Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Kaspersky
Sophisticated hacker bypasses powerful antivirus, how?
Message
<blockquote data-quote="bazang" data-source="post: 1117621" data-attributes="member: 114717"><p>Even "advanced" users here cannot handle Qubes OS.</p><p></p><p></p><p>It is attracting more and more one-person and small-team malicious actors, especially with the sale of malware as a service (MaaS), ransomware as a service (RaaS), and other capabilities. But these are small fry and do not pose a massive threat globally.</p><p></p><p></p><p>The shotgun malware campaigns of decades ago trying to infect any connected internet user are not the primary types of campaigns nowadays. Threat actors are more focused and want better return on their effort than hacking an MT member based in India who has 5 Euros on a pre-paid bank card or an South American with 125 Euros in an unconnected bank account.</p><p></p><p>If malware campaigns are going to be global in scale, then they will target exploitable operating systems and widely-distributed application code - none other than Windows and Android - with network stack and kernel exploits - a la WannaCry and HummingBad. But those kinds of campaigns are one-offs and happen rarely.</p><p></p><p>It is a waste of time to excessively worry about protecting localhost and hardening the home network in well-off financially Europe, North America, Japan, Australia, Singapore, Brunei, the Arab Gulf states, etc. People in those nations are better off doing the things which actually provide very robust protections against digital criminals such as locking-down their credit files/lines of credit, constantly reviewing their credit files, placing fraud alerts on their credit files, continuously scrutinize their bank accounts, use off-line banking (have to walk into a bank to transact), use a limited amount-capped bank account, low limit pre-paid debit or credit card for online transactions [example Amazon], never use debit cards where possible/always use credit cards with all protections enabled (the consumer has to know what these are and request them to be enabled), use 2 and 3 MFA on all accounts, and other things. And the thing that nobody except old people seem capable of doing - never, ever, EVA! - use mobile phone apps (Android in particular) for ANY transactions. Period.</p><p></p><p>But even with all of that, all that juicy user data on third, fourth, fifth, sixth, seventh party data processes and holders makes the greedy criminals (and nation-states) drool like beasts in heat. Attracts the criminals like vultures to a kill. So that is what these criminals target. The ones sending phishing emails from their mommy & daddy's basement or some Nigerian Net Cafe are a minor threat. Now it is the automated botnets and sophisticated highly-protected hosted criminal platforms that spam the four corners of the Earth. AV and localhost hardening is not going to protect against phishing sites that are up for only 60 minutes or less. The user has to be able to identify what is happening in an email.</p><p></p><p>Then robocalls and other voice call scammers - that takes educating people against such campaigns. Not installing AV.</p><p></p><p><strong><span style="font-size: 18px">99% or more of people have little visibility and knowledge of what to do, how to protect themselves in the digital economy. Their nations and governments have failed them. Society has failed them. The education system has failed them. Device manufacturers have failed them. Operating System publishers have failed them. Application software publishers of every single type have failed them. The banking system and corporations have failed them (particularly in nations where banking is only available to the comparatively well-off, such as India).</span></strong></p><p></p><p>Security is not software. It is a process. It requires a top-down approach and that only happens if it is a top national priority. It requires heavy-handed regulations, very intrusive regulations (such as registering devices) and monitoring, internet and device police going around checking devices everywhere, holding the non-compliant (governments themselves, corporations, OEM manufacturers, software developers, other institutions, and the people) accountable, and would be extremely expensive. More expensive globally than 10X that insane US defense budget. There has to also be a willingness for nations to disengage from cyberwar and to wage physical war against nation-states who are significant contributors to the global malware problem.</p><p></p><p>Want a malware free world? That's what it would take and more.</p><p></p><p>Digital security is far more problematic than public health. The public health policy makers have to deal with billions of people. At that scale, they just let people do what they want. Same applies to any other thing at that scale - such as digital security. These are insidious, ineffective societal models that achieve virtually nothing while wasting vast sums of money.</p><p></p><p>Can you imagine every government in the world requiring citizens to regularly weigh-in, obtain body composition scans, and forcing them to comply with healthy lifestyles or else? Take away people's Magic Masla, Coca Cola, and Oreos. That would be far worse than killing-off all social media. There would be global revolts and riots.</p><p></p><p>Now imagine taking away highly insecure things that people do digitally. A close second would be preventing those same citizens from doing most of what they can do today on most any digital device? Block porn? Even babies in cribs will jump off and grab an AK-47 to join the global mutiny if free, highly insecure porn sites are taken away.</p><p></p><p>Because people are people, there is far too much emphasis on the easy, software way = software as security ("Install AV and 'You are Protected'). Not enough educating people the world over on multi-device and financial system consumer protections and security. There is entirely inadequate education of "This is malicious," and "You need to stop doing this...".</p><p></p><p>Doctor: "Oh you're 300 kilos overweight with a body fat ratio of 90%, but you're OK. People at any body mass and composition can be healthy."</p><p></p><p>That sort of thing happens in the digital world with regards to security.</p><p></p><p>But given that I have seen people (users) in action across the globe over the past twenty years, I can tell everyone that all of them are as much of a problem as the society not educating part. How do you teach and educate people in third world nations who cannot read or even a basic functional education system? How do you do this when there is no money to educate them? How to you do it when there is war or their daily objective is feeding themselves and their families? What do you do when they just don't care about security (if there are available resources to educate them or not)?</p></blockquote><p></p>
[QUOTE="bazang, post: 1117621, member: 114717"] Even "advanced" users here cannot handle Qubes OS. It is attracting more and more one-person and small-team malicious actors, especially with the sale of malware as a service (MaaS), ransomware as a service (RaaS), and other capabilities. But these are small fry and do not pose a massive threat globally. The shotgun malware campaigns of decades ago trying to infect any connected internet user are not the primary types of campaigns nowadays. Threat actors are more focused and want better return on their effort than hacking an MT member based in India who has 5 Euros on a pre-paid bank card or an South American with 125 Euros in an unconnected bank account. If malware campaigns are going to be global in scale, then they will target exploitable operating systems and widely-distributed application code - none other than Windows and Android - with network stack and kernel exploits - a la WannaCry and HummingBad. But those kinds of campaigns are one-offs and happen rarely. It is a waste of time to excessively worry about protecting localhost and hardening the home network in well-off financially Europe, North America, Japan, Australia, Singapore, Brunei, the Arab Gulf states, etc. People in those nations are better off doing the things which actually provide very robust protections against digital criminals such as locking-down their credit files/lines of credit, constantly reviewing their credit files, placing fraud alerts on their credit files, continuously scrutinize their bank accounts, use off-line banking (have to walk into a bank to transact), use a limited amount-capped bank account, low limit pre-paid debit or credit card for online transactions [example Amazon], never use debit cards where possible/always use credit cards with all protections enabled (the consumer has to know what these are and request them to be enabled), use 2 and 3 MFA on all accounts, and other things. And the thing that nobody except old people seem capable of doing - never, ever, EVA! - use mobile phone apps (Android in particular) for ANY transactions. Period. But even with all of that, all that juicy user data on third, fourth, fifth, sixth, seventh party data processes and holders makes the greedy criminals (and nation-states) drool like beasts in heat. Attracts the criminals like vultures to a kill. So that is what these criminals target. The ones sending phishing emails from their mommy & daddy's basement or some Nigerian Net Cafe are a minor threat. Now it is the automated botnets and sophisticated highly-protected hosted criminal platforms that spam the four corners of the Earth. AV and localhost hardening is not going to protect against phishing sites that are up for only 60 minutes or less. The user has to be able to identify what is happening in an email. Then robocalls and other voice call scammers - that takes educating people against such campaigns. Not installing AV. [B][SIZE=5]99% or more of people have little visibility and knowledge of what to do, how to protect themselves in the digital economy. Their nations and governments have failed them. Society has failed them. The education system has failed them. Device manufacturers have failed them. Operating System publishers have failed them. Application software publishers of every single type have failed them. The banking system and corporations have failed them (particularly in nations where banking is only available to the comparatively well-off, such as India).[/SIZE][/B] Security is not software. It is a process. It requires a top-down approach and that only happens if it is a top national priority. It requires heavy-handed regulations, very intrusive regulations (such as registering devices) and monitoring, internet and device police going around checking devices everywhere, holding the non-compliant (governments themselves, corporations, OEM manufacturers, software developers, other institutions, and the people) accountable, and would be extremely expensive. More expensive globally than 10X that insane US defense budget. There has to also be a willingness for nations to disengage from cyberwar and to wage physical war against nation-states who are significant contributors to the global malware problem. Want a malware free world? That's what it would take and more. Digital security is far more problematic than public health. The public health policy makers have to deal with billions of people. At that scale, they just let people do what they want. Same applies to any other thing at that scale - such as digital security. These are insidious, ineffective societal models that achieve virtually nothing while wasting vast sums of money. Can you imagine every government in the world requiring citizens to regularly weigh-in, obtain body composition scans, and forcing them to comply with healthy lifestyles or else? Take away people's Magic Masla, Coca Cola, and Oreos. That would be far worse than killing-off all social media. There would be global revolts and riots. Now imagine taking away highly insecure things that people do digitally. A close second would be preventing those same citizens from doing most of what they can do today on most any digital device? Block porn? Even babies in cribs will jump off and grab an AK-47 to join the global mutiny if free, highly insecure porn sites are taken away. Because people are people, there is far too much emphasis on the easy, software way = software as security ("Install AV and 'You are Protected'). Not enough educating people the world over on multi-device and financial system consumer protections and security. There is entirely inadequate education of "This is malicious," and "You need to stop doing this...". Doctor: "Oh you're 300 kilos overweight with a body fat ratio of 90%, but you're OK. People at any body mass and composition can be healthy." That sort of thing happens in the digital world with regards to security. But given that I have seen people (users) in action across the globe over the past twenty years, I can tell everyone that all of them are as much of a problem as the society not educating part. How do you teach and educate people in third world nations who cannot read or even a basic functional education system? How do you do this when there is no money to educate them? How to you do it when there is war or their daily objective is feeding themselves and their families? What do you do when they just don't care about security (if there are available resources to educate them or not)? [/QUOTE]
Insert quotes…
Verification
Post reply
Top
