I really don't have enough expletives for this. I have used paid Avast products on personal devices for a very, very long time, as they've been consistently effective in AV testing. Admittedly,...
I really don't have enough expletives for this.
I have used paid Avast products on personal devices for a very, very long time, as they've been consistently effective in AV testing. Admittedly, that use came with a high enough index of suspicion that I never installed the browser "safety" plugin, and carefully combed through any permissions for "diagnostic" information.
Edit: Spending a bit of time now uninstalling Avast and installing Bitdefender.
Per the article, free Avast users are having their personal data harvested by the antivirus engine even if they don't opt-in to the browser plugin. This is so invasive that, to my mind, it justifies a perma-ban on all Avast products. Modern anti-virus/anti-malware products require permission to circumvent system component trust so that they can intercept and scan calls at the driver level, potentially including encryption module drivers. There's little or nothing the kernel does that AV software can't intercept.
It's infuriating that Kaspersky AV could be banned in the U.S. as a national security threat, but Avast has been doing this under the radar.
Before the usual tangent erupts, let me state that Linux users do have virus and malware problems. It's just that there isn't enough Linux desktop market penetration to justify as many consumer AV products for them.
The in-the-know security crowd recommends people stay away from antivirus products these days and instead focus more on keeping their devices up to date. Antivirus software seems to cause more...
Exemplary
The in-the-know security crowd recommends people stay away from antivirus products these days and instead focus more on keeping their devices up to date. Antivirus software seems to cause more problems than it solves.
Thanks for pointing this out. I've been aware of the issues for a while, but appropriately managing my own computers on a regular basis just slipped down the priority list. I updated regularly,...
Thanks for pointing this out. I've been aware of the issues for a while, but appropriately managing my own computers on a regular basis just slipped down the priority list. I updated regularly, but it seemed like there was always another 0-day and AV had to be better than nothing. :-/
It was also a situation where corporate rules required AV on all computers on the network, including personal ones connecting via VPN or Citrix (which has its own issues these days).
Honestly, as long as you're not an idiot, Microsoft's built in antimalware protection is probably more than enough. Windows isn't nearly the security disaster it was back in the days of XP.
Honestly, as long as you're not an idiot, Microsoft's built in antimalware protection is probably more than enough. Windows isn't nearly the security disaster it was back in the days of XP.
I’d say you should always have an Adblocker as well. Something to block JavaScript it good, but you just have to always keep it in mind because it will break a lot of pages, so I wouldn’t...
I’d say you should always have an Adblocker as well. Something to block JavaScript it good, but you just have to always keep it in mind because it will break a lot of pages, so I wouldn’t recommend it to everyone
I jumped whey they kept advertising services after paying for premium. Did some research, and I consistently found the only issue with Defender was that it throws up false positives too often....
I jumped whey they kept advertising services after paying for premium. Did some research, and I consistently found the only issue with Defender was that it throws up false positives too often. Having dealt with that in Avast, it was a trade I was willing to make.
Wladimir Palant has done a lot of security research related to Avast, and posted a related article today as well: Avast's broken data anonymization approach
No way. A company you pay to rootkit your machine does that, and then siphons information off to be sold. Kinda like the scorpion and fox, crossing the river.
No way. A company you pay to rootkit your machine does that, and then siphons information off to be sold.
Kinda like the scorpion and fox, crossing the river.
"Technically illiterate" is a very unhelpful epithet in this context, and I wish people who have technical skills of some sort wouldn't engage in this kind of victim-blaming. If you went to a...
"Technically illiterate" is a very unhelpful epithet in this context, and I wish people who have technical skills of some sort wouldn't engage in this kind of victim-blaming.
If you went to a doctor, they probably wouldn't sneer at you for lack of epidemiology and infection control knowledge if you came down with 'flu; they might advise you to get vaccinated in future. They wouldn't expect you to become a doctor yourself to keep from getting sick; it's part of the basic exchange of specialized knowledge that keeps a complex society operating.
Over the years, I've had to reverse-engineer malware, administer corporate patch management, mail systems, and firewalls, and try to train people in "secure" habits. There are so many ways vulnerabilities arise, not all of which are attributable to user behavior and knowledge.
There's always going to be a valued application which still depends on an outdated Java or browser or even OS version that isn't being patched. (The FSF Windows 7 discussion is appropriate in this context.)
In larger environments, there's always an open network share somewhere where permissions have been opened for a badly written package that can't handle cross-platform authentication. There's always an e-mail filter misconfiguration that lets some malicious attachments through. There's always a user who was so focused on doing their job that they didn't spend half an hour contacting support to verify the validity of that very authentic-seeming malicious message.
There's always a user who installed an innocuous-seeming browser coupon plugin that suddenly starts downloading malware after years of harmless use. There's always the 0-day attack spread by an XSS implant on a legitimate website.
The point of AV software isn't just to protect people from their own ignorant clicking and surfing behavior. It's to minimize damage as one layer of defense-in-depth (regardless of how competent users think they are) in an environment where everything, down to the hardware and networking protocol levels, has potential compromises. There are very skilled, motivated malicious actors probing for weaknesses; this is a classic evolutionary arms race.
For Windows users, I've seen current advice that Windows Defender is adequate for signature and behavior-based detection/blocking. My experience has been, and some AV testers confirm, that other products are a little more effective, especially against mail attachment threats. There's also advice that Defender plus a dedicated anti-malware product (e.g. Malwarebytes) is effective.
As to other environments, I've mainly been a casual user for the last few years and can't comment on state-of-the-art recommendations.
Antivirus software rootkits your machine, to intercept system calls. They are rootkits. So, you know all of your data is being shipped to the cloud? Ssh keys in memory, private keys for certs,...
Antivirus software rootkits your machine, to intercept system calls.
They are rootkits.
So, you know all of your data is being shipped to the cloud? Ssh keys in memory, private keys for certs, password databases, etc etc.
That makes it better?
Oh, and Experian is PCI compliant, SOC2, GDPR compliant too. They leaked.
I don't trust any rootkit on my machine. Even if the next gen root kit uses less local processing than prev gen root kits.
Eh, I define it as any software that circumvents standard security controls built into your OS, and installs itself in between user space and the kernel, in order to inspect what the user is...
I think you define the scope of a rootkit much broader than most would - but I'll leave that as it is.
Eh, I define it as any software that circumvents standard security controls built into your OS, and installs itself in between user space and the kernel, in order to inspect what the user is doing.
I think that's a bog standard of a definition.
You know they don't actually ship everything off to the cloud right? The data passed to the cloud is what it requires to work (binaries written, binaries run, registry changes, dns requests, IP addresses, etc) - it amounts to a few MB per day at most.
That you know of. You cannot actually see what they are shipping off, like with Avast, we now learn they were shipping off your data, and you never knew prior.
Experian's bread and butter isn't threat hunting, incident response, etc though is it? Though the reason I brought up accreditation was to contrast with Avast which as far as I can see make no such claim.
You brought up certain standards that such and such NGAV vendor complies with. Experian complies with those same standards.
Then don't - my initial comment clearly wasn't aimed at your use case.
That's fine it's not aimed at my use case. The problem is: It shouldn't be anyone's "use case" to ship your data off to the cloud, where you have control over it.
The point is, end users are still expected to be far more knowledgeable about defense than they should have to be for the most basic uses of computing tools. Malicious e-mail attachments, mail...
The point is, end users are still expected to be far more knowledgeable about defense than they should have to be for the most basic uses of computing tools. Malicious e-mail attachments, mail sender spoofing, software signing certificate forgery, and a number of other evil tactics should be much harder to accomplish and less common than they are. Part of it is complacency; for instance, Intel knew about disturbance errors in the 1970's, and was warned about the possibility of Rowhammer-type exploits in 2012, but they're still being mitigated now.
There's plenty of discussion lately about poor software craftsmanship, let alone engineering, and the factors which encourage this to continue.
There are multiple mechanisms of zero-day exploit blocking in current antivirus products, usually based on malware behavior detection and hardening the most commonly attacked system operations. The Enterprise version of Windows Defender, Advanced Threat Protection has some of these features (it basically incorporates the older EMET hardening toolkit), but other products incorporate this in consumer versions, such as Bitdefender, Kaspersky, and Malwarebytes.
Having worked in an organization that used a couple of different versions of enterprise endpoint security and whitelist-only tools (e.g. CarbonBlack), I can say that they're definitely better than Defender alone on an organization-wide scale, and probably required if you have to carry breach insurance. They will be a PITA to manage, and probably ding productivity a bit on false positives and support overhead when legitimate software installations take place.
Most AV is crap. If you’re on Windows, stick with Defender. The rest does more harm than good. I spent two years just working on undoing the crap they do to Firefox processes. Chrome devs have...
Most AV is crap. If you’re on Windows, stick with Defender. The rest does more harm than good.
I spent two years just working on undoing the crap they do to Firefox processes. Chrome devs have similar problems.
I really don't have enough expletives for this.
I have used paid Avast products on personal devices for a very, very long time, as they've been consistently effective in AV testing. Admittedly, that use came with a high enough index of suspicion that I never installed the browser "safety" plugin, and carefully combed through any permissions for "diagnostic" information.
Edit: Spending a bit of time now uninstalling Avast and installing Bitdefender.
Per the article, free Avast users are having their personal data harvested by the antivirus engine even if they don't opt-in to the browser plugin. This is so invasive that, to my mind, it justifies a perma-ban on all Avast products. Modern anti-virus/anti-malware products require permission to circumvent system component trust so that they can intercept and scan calls at the driver level, potentially including encryption module drivers. There's little or nothing the kernel does that AV software can't intercept.
It's infuriating that Kaspersky AV could be banned in the U.S. as a national security threat, but Avast has been doing this under the radar.
Before the usual tangent erupts, let me state that Linux users do have virus and malware problems. It's just that there isn't enough Linux desktop market penetration to justify as many consumer AV products for them.
The in-the-know security crowd recommends people stay away from antivirus products these days and instead focus more on keeping their devices up to date. Antivirus software seems to cause more problems than it solves.
Techsolidarity's advice for congressional campaigns specifically recommends uninstalling antivirus products, because it "is like putting a hole in your stomach to monitor for food poisoning".
There have also been reports of exploits using the hooks that AV systems put into the OS to achieve privilege escalation or sandbox escape.
Thanks for pointing this out. I've been aware of the issues for a while, but appropriately managing my own computers on a regular basis just slipped down the priority list. I updated regularly, but it seemed like there was always another 0-day and AV had to be better than nothing. :-/
It was also a situation where corporate rules required AV on all computers on the network, including personal ones connecting via VPN or Citrix (which has its own issues these days).
Honestly, as long as you're not an idiot, Microsoft's built in antimalware protection is probably more than enough. Windows isn't nearly the security disaster it was back in the days of XP.
I’d say you should always have an Adblocker as well. Something to block JavaScript it good, but you just have to always keep it in mind because it will break a lot of pages, so I wouldn’t recommend it to everyone
I jumped whey they kept advertising services after paying for premium. Did some research, and I consistently found the only issue with Defender was that it throws up false positives too often. Having dealt with that in Avast, it was a trade I was willing to make.
Wladimir Palant has done a lot of security research related to Avast, and posted a related article today as well: Avast's broken data anonymization approach
No way. A company you pay to rootkit your machine does that, and then siphons information off to be sold.
Kinda like the scorpion and fox, crossing the river.
"Technically illiterate" is a very unhelpful epithet in this context, and I wish people who have technical skills of some sort wouldn't engage in this kind of victim-blaming.
If you went to a doctor, they probably wouldn't sneer at you for lack of epidemiology and infection control knowledge if you came down with 'flu; they might advise you to get vaccinated in future. They wouldn't expect you to become a doctor yourself to keep from getting sick; it's part of the basic exchange of specialized knowledge that keeps a complex society operating.
Over the years, I've had to reverse-engineer malware, administer corporate patch management, mail systems, and firewalls, and try to train people in "secure" habits. There are so many ways vulnerabilities arise, not all of which are attributable to user behavior and knowledge.
There's always going to be a valued application which still depends on an outdated Java or browser or even OS version that isn't being patched. (The FSF Windows 7 discussion is appropriate in this context.)
In larger environments, there's always an open network share somewhere where permissions have been opened for a badly written package that can't handle cross-platform authentication. There's always an e-mail filter misconfiguration that lets some malicious attachments through. There's always a user who was so focused on doing their job that they didn't spend half an hour contacting support to verify the validity of that very authentic-seeming malicious message.
There's always a user who installed an innocuous-seeming browser coupon plugin that suddenly starts downloading malware after years of harmless use. There's always the 0-day attack spread by an XSS implant on a legitimate website.
The point of AV software isn't just to protect people from their own ignorant clicking and surfing behavior. It's to minimize damage as one layer of defense-in-depth (regardless of how competent users think they are) in an environment where everything, down to the hardware and networking protocol levels, has potential compromises. There are very skilled, motivated malicious actors probing for weaknesses; this is a classic evolutionary arms race.
For Windows users, I've seen current advice that Windows Defender is adequate for signature and behavior-based detection/blocking. My experience has been, and some AV testers confirm, that other products are a little more effective, especially against mail attachment threats. There's also advice that Defender plus a dedicated anti-malware product (e.g. Malwarebytes) is effective.
As to other environments, I've mainly been a casual user for the last few years and can't comment on state-of-the-art recommendations.
You do understand that "Next Gen AV" is really a root kit that ships your RAM contens off to the cloud, right?
I'm not really sure how that is better?
Antivirus software rootkits your machine, to intercept system calls.
They are rootkits.
So, you know all of your data is being shipped to the cloud? Ssh keys in memory, private keys for certs, password databases, etc etc.
That makes it better?
Oh, and Experian is PCI compliant, SOC2, GDPR compliant too. They leaked.
I don't trust any rootkit on my machine. Even if the next gen root kit uses less local processing than prev gen root kits.
Eh, I define it as any software that circumvents standard security controls built into your OS, and installs itself in between user space and the kernel, in order to inspect what the user is doing.
I think that's a bog standard of a definition.
That you know of. You cannot actually see what they are shipping off, like with Avast, we now learn they were shipping off your data, and you never knew prior.
You brought up certain standards that such and such NGAV vendor complies with. Experian complies with those same standards.
That's fine it's not aimed at my use case. The problem is: It shouldn't be anyone's "use case" to ship your data off to the cloud, where you have control over it.
The point is, end users are still expected to be far more knowledgeable about defense than they should have to be for the most basic uses of computing tools. Malicious e-mail attachments, mail sender spoofing, software signing certificate forgery, and a number of other evil tactics should be much harder to accomplish and less common than they are. Part of it is complacency; for instance, Intel knew about disturbance errors in the 1970's, and was warned about the possibility of Rowhammer-type exploits in 2012, but they're still being mitigated now.
There's plenty of discussion lately about poor software craftsmanship, let alone engineering, and the factors which encourage this to continue.
There are multiple mechanisms of zero-day exploit blocking in current antivirus products, usually based on malware behavior detection and hardening the most commonly attacked system operations. The Enterprise version of Windows Defender, Advanced Threat Protection has some of these features (it basically incorporates the older EMET hardening toolkit), but other products incorporate this in consumer versions, such as Bitdefender, Kaspersky, and Malwarebytes.
Having worked in an organization that used a couple of different versions of enterprise endpoint security and whitelist-only tools (e.g. CarbonBlack), I can say that they're definitely better than Defender alone on an organization-wide scale, and probably required if you have to carry breach insurance. They will be a PITA to manage, and probably ding productivity a bit on false positives and support overhead when legitimate software installations take place.
Most AV is crap. If you’re on Windows, stick with Defender. The rest does more harm than good.
I spent two years just working on undoing the crap they do to Firefox processes. Chrome devs have similar problems.