Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Can I trust this script from github?
Message
<blockquote data-quote="SimeonOnSecurity" data-source="post: 1066244" data-attributes="member: 105125"><p>I agree with that mostly. It's a weird condition of security and the technology world.</p><p>Effectively we tell people to do nothing at all they don't understand. And if they must, run it through a scanner. A scanner that is usually black box and could tell them it's good when it isn't or is bad when it isn't. It is the best option, usually, other than consulting with experts. But even the experts can still be wrong. There are few safe and 100% correct answers in cybersecurity. We're all mostly acting on well educated guesses. I personally just hate to tell people things are absolute, even if to simplify things for them, when they aren't.</p><p></p><p>I have learned that even when you explain things, most people don't want to learn or understand things. They just want a binary answer to the question, "Is this safe?", when there is hardly ever clean and accurate answer to it. My answer is always going to be educate yourself, review the script (consult professionals if you can't), run a virus scan with virustotal. And that is what I believe both personally and professionally speaking is the best answer. This even goes for my own scripts and I say something akin to this at the top of my READMEs.</p><p></p><p>Don't let any one source ever tell you something is good or bad. Even with multiple sources, you're just making a educated and statistical guess on if something is likely good or bad. The more sources you consult, the better.</p><p></p><p>My personal issue with virus total is complex. Virustotal utilizes many virus scanning and detection engines, some of which are a laughable in the security community. The only times I find it accurate in detecting malware are signature based. For the rest, it's scanning engines, are going off behavior and how many times the engines have seen the file downloaded before. I don't have a better answer to replace this. But saying something is bad just because it isn't a commonly downloaded file is just stupid. It's a security first mentality that is guaranteed to block more work than the issues it solves. Behavior is something that often requires context and I have found that they often flag things as viruses or malware just for doing practically anything with administrative privileges. Again this is a case where the security benefit are likely lower than the amount of work it prevents. IMO and IMPO virus scanners are usually only good and effective at preventing known and common threats from some "X" period of the past. New threats aren't as easy to keep up on and some people have to be infected for the threat to be eventually detected. Because of this I have to say that for anyone other than the most basic of users, virus scanners and antivirus/malware are their own kind of security theater. They practically only prevent the obvious and easy stuff. And that is really only the good AV.</p><p>I could also get into the issues on windows where most of the avs have to use the same built in APIs and syscalls as defender itself, rendering them effectively no better than defender to begin with. But that is another issue for another day.</p></blockquote><p></p>
[QUOTE="SimeonOnSecurity, post: 1066244, member: 105125"] I agree with that mostly. It's a weird condition of security and the technology world. Effectively we tell people to do nothing at all they don't understand. And if they must, run it through a scanner. A scanner that is usually black box and could tell them it's good when it isn't or is bad when it isn't. It is the best option, usually, other than consulting with experts. But even the experts can still be wrong. There are few safe and 100% correct answers in cybersecurity. We're all mostly acting on well educated guesses. I personally just hate to tell people things are absolute, even if to simplify things for them, when they aren't. I have learned that even when you explain things, most people don't want to learn or understand things. They just want a binary answer to the question, "Is this safe?", when there is hardly ever clean and accurate answer to it. My answer is always going to be educate yourself, review the script (consult professionals if you can't), run a virus scan with virustotal. And that is what I believe both personally and professionally speaking is the best answer. This even goes for my own scripts and I say something akin to this at the top of my READMEs. Don't let any one source ever tell you something is good or bad. Even with multiple sources, you're just making a educated and statistical guess on if something is likely good or bad. The more sources you consult, the better. My personal issue with virus total is complex. Virustotal utilizes many virus scanning and detection engines, some of which are a laughable in the security community. The only times I find it accurate in detecting malware are signature based. For the rest, it's scanning engines, are going off behavior and how many times the engines have seen the file downloaded before. I don't have a better answer to replace this. But saying something is bad just because it isn't a commonly downloaded file is just stupid. It's a security first mentality that is guaranteed to block more work than the issues it solves. Behavior is something that often requires context and I have found that they often flag things as viruses or malware just for doing practically anything with administrative privileges. Again this is a case where the security benefit are likely lower than the amount of work it prevents. IMO and IMPO virus scanners are usually only good and effective at preventing known and common threats from some "X" period of the past. New threats aren't as easy to keep up on and some people have to be infected for the threat to be eventually detected. Because of this I have to say that for anyone other than the most basic of users, virus scanners and antivirus/malware are their own kind of security theater. They practically only prevent the obvious and easy stuff. And that is really only the good AV. I could also get into the issues on windows where most of the avs have to use the same built in APIs and syscalls as defender itself, rendering them effectively no better than defender to begin with. But that is another issue for another day. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
