Microsoft and Google attempting to kill off Flash

[jagdtigger]

21 minutes ago, aerandir92 said:

That you know about

Did you even bother to read my posts?

9 hours ago, jagdtigger said:

I periodically check my PC with bootable AV's besides my installed one... If there is an infection those will find it. I scanned with them my PC last month, nothing as usual...

 

[ThreePinkApples]

33 minutes ago, jagdtigger said:

Did you even bother to read my posts?

 

It's mostly a joke that a teacher at the university I attended liked to use when talking about security, but it is also true in a way. 
You can never actually know if you're not infected. You can be sure that you have no detectible infections, but you can still have undetectable ones. 

[jagdtigger]

1 minute ago, aerandir92 said:

It's mostly a joke that a teacher at the university I attended liked to use when talking about security, but it is also true in a way. 
You can never actually know if you're not infected. You can be sure that you have no detectible infections, but you can still have undetectable ones. 

Well if i were infected they would try to use my passwords to login into my mail and etc. All of the important stuff is using 2 level auth, usually in form of a code sent in SMS onto my mobile . Plus my network switch is at a pretty visible spot so i can notice if some device is acting funny in terms of network activity .

[Colonel_Gerdauf]

11 hours ago, jagdtigger said:

Nope, i only download from trusted sources. Plus im using portable programs with very few exceptions and disabled the auto update in the ones that have it, so the risk is even lower... I have PC for 10+ years but i never had an infection .

Good god, please tell me you are joking!

 

"portable applications" and "trusted sources" mean absolutely nothing in terms of cyber security. Server-side breaches are a thing; how are you going to tell that a file you download from a "trusted source" (which alone is highly subjective and questionable) has not been replaced by an infected "updated" copy? If they can replace files, they certainly can change the text for the original checksum on the pages, so that excuse is throw out the window. However, IF the files were hosted on a cloud infrastructure, then the infected files will be purged almost instantly (pay attention @Trik'Stari), but unless the files were hosted by Microsoft or Google themselves, there is no way to ensure that without blind trust. Sandboxing is a nice idea in theory, but it can really only protect you from so much; the programs are still going to make system calls and file indexing in the main operating system through the portal.

 

I have seen this flawed argument so many times from people that somehow believe that running a computer without some sort of AV or AM system in place is smart or a L33T thing to do. In reality, this act is foolish, very short-sighed, and very childish. I cannot stress this final point enough, as it nullifies your main argument, but when you "only download from trusted sources", it actually makes you much more susceptible to social engineering than you realize or are willing to admit.

[captain_to_fire]

11 hours ago, Nicholatian said:

Yeah, by and large the notion that updates entail better security is bullshit.

I'm pretty sure that Windows 10 Pro 64-bit is more secure than Windows XP and Windows 7 combined. Like how macOS Sierra is more secure than OS X Tiger, and like how Google Chrome 52 is more secure than Google Chrome 5. Android 7.0 Nougat is not only better, it's more secure than Android 2.3 Gingerbread. Obviously, HTML5 video and CSS3 animations not only takes fewer system resources, they're more secure than Flash video and animations.

 

So yeah, over the air updates make the system more secure.

 

6 hours ago, apm said:

i dont know how many times i heard that someone broke out of the chrome sandbox over the last few years.

No one is claiming that sandboxing makes the Chrome browser immune to hacks. It only makes it more difficult to craft a successful exploit because with sandboxing enabled, it will take more than a single vulnerability to hack a machine since the privileges of the browser is lowered, it can't make system calls easily.

 

http://www.forbes.com/sites/firewall/2010/03/26/googles-chrome-leaves-another-hackathon-unscathed/#757f3d61e3bc

[Trik'Stari]

3 hours ago, Colonel_Gerdauf said:

Good god, please tell me you are joking!

 

"portable applications" and "trusted sources" mean absolutely nothing in terms of cyber security. Server-side breaches are a thing; how are you going to tell that a file you download from a "trusted source" (which alone is highly subjective and questionable) has not been replaced by an infected "updated" copy? If they can replace files, they certainly can change the text for the original checksum on the pages, so that excuse is throw out the window. However, IF the files were hosted on a cloud infrastructure, then the infected files will be purged almost instantly (pay attention @Trik'Stari), but unless the files were hosted by Microsoft or Google themselves, there is no way to ensure that without blind trust. Sandboxing is a nice idea in theory, but it can really only protect you from so much; the programs are still going to make system calls and file indexing in the main operating system through the portal.

 

I have seen this flawed argument so many times from people that somehow believe that running a computer without some sort of AV or AM system in place is smart or a L33T thing to do. In reality, this act is foolish, very short-sighed, and very childish. I cannot stress this final point enough, as it nullifies your main argument, but when you "only download from trusted sources", it actually makes you much more susceptible to social engineering than you realize or are willing to admit.

I'm not sure why I was quoted/mentioned here. Am very drunk, been enjoying some Dyling Light in 5760x1080.

 

I do agree with what you are saying. Applying files/updates/whatever "only from trusted sources" can make you susceptible to social engineering. Which is why I usually wait for quite a while before applying any and all updates. Let other, more prepared people do so, and if a few weeks or a month or two go by with no issues, then apply the update (making a backup right before) and see what happens.

 

Why are we discussing the basics of cyber security? Seriously. This shit is common sense to anyone who has security in mind. Especially with concerns to M$'s recent bullshit that is slowly becoming well known for breaking things, both on the end-user side and the enterprise side of things. M$ is has become less and less transparent, so the only real option is to let others get fucked first, and benefit from their mishaps.

[Colonel_Gerdauf]

1 hour ago, Trik'Stari said:

I'm not sure why I was quoted/mentioned here.

I mentioned you for this sentence in particular:

4 hours ago, Colonel_Gerdauf said:

However, IF the files were hosted on a cloud infrastructure, then the infected files will be purged almost instantly (pay attention @Trik'Stari), but unless the files were hosted by Microsoft or Google themselves, there is no way to ensure that without blind trust.

You were going on about how one day someone will infect the Microsoft update servers, and this is my way of telling you that it simply is not going to do anything EVEN IF such operation is successful. If it was a smaller or more localized company, then you do have a point about vectors of attack.

 

1 hour ago, Trik'Stari said:

I do agree with what you are saying. Applying files/updates/whatever "only from trusted sources" can make you susceptible to social engineering. Which is why I usually wait for quite a while before applying any and all updates. Let other, more prepared people do so, and if a few weeks or a month or two go by with no issues, then apply the update (making a backup right before) and see what happens.

There are two parts to this; bugs (which is the user's sole discretion; we cannot judge them for how they want to handle updates in this sense), and externally planted malware (which can catch even the most cautions and patient people by surprise). Internally planted "malware" gets into a whole mess of subjectivity, and is something else altogether.

 

1 hour ago, Trik'Stari said:

Why are we discussing the basics of cyber security? Seriously. This shit is common sense to anyone who has security in mind.

Ask the people who equate anti-virus and anti-malware to that whole "vaccine=autism" nonsense. Some people have the odd idea in the computer world that being less secure makes you more secure "if you just train your brain".

[Trik'Stari]

8 minutes ago, Colonel_Gerdauf said:

I mentioned you for this sentence in particular:

You were going on about how one day someone will infect the Microsoft update servers, and this is my way of telling you that it simply is not going to do anything EVEN IF such operation is successful. If it was a smaller or more localized company, then you do have a point about vectors of attack.

 

There are two parts to this; bugs (which is the user's sole discretion; we cannot judge them for how they want to handle updates in this sense), and externally planted malware (which can catch even the most cautions and patient people by surprise). Internally planted "malware" gets into a whole mess of subjectivity, and is something else altogether.

 

Ask the people who equate anti-virus and anti-malware to that whole "vaccine=autism" nonsense. Some people have the odd idea in the computer world that being less secure makes you more secure "if you just train your brain".

I have anti-virus and anti-malware. I wait a good while before applying updates (although I haven't updated Windows in quite some time)

 

Bugs are always an issue, and will always be an issue.