I've been making this point for some time, but you would be right to think I might be biased. Jake isn't.https://twitter.com/MalwareJake/status/964919935699857410 …
-
-
Replying to @martijn_grooten
Hah, malware people love to compare antivirus to seatbelts, stabvests, bank vaults. "You wouldn't tell a bank to keep money in a mattress b/c vaults can collapse!!!". No, but I'd tell them that not bothering to check ID because they have a blacklist of fraudsters is a bad idea.
1 reply 2 retweets 29 likes -
Replying to @taviso @martijn_grooten
Here is the problem, if antivirus *just* didn't work, nobody would care. The problem is it doesn't work *and* makes people with targeted attackers unsafe. If you fixed that second problem, fair enough. But is there *any* vendor in your industry who will implement sandboxing?
6 replies 3 retweets 31 likes -
Replying to @taviso @martijn_grooten
Please explain to me why *browser* vendors take security more seriously than your industry, then I'll listen to your "stab vest" analogies.
1 reply 0 retweets 13 likes -
Replying to @taviso
I'm on the record saying the AV industry needs to take attacks against (or leveraging) AV more seriously, but I think things there are some differences with browsers:
1 reply 0 retweets 3 likes -
Replying to @martijn_grooten @taviso
Firstly, browsers have been exploited in the wild, at scale for a long time. AV hasn't. Most people in AV admire your work (really!), but you're not in their threat model and I can't think of any large scale in the wild attacks leveraging AV.
2 replies 0 retweets 3 likes -
Replying to @martijn_grooten @taviso
And secondly, AV needs to run with high privileges to be effective. A browser doesn't. That makes sandboxing a whole lot easier for browsers.
1 reply 0 retweets 0 likes -
Replying to @martijn_grooten
Martijn, stop with this "out of our threat model" nonsense, you can't just call problems you don't want to fix "out of our threat model". Secondly, there is an active trade in antivirus exploits and there *have* been wild scale attacks against AV.
1 reply 0 retweets 2 likes
And that is *not* how sandboxing works!
-
-
Replying to @taviso
OK, I'm not going to argue about sandboxes, you know a lot more about those than I do. As for the threat model, I'm not defending the lack of attention, just explaining the incentives are different than for browsers.
1 reply 0 retweets 0 likes -
Replying to @martijn_grooten @taviso
As for those wide scale attacks, which ones are you referring to? (Genuinely curious, I'm not claiming to know about every single attack.)
2 replies 0 retweets 0 likes - 9 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.