Anyone else living dangerously ?Yep, **** protection.Show Image(http://emoticoner.com/files/emoticons/onion-head/ahaaah-onion-head-emoticon.gif?1292862489)
running Common Sense 2016 Pro
Common sense?
Apparently a few of you haven't seen the latest attack vector for ransomware.
It's not being talked about much outside tech circles, but the latest and most effective form of attack lately has been to infect the source of your downloads. I don't mean someone uploaded a crap copy to someplace like Filehippo, but actually hacking the developers own website. Not only does it make you think the download is safe, but it can also trigger an auto-update, sending an infected copy out to people with good copies. This is happening to legitimate software more and more often as the user allows it to bypass UAC.
Here is an example of one of the more well known attacks.
https://en.wikipedia.org/wiki/Transmission_(BitTorrent_client)#Website_breach
Common sense?
Apparently a few of you haven't seen the latest attack vector for ransomware.
It's not being talked about much outside tech circles, but the latest and most effective form of attack lately has been to infect the source of your downloads. I don't mean someone uploaded a crap copy to someplace like Filehippo, but actually hacking the developers own website. Not only does it make you think the download is safe, but it can also trigger an auto-update, sending an infected copy out to people with good copies. This is happening to legitimate software more and more often as the user allows it to bypass UAC.
Here is an example of one of the more well known attacks.
https://en.wikipedia.org/wiki/Transmission_(BitTorrent_client)#Website_breach
Can you tl;dr your point seems only relavent to bitcoin.
Common sense?
Apparently a few of you haven't seen the latest attack vector for ransomware.
It's not being talked about much outside tech circles, but the latest and most effective form of attack lately has been to infect the source of your downloads. I don't mean someone uploaded a crap copy to someplace like Filehippo, but actually hacking the developers own website. Not only does it make you think the download is safe, but it can also trigger an auto-update, sending an infected copy out to people with good copies. This is happening to legitimate software more and more often as the user allows it to bypass UAC.
Here is an example of one of the more well known attacks.
https://en.wikipedia.org/wiki/Transmission_(BitTorrent_client)#Website_breach
Can you tl;dr your point seems only relavent to bitcoin.
People have breached the Linux Mint download servers on a few occasions. They were able to swap the legit distro ISOs with their own infected ISOs. No redirects. No phony websites.
http://www.pcworld.com/article/3042173/linux/how-linux-mint-is-preventing-future-hacks-and-increasing-security.html (http://www.pcworld.com/article/3042173/linux/how-linux-mint-is-preventing-future-hacks-and-increasing-security.html)
Common sense?
Apparently a few of you haven't seen the latest attack vector for ransomware.
It's not being talked about much outside tech circles, but the latest and most effective form of attack lately has been to infect the source of your downloads. I don't mean someone uploaded a crap copy to someplace like Filehippo, but actually hacking the developers own website. Not only does it make you think the download is safe, but it can also trigger an auto-update, sending an infected copy out to people with good copies. This is happening to legitimate software more and more often as the user allows it to bypass UAC.
Here is an example of one of the more well known attacks.
https://en.wikipedia.org/wiki/Transmission_(BitTorrent_client)#Website_breach
Can you tl;dr your point seems only relavent to bitcoin.
People have breached the Linux Mint download servers on a few occasions. They were able to swap the legit distro ISOs with their own infected ISOs. No redirects. No phony websites.
http://www.pcworld.com/article/3042173/linux/how-linux-mint-is-preventing-future-hacks-and-increasing-security.html (http://www.pcworld.com/article/3042173/linux/how-linux-mint-is-preventing-future-hacks-and-increasing-security.html)
Would an anti virus pick up on that though? Bu that i mean distinguish the regit iso with the fake legit iso?
Tell compromised from legit? No, that's not how AV's work.
It would have to scan inside the ISO (which is a compressed drive image) and spot the ransomware file. Frankly, on Win7 and probably 8, there's little chance of it, even Win10 it would be rare. Not only does it need to scan inside (which may require mounting it), but the AV would also need that ransomware fingerprint on file, which can take weeks.
It's hard enough for AV to spot zero day stuff, it's usually several weeks behind outbreaks (luckily they try and get a copy of it before the public sees it), MS can be months or years behind patching known vulnerabilities. When a vulnerability is found, they often shelve it until someone is found to be exploiting it, especially more complicated ones. It's cheaper, which is why AV updates are more important than OS updates in Windows.
On Linux, OS updates take priority because as soon as a vulnerability is found, someone gets on it and plugs it, usually long before it's exploited. Mac is a different situation due to it's foundations and difficulty to program for, not necessarily because it's more secure, however when a major vulnerability is found Apple does try and get on top of it.
Tell compromised from legit? No, that's not how AV's work.
It would have to scan inside the ISO (which is a compressed drive image) and spot the ransomware file. Frankly, on Win7 and probably 8, there's little chance of it, even Win10 it would be rare. Not only does it need to scan inside (which may require mounting it), but the AV would also need that ransomware fingerprint on file, which can take weeks.
It's hard enough for AV to spot zero day stuff, it's usually several weeks behind outbreaks (luckily they try and get a copy of it before the public sees it), MS can be months or years behind patching known vulnerabilities. When a vulnerability is found, they often shelve it until someone is found to be exploiting it, especially more complicated ones. It's cheaper, which is why AV updates are more important than OS updates in Windows.
On Linux, OS updates take priority because as soon as a vulnerability is found, someone gets on it and plugs it, usually long before it's exploited. Mac is a different situation due to it's foundations and difficulty to program for, not necessarily because it's more secure, however when a major vulnerability is found Apple does try and get on top of it.
So in your original example would that be picked up by an anti virus?It's actually possible, see below for why.
No one at Defcon is being protected by using an AV... I interpret the topic as more about user awareness of vulnerabilities and understanding how to avoid them vs blind trust in an AV to handle everything for the user.Nothing protects you at Def Con, hence people taking disposable PCs.
No one at Defcon is being protected by using an AV... I interpret the topic as more about user awareness of vulnerabilities and understanding how to avoid them vs blind trust in an AV to handle everything for the user.Nothing protects you at Def Con, hence people taking disposable PCs.
We're getting a bit off topic, point is, an AV is pretty much the minimal line of defense you should have if you're going to use Windows on the internet.
No one at Defcon is being protected by using an AV... I interpret the topic as more about user awareness of vulnerabilities and understanding how to avoid them vs blind trust in an AV to handle everything for the user.Nothing protects you at Def Con, hence people taking disposable PCs.
We're getting a bit off topic, point is, an AV is pretty much the minimal line of defense you should have if you're going to use Windows on the internet.
also doesn't help that many of us install hijacked copies of windowz cuz we're p00r..
Should have done the beta program, you got a free copy of Win10, I got mine that way.
Granted, you ended up with Win10 stuck in the beta channel (which is actually more like Alpha) and I'm not sure it's worth the drive space I store it on.
I also know some people who were using questionable copies of 7 and 8 that were "upgraded" to legitimate copies of 10 when the free upgrades were being handed out. Seems the MS upgrade authentication servers were easy to fool.
is windows defender considered an antivirus? LOL
is windows defender considered an antivirus? LOL
I've never used it with Windows 10 Pro but I have used it with Windows 10 Home. It was aight. It seemed to protect me during the time it took to install a 3rd party anti-virus
is windows defender considered an antivirus? LOL
I've never used it with Windows 10 Pro but I have used it with Windows 10 Home. It was aight. It seemed to protect me during the time it took to install a 3rd party anti-virus
Or, if gave you a false sense of security while you installed a third party one.
is windows defender considered an antivirus? LOL
I've never used it with Windows 10 Pro but I have used it with Windows 10 Home. It was aight. It seemed to protect me during the time it took to install a 3rd party anti-virus
Or, if gave you a false sense of security while you installed a third party one.
I was compromised while using anti-virus. I have no sense of security while I'm online. In fact, yesterday I read about an 11-year-old exploit for Linux that allows remote access (read & write). Apparently, the exploit allows circumvention of root password and logging. Wtf. And it's not like I'm weaving in and out of traffic while riding a bicycle. But I'm not switching to El Capitan :cool:. I've read that a lot of people are not exactly pleased about that new bug bounty initiative.
is windows defender considered an antivirus? LOL
I've never used it with Windows 10 Pro but I have used it with Windows 10 Home. It was aight. It seemed to protect me during the time it took to install a 3rd party anti-virus
Or, if gave you a false sense of security while you installed a third party one.
I was compromised while using anti-virus. I have no sense of security while I'm online. In fact, yesterday I read about an 11-year-old exploit for Linux that allows remote access (read & write). Apparently, the exploit allows circumvention of root password and logging. Wtf. And it's not like I'm weaving in and out of traffic while riding a bicycle. But I'm not switching to El Capitan :cool:. I've read that a lot of people are not exactly pleased about that new bug bounty initiative.
Some people do all their online transactions inside a VM, and restore the VM to a pristine state each time they've finished.
I use a Mac as a primary machine at home and work. The work one has El Capitan, the home one has Mavericks.
is windows defender considered an antivirus? LOL
I've never used it with Windows 10 Pro but I have used it with Windows 10 Home. It was aight. It seemed to protect me during the time it took to install a 3rd party anti-virus
Or, if gave you a false sense of security while you installed a third party one.
I was compromised while using anti-virus. I have no sense of security while I'm online. In fact, yesterday I read about an 11-year-old exploit for Linux that allows remote access (read & write). Apparently, the exploit allows circumvention of root password and logging. Wtf. And it's not like I'm weaving in and out of traffic while riding a bicycle. But I'm not switching to El Capitan :cool:. I've read that a lot of people are not exactly pleased about that new bug bounty initiative.
Some people do all their online transactions inside a VM, and restore the VM to a pristine state each time they've finished.
I use a Mac as a primary machine at home and work. The work one has El Capitan, the home one has Mavericks.
I'm not sure about configuring a VM everytime I want to buy something online but I've put some thought into rolling another distro onto a flash drive for that purpose
running Common Sense 2016 ProI'm not running the pro version. Some benefits and should I upgrade?