- Dec 23, 2014
- 8,142
The more usable & universal will be the Chromebook, the more vulnerabilities can be found. I am afraid that compatibility with android apps opened the interesting attack vector for the malc0ders.
Default Deny VS traditional AVs
- Thread starter JM Safe
- Start date
Google need to spend more resources on improving their moderation for the Google Play / Chrome Web Store. It's quite sad really. Google were on the road to become a trillionaire dollar company (or they've already accomplished it) and they don't seem to be capable of properly moderating their own digital markets... all the meanwhile, you can always spot them carrying out Anti-Trust behavior or spotting out flaws of other companies.The more usable & universal will be the Chromebook, the more vulnerabilities can be found. I am afraid that compatibility with android apps opened the interesting attack vector for the malc0ders.
I hope they do something about it because many novice users will be under the impression that Google's digital software stores are safe and a family environment - just because it is Google. But that's far from the truth in reality.
Actually the door to malware was open further on Chromebook, Tutorial - Install Linux apps on Chrome OS (Chromebook)The more usable & universal will be the Chromebook, the more vulnerabilities can be found. I am afraid that compatibility with android apps opened the interesting attack vector for the malc0ders.
It's not hard to create malware for the Chromebook, OSX and even Linux (way easier to exploit than Windows), as you said it only lacks market to make it worth the time.
- Mar 13, 2016
- 1,298
@Andy Ful correct, but you know me, using ReHips would be to easy for someone who tweaks PC security and motorbikes I can waist saturdays on a row just fiddling with other needles in the carburetors my old Laverda of 1984
I can waist saturdays on a row just fiddling with other needles in the carburetors my old Laverda of 1984Attachments
Maybe I'm wording this incorrectly
I'm going to rephrase this, as sometimes I fail to deliver my point accurately.
Would you place that kind of set up on a users machine that you may never see again, if they ran into trouble, and had no one around to help guide them through troubleshooting the security set up? If the obvious answer is no, then that kind of configuration is not good for average users and leads us back to knowledge and lack of.
Last edited by a moderator:
- Dec 23, 2014
- 8,142
Nice motorbike.@Andy Ful correct, but you know me, using ReHips would be to easy for someone who tweaks PC security and motorbikes
ReHIPS free would not be so effective for web browsers which use multi-processes. The free version has a limit of 10 sandboxed processes at a time.
Edit.
The account-based-sandbox can be made more restrictive than ReHIPS sandbox. The user, for example, can disable the read access for the chosen folders and drives via ACL permissions.
Last edited:
Linux on Chromebooks runs on a K-VM that was custom designed by Google. There won't be any escaping from that because it not only runs in isolation but there isn't any user space for it to escape to. I believe Android Apps on Chromebooks run in a Crostini and are under true isolation and untrusted mode with no user space access as well.
I am unaware of any demonstration of any Linux or Android malware circumventing the K-VM/Crostini on Chromebooks. There eventually could be something, but I highly doubt it. There is a reason Google wrote their own kernal VM and took so long to do it. Also, with verified boot, even if something crossed the isolation barrier, then the NML, then the second isolation barrier the VB would probably trigger an automatic powerwash and reimage.
Another good part - Google was the first to push meltdown/spectre mitigations, even in some cases, before the CVE came out. In other cases (like mine) they were never vulnerable due to the more recent ARM chips. I'm fully confident taking my Chromebooks anywhere, including high risk situations. It was generally thought 'almost' impossible to create an environment as secure as Chromebooks just a decade ago that wasn't a purpose designed defense department OS. HPUX, and some custom Linux Distros for govt. like Mandriva.
About the most Chromebook gets in terms of attacks are bad web pages or extensions. So the full instructions for malware removal on Chromebooks are 48 seconds. No tools, no toys, no on demand scanners.. Blah.
Last edited by a moderator:
- Dec 23, 2014
- 8,142
We can agree, that for now, Chromebooks are much more secure than Windows machines.
- Apr 27, 2018
- 172
define secure.We can agree, that for now, Chromebooks are much more secure than Windows machines.
Google literally steal every piece of privacy & personal info of yours.
Just this week alone, Incognito for Chrome is in the news for being completely useless & Google already being sued for location tracking even with it all turned off.
Once you add all your browsing, Contacts, passwords, documents, Photos, Videos etc - Secure isn't what id call it.
if you had a PC with 'malware' that was stealing all that, it wouldn't be called a secure computer
Google still have to follow laws on how they collect and use your data. Malware authors don't care because what they are doing is already illegal.
Last edited:
- Apr 27, 2018
- 172
We definetly have a different view on this, which is fine
most people dont have a clue what the TOS are or who Google are selling your data to - for that reason, it makes no difference at all who is taking all the data, its still being taken & used. (have you read them? - do you know where it all goes? - did you know you were still being tracked even with it all turned off?)
Facebook have already had their time in the news for such practices (more to come - FB are able to track users 24/7 even if account & app is deleted/deactivated), so has Twitter - ...keep an eye on the news in the next few months, expect more of Google (& Amazon) to be hitting the headlines for such privacy/data related breaches.
These companies are not offering security, you are the product they are selling.
Google is 'The Worst' of them all.
-----
To bring it back to the Topic, Deny all - Deny Everything.
Ive not used a traditional AV for a very long time now.
I recommend Qubes OS too.
most people dont have a clue what the TOS are or who Google are selling your data to - for that reason, it makes no difference at all who is taking all the data, its still being taken & used. (have you read them? - do you know where it all goes? - did you know you were still being tracked even with it all turned off?)
Facebook have already had their time in the news for such practices (more to come - FB are able to track users 24/7 even if account & app is deleted/deactivated), so has Twitter - ...keep an eye on the news in the next few months, expect more of Google (& Amazon) to be hitting the headlines for such privacy/data related breaches.
These companies are not offering security, you are the product they are selling.
Google is 'The Worst' of them all.
-----
To bring it back to the Topic, Deny all - Deny Everything.
Ive not used a traditional AV for a very long time now.
I recommend Qubes OS too.
Last edited:
It's so awesome. I get to get out of the bug pool when using it. Just used it today for a few hours while waiting at a few appointments. Still had 7.75 hours left on the 10+ hour battery. Light, reliable, low-hassle. Have a problem ? Powerwash… within minutes. And reconfig the system takes minutes instead of hours. So, so awesome.
The general point that I made was that a lot of peoples' expectations are that an AV\IS will monitor everything on as well as everything happening on a system on a 100 % continuous basis - which they patently do not do. It's partly the reason that AVs don't effectively remediate pre-infected systems very well.
The other point is that the above unknowledgeable expectation is paranoia driven.
Fun times. Agreed on battery life, it's incredible largely because it runs so clean and doesn't have bloatware, bloated apps, thousands of useless backend services, programs, dll's hogging it all up. Also, a Chromebook properly setup doesn't cost anymore privacy than using Chrome itself, and you can tweak Chrome to reduce your exposure, similar to Chromebook. It's actually far far less telemetry/data than Microsoft steals from Windows boxes.
I love this guys article, so true...
Goodbye Windows Update, hello Chromebook
Last edited by a moderator:
Chromebook may be more secured, but Windows is more interesting with all tweaking possibilities, processes, options, AVs, bugs, etc. I am not going to spend on Chromebook anytime soon just because of the fact it's boring.
Let's stay on the topic guys.
Let's stay on the topic guys.
Last edited by a moderator:
- Dec 23, 2014
- 8,142
Google is secure like your bank. Your money is secured against everything except your bank.
There are always the privacy concerns when using the device connected to the Internet.
Why do you trust the Qube OS? Because no one said that the vendor gathers the private data.
So, you are in the position of the man who does not trust his government and choose to trust the private security firm with a good reputation.
In Google, you are protected by a kind of anonymity. In theory, one could gather a lot of information about you, but first, the seeker had to know who to seek from the billion possibilities. It is not profitable, so you are safe until you become famous.
- Dec 23, 2014
- 8,142
Back to the topic. Using default-deny setup (no AV) has the advantage of not sending the private data to AV vendor. This is similar to healing the deep wounds at home, instead of the medical center.
Edit.
That is why default-deny is so popular.
Edit.
That is why default-deny is so popular.
Last edited:
@Libera Milanesi if you read my post I wrote that @Lockdown post was not totally correct, not completely wrong and then I explained to him how AVs work.
I did read your post. Then I quoted your post and explained to you how it really works.
You can find the post here: Discuss - Default Deny VS traditional AVs
If you're interesting in educating yourself further, read the following from the official documentation:
FltRegisterFilter function
FltStartFiltering function
_FLT_REGISTRATION
_FLT_OPERATION_REGISTRATION
IRP_MJ_CREATE
IRP_MJ_WRITE
PFLT_PRE_OPERATION_CALLBACK
PFLT_POST_OPERATION_CALLBACK
There's more documentation and pointers if you seek it on MSDN and on other forums.
I think the words "Thank you" were in order, but that's okay, I can live with it.
