Here's my model for a healthy AV: The AV provides a scanning engine that runs in a tightly sandboxed, isolated container. The OS initiates the scans of data from any entrypoint sources. That leaves the OS responsible for system integrity, and the AV identifies malicious data.
-
-
Replying to @justinschuh @martijn_grooten
Is there *anything* more perfectly sandboxable than an antivirus engine? The fact that this isn't happening speaks volumes.
6 replies 8 retweets 39 likes -
Replying to @taviso @justinschuh
Yes, incentives. I sometimes wish a company would see its profits drop every time you reported a vulnerability That would change things a lot.
3 replies 0 retweets 2 likes -
I wish there were a Pwn2own for anti-virus software. That's a great artificial incentive.
2 replies 0 retweets 8 likes -
I agree. I have good experience with corporate antivirus ever since moving to a smaller, lighter player, but I’d love to see people getting incentives to hack it
2 replies 0 retweets 2 likes -
Replying to @SwiftOnSecurity @martijn_grooten and
Let me tell you, as someone who implemented a new corporate antivirus and actively monitors its efficacy: Antivirus largely works in the dirty real world if you know how to use it. Antivirus that isn’t administered correctly, which is a huge number, is routinely worthless.
1 reply 0 retweets 7 likes -
Replying to @SwiftOnSecurity @martijn_grooten and
I spoke to a senior consultant at a massive security firm, a large number of customer issues where they open panicked P1 infection issues, are administrators disabling important cloud lookup features.
1 reply 0 retweets 4 likes -
Look, everyday you get thousands of hits w/antivirus, should you feel safer? One argument is "yes, those are attacks failed, we made things safer". Another argument is "no, av is only thing standing between us and disaster, it's trivial to evade, so we're on borrowed time".
2 replies 1 retweet 9 likes -
Replying to @taviso @SwiftOnSecurity and
If it gets to your AV you have already lost. Anyone can circumvent AV, its very simple. Most malware authors don't bother because they don't have to.
1 reply 0 retweets 1 like -
Replying to @stacksmasher @taviso and
Not everyone can circumvent AV at scale. That's what matters to most malware authors.
3 replies 0 retweets 1 like
Where is this "scale" thing coming from, it's not 1998 any more 
-
-
Replying to @taviso @stacksmasher and
Most commodity malware (cryptominers, ransomware, banking trojans, password stealers etc.) still requires scale.
1 reply 0 retweets 0 likes -
Replying to @martijn_grooten @stacksmasher and
Ah, you're saying if an unsophisticated attack achieves significant scale, it would be noticed and might be blacklisted. Yes, that sounds true. I'm not sure it's very reassuring though.
2 replies 1 retweet 3 likes - 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.