Anti-Virus Software is like Adult Diapers

[darwinist]

edgewalker wrote:
[...]

Nevertheless, vulnerable software is vulnerable software. I am not one
to argue against your underlying point - it is a fact that most of today's
malware is fairly easy to avoid. Most of today's malware is not viral,
and it is the virus that makes AV necessary.

That's because the internet is essentially a virus-proof technology at
this point. Its users on the other hand....

The exploit based malware
threat is (as you indicate) mitigated by minimizing the exposure time of
whatever vulnerabilities you do have - i.e. prompt patches and overall
more secure software (this is - not MSware). Computer viruses (real
computer viruses) have nothing to do with software that is vulnerable
to exploit code. They are programs that execute with the authority of
a program that you execute. They attach themselves to existing code
areas.

Few people know how to write real viruses anymore, it's mostly
high-level scripting which can be contained by a decent interpreter.

If they appear as a new program (email attachment for instance)
then you can as easily avoid them as any other trojan, but if one attaches
itself to a program you trust (or is implicity trusted by the system) then
AV would become a necessary avoidance tool.

Viruses can betray trust - they can even infect a program you yourself
wrote and trust.

Look I'm not idealist. If you've got a virus by all means get rid of
it. If there's a genuine danger of getting one no matter what you do
then get the latest scanner, but you just don't get viruses by accident
these days, or at least almost never. There is no file type or software
need that exposes you to the risk unless you are doing something very
obscure and even then it's probably just because there aren't enough
people in the field to tell you that you're doing it wrong.

 

[* * Chas]

[snip]
and who should i trust? microsoft? they've accidentally distributed
malware in the past... nobody's infallible, not even trusted sources...

Remember, MS distributed the first macro viruses!

Me thinks we have created a home grown troll on this topic. The horse is
dead, it's time to stop feeding him!

Chas.

 

[edgewalker]

edgewalker wrote:
[...]

Nevertheless, vulnerable software is vulnerable software. I am not one
to argue against your underlying point - it is a fact that most of today's
malware is fairly easy to avoid. Most of today's malware is not viral,
and it is the virus that makes AV necessary.

That's because the internet is essentially a virus-proof technology at
this point. Its users on the other hand....

The internet has nothing to do with viruses except it just so happens that
it provides a popular transportation mechanism between devices.

Few people know how to write real viruses anymore, it's mostly
high-level scripting which can be contained by a decent interpreter.

Have you ever seen a sandbox where *all* the sand stayed within?

Look I'm not idealist. If you've got a virus by all means get rid of
it.

I've only got good viruses , and I want to keep them for awhile.

If there's a genuine danger of getting one no matter what you do
then get the latest scanner, but you just don't get viruses by accident
these days, or at least almost never.

People make it so easy to for malware writers that they don't *need* to
write viruses to get them to execute their malware. You shouldn't judge
the idea of AV scanners by their uselessness in the face of "safe hex".
Digital promiscuity is the norm, and AV has evolved (or devolved) into
what it is today because of it (and to some extent has caused it by being
the enabler of bad behavior).

Forget the diapers - it is more a parallel of contraception. Contraception
is good for birth control, but if it promotes promiscuity then it is the enabler
of behavior that gives bandwidth to STDs. Then the (AV) contraceptive
manufacturer decides to add new mechanisms to combat the STD problem
- which seems a good idea on its face - but looking back you see the (AV)
has enhanced its own market here.

There is no file type or software
need that exposes you to the risk unless you are doing something very
obscure and even then it's probably just because there aren't enough
people in the field to tell you that you're doing it wrong.

Yes, except for the virus there is no need for AV (they must have thought
of this when they named it "antivirus").

 

[Colon Terminus]

Oh yeah,

And look down the muzzle of your gun to determine if it is loaded.

 

[darwinist]

kurt wismer wrote:
darwinist wrote:
kurt wismer wrote:
darwinist wrote:

[snip]
and who should i trust? microsoft? they've accidentally distributed
malware in the past... nobody's infallible, not even trusted sources...

Remember, MS distributed the first macro viruses!

Me thinks we have created a home grown troll on this topic. The horse is
dead, it's time to stop feeding him!

Yeah I'm sick of this thread too, but I can't stop arguing.

I think I've made my point, use whatever practices and tools you think
work best, but don't rely on software to understand security for you,
and don't think you can get away without understanding security if
you've got good enough software.

I've avoided malware through a combination of safe file-types (eg no
video file should be an .exe), trusted sources, open-source software
and an exclusive (white-list) firewall. I don't like the way anti-virus
can slow down a system, (even sending emails) but there's nothing
inherently wrong with it, it's not as easy to control a computer as
your arsehole, so there's no real shame in AV software, it's not quite
as extreme as adult diapers, but it is, almost entirely unnecessary.

 

[Raid]

All those users who have had vulnerable versions of Sun Java who were
subsequently infected iwth the Vundo trojand and/or Virtuomunde adware
will disagree with you.

Indeed. I'd disagree as well, based on the number of infections machines
that were on my bench this week. I was able to harvest some decent samples
tho, so I can't complain too much.

That's just one piece of software and I'll tell you it accounts for
many malware infections !

Yep.. so true



--
Regards,
Dustin
Sites I find interesting:
http://www.boycottriaa.com
http://p2pnet.net

 

[Raid]

Bull - all that tells you is that the checksum number that you get is
the same as the one that the site tells you to expect.... if the site
bundles malware and then does the checksum run, you're stuffed!
possible for two totally different files to have the same checksum,
and it's also possible for a malicious site to run the checksum after
bundling malware.

A collision it's known as I think?



--
Regards,
Dustin
Sites I find interesting:
http://www.boycottriaa.com
http://p2pnet.net

 

[Raid]

Being bad software is not the same as being a virus, plus you are
confusing viruses with exploit based malware.Viruses don't need
vulnerabilities to work, they only require normal functionality. You
admitted to your use of Thunderbird as a browser after declaring
that all one has to do is not use vulnerable software while even
Thunderbird has had vulnerabilities (you break your own rule).

If you don't have the means to detect viruses, then you are vulnerable
to them if you take in and execute executables (including mobile code
such as Java which may be tranparent).

I use IE w/no ActiveX, scripting, Java, or Flash animation (I set them
all to prompt).

You forgot about Ajax.. I was reading an article about it in
informationweekly; Interesting environment.


--
Regards,
Dustin
Sites I find interesting:
http://www.boycottriaa.com
http://p2pnet.net

 

[Raid]

Unlike, say, a text-email or an mp3, your default attitude to
executables should not just be to take anything from anyone and try it
out in case you like it. Instead you should whitelist from the start.

A certain version of winamp had a bug, if you created the correct metatag
information, winamp would execute code you had stashed at the back of the
mp3. Sure, it would still play, but the code would run too. Don't get me
wrong, I love mp3s... but, don't assume they're magically safe. It
really depends on your player.


--
Regards,
Dustin
Sites I find interesting:
http://www.boycottriaa.com
http://p2pnet.net

 

[Raid]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



(Who'da thunk?! Our boy, Davy!)

I won't be able to send you a new pic of Bug, he passed away on the 16th.

--
Regards,
Dustin
Sites I find interesting:
http://www.boycottriaa.com
http://p2pnet.net

 

[David H. Lipman]

From: "Raid" <[email protected]>

| ||
| Indeed. I'd disagree as well, based on the number of infections machines
| that were on my bench this week. I was able to harvest some decent samples
| tho, so I can't complain too much.
||
| Yep.. so true
|

Dustin ?
RAID ?

You are confusing my puny brain. I thought you wanted to get away from being RAID na dthe
VXer days and now be Dustin the BugHunter Cook. Also are now going to STOP using Google and
use XNews ?

Anyway...

Go to; alt.binaries.comp.virus
Look for ther post entitled "A Hijacking Problem"
The graphics in this post are ALL generated by the Vundo Trojan/Virtuomunde Adware.

Note the Domain posted in the URL of the graphic Image1.jpg

 

[David H. Lipman]

From: "Colon Terminus" <[email protected]>

|
| Oh yeah,
|
| And look down the muzzle of your gun to determine if it is loaded.
|


Yeah baby !!!

 

[kurt wismer]

You forgot about Ajax.. I was reading an article about it in
informationweekly; Interesting environment.

i believe ajax falls under "scripting" since the programming component
of it is javascript...

 

[darwinist]

A certain version of winamp had a bug, if you created the correct metatag
information, winamp would execute code you had stashed at the back of the
mp3. Sure, it would still play, but the code would run too. Don't get me
wrong, I love mp3s... but, don't assume they're magically safe. It
really depends on your player.

Agreed. An mp3 does not need to be executed, and should not be, so any
player that allows it, like winamp, has a bug not a feature, but it
does happen.

Microsoft tried to make web-pages executable, at the highest level, as
a feature. Bloody morons. I'm just glad none of their formats or
applications besides internet explorer have become defacto standards on
the web (and ie has been retreating lately). The only good standard
they have invented is the xmlhttprequest() as used in so-called "ajax".
It's really just like an iframe without the gui, and fairly innocuous.

 

[Laura Fredericks]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I won't be able to send you a new pic of Bug, he passed away
on the 16th.

:-( Sorry to hear your friend is gone. But if you have a
favorite pic of him, I'd love to see it.

Even though Junior's been in Kitty Heaven for 9 1/2 years, I
think about her all the time. I sometimes forget she's gone,
and when I open my front door when I come home I think she'll
be there to greet me. :-( She even sometimes make an appearance
in my dreams...
http://www.queenofcyberspace.com/
(Scroll down to "Tribute", and then to the 2nd poem,
"Pinkerton".)

My thoughts are with you. (((Raid)))

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBRKH9rKRseRzHUwOaEQLbhgCg7QTLRLR5ysa4t+1jgQunZGQbGqYAoKRC
KZ5QqOrp1MBGiJKjdcw7yOaj
=vNG8
-----END PGP SIGNATURE-----

--
Laura Fredericks
4Q's "wicked evil bitch of satire, parody, humor and trollism"

PGP key ID - DH/DSS 2048/1024: 0xC753039A

alt.comp.virus photo gallery:
http://www.queenofcyberspace.com/acvgallery/

usenet flamewars:
http://www.queenofcyberspace.com/usenet/

Remove CLOTHES to reply.

 

[Dustin Cook]

You are confusing my puny brain. I thought you wanted to get away
from being RAID na dthe VXer days and now be Dustin the BugHunter
Cook. Also are now going to STOP using Google and use XNews ?

Woops. I was messing around with Xnews configuration. Sorry

Anyway...

Go to; alt.binaries.comp.virus
Look for ther post entitled "A Hijacking Problem"
The graphics in this post are ALL generated by the Vundo
Trojan/Virtuomunde Adware.

Yep. I've seen some of these on infected clients.

Note the Domain posted in the URL of the graphic Image1.jpg

So noted.




--
Regards,
Dustin
Sites I find interesting:
http://www.boycottriaa.com
http://p2pnet.net

 

[Dustin Cook]

i believe ajax falls under "scripting" since the programming component
of it is javascript...

You would be correct, I suspect. It's 3am, I'm too tired to go and check.



--
Regards,
Dustin
Sites I find interesting:
http://www.boycottriaa.com
http://p2pnet.net

 

[Dustin Cook]

Agreed. An mp3 does not need to be executed, and should not be, so any
player that allows it, like winamp, has a bug not a feature, but it
does happen.

This is true. The mp3 itself isn't to blame of course, the player is due to
a bug in handling meta data. Where have we seen this problem before?
Windows media player.

Microsoft tried to make web-pages executable, at the highest level, as
a feature. Bloody morons. I'm just glad none of their formats or
applications besides internet explorer have become defacto standards
on the web (and ie has been retreating lately). The only good standard
they have invented is the xmlhttprequest() as used in so-called
"ajax". It's really just like an iframe without the gui, and fairly
innocuous.

I know I read someplace about how dangerous Ajax is... I'll see if I can't
find it.


--
Regards,
Dustin
Sites I find interesting:
http://www.boycottriaa.com
http://p2pnet.net

 

[darwinist]

This is true. The mp3 itself isn't to blame of course, the player is due to
a bug in handling meta data. Where have we seen this problem before?
Windows media player.

Another good reason not to use closed-source software if an alternative
is available.

I know I read someplace about how dangerous Ajax is... I'll see if I can't
find it.

Please do, it seems to me that it just loads the source of a url
without rendering it on the screen. This means that you can use that
url as a function call and the resulting page as a plain text response,
without interrupting the current gui with the server-call.