" M.L.G. vrien "to take to wife, Du. vrijen, Ger. freien "to woo." Sense of "given without cost" is 1585, from notion of "free of cost." Of nations, "not subject to foreign rule or to despotism," it is recorded from 1375. Freedman "manumitted slave" first recorded 1601. Colloquial freeloader first recorded 1930s; free fall is from 1919, originally of parachutists; free-hand is from 1862; free-thinker is from 1692. Freebie dates back to 1942 as freeby, perhaps as early as 1900. Free-for-all "mass brawl" (in which anyone may participate) first recorded 1881. Freebase (n. and v.) in ref. to cocaine first recorded 1980.