Don't push it too far Martijn, a homeopath that tells you to exercise and eat right is still a homeopath
Installing antivirus on XP does not make it a secure system, if the antivirus ever makes a difference then you're in serious trouble.
-
-
Replying to @taviso @lorenzofb
I don't disagree with that statement. In theory, a company's CFO should never run in a situation where AV¹ makes a serious difference. In practice, a whole lot of of them do and I think AV still makes a decent difference. ¹endpoint protection and ignoring APT-style attacks.
2 replies 0 retweets 1 like -
Allow me: what _exactly_ does AV protect? And, follow on, at what collateral risk?
1 reply 0 retweets 1 like -
It protects the user from things like installing a "Flash Player update" because a website tells them to, when it's actually malware. At a risk that is quite small for this threat model.
1 reply 0 retweets 2 likes -
Replying to @taviso @martijn_grooten and
How about, "With some very significant security tradeoffs, there is a non-zero chance that if your vendor has seen this exact file before, even though there is no reason that they would have had to, we could stop it. You are still in very significant danger".
1 reply 0 retweets 1 like -
The 1990s just called and want your "exact file" argument back... AV hasn't relied on exact matches for decades. Most AV engines include a significant machine learning component.
1 reply 0 retweets 1 like -
No, the antivirus industry is desperate to distance themselves from blacklisting. The reality is that I've reverse engineered more antivirus engines than you have, and think "blacklisting" is a very appropriate term. So 2018 called, and wants you to accept reality
2 replies 0 retweets 5 likes -
Oh, I'm sure there's _also_ a lot of blacklisting taking place. Because a lot of files are actually reused a lot and adding the hash to some blacklist is the most fail-safe way to add detection for that file.
2 replies 0 retweets 0 likes -
There is no machine learning: the trick I used to teach in my SANS course to fool the AV on TINY.EXE still works. An AV is no different to adding hashes of bad files to SafeBrowsing and just blocking the download in the first place.
2 replies 0 retweets 1 like
AV:
Heuristics
Machine Learning
You: But I flipped some bits and it bypasses it?
AV:
Neural Nets
You: ?!?!?
-
-
Scissors
0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.