Firstly, browsers have been exploited in the wild, at scale for a long time. AV hasn't. Most people in AV admire your work (really!), but you're not in their threat model and I can't think of any large scale in the wild attacks leveraging AV.
-
-
Replying to @martijn_grooten @taviso
And secondly, AV needs to run with high privileges to be effective. A browser doesn't. That makes sandboxing a whole lot easier for browsers.
1 reply 0 retweets 0 likes -
Replying to @martijn_grooten
Martijn, stop with this "out of our threat model" nonsense, you can't just call problems you don't want to fix "out of our threat model". Secondly, there is an active trade in antivirus exploits and there *have* been wild scale attacks against AV.
1 reply 0 retweets 2 likes -
Replying to @taviso @martijn_grooten
And that is *not* how sandboxing works!
1 reply 0 retweets 2 likes -
Replying to @taviso
OK, I'm not going to argue about sandboxes, you know a lot more about those than I do. As for the threat model, I'm not defending the lack of attention, just explaining the incentives are different than for browsers.
1 reply 0 retweets 0 likes -
Replying to @martijn_grooten @taviso
As for those wide scale attacks, which ones are you referring to? (Genuinely curious, I'm not claiming to know about every single attack.)
2 replies 0 retweets 0 likes -
Replying to @martijn_grooten
I mean, the witty worm is an obvious example from the past? We're not in the age of wasting zero-day on a worm anymore, we're in the age of selling it for exclusive use to well-funded adversaries.
2 replies 0 retweets 3 likes -
Replying to @taviso @martijn_grooten
Does hijacking a virus scanner to spy on the contents of people's computers count here? The Kaspersky drama. The attack surface of A/V is also not limited to the code on the end user's machine anymore. (Apologies in advance, honestly not sure whether I'm off-topic or not.)
1 reply 0 retweets 0 likes -
Whatever you think of the "Kaspersky drama", I think the overwhelming majority of computer users don't have malware written by their employer own their computer with AV installed.
1 reply 0 retweets 0 likes -
Replying to @martijn_grooten @taviso
Just like most users aren't harmed by mass surveillance, but there is a strong argument that the fabric of society is - the harm is still real and the vulnerability matters. But I'm happy to dismiss this as off-topic. :-)
1 reply 0 retweets 0 likes
It's not off-topic, this is a problem their products introduced! They can't just dismiss every problem they don't want to solve as "outside our threat model". We don't consider head-on collisions to be in our threat model, so we're going to save some money and not install airbags
-
-
Replying to @taviso @martijn_grooten
To be fair, I think my initial comparison was unclear. As I understood, the A/V engine watched all users and reported back. The fact that [we think] the attacker only cared about one user is mostly irrelevant. All users with files of interested were at risk. It's a large hole.
1 reply 0 retweets 0 likes -
Comparing to traditional malware, this is like infecting every single user with APT spyware that reports back iff it finds a particular file it is looking for... A/V impact assessment would rightly count every infected machine, even only one ever leaked data.
0 replies 0 retweets 0 likes
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.