lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 23 Jun 2010 21:28:22 +0545
From: Bipin Gautam <bipin.gautam@...il.com>
To: Cor Rosielle <cor@...post24.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: No anti-virus software? No internet connection

Cor ,

Sometimes you need anarchy to spread awareness! Which is primary
priority... Rest are secondary issues.

What next? Government should keep an updated statistic of antivrus
software that can survive the "wild" (well most of the time) and those
softwares that fail to do so at largest occasions. A public, unbiased
statistics should be published about it for the welfare of the
"consumers". Freedom of information act?

The product that fail miserably, throughout the year(s?) should be
declared "unfit for purpose" .......like an expired food which is
harmful for health.

If its a "technological problem" overall, maybe they should move to
application white-listing or something better.......

thanks,
-bipin


On 6/22/10, Cor Rosielle <cor@...post24.com> wrote:
> Believe it or not, I do use anti virus on my Windows machine at home and
> even accept automatic updates (although MacAfee proved this is a serious
> threat). But anti virus is only the second line of defense or the third. The
> first line of defense is to "think before you launch a file". If a file is
> unexpected, then I simply don't trust it. On several occasions this
> prevented virus infection with an up to date AV-scanner (Symantec - I put
> the file in a folder to further explore it after some days and then the
> AV-scanner did recognize the virus). AV software does fail too.
>
> For any home user who doesn't think or doesn't care, AV-software is probably
> a good starting point to give some limited protection for Windows systems.
> But such an home should realize he/she also runs risk when running
> AV-software and might experience a false sense of security. And if they
> don't think or don't care, they should think twice before complaining when
> it turns out bad.
>
> For any home user who do think or do care, AV-software can be a good
> addition to protect Windows systems, but that is not guaranteed. Realize
> that sometimes the cure is worse than the disease and also that malicious
> "anti virus software" does exist. Anti virus is not bad by definition. It is
> neither good by definition.
>
> And I repeat: Tom has a point that end-users must take some responsibility
> for their own computer. I just regret politicians make a lot of fuzz about
> legislation that only helps a bit in some cases and invite civilians to lean
> backward and believe they are secure because they have followed the rules.
>
> Cor
>
>> -----Original Message-----
>> From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-
>> disclosure-bounces@...ts.grok.org.uk] On Behalf Of Tom Grace
>> Sent: dinsdag 22 juni 2010 11:29
>> To: full-disclosure@...ts.grok.org.uk
>> Subject: Re: [Full-disclosure] No anti-virus software? No internet
>> connection
>>
>> What would you advise a typical home user do to stay virus/trojan/other
>> shit free ? Working on the assumption that they can't tell the
>> difference (and really, shouldn't have to) between dangerous and safe
>> files.
>> AV software is pretty lacking, and the best advice I can think to give
>> users is that "everyone on the Internet is out to get you"
>>
>> Tom
>>
>> On 06/22/2010 10:11 AM, Cor Rosielle wrote:
>> > Brilliant thinking. Let's install anti virus and increase the
>> computers
>> > attack surface without further thinking. That must be safe because
>> > politicians tell us to do so. And we all know that politicians always
>> tell
>> > the truth and happen to know a lot about PC's an security.
>> >
>> > Sigh. Tom has a point that end-users must take some responsibility
>> for their
>> > own computer, but that doesn't mean that anti virus is the one and
>> only
>> > solution. But if you think anti virus is the silver bullet to make
>> this
>> > world saver, then dream your dreams and I'll dream mine.
>> >
>> > Cor
>> >
>> >
>> >
>> > From: full-disclosure-bounces@...ts.grok.org.uk
>> > [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of
>> Christian
>> > Sciberras
>> > Sent: dinsdag 22 juni 2010 10:56
>> > To: Tom Grace
>> > Cc: full-disclosure@...ts.grok.org.uk
>> > Subject: Re: [Full-disclosure] No anti-virus software? No internet
>> > connection
>> >
>> > I completely agree with Tom. A good fraction of all vulns out there
>> rely on
>> > the user taking the wrong action, and it's way common (just face the
>> truth).
>> >
>> > How many people install cracked OSes? I was once incredulous that a
>> person
>> > willingly installed a virus because he claimed it was harmless (while
>> the
>> > anti-virus shouted "trojan").
>> >
>> > Sometimes I get to fix people's computers. I'm always amazed by the
>> amount
>> > of crap I get in contact with.  Hundreds of browser toolbars,
>> antiviruses,
>> > shareware, adware, trials, torrent clients, media players etc.
>> > That not counting the local IT shops which format PCs replacing
>> (typically)
>> > Windows OS with a cracked one.
>> >
>> >
>> >
>> > On Tue, Jun 22, 2010 at 9:42 AM, Tom
>> Grace<tom@...thbycomputers.co.uk>
>> > wrote:
>> > In a way having a requirement that end-users take some responsibility
>> > for their own computer is a good thing.
>> > Similar to prosecuting people for fraud if they fall for one of the
>> cash
>> > scams.
>> >
>> > On 06/22/2010 05:37 AM, Ivan . wrote:
>> >> yep, your tax $$$ at work....
>> >>
>> >> Don't forget there Internet filter as well.. With these rocket
>> >> scientist running the show, what's there to worry about
>> >>
>> >>
>> >
>> http://blogs.news.com.au/techblog/index.php/news/comments/finally_there
>> s_pro
>> > tection_against_spams_and_scams
>> >>
>> >> On Tue, Jun 22, 2010 at 2:32 PM, Jubei Trippataka
>> >> <vpn.1.fanatic@...il.com>    wrote:
>> >>> They had a committee working on this for a year and that's the best
>> they
>> >>> could come up with? HAHAHAHA.
>> >>>
>> >>> Belinda Neal - With idiots like you and your colleagues tackling
>> this
>> > issue,
>> >>> tax payers deserve to burn you at the stake. BTW... are you really
>> a
>> > du0d?
>> >>>
>> >>> --
>> >>> ciao
>> >>>
>> >>> JT
>> >>>
>> >>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ