That's a good thing, if you have to pull off an impressive attack that Martjin would say is "outside of our threat model", then wonderful! The alternative is just mail a new exe and get a shell, which AV vendors would say "well, nobody's perfect!".
-
-
Replying to @taviso @stacksmasher and
Hey, there's a difference between "outside your threat model" and "not featuring prominently in your threat model". For most (not all!) users "opening attachments in spam" features more prominently than "nation state leveraging AV vulnerabilities".
1 reply 1 retweet 1 like -
Replying to @martijn_grooten @taviso and
And again, I like a whitelisting based approach. I've recommended iPhones to people who are high value targets for that reason (though I have an Android phone myself). I'm totally fine with more orgs discovering this approach to security.
1 reply 0 retweets 0 likes -
Replying to @martijn_grooten @taviso and
AV is an imperfect solution in an imperfect world, but for almost all users, it provides a net benefit.
1 reply 1 retweet 0 likes -
Replying to @martijn_grooten @stacksmasher and
Stop calling AV imperfect, this is like saying CRC16 is an imperfect cryptographic hash. AV does not provide a net benefit, we've already explained to you the serious problems we face shipping secure software because of Antivirus.
2 replies 1 retweet 4 likes -
Replying to @taviso @stacksmasher and
I said almost all users. We need tell high value targets (journalists, activists etc.) to lock down their devices to the point that AV doesn't provide any benefits (and should be removed). I've been saying that for years.
1 reply 0 retweets 0 likes -
Replying to @martijn_grooten @stacksmasher and
In exchange for a trivially bypassable blacklist, it introduces serious vulnerabilities that the industry refuses to take responsibility for. "Well nobody's perfect!", "Those problems are out of our threat model!", I've heard it before and explained why that doesn't cut it.
1 reply 1 retweet 0 likes -
Replying to @taviso @stacksmasher and
OK, I just told my parents to remove AV from their PC, because of all the reasons you cited (which, again, are very valid concerns that we're not taking seriously enough). What should they do instead?
3 replies 0 retweets 1 like -
Replying to @martijn_grooten @stacksmasher and
How about your buy your parents a Chromebook Martjin, or Windows 10 S? That's an easy solution, probably cheaper than your Kaspersky subscription and actually good security.
1 reply 0 retweets 1 like -
Replying to @taviso @stacksmasher and
They're teachers. They sometimes need to download software for school projects that doesn't work on every OS. Also, let's assume they a) use free AV and b) can't afford a new computer.
2 replies 0 retweets 1 like
Chromebooks are huge in education, it's their biggest market. You should have said she works in industrial design and needs Autocad v3 on MS-DOS.
-
-
Replying to @taviso @stacksmasher and
Heh. Well she moonlights there as well.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.