Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Hardware
Hardware Troubleshooting
Shoud I Invest on new Cpu or Laptop??
Message
<blockquote data-quote="Deleted member 65228" data-source="post: 703764"><p><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite124" alt=":love:" title="Love :love:" loading="lazy" data-shortname=":love:" /><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite124" alt=":love:" title="Love :love:" loading="lazy" data-shortname=":love:" /><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite124" alt=":love:" title="Love :love:" loading="lazy" data-shortname=":love:" /></p><p></p><p>No, this isn't an 'opportunistic bash at Microsoft'. I happen to be a fan of Microsoft's work, but that doesn't mean I agree it is more secure than alternatives which I choose not to use for various reasons. Unless the original poster truly needs to use Windows, then I will advise them to use a Chromebook for their own good. So you really don't get it.</p><p></p><p></p><p><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite124" alt=":love:" title="Love :love:" loading="lazy" data-shortname=":love:" /><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite124" alt=":love:" title="Love :love:" loading="lazy" data-shortname=":love:" /><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite124" alt=":love:" title="Love :love:" loading="lazy" data-shortname=":love:" /></p><p></p><p>As I said, you really don't get it. We'll go back to the previous post and hopefully this time you'll 'get it' as you like to say.</p><p></p><p></p><p></p><p>Read the above quote. It's a small quote so you shouldn't have a problem reading it, but I can break it down into bullet points for you if that's better.</p><p></p><p>1. Due to how Chromebook's are designed, there is less for an attacker to potentially exploit.</p><p>2. Due to how Chromebook's are designed, there is less for an attacker to potentially exploit.</p><p>3. Due to how Chromebook's are designed, there is less for an attacker to potentially exploit.</p><p></p><p>There are three very nice points. How does this sorcery work? Well when you install software on your system, more vulnerabilities are introduced. No software is vulnerability-proof, it's only a matter of time before they are found - new vulnerabilities are being found on a daily basis and thankfully there is an extremely large community of security researchers who put time and effort into finding them early-on, typically in exchange for a nice reward bonus with bug bounty which motivates people a bit more usually. Now, when you take a system and you cut off a large majority of what is available, you also cut off all the vulnerabilities that the content which originally existed brought to the table.</p><p></p><p>When we look at a Chromebook, it is designed to be used for different purposes than a typical machine running an operating system like Windows. You don't go onto the internet and download executable content - you install applications from Google Play which is still not completely safe but this is also optional. The typical standard drive-by-download attacks which occur in the wild? Less vulnerable for a Chromebook due to how they work and how they are used. If all you need to do is some web-browsing, online chats, accessing banking accounts, then a Chromebook is perfectly fine because you cut off a shed load of attack vectors and also operate on a machine which is more secure even in a situation where you make a stupid mistake. Before you put words in my mouth, I'm not saying that a Chromebook is invincible to attackers - this is simply not true and there are still attack vectors like malicious Android applications on the Google Play Store which can be used on a Chromebook, malicious browser extensions for Google Chrome which can infiltrate on user data among many others - however you're not going to be affected by many things which you can however be affected by on a traditional Windows machine, which also tend to be quite common.</p><p></p><p>I don't use a Chromebook, it won't work for me very well because I will hardly use it due to what I need to do on my system. Just because I'm a Windows user doesn't mean I have to agree that Microsoft do the best job with security, and due to the work I do, I know for a fact that Windows is not as secure as a Chromebook when you take into account the reduced attack vectors. Reduced attack vectors or not, an individual can be attacked through any of the attack vectors which are present and thus reduced attack vectors compared to an alternate doesn't guarantee invincibility, but reduced attack vectors does make the the environment safer from a technical point of view. When you patch a vulnerability, you're closing an attack vector; when you're using a machine which has reduced attack vectors, there is a decreased chance that an attacker may be able to exploit the system, because the attack vector being targeted may not be present. In terms of a Chromebook, the difference in attack vector is huge.</p><p></p><p></p><p>Exploitation is when you abuse a weakness, it doesn't have to be by an attacker with malicious intent in a real-life scenario. When someone discovers a flaw in an implementation of a product and exploits it for experimental purposes, that is exploitation of the found vulnerability.</p><p></p><p>A good person could exploit a shop-keeper's mind to get away with a free Apple and bottle of water so they can drop it off to a homeless guy who is living on the street in the cold with lack of food and water. Whether this individual is considered "good" or "bad" is down to you, but regardless of your opinion on how he is, he'd still be exploiting. It doesn't matter if he's a "good" or "bad" person. Exploitation is exploitation.</p><p></p><p>Whether it is by an attacker to gain additional leverage to do something they shouldn't have been able to do before (e.g. privilege escalation)/ease execution of an operation which is a bit more evasive than the originally supported method of doing something/other examples I am sure you will think of, or under a laboratory environment for proof-of-concept demonstration purposes to help the vendor/improve your own skill-set is another story.</p><p></p><p>If I am helping a friend out who has been infected with ransomware, and I discover a vulnerability which allows me to access the decryption key (e.g. RSA-2048 private key) because the sample's process is yet to terminate and instead it's aimlessly still running despite it's operation having been completed, and forgot to free the buffer in-memory within it's address space which is where the private key is present, and I then exploit this vulnerability (exploitation is using a flaw as an advantage - a vulnerability is flaw - and in this scenario I would be abusing this weakness within the ransomware sample) to retrieve the decryption key and recover the contents of the critical and personal affected files on my friends system, are you seriously telling me this is not valid exploitation of a vulnerability because I would not be the "bad guy"?</p><p></p><p><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite124" alt=":love:" title="Love :love:" loading="lazy" data-shortname=":love:" /></p></blockquote><p></p>
[QUOTE="Deleted member 65228, post: 703764"] :love::love::love: No, this isn't an 'opportunistic bash at Microsoft'. I happen to be a fan of Microsoft's work, but that doesn't mean I agree it is more secure than alternatives which I choose not to use for various reasons. Unless the original poster truly needs to use Windows, then I will advise them to use a Chromebook for their own good. So you really don't get it. :love::love::love: As I said, you really don't get it. We'll go back to the previous post and hopefully this time you'll 'get it' as you like to say. Read the above quote. It's a small quote so you shouldn't have a problem reading it, but I can break it down into bullet points for you if that's better. 1. Due to how Chromebook's are designed, there is less for an attacker to potentially exploit. 2. Due to how Chromebook's are designed, there is less for an attacker to potentially exploit. 3. Due to how Chromebook's are designed, there is less for an attacker to potentially exploit. There are three very nice points. How does this sorcery work? Well when you install software on your system, more vulnerabilities are introduced. No software is vulnerability-proof, it's only a matter of time before they are found - new vulnerabilities are being found on a daily basis and thankfully there is an extremely large community of security researchers who put time and effort into finding them early-on, typically in exchange for a nice reward bonus with bug bounty which motivates people a bit more usually. Now, when you take a system and you cut off a large majority of what is available, you also cut off all the vulnerabilities that the content which originally existed brought to the table. When we look at a Chromebook, it is designed to be used for different purposes than a typical machine running an operating system like Windows. You don't go onto the internet and download executable content - you install applications from Google Play which is still not completely safe but this is also optional. The typical standard drive-by-download attacks which occur in the wild? Less vulnerable for a Chromebook due to how they work and how they are used. If all you need to do is some web-browsing, online chats, accessing banking accounts, then a Chromebook is perfectly fine because you cut off a shed load of attack vectors and also operate on a machine which is more secure even in a situation where you make a stupid mistake. Before you put words in my mouth, I'm not saying that a Chromebook is invincible to attackers - this is simply not true and there are still attack vectors like malicious Android applications on the Google Play Store which can be used on a Chromebook, malicious browser extensions for Google Chrome which can infiltrate on user data among many others - however you're not going to be affected by many things which you can however be affected by on a traditional Windows machine, which also tend to be quite common. I don't use a Chromebook, it won't work for me very well because I will hardly use it due to what I need to do on my system. Just because I'm a Windows user doesn't mean I have to agree that Microsoft do the best job with security, and due to the work I do, I know for a fact that Windows is not as secure as a Chromebook when you take into account the reduced attack vectors. Reduced attack vectors or not, an individual can be attacked through any of the attack vectors which are present and thus reduced attack vectors compared to an alternate doesn't guarantee invincibility, but reduced attack vectors does make the the environment safer from a technical point of view. When you patch a vulnerability, you're closing an attack vector; when you're using a machine which has reduced attack vectors, there is a decreased chance that an attacker may be able to exploit the system, because the attack vector being targeted may not be present. In terms of a Chromebook, the difference in attack vector is huge. Exploitation is when you abuse a weakness, it doesn't have to be by an attacker with malicious intent in a real-life scenario. When someone discovers a flaw in an implementation of a product and exploits it for experimental purposes, that is exploitation of the found vulnerability. A good person could exploit a shop-keeper's mind to get away with a free Apple and bottle of water so they can drop it off to a homeless guy who is living on the street in the cold with lack of food and water. Whether this individual is considered "good" or "bad" is down to you, but regardless of your opinion on how he is, he'd still be exploiting. It doesn't matter if he's a "good" or "bad" person. Exploitation is exploitation. Whether it is by an attacker to gain additional leverage to do something they shouldn't have been able to do before (e.g. privilege escalation)/ease execution of an operation which is a bit more evasive than the originally supported method of doing something/other examples I am sure you will think of, or under a laboratory environment for proof-of-concept demonstration purposes to help the vendor/improve your own skill-set is another story. If I am helping a friend out who has been infected with ransomware, and I discover a vulnerability which allows me to access the decryption key (e.g. RSA-2048 private key) because the sample's process is yet to terminate and instead it's aimlessly still running despite it's operation having been completed, and forgot to free the buffer in-memory within it's address space which is where the private key is present, and I then exploit this vulnerability (exploitation is using a flaw as an advantage - a vulnerability is flaw - and in this scenario I would be abusing this weakness within the ransomware sample) to retrieve the decryption key and recover the contents of the critical and personal affected files on my friends system, are you seriously telling me this is not valid exploitation of a vulnerability because I would not be the "bad guy"? :love: [/QUOTE]
Insert quotes…
Verification
Post reply
Top
