Main Area and Open Discussion > Living Room
Antivirus companies support virus writers?
f0dder:
Iirc the default is 5 retries in a 10min period, followed by a 10-minute IP ban (using iptables)...
I just realized that fail2ban had been updated and was now monitoring the wrong log file, d'oh. I've repointed it from /var/log/sshd.log to /var/log/auth.log , so should see entries in /var/log/fail2ban.log again :)
Dmytry:
"Drive-by" a really cute buzzword loved by paranoid people since it means WHATEVER amount of common sense you have, you can still be screwed! = BUY a sucurity package, you MUST. Almost entirely BS...
--- End quote ---
Scary in it's coincidence, but I almost got screwed by a drive-by this morning. AVG saved me from it... so I don't know about that BS claim. It was my first time running afoul of a virus in a long time, and I hate to think what would have happened had I browsed to the site on my desktop that doesn't have AV software installed...
-wraith808 (February 19, 2010, 12:11 PM)
--- End quote ---
Use firefox, keep it up to date, its usually fixed for exploits sooner than any use of exploit appears in the wild (which is also sooner than antivirus responds). Geez.
Fixing security holes with a third party code blacklist for known uses of that security hole in the wild, that's just wrong. It's like you have a digital lock on your door, with password code, and instead of updating lock's firmware you also install second lock that has camera that blocks entry for people whom look like known criminals.
Dmytry:
Also as for whitelisting only known software - again, that's extortion. Norton's upcoming rating based whitelisting scheme in particular. If your software is not rated up, it's not whitelisted, and will not be rated up. How will you get it whitelisted, well, some paid certifications or other crap.
Ditto by the way for digital certificates and 'certificate authorities'. Extortion scheme, pure and simple, not very effective for protection because it is possible to steal certificate, but extremely effective for having various people make billions by doing very little. Everyone who doesn't pay up is subject to plain libel delivered when user tries to run the application* The libel also devalues genuinely useful warnings.
[edit: *or enter ssl site with self-signed certificate. Notably, there's no warning for non-SSL site at all. A somewhat more secure site generates scary warnings which less secure site doesn't! To make warnings go away you must regularly pay hefty sum of money to the big name racketeers to keep your cert up to date - else you lose certain small but substantial percentage of users. Paying money to racketeers is immoral; the money get used for harm. The only thing that certificate certifies is fact that you bulged in to the racket and you're paying ~$100 to racketeers each year; it does not verify that you're well intentioned, that your site was not hacked, and so on, it does not even verify that you are who you say you are].
f0dder:
Use firefox, keep it up to date, its usually fixed for exploits sooner than any use of exploit appears in the wild (which is also sooner than antivirus responds). Geez.-Dmytry (March 04, 2010, 04:50 AM)
--- End quote ---
The browser is only one part of the exploit vector equation - you're forgetting flash and java, which aren't always fixed in a timely fashion.
Fixing security holes with a third party code blacklist for known uses of that security hole in the wild, that's just wrong. It's like you have a digital lock on your door, with password code, and instead of updating lock's firmware you also install second lock that has camera that blocks entry for people whom look like known criminals.-Dmytry (March 04, 2010, 04:50 AM)
--- End quote ---
A decent anti-malware product wouldn't just be blacklisting static code sequences, though, so this comparison doesn't really work. A better one would be a cop stopping a guy pulling a gun before he pulls the trigger.
Ditto by the way for digital certificates and 'certificate authorities'. Extortion scheme, pure and simple, not very effective for protection because it is possible to steal certificate, but extremely effective for having various people make billions by doing very little. Everyone who doesn't pay up is subject to plain libel delivered when user tries to run the application* The libel also devalues genuinely useful warnings.-Dmytry (March 04, 2010, 05:07 AM)
--- End quote ---
Unfortunately there's too many CAs and some have been way too lax on security... but how do you propose to secure things without a CA?
Dmytry:
Use firefox, keep it up to date, its usually fixed for exploits sooner than any use of exploit appears in the wild (which is also sooner than antivirus responds). Geez.-Dmytry (March 04, 2010, 04:50 AM)
--- End quote ---
The browser is only one part of the exploit vector equation - you're forgetting flash and java, which aren't always fixed in a timely fashion.
Fixing security holes with a third party code blacklist for known uses of that security hole in the wild, that's just wrong. It's like you have a digital lock on your door, with password code, and instead of updating lock's firmware you also install second lock that has camera that blocks entry for people whom look like known criminals.-Dmytry (March 04, 2010, 04:50 AM)
--- End quote ---
A decent anti-malware product wouldn't just be blacklisting static code sequences, though, so this comparison doesn't really work. A better one would be a cop stopping a guy pulling a gun before he pulls the trigger.
Ditto by the way for digital certificates and 'certificate authorities'. Extortion scheme, pure and simple, not very effective for protection because it is possible to steal certificate, but extremely effective for having various people make billions by doing very little. Everyone who doesn't pay up is subject to plain libel delivered when user tries to run the application* The libel also devalues genuinely useful warnings.-Dmytry (March 04, 2010, 05:07 AM)
--- End quote ---
Unfortunately there's too many CAs and some have been way too lax on security... but how do you propose to secure things without a CA?
-f0dder (March 04, 2010, 05:34 AM)
--- End quote ---
How do you propose to secure things with CA?
In case of SSL certificates, you know, there's no bigass warning for real spoof site. The only warning you have for real spoof is lack of tiny yellow lock icon. The bigass warning is mostly shown to customers of legitimate businesses whom forgot to pay racket money (forgot to renew certificate).
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version