Please explain to me why *browser* vendors take security more seriously than your industry, then I'll listen to your "stab vest" analogies. 
-
-
Replying to @taviso
I'm on the record saying the AV industry needs to take attacks against (or leveraging) AV more seriously, but I think things there are some differences with browsers:
1 reply 0 retweets 3 likes -
Replying to @martijn_grooten @taviso
Firstly, browsers have been exploited in the wild, at scale for a long time. AV hasn't. Most people in AV admire your work (really!), but you're not in their threat model and I can't think of any large scale in the wild attacks leveraging AV.
2 replies 0 retweets 3 likes -
Replying to @martijn_grooten @taviso
And secondly, AV needs to run with high privileges to be effective. A browser doesn't. That makes sandboxing a whole lot easier for browsers.
1 reply 0 retweets 0 likes -
Replying to @martijn_grooten
Martijn, stop with this "out of our threat model" nonsense, you can't just call problems you don't want to fix "out of our threat model". Secondly, there is an active trade in antivirus exploits and there *have* been wild scale attacks against AV.
1 reply 0 retweets 2 likes -
Replying to @taviso @martijn_grooten
And that is *not* how sandboxing works!
1 reply 0 retweets 2 likes -
Replying to @taviso
OK, I'm not going to argue about sandboxes, you know a lot more about those than I do. As for the threat model, I'm not defending the lack of attention, just explaining the incentives are different than for browsers.
1 reply 0 retweets 0 likes -
Replying to @martijn_grooten @taviso
As for those wide scale attacks, which ones are you referring to? (Genuinely curious, I'm not claiming to know about every single attack.)
2 replies 0 retweets 0 likes -
Replying to @martijn_grooten
I mean, the witty worm is an obvious example from the past? We're not in the age of wasting zero-day on a worm anymore, we're in the age of selling it for exclusive use to well-funded adversaries.
2 replies 0 retweets 3 likes -
Replying to @taviso
Sure, but Witty was aeons ago. Look, I'm not arguing this isn't a serious issue. I'm just explaining that a) almost all people are in practice better off using AV and b) we haven't been able to create the right incentives for AV.
2 replies 1 retweet 1 like
Sure, Witty was aeons ago, because today they would have sold it to a commercial exploit dealer. If you argue that means it's no longer a serious issue, then we disagree. You can't measure severity based on number of compromises anymore.
-
-
Replying to @taviso @martijn_grooten
Imagine some trojaned warez game shared on a forum where 200 people install it. Compare this attack to some foreign government purchasing exclusive access to a ESET remote for USD100K, using it once to find a journalist's source (total compromises: 1). Which is more serious?
2 replies 0 retweets 3 likes -
Replying to @taviso
The latter. Obviously. So my recommendation would always be for high-target people (like certain journalists) to harden their devices to the point that AV doesn't really add anything any more. And for those gamers to install AV to prevent them downloading that trojan.
2 replies 0 retweets 1 like - 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.