And secondly, AV needs to run with high privileges to be effective. A browser doesn't. That makes sandboxing a whole lot easier for browsers.
-
-
Replying to @martijn_grooten
Martijn, stop with this "out of our threat model" nonsense, you can't just call problems you don't want to fix "out of our threat model". Secondly, there is an active trade in antivirus exploits and there *have* been wild scale attacks against AV.
1 reply 0 retweets 2 likes -
Replying to @taviso @martijn_grooten
And that is *not* how sandboxing works!
1 reply 0 retweets 2 likes -
Replying to @taviso
OK, I'm not going to argue about sandboxes, you know a lot more about those than I do. As for the threat model, I'm not defending the lack of attention, just explaining the incentives are different than for browsers.
1 reply 0 retweets 0 likes -
Replying to @martijn_grooten @taviso
As for those wide scale attacks, which ones are you referring to? (Genuinely curious, I'm not claiming to know about every single attack.)
2 replies 0 retweets 0 likes -
Replying to @martijn_grooten
I mean, the witty worm is an obvious example from the past? We're not in the age of wasting zero-day on a worm anymore, we're in the age of selling it for exclusive use to well-funded adversaries.
2 replies 0 retweets 3 likes -
Replying to @taviso
Sure, but Witty was aeons ago. Look, I'm not arguing this isn't a serious issue. I'm just explaining that a) almost all people are in practice better off using AV and b) we haven't been able to create the right incentives for AV.
2 replies 1 retweet 1 like -
Replying to @martijn_grooten
Sure, Witty was aeons ago, because today they would have sold it to a commercial exploit dealer. If you argue that means it's no longer a serious issue, then we disagree. You can't measure severity based on number of compromises anymore.
1 reply 0 retweets 2 likes -
Replying to @taviso @martijn_grooten
Imagine some trojaned warez game shared on a forum where 200 people install it. Compare this attack to some foreign government purchasing exclusive access to a ESET remote for USD100K, using it once to find a journalist's source (total compromises: 1). Which is more serious?
2 replies 0 retweets 3 likes -
Replying to @taviso
The latter. Obviously. So my recommendation would always be for high-target people (like certain journalists) to harden their devices to the point that AV doesn't really add anything any more. And for those gamers to install AV to prevent them downloading that trojan.
2 replies 0 retweets 1 like
If I install AV, I can download and safely run any exe I find in a forum? Obviously not, but apparently this is a threat model you want to support, but you still argue it's not okay to say "doesn't work"?
-
-
Replying to @taviso
Not any exe, no AV is perfect. But it seriously mitigates the risk for average users. That's what AV is good at.
3 replies 0 retweets 0 likes -
Replying to @martijn_grooten
So *what* is in your threat model? You introduce new vulnerabilities, but say you shouldn't have to fix them because it's not in your threat model. You don't have to detect malicious exe, because nobody's perfect. I mean, can you see why "doesn't work" might be fair?
2 replies 0 retweets 2 likes - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.