And that is *not* how sandboxing works!
-
-
Replying to @taviso
OK, I'm not going to argue about sandboxes, you know a lot more about those than I do. As for the threat model, I'm not defending the lack of attention, just explaining the incentives are different than for browsers.
1 reply 0 retweets 0 likes -
Replying to @martijn_grooten @taviso
As for those wide scale attacks, which ones are you referring to? (Genuinely curious, I'm not claiming to know about every single attack.)
2 replies 0 retweets 0 likes -
Replying to @martijn_grooten
I mean, the witty worm is an obvious example from the past? We're not in the age of wasting zero-day on a worm anymore, we're in the age of selling it for exclusive use to well-funded adversaries.
2 replies 0 retweets 3 likes -
Replying to @taviso
Sure, but Witty was aeons ago. Look, I'm not arguing this isn't a serious issue. I'm just explaining that a) almost all people are in practice better off using AV and b) we haven't been able to create the right incentives for AV.
2 replies 1 retweet 1 like -
Replying to @martijn_grooten
Sure, Witty was aeons ago, because today they would have sold it to a commercial exploit dealer. If you argue that means it's no longer a serious issue, then we disagree. You can't measure severity based on number of compromises anymore.
1 reply 0 retweets 2 likes -
Replying to @taviso @martijn_grooten
Imagine some trojaned warez game shared on a forum where 200 people install it. Compare this attack to some foreign government purchasing exclusive access to a ESET remote for USD100K, using it once to find a journalist's source (total compromises: 1). Which is more serious?
2 replies 0 retweets 3 likes -
Replying to @taviso
The latter. Obviously. So my recommendation would always be for high-target people (like certain journalists) to harden their devices to the point that AV doesn't really add anything any more. And for those gamers to install AV to prevent them downloading that trojan.
2 replies 0 retweets 1 like -
Replying to @martijn_grooten
If I install AV, I can download and safely run any exe I find in a forum? Obviously not, but apparently this is a threat model you want to support, but you still argue it's not okay to say "doesn't work"?
1 reply 0 retweets 2 likes -
Replying to @taviso
Not any exe, no AV is perfect. But it seriously mitigates the risk for average users. That's what AV is good at.
3 replies 0 retweets 0 likes
So *what* is in your threat model? You introduce new vulnerabilities, but say you shouldn't have to fix them because it's not in your threat model. You don't have to detect malicious exe, because nobody's perfect. I mean, can you see why "doesn't work" might be fair?
-
-
Replying to @taviso
Hey, I never said anyone shouldn't fix those vulnerabilities. :-( I keep banging on about how AV vendor should take that more seriously. As for the second part, for me AV works if it seriously mitigates threats. I think it does.
0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Replying to @taviso @martijn_grooten
you didn't tell me about secure coding practices!
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.