Conversations overheard
-
Why do you think going in to a branch to change your password is more secure than changing it online?
Because they can validate its really me since they're required to see a picture ID to do it.
-
If you say so.
-
Credit union, that explains it.
My credit union is an awesome bank in person, but their web presence leaves much to be desired. They have "online banking" which allows me to view current balance, and that's it. No transfers and no bill pay.
-
I was saying that Apple lied about which compiler they distributed with their text editor.
-
-
>Luhmann said:
hole pointsince when to holes have points?
When poking fun at others' typos, you might want to proofread your own post. Twice.
-
Touche
-
Honest opinion, not (just) flame bait:You don't need antivirus at all IMO. And even if you buy into antiviruses, you would still need one less on Mac and *nix then on PC.
I stopped running AV software shortly after moving to Win7. When clients or friends ask me for advice on AV software, I point them to AVG. If they instead ask me what I use, I tell them nothing. I just don't do stupid shit and don't go to sites that will hose my computer.
And I run with UAC off, because it annoys the fuck out of me when I first setup a computer with its constant dinging. Then I never turn it back on. I still have not had a virus or malware on any of my computers in ~5 years.
On the flipside, I have a client who despite having the full versions of AVG and MalwareBytes on his computer, has 2-3 serious infections a month. He is basically this guy:
https://www.youtube.com/watch?v=1SNxaJlicEU
The bad thing is, he is otherwise a highly intelligent person, and a lawyer with his own firm. You would think he would be more skeptical. Oh well, he pays quickly and generates steady revenue. He also sends collection letters on my behalf for free.
-
@Intercourse said:
I still have not had a virus or malware on any of my computers in ~5 years.
How do you know?
-
How do you know?
Well, we cannot all be like @blakeyrat and know everything, but on occasion I have DLed and scanned my machine with AVG or MalwareBytes and when I have it has always come up clean. Then I remove it again, or prevent it from starting on boot.
That, and the fact that my machine does not run like a turd.
-
Touche
Nobody pointed out yet it's actually touchè?[1]
[1] don't think I didn't do that on purpose.
-
Nobody pointed out yet it's actually touchè?[1]
[1] don't think I didn't do that on purpose.
I know, but i didn't feel like looking for the accented e or the combining accent.
-
I know, but i didn't feel like looking for the accented e or the combining accent.
I never search for the key combination. That's what [kbd]win[/kbd]+r charmap.exe is for.
Ugh. I know there's a keyboard shortcut for that but it's not in the ? faq and a quick google didn't find it--instead, I found an article by @codinghorror saying that nobody uses a ? icon in the toolbar, which I didn't even look for, but only because I had previously looked for it. Which is the "you're doing it wrong" bot? @codinghorrorbot?
-
@FrostCat Is Doing It Wrongâ„¢<t3268p163>
-
That's what [kbd]win[/kbd]+r charmap.exe is for.
Still requires searching. And you want
<kbd>
-
@Intercourse said:
Well, we cannot all be like @blakeyrat and know everything, but on occasion I have DLed and scanned my machine with AVG or MalwareBytes and when I have it has always come up clean. Then I remove it again, or prevent it from starting on boot.
That, and the fact that my machine does not run like a turd.
You may want to review what a rootkit is and how it compromises your system while hiding itself, as this has become a commonly used type of malware.
Recommended: If you want to have a more reliable method of detecting such infections, load a clean OS from a separate drive on which you can then install your AV and scan your everyday drive with. This outside the system approach is much more reliable for picking up this kind of malware at the OS level.
Today's malware is sophisticated enough to not slow down your machine noticeably - nothing runs without taking up some resources somewhere. Waiting for it to perform like a dog before suspecting a problem is like waiting for an 8-cylinder car engine to fail on two cylinders before performing maintenance - way too late. Not saying you do that given the above, all I'm saying is what you're doing currently may not be sufficiently comprehensive to address today's threats.
Short of whitelisting, we're looking at Deep Freeze as one way to ensure a system always comes back up clean on start-up. We still have to work out integration with patching and disk encryption. We've only just begun examining this process ourselves, so I'm not recommending it as a product, only as a concept at this point. There may be better solutions out there. I know of a Novell shop years ago that used this approach, but never found out what they used to power it unfortunately.
-
You may want to review what a rootkit is and how it compromises your system while hiding itself, as this has become a commonly used type of malware.
I left out one key part of that, at least when I am on our home network all traffic is scanned by the firewall. That may not help with SSL traffic, because I have never set it up to inspect HTTPS traffic, but it still does not trip very often.
Honestly, I am not concerned. Almost all infections are as a result of people doing massively stupid things.
-
@Intercourse said:
Almost all infections are as a result of people doing massively stupid things.
Drive by downloads from malicious ads. Yes, also on websites you visit.
-
-
AdBlock FTW.
Filed Under: I probably just started a 40000-post Blakeyrant.
-
Still requires searching. And you want <kbd>
I almost always only want an accented character, so it's just a page or two of scrolling and eyeballing. Compared to figuring out how to compose a Google search, it barely counts.
Also, it figures that uses angle brackets instead of square ones like all the other formatting. By which I mean Discourse is Doing It...you know the rest.
-
-
-
AdBlock FTW.
+1
Useful even at goldtardis.com, which site itself is fine, but a few very recent ad redirects blocked by my antivirus reminded me to reinstall the add-in (had reinstalled chrome just earlier).
-
That's what [kbd]win[/kbd]+r charmap.exe is for.
I just keep charmap open. Although some of the ones I use most often I have semi-memorized. Unfortunately, I haven't quite memorized Alt+0153, yet, and I use that a lot around here. Isn't that right, @CodingHorrorBot?
-
@HardwareGeek Is Doing It Wrongâ„¢<t3268p175>
-
Ads? Those are those things I use blakeyrat-enraging tools to avoid.
Party foul. Never mention @blakeyrat without the "@". He likes feeling popular.
-
I still occasionally use ASCII codes like Alt + 234 to make words like GhΩst.
-
I don't believe there has been a major vulnerability in Windows since Vista that didn't require the user running with UAC off or fooling the user into installing it
Let's try a few, shall we?
According to that, there's 168 known remote code execution holes hitting Vista and above. 208 Privilege Elevations. and so on.
@http://www.cvedetails.com/cve/CVE-2013-3906/ said:
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.
What's interesting is that most of these are reported as going back as far as XP SP2, or even as far as Win2K. How far back they go seems to be more related to when they were disclosed (i.e. what versions of Windows were supported at the time). Which implies one of:
- Microsoft have spent considerable time and effort backporting exploitable code to previous systems
- The Longhorn / Vista / 7 / 8 "rewrites" involved a significant amount of ctrlc, ctrlv, "done!"
None of which detracts from the fact MS have done a lot of good ork in terms of reducing the time exploits remain active; they have got, and are still getting, better than they were before.
-
Unfortunately, I haven't quite memorized Alt+0153, yet, and I use that a lot around here.
Dang. The one real drawback of a tenkeyless keyboard is I can't type that to see what it is.
-
@Intercourse said:
Party foul. Never mention @blakeyrat without the "@". He likes feeling popular.
Ooops.
Here, I'll make up for it by mentioning @blakeyrat twice. @blakeyrat.
-
Intercourse said:
Party foul. Never mention @blakeyrat without the "@". He likes feeling popular.Ooops.
Here, I'll make up for it by mentioning @blakeyrat twice. @blakeyrat.
Oh, I just noticed that's three in one post. Do you think that summons him like @beetlejuice?
-
The one real drawback of a tenkeyless keyboard is I can't type that to see what it is.
I summoned @CodingHorrorBot specifically because it uses it (twice) in every post it makes.
-
@HardwareGeek Is Doing It Wrongâ„¢<t3268p183>
-
Sorry let me clarify, there has been nothing on the level of the MS Blaster worm. There are always going to be security problems. Lets you know list the number of known flaws in MacOSX and popular Linux distros such as Ubuntu.
The real issue I had was the "*nix is magically secure" line that is trotted out time and time again. MacOSX for a long time had the Operating Systems Firewall turned off by default as late as OSX 10.5 and 10.6.
-
I summoned @CodingHorrorBot specifically because it uses it (twice) in every post it makes.
I assumed it was that key, but CBA to check. Last time I needed to type it I googled "superscript tm" and copied off the search results page.
-
let me clarify, there has been nothing on the level of the MS Blaster worm
Ah, so you're actually only interested in vulnerabilities that are exploited in a massive way and are spotted by the media.MacOSX for a long time had the Operating Systems Firewall turned off by default as late as OSX 10.5 and 10.6.
..and somehow still hasn't had an actual virus since before the release of OSX public beta (there have been a few bits of malware, but really nothing compared to even what's hit, for example, Win7).Doesn't mean there aren't security holes, there are. Doesn't mean your mac can't be hacked, it can.
-
Stop twisting my words when you know the point I am trying to get across, that just because something based on *nix doesn't make it magically invulnerable.
In any case you are contradicting yourself. It is okay for Macs to only to have a few bits of malware while criticising me for saying pretty much the same thing about Windows. The difference is that the Firewall was intentionally disabled by default while at the same time Microsoft were criticised on the XP security fiasco. Apple weren't a targeted by anything big because it simply wasn't the bother until recently the Mac marketshare was tiny and not worth going after..
-
During a lecture on refactoring where the example was a simple drawing program:
So you can see that it's a good thing to have a stroke.
-
The difference is that the Firewall was intentionally disabled by default while at the same time Microsoft were criticised on the XP security fiasco.
Yes, and yes. At the time, the unpwnt life expectancy of an freshly installed Windows machine was 20secondsminutes from time of connection to the net. Not long enough to be able to download patches or antivirus. The mac, even with its firewall off, was more or less safe.Is it OK for MacOS to have a few bits of malware? No, of course it's not. But the issue on the Mac is on a whole different scale to the issue on Windows. You explicitly said that you didn't think there had been a serious vulnerability in Windows since Vista - even if you only count remote code execution in kernel code that's still more than a hundred. (Remote code execution | physical access) + privs elevation == rootkit installation, and that's fucking serious in my book.
As for the "not targeted due to market share" thing, bullshit. Even since 10.0, the installed base of Macs has been a large and lucrative target, with, if we believe the common knowledge, "rich" and "technically clueless" users, and Macs were, at the time, far more likely to be permanently hooked to the 'net, rather than relying on a dial-up modem tether. And consider this : if Macs aren't worth targetting, why was "Classic" MacOS such a virus-ridden disaster area, even though it had far lower market share than OSX?
It's like being chased by a hungry lion. All you need to do is be able to run faster than the other guy (or, perhaps, convince the lion that's the case). It's getting to the point where it's quite hard to write and use malware for Windows, and MS are getting better at reducing the ahem window ahem of opportunity for a given vulnerability; if it gets to the point where it's easier to write and use malware on the Mac, then you'll suddenly see a flood of Mac malware. The fact there's some Mac malware already shows that point is getting closer. But it's not there yet.
[edit] - seconds => minutes
-
At the time, the unpwnt life expectancy of an freshly installed Windows machine was 20 seconds minutes from time of connection to the net.
Which has always been an irrelevant statistic. Among home and small business users, pretty much all of them are behind NAT. Larger users are behind a firewall. The only time you could measure that was when a researcher went out of his way to put an unpatched box on a naked Internet IP.
-
At the time, the unpwnt life expectancy of an freshly installed Windows machine was 20
secondsminutes from time of connection to the net.Which has
alwaysrecently been an irrelevant statisticFTFY.
When I first got internet access from my cable company back in 2005, they gave me a router and instructed me to connect my computer directly to the internet using it to set up my access via browser to their site. No other setup was supported (I tried the hardware NAT firewall, wouldn't bring up the page). If my Windows system didn't have a firewall on at the time, it probably would have been toast by the time I went through their convoluted wizard to get my authentication set up and running. Then and only then could I insert my hardware NAT firewall in place to authenticate for me and move my computer safely behind it.
Given the above, I ask you: how many users out there connecting with that cable company got their PCs pwned just setting up their service? We may never know. Yet that is what makes @tufty's quoted stat relevant - because it does affect the end user, after all.
I tried a different service in 2010 to save money. It was so lousy that I re-signed up for cable access in 2011 before the other contract ran out. At least in 2011, I was able to set up my connection without having to go through the PC connect BS - by then, they changed their security to authenticating via registering the MAC address of the modem via a phone call before connecting it up, which makes a lot more sense to me.
-
RedHat and Debian are distros, not OS's.
-
RedHat and Debian are distros, not OS's.
Such arrant pendantry cannot stand! Flagged for etc.
-
Why would you open a penis enlargement ad when you have a $2000 piece of hardware?
I'm sure the mice cost more than that...?
Such arrant pendantry cannot stand!
I'd go for Whoosh, rather than Pedantry... (as did someone else...)
-
Well I now know talking to you is a waste of time.
-
I'd go for Whoosh, rather than Pedantry... (as did someone else...)
It's called Pendantry.
I know there's an apposite Simpsons clip, but I can't remember what it is so I can't Google it. It might be Homer telling people "it's pronounced nookyoolar."
-
Nobody pointed out yet it's actually touchè?
You mean touché! I'm not even sure if è is used in any loanwords but é seems relatively common. Nestlé, résumé and René I can think of off the top of my head.
Android autocomplete keyboard ftw.
-
You mean touché! I'm not even sure if è is used in any loanwords but é seems relatively common. Nestlé, résumé and René I can think of off the top of my head.
Android autocomplete keyboard ftw.
And now I'm back to that little cafe in that cheesy BBC sitcom. Where is the Madonna with ze fallen boobies?
-
