Norton to buy/merge with Avast

[Bombastinator]

6 minutes ago, Quinnell said:

Are you saying that companies would field armies and crap if they couldn't just buy competitors?  lol you have to be screwing with me.

They have in the past before the system.  Have to go back a bit because the system is as old as america, but it happened. Arguably what caused the American revolution in the first place.  In india the various Indian governments finally figured stuff out and sent assassins to britian to take out major shareholders in the east india company.  Why wouldn’t it happen again? 

[Quinnell]

Just now, Bombastinator said:

They have in the past before the system.  Have to go back a bit because the system is as old as america, but it happened. Arguably what caused the American revolution in the first place.  Why wouldn’t it happen again? 

Pretty sure non-government entities in the US are not allowed to field private armies, for one.  Two, the US fields the largest standing military in the world; I'd imagine any shenanigans would be shut down quick.

[Bombastinator]

9 minutes ago, Quinnell said:

Pretty sure non-government entities in the US are not allowed to field private armies, for one.  Two, the US fields the largest standing military in the world; I'd imagine any shenanigans would be shut down quick.

And it stops them how? Remember black water?  How is that not a private army? A private mercenary army no less so it wasn’t just a creation it was filling a market niche.  This is a niche similar, though not the same as, the one filled by the Pinkerton detective agency (which never seems to have quite actually folded) though they tended to smaller more covert stuff.

Edited August 11, 2021 by Bombastinator

[poochyena]

6 hours ago, RejZoR said:

"Common sense" is the biggest bullshit argument I kept hearing over and over and apparently it still hasn't died yet. Common sense is just small part of whole protection because no one can check file reputation or inspect its actual code with "common sense". That's like expecting everyone who drives a car to graduate in mechanical and electrical engineering. The same way people who use computers just don't have the knowledge to utilize "common sense". The rest of us who know stuff are such tiny minority we're not even a blip on a global radar.

yep, especially since trusted websites can be hacked and injected with virus.

[Bombastinator]

1 minute ago, poochyena said:

yep, especially since trusted websites can be hacked and injected with virus.

Just read an article about how cyberwarfare is just warfare on another front.  

[StDragon]

4 hours ago, Kisai said:

These products often conflate the danger of a tracking cookie with a RAT.

Right. It was a sales tactic in attempt to let the subscriber see value in the product along the lines of "See what we protected you against, and how often. Buying this software was a wise decision". In actuality it was disingenuous if not outright fraudulent.

[Bombastinator]

4 hours ago, poochyena said:

yep, especially since trusted websites can be hacked and injected with virus.

I think it’s a misinterpreted argument.  Another way to put it is “without basic common sense not even these products will save you.  Nothing can” So common sense is “bigger” in that it’s a more critical requirement.   Doesn’t mean it can necessarily be used instead

[TempestCatto]

I love Avast. It has never let me down, ever. I know it's gotten a bit weird over the years, but you can turn all the junk shit off in the settings. All of the weird sites I've ever visited, links I've clicked on, things I've downloaded. All knowing damn well it wasn't safe, just to try and get something for free. Avast never let any bad shit get through. It has yet to let me down. It's why I've been a loyal customer since forever. It puts a pit in my stomach to see such a shitball company buying out my beloved one. With that, I must stop my renewing subscription and switch to BlackBerry's Cyclance.

 

End of an era, sad

[Kisai]

10 hours ago, StDragon said:

"Drive-by downloads" occurs more often than you know. For example, ad server market runs on razor thin profit margins. So the servers used to host them are done on the cheap. That means very little administrative oversite to patch and maintain them. It's THOSE servers (ad servers) that often get hacked. So what ends up happening is when an ad rotates into view within a banner, it's actually a malware site or malicious code that will attempt to load in that browser session.

 

Eh, not quite. 

 

The problem is the software is hard to maintain. OpenX (Now Revive) is notoriously awful, and while it got some relatively good fixes since becoming Revive, the original product, allowed for a lot of arbitrary injection. One of my clients even had one legacy ad server compromised once, and ever since, three layers of authentication became mandatory to access it. Updating OpenX/Revive requires making a backup of the entire thing, logs and all, and that can take days.

 

 

10 hours ago, StDragon said:

Other vectors include malicious URLs in e-mail and macros within Excel or Word files. If they don't contain ransomware code, they'll usually just contain a link to a phishing site. Example: "Enter O365 credentials to download your file (invoice)". And that's how user credentials are captured and the account taken over on the backend by the hacker. It's also why it's exceedingly important to have 2FA/MFA enabled on such accounts to prevent them from being hijacked.

 

This is another example where "convenience" features end up being backdoors. 2FA/MFA can save you, but only if you're aware of what you're doing, and most oauth stuff obfuscates what it's actually doing.

 

Like for example, this site, linustechtips.com I logged in primarily via twitter, how long ago? I don't remember. But it stays logged in. Now let's say someone posted a malicious link in the forum, I clicked on it, and it then used the oauth connection to twitter to then hijack twitter.  Both LTT and Twitter can't do anything about that unless you 2FA both.

 

Which then you get pestered to 2FA every time you visit any site, making the oauth worthless.

 

I'll give a direct example here, So I recently added 2FA to one of my finance apps, this broke the connection to one of the tools I used to log the transactions.

 

Likewise, the connection was broken to one of the banks for a whole... two years or so because the bank decided not to support it, but I didn't disconnect it. Eventually 2 years alter, it started working once it got past the 2FA.

[leadeater]

19 hours ago, Fasauceome said:

Yeah but I can't install common sense for my clients unfortunately

 

Unless they're offering that at the same place where I can download ram

msiexec.exe /i commonsense.msi /qn

[jagdtigger]

17 hours ago, WolframaticAlpha said:

OK, so tell me, how the heck you are going to get a virus, if you are downloading from legit sources

Legit site got infected/malvertising/ad has malware that tries to exploit vulnerabilities/etc......

 

Noscript and adblock is amost have nowadays, if a site complains about them i just leabe.

[leadeater]

17 hours ago, WolframaticAlpha said:

Also can you educate me, how does an antivirus mitigate zero days, which are, by definition: "deriving from or relating to a previously unknown vulnerability to attack in some software.". How will they be able to search for that?

Behavior monitoring during install and running of the application and not allowing it to make changes it shouldn't be doing. Malware might not have a current known and distributed signature however you can detect if something is malicious and block it, submit the signature and then if enough samples are received automatic entry and distribution of the signature is done and then everyone with the AV software will have the signature and block before execution.

 

At some point, hopefully soon, all software installs will be done sandboxed and then staged for actual commit to the system so a straight revert of any and all changed can be done if found to be malicious. This can be done without complete major changes to how Windows installs and treats software, because the better approach is for all software to be installed and always run in an isolated sandbox but that's a much bigger change. We might maybe seen moved towards this with Windows 11 in later feature builds.

[jagdtigger]

39 minutes ago, leadeater said:

the better approach is for all software to be installed and always run in an isolated sandbox

I dont think thats going to happen. R=1 users will freak out from anything that is more complicated than a wooden wedge and always seeking the quick and easy way out (disabled UAC, grant every permission on android, etc). If MS suddenly introduces this in win11 the already minuscule adoption going to plummet like a brick dummy...

[leadeater]

9 minutes ago, jagdtigger said:

I dont think thats going to happen. R=1 users will freak out from anything that is more complicated than a wooden wedge and always seeking the quick and easy way out (disabled UAC, grant every permission on android, etc)

Users wouldn't have any clue, you can already use 3rd party sandbox tools and the actual application usage doesn't change at all. If Windows installer is just native sandboxing then you'd have no idea.

[jagdtigger]

37 minutes ago, leadeater said:

Users wouldn't have any clue, you can already use 3rd party sandbox tools and the actual application usage doesn't change at all. If Windows installer is just native sandboxing then you'd have no idea.

They would have an idea when the program cannot access their files.... Yeah we could allow every sandbox to access user files but whats the point then? And if you make it so that the user have move files into folders where the program can access them that wont fly well either.

[leadeater]

15 minutes ago, jagdtigger said:

They would have an idea when the program cannot access their files.... Yeah we could allow every sandbox to access user files but whats the point then? And if you make it so that the user have move files into folders where the program can access them that wont fly well either.

You don't really need to isolate sandbox applications from user files, you can have protected and unprotected areas of a filesystem and you can disallow code execution of any kind in both directions.

 

I think you are just looking from problems, one's that don't really exist.

 

It's been a very long time since I've used it but I think this is the ones I tried a really long time ago, https://sandboxie-plus.com/, maybe give it a go.

 

There's also Windows Sandbox feature already, just never used it though, https://techcommunity.microsoft.com/t5/windows-kernel-internals/windows-sandbox/ba-p/301849. It's also not a general user-friendly thing either.

[captain_to_fire]

1 hour ago, leadeater said:

At some point, hopefully soon, all software installs will be done sandboxed and then staged for actual commit to the system so a straight revert of any and all changed can be done if found to be malicious. This can be done without complete major changes to how Windows installs and treats software, because the better approach is for all software to be installed and always run in an isolated sandbox but that's a much bigger change. We might maybe seen moved towards this with Windows 11 in later feature builds.

Microsoft tried that with UWP apps starting with Windows 8 to 10. UWP apps run inside an AppContainer sandbox which should reduce attack surface combined with other mitigations such as ASLR. But since very few devs adopted UWP. Microsoft tried to change that with Windows 10x with an app container which should be compatible with Win32, UWP and PWA. https://medius.studios.ms/Embed/video-nc/365DevDay-Peter-Torr

 

 

Apple on the other hand required all apps submitted to the Mac App Store to be sandboxed way back in Mac OS X Lion. Nowadays, macOS Catalina and later require that apps requiring full access to the storage must show permissions in System Preferences kinda like how iOS does permissions on third party apps.

[RejZoR]

1 hour ago, leadeater said:

Users wouldn't have any clue, you can already use 3rd party sandbox tools and the actual application usage doesn't change at all. If Windows installer is just native sandboxing then you'd have no idea.

Until dumb DRM drivers of games start shitting themselves. Been there, seen that back during transition from Win9x to WinNT (XP). I can just see bunch of stuff will break and no one will ever patch those games officially.

[jagdtigger]

7 minutes ago, leadeater said:

I think you are just looking from problems, one's that don't really exist.

Not really, im just looking at from an r=1 user perspective. What do you expect from ppl who cant do basic stuff like keeping files off of the OS partition and store them on a different one dedicated for data in case windows decides to bork itself? Give them just one option to get lazy and you can bet your bottom dollar on that they will use that option.... They do not care about security, quite the contrary. They hate it because it is inconvenient for them.

[Kisai]

7 hours ago, leadeater said:

Users wouldn't have any clue, you can already use 3rd party sandbox tools and the actual application usage doesn't change at all. If Windows installer is just native sandboxing then you'd have no idea.

Not the case. Sandboxing software imposes a large penalty to UI interaction. Yes you can sandbox background applications or commandline tools, but the second you try to sandbox a java application with a UI, the UI performs insanely poor.

 

It won't be true for all applications, but sandboxing on a desktop is intended to "test if something will harm the machine" and that's usually by running it, closing it, and then checking everything it tried to touch. The same sandboxing software will also let you run "trial" software perpetually since it will reveal what the countdown clock is (usually a registry key)

 

[StDragon]

18 minutes ago, Kisai said:

Not the case. Sandboxing software imposes a large penalty to UI interaction. Yes you can sandbox background applications or commandline tools, but the second you try to sandbox a java application with a UI, the UI performs insanely poor.

 

That depends on how the software is sandboxed. Per Apple, all 3rd party apps on iOS are sandboxed, yet all apps run snappy. If I recall, iOS interacts with the UI via a scheduler (high frequency, low latency polling) as a way to abstract UI interaction from the rest of the sandboxed code. Please correct if I'm in error.

In the case of MS Edge being sandboxed via Microsoft Defender Application Guard, it's basically an instance that runs within a VM under Hyper-V. But by default GUI performance is impacted as you've correctly stated. However under Application Guard settings, you can allow more direct GPU access to the VM instance for smoother video playback and more responsive UI. The hypothetical risk in doing so is that if your GPU drivers have a security bug, an exploit could break free from the sandboxed instance; so it's important to keep those drivers up to date.

[FakeATF]

Weading this makes my bwain huwt

On 8/11/2021 at 5:42 AM, RejZoR said:

"Common sense" is the biggest bullshit argument I kept hearing over and over and apparently it still hasn't died yet. Common sense is just small part of whole protection because no one can check file reputation or inspect its actual code with "common sense". That's like expecting everyone who drives a car to graduate in mechanical and electrical engineering. The same way people who use computers just don't have the knowledge to utilize "common sense". The rest of us who know stuff are such tiny minority we're not even a blip on a global radar.

 

Yes. 

 

Though this shouldn't be taken as "Don't use common sense, it won't help." You should absolutely use common sense when doing anything, though you shouldn't rely on it exclusively. For some, common sense isn't all that common, and even then even the most well informed and knowledgeable people make mistakes.

 

Maybe we should make a cyber security tips thread.

[Kisai]

1 hour ago, StDragon said:

That depends on how the software is sandboxed. Per Apple, all 3rd party apps on iOS are sandboxed, yet all apps run snappy. If I recall, iOS interacts with the UI via a scheduler (high frequency, low latency polling) as a way to abstract UI interaction from the rest of the sandboxed code. Please correct if I'm in error.

In the case of MS Edge being sandboxed via Microsoft Defender Application Guard, it's basically an instance that runs within a VM under Hyper-V. But by default GUI performance is impacted as you've correctly stated. However under Application Guard settings, you can allow more direct GPU access to the VM instance for smoother video playback and more responsive UI. The hypothetical risk in doing so is that if your GPU drivers have a security bug, an exploit could break free from the sandboxed instance; so it's important to keep those drivers up to date.

I've literately run Java programs in sandboxes on Windows, and they perform like they were on 10 generations older hardware. Who knows exactly why. I mainly resort to the sandbox option when I download something I don't trust, or uses a runtime I don't trust (eg flash, java, WASM/nw.js/electron/Cordova/CEF), If the application doesn't invoke the GPU directly (eg OpenGL/DirectX) then usually it's fine.

 

 

[Bombastinator]

16 minutes ago, Kisai said:

I've literately run Java programs in sandboxes on Windows, and they perform like they were on 10 generations older hardware. Who knows exactly why. I mainly resort to the sandbox option when I download something I don't trust, or uses a runtime I don't trust (eg flash, java, WASM/nw.js/electron/Cordova/CEF), If the application doesn't invoke the GPU directly (eg OpenGL/DirectX) then usually it's fine.

 

 

“Who knows”?  Probably someone.