It is most definitely the internet we have, we can make this work. It doesn't even mean your industry would die, you could just make all the people working on populating blacklists populate whitelists instead. It won't be an easy transition for you though.
-
-
Replying to @taviso @martijn_grooten and
Agreed. I remember when RSA got compromised a few years ago they where running bit9 so the attackers compromised them to get to the target.... now THAT is dedication!
1 reply 0 retweets 0 likes -
Replying to @stacksmasher @martijn_grooten and
That's a good thing, if you have to pull off an impressive attack that Martjin would say is "outside of our threat model", then wonderful! The alternative is just mail a new exe and get a shell, which AV vendors would say "well, nobody's perfect!".
1 reply 0 retweets 0 likes -
Replying to @taviso @stacksmasher and
Hey, there's a difference between "outside your threat model" and "not featuring prominently in your threat model". For most (not all!) users "opening attachments in spam" features more prominently than "nation state leveraging AV vulnerabilities".
1 reply 1 retweet 1 like -
Replying to @martijn_grooten @taviso and
And again, I like a whitelisting based approach. I've recommended iPhones to people who are high value targets for that reason (though I have an Android phone myself). I'm totally fine with more orgs discovering this approach to security.
1 reply 0 retweets 0 likes -
Replying to @martijn_grooten @taviso and
AV is an imperfect solution in an imperfect world, but for almost all users, it provides a net benefit.
1 reply 1 retweet 0 likes -
Replying to @martijn_grooten @stacksmasher and
Stop calling AV imperfect, this is like saying CRC16 is an imperfect cryptographic hash. AV does not provide a net benefit, we've already explained to you the serious problems we face shipping secure software because of Antivirus.
2 replies 1 retweet 4 likes -
Replying to @taviso @stacksmasher and
I said almost all users. We need tell high value targets (journalists, activists etc.) to lock down their devices to the point that AV doesn't provide any benefits (and should be removed). I've been saying that for years.
1 reply 0 retweets 0 likes -
Replying to @martijn_grooten @stacksmasher and
In exchange for a trivially bypassable blacklist, it introduces serious vulnerabilities that the industry refuses to take responsibility for. "Well nobody's perfect!", "Those problems are out of our threat model!", I've heard it before and explained why that doesn't cut it.
1 reply 1 retweet 0 likes -
Replying to @taviso @stacksmasher and
OK, I just told my parents to remove AV from their PC, because of all the reasons you cited (which, again, are very valid concerns that we're not taking seriously enough). What should they do instead?
3 replies 0 retweets 1 like
How about your buy your parents a Chromebook Martjin, or Windows 10 S? That's an easy solution, probably cheaper than your Kaspersky subscription and actually good security.
-
-
Replying to @taviso @stacksmasher and
They're teachers. They sometimes need to download software for school projects that doesn't work on every OS. Also, let's assume they a) use free AV and b) can't afford a new computer.
2 replies 0 retweets 1 like -
Replying to @martijn_grooten @taviso and
Create a backup/reset medium for them. No interaction. Hard code a script that dumps the 2018-02-20 drive image onto the laptop's HDD/SSD. (dd(1), xz(1), secureboot, etc.)
1 reply 0 retweets 0 likes - 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.