Here is the problem, if antivirus *just* didn't work, nobody would care. The problem is it doesn't work *and* makes people with targeted attackers unsafe. If you fixed that second problem, fair enough. But is there *any* vendor in your industry who will implement sandboxing?
-
-
Replying to @taviso @martijn_grooten
Please explain to me why *browser* vendors take security more seriously than your industry, then I'll listen to your "stab vest" analogies.
1 reply 0 retweets 13 likes -
Replying to @taviso
I'm on the record saying the AV industry needs to take attacks against (or leveraging) AV more seriously, but I think things there are some differences with browsers:
1 reply 0 retweets 3 likes -
Replying to @martijn_grooten @taviso
Firstly, browsers have been exploited in the wild, at scale for a long time. AV hasn't. Most people in AV admire your work (really!), but you're not in their threat model and I can't think of any large scale in the wild attacks leveraging AV.
2 replies 0 retweets 3 likes -
Replying to @martijn_grooten @taviso
This tweet captures a number of the bad arguments that most AV proponents run afoul of. First, even the most popular AVs have market penetration capping out in the teens—so they simply don't have the scale to be exploited at scale, regardless how dangerously vulnerable they are.
1 reply 0 retweets 9 likes -
Then there's the claim about browsers being exploited at scale in the wild, but I know for a fact we've never seen that in Chrome. And I have yet to see an AV provide evidence of where their products have in any way mitigated an exploit against an up-to-date browser.
3 replies 0 retweets 10 likes -
Replying to @justinschuh @taviso
IE has been targeted by many exploit kits (so at scale). AV tends to be pretty good at blocking exploit kits. I'd expect most AV to be pretty bad against some zero-day exploit used against Chrome.
1 reply 0 retweets 0 likes -
You can also expect all AVs to be pretty bad against some zero-day exploit used against them. Mostly, because no AV on earth has self-protections in place beyond "restart in case of crash".
1 reply 0 retweets 0 likes -
Again: I have been saying for years to AV vendors that they should take the security of their products more seriously.
2 replies 0 retweets 0 likes -
Replying to @martijn_grooten @matalaz and
Am I wrong if I say that many malware are developed to bypass AVs, I do not think that there is any malware that aims for its detection. Moreover, AVs are there for the unsophistigated attacks
2 replies 0 retweets 0 likes
The problem isn't "we want to catch some unsophisticated attacks", that's fine with me. The problem is "we introduce a ton of serious problems and shouldn't have to solve them so we can catch unsophisticated attacks". That is *not* fine with me.
-
-
Joxean Koret Retweeted Joxean Koret
I agree. And we don't need to think about, as
@MalwareJake says, "esotheric scenarios". Just some quick examples that affect even to my grandma:https://twitter.com/matalaz/status/964952589539401728 …Joxean Koret added,
Joxean Koret @matalazReplying to @MalwareJake @jpgoldberg @imaguidBitDefender and its "secure web browser" (an old WebKit version without ASLR) that used to open every time you browsed to a known bank web page. Worst: Rising and its IE7 kernel based web browser set as default or Kingsoft with a Chrome browser fork (liebao) without sandbox.0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.