And that is *not* how sandboxing works!
-
-
Replying to @taviso
OK, I'm not going to argue about sandboxes, you know a lot more about those than I do. As for the threat model, I'm not defending the lack of attention, just explaining the incentives are different than for browsers.
1 reply 0 retweets 0 likes -
Replying to @martijn_grooten @taviso
As for those wide scale attacks, which ones are you referring to? (Genuinely curious, I'm not claiming to know about every single attack.)
2 replies 0 retweets 0 likes -
Replying to @martijn_grooten
I mean, the witty worm is an obvious example from the past? We're not in the age of wasting zero-day on a worm anymore, we're in the age of selling it for exclusive use to well-funded adversaries.
2 replies 0 retweets 3 likes -
Replying to @taviso
Sure, but Witty was aeons ago. Look, I'm not arguing this isn't a serious issue. I'm just explaining that a) almost all people are in practice better off using AV and b) we haven't been able to create the right incentives for AV.
2 replies 1 retweet 1 like -
Replying to @martijn_grooten
Sure, Witty was aeons ago, because today they would have sold it to a commercial exploit dealer. If you argue that means it's no longer a serious issue, then we disagree. You can't measure severity based on number of compromises anymore.
1 reply 0 retweets 2 likes -
Replying to @taviso @martijn_grooten
Imagine some trojaned warez game shared on a forum where 200 people install it. Compare this attack to some foreign government purchasing exclusive access to a ESET remote for USD100K, using it once to find a journalist's source (total compromises: 1). Which is more serious?
2 replies 0 retweets 3 likes -
Replying to @taviso
The latter. Obviously. So my recommendation would always be for high-target people (like certain journalists) to harden their devices to the point that AV doesn't really add anything any more. And for those gamers to install AV to prevent them downloading that trojan.
2 replies 0 retweets 1 like -
Replying to @martijn_grooten
If I install AV, I can download and safely run any exe I find in a forum? Obviously not, but apparently this is a threat model you want to support, but you still argue it's not okay to say "doesn't work"?
1 reply 0 retweets 2 likes -
Replying to @taviso
Not any exe, no AV is perfect. But it seriously mitigates the risk for average users. That's what AV is good at.
3 replies 0 retweets 0 likes
Because it slows down users’ computers so much that they rather go shopping than download stuff over the Internet.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.