Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-24 Thread Cor Rosielle
...snip...
 The product that fail miserably, throughout the year(s?) should be
 declared unfit for purpose ...like an expired food which is
 harmful for health.

Basically it is an interesting thought. I see a challenge though. Is 3
failures per year miserable? Or should we raise the limit to 10? Or lower it
to 1? You get the point. The criteria to determine if a product fails
miserably is not a fact, but a decision.
Comparing it with expired food: I throw away food before the expiration date
because I can see the fungus on it and decide it is not safe to eat it. On
the other hand I consume food way after the expiration date because it is
perfectly fine food. This error margin is caused by the statistics behind
the expiration date: be on the safe side and prefer the chance to throw away
good food than the chance to accept bad food.

 If its a technological problem overall, maybe they should move to
 application white-listing or something better...

Sure, awareness and thinking is better. But some people don't think and than
technological measures is about all the protection they really have.

 thanks,
 -bipin

Cor

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-24 Thread Cor Rosielle
I recognize that. You'll learn fast to turn off your anti virus software
when you want to use cain, netcat and a lot more. The anti virus software
doesn't only protect you against attacks, but it also prevent you to
attack others.

Cor

 -Original Message-
 From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-
 disclosure-boun...@lists.grok.org.uk] On Behalf Of Jan Schejbal
 Sent: woensdag 23 juni 2010 19:24
 To: full-disclosure@lists.grok.org.uk
 Subject: Re: [Full-disclosure] No anti-virus software? No internet
 connection
 
 Am 22.06.2010 17:16, schrieb Paul Schmehl:
  Yes, you should use antivirus software if you're running windows
 
 Nope. For regular users clicking every link and using firefox and
 office
 and nothing else, maybe. But for somewhat experienced people with a
 large toolset on the machine: NO! Approximately once a month I had to
 persuade the AV vendor that they REALLY need to check if some tool is a
 false positive. It always was. The most annoying part was when the MS
 malware removal tool had a false-positive and deleted without asking.
 
 It would be interesting to compare the damage actually avoided by virus
 scanners to the damages and costs they cause (including false-positives
 wiping out system files, the hassle with updates/deployment and the
 cost
 of the products).
 
 Gruß
 Jan
 
 --
 
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-24 Thread Walter van Holst
On Thu, June 24, 2010 09:42, Cor Rosielle wrote:
 ...snip...
 The product that fail miserably, throughout the year(s?) should be
 declared unfit for purpose ...like an expired food which is
 harmful for health.

 Basically it is an interesting thought. I see a challenge though. Is 3
 failures per year miserable? Or should we raise the limit to 10? Or
 lower it
 to 1? You get the point. The criteria to determine if a product fails

The answer to that kind of question is quite often related to the
industry average. For example no more failures than one standard
deviation below the industry average.

Regards,

 Walter

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-24 Thread Valdis . Kletnieks
On Thu, 24 Jun 2010 09:47:01 +0200, Walter van Holst said:

 The answer to that kind of question is quite often related to the
 industry average. For example no more failures than one standard
 deviation below the industry average.

Ahh.. but that doesn't really help either.  Consider that not all failures
are created equal.  Should a failure to detect some unknown basically harmless
strain that's only been seen on 4 machines in Zimbabwe count the same as
failing to notice that a machine is still infected with Code Red or something
that's virulent and malicious and on a very large current burn?  Do you even
care it didn't detect the Zimbabwe strain your machine has never been
exposed to?

For that matter, do you really want to create a situation where the various
A/V companies now have an *incentive* to make sure their competitors don't
detect something (either by failing to share data, or resorting to having
malware custom-crafted)?  The only reason the whole A/V industry manages
to keep up safe at all is because they're in general cooperating.  If each
one had to do all the research themselves, the prices would go up and quality
would go down.




pgpvwd5dZHPMu.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-24 Thread Walter van Holst
On Thu, June 24, 2010 11:08, valdis.kletni...@vt.edu wrote:

 The answer to that kind of question is quite often related to the
 industry average. For example no more failures than one standard
 deviation below the industry average.

 Ahh.. but that doesn't really help either.  Consider that not all
 failures
 are created equal.  Should a failure to detect some unknown basically
 harmless
 strain that's only been seen on 4 machines in Zimbabwe count the same
 as
 failing to notice that a machine is still infected with Code Red or
 something
 that's virulent and malicious and on a very large current burn?  Do
 you even
 care it didn't detect the Zimbabwe strain your machine has never been
 exposed to?

Of course any way of measuring it will be fundamentally flawed in
certain ways. There is always that pesky 80/20 or 90/10 rule. And you
can of course figure out a way of correcting for corner cases, but
that will only create additional corner cases. That's what makes
lawyering on product liability a craft at best and usually some form
of black magic.

 For that matter, do you really want to create a situation where the
 various
 A/V companies now have an *incentive* to make sure their competitors
 don't
 detect something (either by failing to share data, or resorting to
 having
 malware custom-crafted)?  The only reason the whole A/V industry

And yes, there may very well be unintended consequences. Nonetheless,
I feel the era of complete exoneration from product liability is
coming to an end for packaged software. Especially in the security
industry. It is just a matter of an 'unsafe at any speed' moment
occurring and there will be legislation, however braindead such
legislation may be from an engineering viewpoint.

Call me a pessimist, but we've been putting way too much critical
stuff on internet connected systems while at the same neglecting basic
hygiene at every level not to have some disaster to happen. It isn't
so much a question of if but when that will happen.

Regards,

 Walter

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-24 Thread T Biehn
I wonder if someone writes down all that pseudo-intellectual philosophical
bullshit that is so carefully crafted by FD members (myself included)?
Maybe I should:
???
Profit

-Travis

On Thu, Jun 24, 2010 at 5:45 AM, Walter van Holst 
walter.van.ho...@xs4all.nl wrote:

 On Thu, June 24, 2010 11:08, valdis.kletni...@vt.edu wrote:

  The answer to that kind of question is quite often related to the
  industry average. For example no more failures than one standard
  deviation below the industry average.
 
  Ahh.. but that doesn't really help either.  Consider that not all
  failures
  are created equal.  Should a failure to detect some unknown basically
  harmless
  strain that's only been seen on 4 machines in Zimbabwe count the same
  as
  failing to notice that a machine is still infected with Code Red or
  something
  that's virulent and malicious and on a very large current burn?  Do
  you even
  care it didn't detect the Zimbabwe strain your machine has never been
  exposed to?

 Of course any way of measuring it will be fundamentally flawed in
 certain ways. There is always that pesky 80/20 or 90/10 rule. And you
 can of course figure out a way of correcting for corner cases, but
 that will only create additional corner cases. That's what makes
 lawyering on product liability a craft at best and usually some form
 of black magic.

  For that matter, do you really want to create a situation where the
  various
  A/V companies now have an *incentive* to make sure their competitors
  don't
  detect something (either by failing to share data, or resorting to
  having
  malware custom-crafted)?  The only reason the whole A/V industry

 And yes, there may very well be unintended consequences. Nonetheless,
 I feel the era of complete exoneration from product liability is
 coming to an end for packaged software. Especially in the security
 industry. It is just a matter of an 'unsafe at any speed' moment
 occurring and there will be legislation, however braindead such
 legislation may be from an engineering viewpoint.

 Call me a pessimist, but we've been putting way too much critical
 stuff on internet connected systems while at the same neglecting basic
 hygiene at every level not to have some disaster to happen. It isn't
 so much a question of if but when that will happen.

 Regards,

  Walter

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/




-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehnop=indexfingerprint=on
http://pastebin.com/f6fd606da
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-24 Thread lsi
On 23 Jun 2010 at 19:23, Jan Schejbal wrote:

 It would be interesting to compare the damage actually avoided by virus
 scanners to the damages and costs they cause (including false-positives
 wiping out system files, the hassle with updates/deployment and the cost
 of the products).

The mathematical relationship between this total cost of ownership 
and malware mutation rates will be particularly interesting.  I 
suspect that TCO is proportional to malware numbers, and as malware 
is mutating at 243% per year, +/- error, that would imply that TCO is 
rising by the proportionate amount, purely due to malware mutation.

This in addition to the numerous other aspects of certain desktop 
platforms, also known to inflate TCO.

The solution?  Dump the platform.  That, or hitch your budget to an 
exponential curve.

Stu

---
Stuart Udall
stuart a...@cyberdelix.dot net - http://www.cyberdelix.net/

--- 
 * Origin: lsi: revolution through evolution (192:168/0.2)

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-24 Thread Vulnski LaRock
Ok, so let them make it mandatory.

Everyone will just run Fake AV.
Business as usual.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-23 Thread Bipin Gautam
Cor ,

Sometimes you need anarchy to spread awareness! Which is primary
priority... Rest are secondary issues.

What next? Government should keep an updated statistic of antivrus
software that can survive the wild (well most of the time) and those
softwares that fail to do so at largest occasions. A public, unbiased
statistics should be published about it for the welfare of the
consumers. Freedom of information act?

The product that fail miserably, throughout the year(s?) should be
declared unfit for purpose ...like an expired food which is
harmful for health.

If its a technological problem overall, maybe they should move to
application white-listing or something better...

thanks,
-bipin


On 6/22/10, Cor Rosielle c...@outpost24.com wrote:
 Believe it or not, I do use anti virus on my Windows machine at home and
 even accept automatic updates (although MacAfee proved this is a serious
 threat). But anti virus is only the second line of defense or the third. The
 first line of defense is to think before you launch a file. If a file is
 unexpected, then I simply don't trust it. On several occasions this
 prevented virus infection with an up to date AV-scanner (Symantec - I put
 the file in a folder to further explore it after some days and then the
 AV-scanner did recognize the virus). AV software does fail too.

 For any home user who doesn't think or doesn't care, AV-software is probably
 a good starting point to give some limited protection for Windows systems.
 But such an home should realize he/she also runs risk when running
 AV-software and might experience a false sense of security. And if they
 don't think or don't care, they should think twice before complaining when
 it turns out bad.

 For any home user who do think or do care, AV-software can be a good
 addition to protect Windows systems, but that is not guaranteed. Realize
 that sometimes the cure is worse than the disease and also that malicious
 anti virus software does exist. Anti virus is not bad by definition. It is
 neither good by definition.

 And I repeat: Tom has a point that end-users must take some responsibility
 for their own computer. I just regret politicians make a lot of fuzz about
 legislation that only helps a bit in some cases and invite civilians to lean
 backward and believe they are secure because they have followed the rules.

 Cor

 -Original Message-
 From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-
 disclosure-boun...@lists.grok.org.uk] On Behalf Of Tom Grace
 Sent: dinsdag 22 juni 2010 11:29
 To: full-disclosure@lists.grok.org.uk
 Subject: Re: [Full-disclosure] No anti-virus software? No internet
 connection

 What would you advise a typical home user do to stay virus/trojan/other
 shit free ? Working on the assumption that they can't tell the
 difference (and really, shouldn't have to) between dangerous and safe
 files.
 AV software is pretty lacking, and the best advice I can think to give
 users is that everyone on the Internet is out to get you

 Tom

 On 06/22/2010 10:11 AM, Cor Rosielle wrote:
  Brilliant thinking. Let's install anti virus and increase the
 computers
  attack surface without further thinking. That must be safe because
  politicians tell us to do so. And we all know that politicians always
 tell
  the truth and happen to know a lot about PC's an security.
 
  Sigh. Tom has a point that end-users must take some responsibility
 for their
  own computer, but that doesn't mean that anti virus is the one and
 only
  solution. But if you think anti virus is the silver bullet to make
 this
  world saver, then dream your dreams and I'll dream mine.
 
  Cor
 
 
 
  From: full-disclosure-boun...@lists.grok.org.uk
  [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of
 Christian
  Sciberras
  Sent: dinsdag 22 juni 2010 10:56
  To: Tom Grace
  Cc: full-disclosure@lists.grok.org.uk
  Subject: Re: [Full-disclosure] No anti-virus software? No internet
  connection
 
  I completely agree with Tom. A good fraction of all vulns out there
 rely on
  the user taking the wrong action, and it's way common (just face the
 truth).
 
  How many people install cracked OSes? I was once incredulous that a
 person
  willingly installed a virus because he claimed it was harmless (while
 the
  anti-virus shouted trojan).
 
  Sometimes I get to fix people's computers. I'm always amazed by the
 amount
  of crap I get in contact with.  Hundreds of browser toolbars,
 antiviruses,
  shareware, adware, trials, torrent clients, media players etc.
  That not counting the local IT shops which format PCs replacing
 (typically)
  Windows OS with a cracked one.
 
 
 
  On Tue, Jun 22, 2010 at 9:42 AM, Tom
 Gracet...@deathbycomputers.co.uk
  wrote:
  In a way having a requirement that end-users take some responsibility
  for their own computer is a good thing.
  Similar to prosecuting people for fraud if they fall for one of the
 cash
  scams.
 
  On 06/22/2010 05:37 AM, Ivan . wrote:
  yep

Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-23 Thread Jan Schejbal
Am 22.06.2010 17:16, schrieb Paul Schmehl:
 Yes, you should use antivirus software if you're running windows

Nope. For regular users clicking every link and using firefox and office
and nothing else, maybe. But for somewhat experienced people with a
large toolset on the machine: NO! Approximately once a month I had to
persuade the AV vendor that they REALLY need to check if some tool is a
false positive. It always was. The most annoying part was when the MS
malware removal tool had a false-positive and deleted without asking.

It would be interesting to compare the damage actually avoided by virus
scanners to the damages and costs they cause (including false-positives
wiping out system files, the hassle with updates/deployment and the cost
of the products).

Gruß
Jan

-- 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-22 Thread Tom Grace
In a way having a requirement that end-users take some responsibility 
for their own computer is a good thing.
Similar to prosecuting people for fraud if they fall for one of the cash 
scams.

On 06/22/2010 05:37 AM, Ivan . wrote:
 yep, your tax $$$ at work

 Don't forget there Internet filter as well.. With these rocket
 scientist running the show, what's there to worry about

 http://blogs.news.com.au/techblog/index.php/news/comments/finally_theres_protection_against_spams_and_scams

 On Tue, Jun 22, 2010 at 2:32 PM, Jubei Trippataka
 vpn.1.fana...@gmail.com  wrote:
 They had a committee working on this for a year and that's the best they
 could come up with? HAHAHAHA.

 Belinda Neal - With idiots like you and your colleagues tackling this issue,
 tax payers deserve to burn you at the stake. BTW... are you really a du0d?

 --
 ciao

 JT


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-22 Thread Christian Sciberras
I completely agree with Tom. A good fraction of all vulns out there rely on
the user taking the wrong action, and it's way common (just face the truth).

How many people install cracked OSes? I was once incredulous that a person
willingly installed a virus because he claimed it was harmless (while the
anti-virus shouted trojan).

Sometimes I get to fix people's computers. I'm always amazed by the amount
of crap I get in contact with.  Hundreds of browser toolbars, antiviruses,
shareware, adware, trials, torrent clients, media players etc.
That not counting the local IT shops which format PCs replacing (typically)
Windows OS with a cracked one.




On Tue, Jun 22, 2010 at 9:42 AM, Tom Grace t...@deathbycomputers.co.ukwrote:

 In a way having a requirement that end-users take some responsibility
 for their own computer is a good thing.
 Similar to prosecuting people for fraud if they fall for one of the cash
 scams.

 On 06/22/2010 05:37 AM, Ivan . wrote:
  yep, your tax $$$ at work
 
  Don't forget there Internet filter as well.. With these rocket
  scientist running the show, what's there to worry about
 
 
 http://blogs.news.com.au/techblog/index.php/news/comments/finally_theres_protection_against_spams_and_scams
 
  On Tue, Jun 22, 2010 at 2:32 PM, Jubei Trippataka
  vpn.1.fana...@gmail.com  wrote:
  They had a committee working on this for a year and that's the best they
  could come up with? HAHAHAHA.
 
  Belinda Neal - With idiots like you and your colleagues tackling this
 issue,
  tax payers deserve to burn you at the stake. BTW... are you really a
 du0d?
 
  --
  ciao
 
  JT
 
 
  ___
  Full-Disclosure - We believe in it.
  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
  Hosted and sponsored by Secunia - http://secunia.com/

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-22 Thread Cor Rosielle
Brilliant thinking. Let’s install anti virus and increase the computers
attack surface without further thinking. That must be safe because
politicians tell us to do so. And we all know that politicians always tell
the truth and happen to know a lot about PC’s an security.

Sigh. Tom has a point that end-users must take some responsibility for their
own computer, but that doesn't mean that anti virus is the one and only
solution. But if you think anti virus is the silver bullet to make this
world saver, then dream your dreams and I'll dream mine.

Cor


 
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Christian
Sciberras
Sent: dinsdag 22 juni 2010 10:56
To: Tom Grace
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] No anti-virus software? No internet
connection

I completely agree with Tom. A good fraction of all vulns out there rely on
the user taking the wrong action, and it's way common (just face the truth).

How many people install cracked OSes? I was once incredulous that a person
willingly installed a virus because he claimed it was harmless (while the
anti-virus shouted trojan).

Sometimes I get to fix people's computers. I'm always amazed by the amount
of crap I get in contact with.  Hundreds of browser toolbars, antiviruses,
shareware, adware, trials, torrent clients, media players etc.
That not counting the local IT shops which format PCs replacing (typically)
Windows OS with a cracked one.



On Tue, Jun 22, 2010 at 9:42 AM, Tom Grace t...@deathbycomputers.co.uk
wrote:
In a way having a requirement that end-users take some responsibility
for their own computer is a good thing.
Similar to prosecuting people for fraud if they fall for one of the cash
scams.

On 06/22/2010 05:37 AM, Ivan . wrote:
 yep, your tax $$$ at work

 Don't forget there Internet filter as well.. With these rocket
 scientist running the show, what's there to worry about


http://blogs.news.com.au/techblog/index.php/news/comments/finally_theres_pro
tection_against_spams_and_scams

 On Tue, Jun 22, 2010 at 2:32 PM, Jubei Trippataka
 vpn.1.fana...@gmail.com  wrote:
 They had a committee working on this for a year and that's the best they
 could come up with? HAHAHAHA.

 Belinda Neal - With idiots like you and your colleagues tackling this
issue,
 tax payers deserve to burn you at the stake. BTW... are you really a
du0d?

 --
 ciao

 JT


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-22 Thread Tom Grace
What would you advise a typical home user do to stay virus/trojan/other 
shit free ? Working on the assumption that they can't tell the 
difference (and really, shouldn't have to) between dangerous and safe 
files.
AV software is pretty lacking, and the best advice I can think to give 
users is that everyone on the Internet is out to get you

Tom

On 06/22/2010 10:11 AM, Cor Rosielle wrote:
 Brilliant thinking. Let’s install anti virus and increase the computers
 attack surface without further thinking. That must be safe because
 politicians tell us to do so. And we all know that politicians always tell
 the truth and happen to know a lot about PC’s an security.

 Sigh. Tom has a point that end-users must take some responsibility for their
 own computer, but that doesn't mean that anti virus is the one and only
 solution. But if you think anti virus is the silver bullet to make this
 world saver, then dream your dreams and I'll dream mine.

 Cor



 From: full-disclosure-boun...@lists.grok.org.uk
 [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Christian
 Sciberras
 Sent: dinsdag 22 juni 2010 10:56
 To: Tom Grace
 Cc: full-disclosure@lists.grok.org.uk
 Subject: Re: [Full-disclosure] No anti-virus software? No internet
 connection

 I completely agree with Tom. A good fraction of all vulns out there rely on
 the user taking the wrong action, and it's way common (just face the truth).

 How many people install cracked OSes? I was once incredulous that a person
 willingly installed a virus because he claimed it was harmless (while the
 anti-virus shouted trojan).

 Sometimes I get to fix people's computers. I'm always amazed by the amount
 of crap I get in contact with.  Hundreds of browser toolbars, antiviruses,
 shareware, adware, trials, torrent clients, media players etc.
 That not counting the local IT shops which format PCs replacing (typically)
 Windows OS with a cracked one.



 On Tue, Jun 22, 2010 at 9:42 AM, Tom Gracet...@deathbycomputers.co.uk
 wrote:
 In a way having a requirement that end-users take some responsibility
 for their own computer is a good thing.
 Similar to prosecuting people for fraud if they fall for one of the cash
 scams.

 On 06/22/2010 05:37 AM, Ivan . wrote:
 yep, your tax $$$ at work

 Don't forget there Internet filter as well.. With these rocket
 scientist running the show, what's there to worry about


 http://blogs.news.com.au/techblog/index.php/news/comments/finally_theres_pro
 tection_against_spams_and_scams

 On Tue, Jun 22, 2010 at 2:32 PM, Jubei Trippataka
 vpn.1.fana...@gmail.comwrote:
 They had a committee working on this for a year and that's the best they
 could come up with? HAHAHAHA.

 Belinda Neal - With idiots like you and your colleagues tackling this
 issue,
 tax payers deserve to burn you at the stake. BTW... are you really a
 du0d?

 --
 ciao

 JT


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-22 Thread mrx
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I agree in principal, security does start with the user.

However, computers and connected computing devices with the advent of
locked down systems and cartoon like user interfaces, have become consumer 
devices.

These devices no longer require any knowledge of how they work nor skill beyond
basic reading and rudimentary hand eye co-ordination to operate. They are being
used by six year olds and grandmothers, IT security guru's and those with 
learning
difficulties.

This is true of the Internet also, it is a consumer playground.

Hardware, software and system developers have done a great job in making all 
this power
and connectivity available to those who can't or don't want to think. But a 
features first,
security second approach seems all too prevalent. It's only the stuff on show 
that sells!

Should the security of complex consumer devices be the responsibility of a 
potentially incompetent user,
or the developers of such systems who are fully aware of the failings in their 
target audience?

regards


On 22/06/2010 09:56, Christian Sciberras wrote:
 I completely agree with Tom. A good fraction of all vulns out there rely on
 the user taking the wrong action, and it's way common (just face the truth).
 
 How many people install cracked OSes? I was once incredulous that a person
 willingly installed a virus because he claimed it was harmless (while the
 anti-virus shouted trojan).
 
 Sometimes I get to fix people's computers. I'm always amazed by the amount
 of crap I get in contact with.  Hundreds of browser toolbars, antiviruses,
 shareware, adware, trials, torrent clients, media players etc.
 That not counting the local IT shops which format PCs replacing (typically)
 Windows OS with a cracked one.
 
 
 
 
 On Tue, Jun 22, 2010 at 9:42 AM, Tom Grace t...@deathbycomputers.co.ukwrote:
 
 In a way having a requirement that end-users take some responsibility
 for their own computer is a good thing.
 Similar to prosecuting people for fraud if they fall for one of the cash
 scams.

 On 06/22/2010 05:37 AM, Ivan . wrote:
 yep, your tax $$$ at work

 Don't forget there Internet filter as well.. With these rocket
 scientist running the show, what's there to worry about


 http://blogs.news.com.au/techblog/index.php/news/comments/finally_theres_protection_against_spams_and_scams

 On Tue, Jun 22, 2010 at 2:32 PM, Jubei Trippataka
 vpn.1.fana...@gmail.com  wrote:
 They had a committee working on this for a year and that's the best they
 could come up with? HAHAHAHA.

 Belinda Neal - With idiots like you and your colleagues tackling this
 issue,
 tax payers deserve to burn you at the stake. BTW... are you really a
 du0d?

 --
 ciao

 JT


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

 
 
 
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/


- -- 
Mankind's systems are white sticks tapping walls.
Thanks Roy
http://www.propergander.org.uk
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBTCCFA7Ivn8UFHWSmAQKPywf8CmdPJvwibGI2f6/3dJKMo2glRAvGzWNi
9VY6cU0ymjEGdC53gcbz7pb/D60aotU5xu6LvSx4qqQLJnvjFl2yKPGleT8VVvP8
UUqe891ZLnWDtWTHrdhP8REoSdsdyuQpZisnvBmb7r4gZVdhnzZVaoZcF5okn5wI
Wm7XWrNFjj4fJkXCsv1r/3g2CDgRpHLDgTfd4xt5t2hqYUcnusjb9CO+6lRABtOW
sbBDXa3y4PTAzAkD0MdlIXmEzjQsGopkNKJt1Uw6X57h1rjg31KOjCZea+/S9ozn
0CedmA7DT257hJpKOssboP1LyaLyvmEhVwBfsu4eeH490TE18NKIZQ==
=pUSe
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-22 Thread Dimitry Andric
On 2010-06-22 11:28, Tom Grace wrote:
 What would you advise a typical home user do to stay virus/trojan/other 
 shit free ? Working on the assumption that they can't tell the 
 difference (and really, shouldn't have to) between dangerous and safe 
 files.

Give them an iPhone/iPad instead? ;)

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-22 Thread Christian Sciberras
Exactly. Or a jail cell.




On Tue, Jun 22, 2010 at 11:38 AM, Dimitry Andric dimi...@andric.com wrote:

 On 2010-06-22 11:28, Tom Grace wrote:
  What would you advise a typical home user do to stay virus/trojan/other
  shit free ? Working on the assumption that they can't tell the
  difference (and really, shouldn't have to) between dangerous and safe
  files.

 Give them an iPhone/iPad instead? ;)

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-22 Thread Cor Rosielle
Believe it or not, I do use anti virus on my Windows machine at home and
even accept automatic updates (although MacAfee proved this is a serious
threat). But anti virus is only the second line of defense or the third. The
first line of defense is to think before you launch a file. If a file is
unexpected, then I simply don't trust it. On several occasions this
prevented virus infection with an up to date AV-scanner (Symantec - I put
the file in a folder to further explore it after some days and then the
AV-scanner did recognize the virus). AV software does fail too.

For any home user who doesn't think or doesn't care, AV-software is probably
a good starting point to give some limited protection for Windows systems.
But such an home should realize he/she also runs risk when running
AV-software and might experience a false sense of security. And if they
don't think or don't care, they should think twice before complaining when
it turns out bad.

For any home user who do think or do care, AV-software can be a good
addition to protect Windows systems, but that is not guaranteed. Realize
that sometimes the cure is worse than the disease and also that malicious
anti virus software does exist. Anti virus is not bad by definition. It is
neither good by definition.

And I repeat: Tom has a point that end-users must take some responsibility
for their own computer. I just regret politicians make a lot of fuzz about
legislation that only helps a bit in some cases and invite civilians to lean
backward and believe they are secure because they have followed the rules.

Cor

 -Original Message-
 From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-
 disclosure-boun...@lists.grok.org.uk] On Behalf Of Tom Grace
 Sent: dinsdag 22 juni 2010 11:29
 To: full-disclosure@lists.grok.org.uk
 Subject: Re: [Full-disclosure] No anti-virus software? No internet
 connection
 
 What would you advise a typical home user do to stay virus/trojan/other
 shit free ? Working on the assumption that they can't tell the
 difference (and really, shouldn't have to) between dangerous and safe
 files.
 AV software is pretty lacking, and the best advice I can think to give
 users is that everyone on the Internet is out to get you
 
 Tom
 
 On 06/22/2010 10:11 AM, Cor Rosielle wrote:
  Brilliant thinking. Let's install anti virus and increase the
 computers
  attack surface without further thinking. That must be safe because
  politicians tell us to do so. And we all know that politicians always
 tell
  the truth and happen to know a lot about PC's an security.
 
  Sigh. Tom has a point that end-users must take some responsibility
 for their
  own computer, but that doesn't mean that anti virus is the one and
 only
  solution. But if you think anti virus is the silver bullet to make
 this
  world saver, then dream your dreams and I'll dream mine.
 
  Cor
 
 
 
  From: full-disclosure-boun...@lists.grok.org.uk
  [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of
 Christian
  Sciberras
  Sent: dinsdag 22 juni 2010 10:56
  To: Tom Grace
  Cc: full-disclosure@lists.grok.org.uk
  Subject: Re: [Full-disclosure] No anti-virus software? No internet
  connection
 
  I completely agree with Tom. A good fraction of all vulns out there
 rely on
  the user taking the wrong action, and it's way common (just face the
 truth).
 
  How many people install cracked OSes? I was once incredulous that a
 person
  willingly installed a virus because he claimed it was harmless (while
 the
  anti-virus shouted trojan).
 
  Sometimes I get to fix people's computers. I'm always amazed by the
 amount
  of crap I get in contact with.  Hundreds of browser toolbars,
 antiviruses,
  shareware, adware, trials, torrent clients, media players etc.
  That not counting the local IT shops which format PCs replacing
 (typically)
  Windows OS with a cracked one.
 
 
 
  On Tue, Jun 22, 2010 at 9:42 AM, Tom
 Gracet...@deathbycomputers.co.uk
  wrote:
  In a way having a requirement that end-users take some responsibility
  for their own computer is a good thing.
  Similar to prosecuting people for fraud if they fall for one of the
 cash
  scams.
 
  On 06/22/2010 05:37 AM, Ivan . wrote:
  yep, your tax $$$ at work
 
  Don't forget there Internet filter as well.. With these rocket
  scientist running the show, what's there to worry about
 
 
 
 http://blogs.news.com.au/techblog/index.php/news/comments/finally_there
 s_pro
  tection_against_spams_and_scams
 
  On Tue, Jun 22, 2010 at 2:32 PM, Jubei Trippataka
  vpn.1.fana...@gmail.comwrote:
  They had a committee working on this for a year and that's the best
 they
  could come up with? HAHAHAHA.
 
  Belinda Neal - With idiots like you and your colleagues tackling
 this
  issue,
  tax payers deserve to burn you at the stake. BTW... are you really
 a
  du0d?
 
  --
  ciao
 
  JT
 
 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full

Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-22 Thread William Warren
I don't run anti-anything on my systems and haven't in over 7 years..I 
have never gotten anything on my systems.  it's pretty easy to do..it's 
mostly behavior driven to keep yourself form getting malware.  Also I 
can't find it now but there was a research paper that showed the a/v 
software could be used to instlal malware w/o the a/v software's 
knowledge..no thanks.

On 6/21/2010 10:55 PM, Ivan . wrote:
 Security is as easy as that..

 http://www.news.com.au/technology/no-anti-virus-software-no-internet-connection/story-e6frfro0-1225882656490

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-22 Thread Valdis . Kletnieks
On Tue, 22 Jun 2010 12:55:25 +1000, Ivan . said:
 Security is as easy as that..
 
 http://www.news.com.au/technology/no-anti-virus-software-no-internet-connection/story-e6frfro0-1225882656490

OK. I'll bite.

1) What antivirus are they going to force me to install on my Fedora laptop?

2) How will they verify the presense of A/V software on a properly firewalled
system?

3) If the answer to (2) is run some sort of agent software on every box,
in how many different ways can this end badly?


pgp1fUzIpAb0W.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-22 Thread Christian Sciberras
I would presume that that would happen after you got infected and started
spreading malware.
Scaring people from the start ought to bring more consciousness.





On Tue, Jun 22, 2010 at 1:41 PM, valdis.kletni...@vt.edu wrote:

 On Tue, 22 Jun 2010 12:55:25 +1000, Ivan . said:
  Security is as easy as that..
 
 
 http://www.news.com.au/technology/no-anti-virus-software-no-internet-connection/story-e6frfro0-1225882656490

 OK. I'll bite.

 1) What antivirus are they going to force me to install on my Fedora
 laptop?

 2) How will they verify the presense of A/V software on a properly
 firewalled
 system?

 3) If the answer to (2) is run some sort of agent software on every box,
 in how many different ways can this end badly?

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-22 Thread Romain
How do you know you have never gotten anything on your system if you don't
have an anti-anything ?
Main aim of current threats is to hide any activity.

2010/6/22 William Warren hescomins...@emmanuelcomputerconsulting.com

 I don't run anti-anything on my systems and haven't in over 7 years..I
 have never gotten anything on my systems.  it's pretty easy to do..it's
 mostly behavior driven to keep yourself form getting malware.  Also I
 can't find it now but there was a research paper that showed the a/v
 software could be used to instlal malware w/o the a/v software's
 knowledge..no thanks.

 On 6/21/2010 10:55 PM, Ivan . wrote:
  Security is as easy as that..
 
 
 http://www.news.com.au/technology/no-anti-virus-software-no-internet-connection/story-e6frfro0-1225882656490
 
  ___
  Full-Disclosure - We believe in it.
  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
  Hosted and sponsored by Secunia - http://secunia.com/
 

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-22 Thread quispiam lepidus
If the ISP's are being expected to do the policing (which a less than
thorough read of the paper indicates), who's shelling out for all the
NAC kit? The ISP? On top of all the kit required to log all users
Internet activities for an as yet undetermined period of time? On top
of the kit to implement the great firewall of .au?

Welcome to China, we hope you enjoy rice. Although, at least in China
the govt's policy and intention is fairly clear.

On Tue, Jun 22, 2010 at 9:41 PM,  valdis.kletni...@vt.edu wrote:
 On Tue, 22 Jun 2010 12:55:25 +1000, Ivan . said:
 Security is as easy as that..

 http://www.news.com.au/technology/no-anti-virus-software-no-internet-connection/story-e6frfro0-1225882656490

 OK. I'll bite.

 1) What antivirus are they going to force me to install on my Fedora laptop?

 2) How will they verify the presense of A/V software on a properly firewalled
 system?

 3) If the answer to (2) is run some sort of agent software on every box,
 in how many different ways can this end badly?

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-22 Thread Paul Schmehl
--On Tuesday, June 22, 2010 12:55:25 +1000 Ivan . ivan...@gmail.com wrote:

 Security is as easy as that..

 http://www.news.com.au/technology/no-anti-virus-software-no-internet-connecti
 on/story-e6frfro0-1225882656490


I don't have a problem with cutting off connections for infected machines.  In 
fact I think that's an excellent idea.  However, the suggestion to require 
antivirus and firewall software to access the internet is naive and dangerous. 
Neither of those technologies will guarantee you an infection-free system, and 
promoting the idea that they will promotes a false sense of security.

Yes, you should use antivirus software if you're running windows, and yes, it's 
a good idea to use a firewall.  Neither is a panacea, however, and neither will 
keep you from getting a trojan from the latest attack methodologies.

-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead. Thomas Jefferson

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-22 Thread Jubei Trippataka
On Tue, Jun 22, 2010 at 9:41 PM, valdis.kletni...@vt.edu wrote:

 On Tue, 22 Jun 2010 12:55:25 +1000, Ivan . said:
  Security is as easy as that..
 
 
 http://www.news.com.au/technology/no-anti-virus-software-no-internet-connection/story-e6frfro0-1225882656490

 OK. I'll bite.

 1) What antivirus are they going to force me to install on my Fedora
 laptop?

 2) How will they verify the presense of A/V software on a properly
 firewalled
 system?

 3) If the answer to (2) is run some sort of agent software on every box,
 in how many different ways can this end badly?


Trust you to break through the idealistic AV discussion with an ACTUAL
logical implementation question. Shame on you! You've just made Belinda's
shitlist.

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] No anti-virus software? No internet connection

2010-06-21 Thread Ivan .
Security is as easy as that..

http://www.news.com.au/technology/no-anti-virus-software-no-internet-connection/story-e6frfro0-1225882656490

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-21 Thread Ivan .
yep, your tax $$$ at work

Don't forget there Internet filter as well.. With these rocket
scientist running the show, what's there to worry about

http://blogs.news.com.au/techblog/index.php/news/comments/finally_theres_protection_against_spams_and_scams

On Tue, Jun 22, 2010 at 2:32 PM, Jubei Trippataka
vpn.1.fana...@gmail.com wrote:
 They had a committee working on this for a year and that's the best they
 could come up with? HAHAHAHA.

 Belinda Neal - With idiots like you and your colleagues tackling this issue,
 tax payers deserve to burn you at the stake. BTW... are you really a du0d?

 --
 ciao

 JT


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] No anti-virus software? No internet connection

2010-06-21 Thread Jubei Trippataka
They had a committee working on this for a year and that's the best they
could come up with? HAHAHAHA.

Belinda Neal - With idiots like you and your colleagues tackling this issue,
tax payers deserve to burn you at the stake. BTW... are you really a du0d?

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/