Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Best Antivirus vs Unknown Ransomware II (TPSC)
Message
<blockquote data-quote="bazang" data-source="post: 1105699" data-attributes="member: 114717"><p>If a person (or AI) can write code, and that code bypasses protections, then it is a valid test of both the code and the protection failure. It is what we call a "Proof of Failure (POF)." We never use the words "Proof of Concept (POC)" to describe such tests.</p><p></p><p>If a white or grey hat coder can write code that bypasses a security solution, then so can the mad black hatter.</p><p></p><p>The point is this: there is no such thing as "real world." If it can be done in a test, then it can be done in the "real world."</p><p></p><p>Why do bug and vuln bounty programs pay so much money for "Proof of Concepts (POCs)"? Because the common sense, obvious fact is that if it can be done in the "lab" or at a BlackHat pwn event, then it can be done by threat actors.</p><p></p><p>It is dangerous territory to say "This will never happen in the real world." Because it just ain't true. It might have a very low probability of happening, but making decisions based upon low probabilities is a risk decision. Not everything can be protected. Not every security solution can protect everything. At some point the consumer - if they have the capacity - has to decide "I am going to worry about this." or "I am not going to worry about this."</p><p></p><p></p><p>That is why there are places such as MalwareTips and people like you. To educate those who pay a high "Ignorance Tax."</p><p></p><p></p><p>Nobody ever says that "This test and video are valid only for the specific sample(s) used, for these specific versions of these security software. Do not read into what is demonstrated. Do not generalize the results.</p><p></p><p>People with a high "Ignorance Tax" are the reason that social media has been a raging success. They make cybersecurity news click-bait a very profitable online endeavor.</p></blockquote><p></p>
[QUOTE="bazang, post: 1105699, member: 114717"] If a person (or AI) can write code, and that code bypasses protections, then it is a valid test of both the code and the protection failure. It is what we call a "Proof of Failure (POF)." We never use the words "Proof of Concept (POC)" to describe such tests. If a white or grey hat coder can write code that bypasses a security solution, then so can the mad black hatter. The point is this: there is no such thing as "real world." If it can be done in a test, then it can be done in the "real world." Why do bug and vuln bounty programs pay so much money for "Proof of Concepts (POCs)"? Because the common sense, obvious fact is that if it can be done in the "lab" or at a BlackHat pwn event, then it can be done by threat actors. It is dangerous territory to say "This will never happen in the real world." Because it just ain't true. It might have a very low probability of happening, but making decisions based upon low probabilities is a risk decision. Not everything can be protected. Not every security solution can protect everything. At some point the consumer - if they have the capacity - has to decide "I am going to worry about this." or "I am not going to worry about this." That is why there are places such as MalwareTips and people like you. To educate those who pay a high "Ignorance Tax." Nobody ever says that "This test and video are valid only for the specific sample(s) used, for these specific versions of these security software. Do not read into what is demonstrated. Do not generalize the results. People with a high "Ignorance Tax" are the reason that social media has been a raging success. They make cybersecurity news click-bait a very profitable online endeavor. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
