Are you going to make me repeat this analogy?https://twitter.com/taviso/status/965635354874146825 …
-
-
Replying to @taviso @ConradLongmore and
That analogy expresses a theoretical concern with AV, that implies we may a better Internet where we don't need to rely on digital elastic bands and like cello-tape like AV. I'm mostly with you on that. But that's not the Internet we have.
1 reply 0 retweets 0 likes -
Replying to @martijn_grooten @ConradLongmore and
It is most definitely the internet we have, we can make this work. It doesn't even mean your industry would die, you could just make all the people working on populating blacklists populate whitelists instead. It won't be an easy transition for you though.
2 replies 1 retweet 3 likes -
Replying to @taviso @martijn_grooten and
Agreed. I remember when RSA got compromised a few years ago they where running bit9 so the attackers compromised them to get to the target.... now THAT is dedication!
1 reply 0 retweets 0 likes -
Replying to @stacksmasher @martijn_grooten and
That's a good thing, if you have to pull off an impressive attack that Martjin would say is "outside of our threat model", then wonderful! The alternative is just mail a new exe and get a shell, which AV vendors would say "well, nobody's perfect!".
1 reply 0 retweets 0 likes -
Replying to @taviso @stacksmasher and
Hey, there's a difference between "outside your threat model" and "not featuring prominently in your threat model". For most (not all!) users "opening attachments in spam" features more prominently than "nation state leveraging AV vulnerabilities".
1 reply 1 retweet 1 like -
Replying to @martijn_grooten @taviso and
And again, I like a whitelisting based approach. I've recommended iPhones to people who are high value targets for that reason (though I have an Android phone myself). I'm totally fine with more orgs discovering this approach to security.
1 reply 0 retweets 0 likes -
Replying to @martijn_grooten @taviso and
AV is an imperfect solution in an imperfect world, but for almost all users, it provides a net benefit.
1 reply 1 retweet 0 likes -
Replying to @martijn_grooten @stacksmasher and
Stop calling AV imperfect, this is like saying CRC16 is an imperfect cryptographic hash. AV does not provide a net benefit, we've already explained to you the serious problems we face shipping secure software because of Antivirus.
2 replies 1 retweet 4 likes -
Replying to @taviso @stacksmasher and
I said almost all users. We need tell high value targets (journalists, activists etc.) to lock down their devices to the point that AV doesn't provide any benefits (and should be removed). I've been saying that for years.
1 reply 0 retweets 0 likes
In exchange for a trivially bypassable blacklist, it introduces serious vulnerabilities that the industry refuses to take responsibility for. "Well nobody's perfect!", "Those problems are out of our threat model!", I've heard it before and explained why that doesn't cut it.
-
-
Replying to @taviso @stacksmasher and
OK, I just told my parents to remove AV from their PC, because of all the reasons you cited (which, again, are very valid concerns that we're not taking seriously enough). What should they do instead?
3 replies 0 retweets 1 like -
Replying to @martijn_grooten @stacksmasher and
How about your buy your parents a Chromebook Martjin, or Windows 10 S? That's an easy solution, probably cheaper than your Kaspersky subscription and actually good security.
1 reply 0 retweets 1 like - 9 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.