And how would the browser access that code in a pdf on your computer? (Answer: it can't.)PDF has the payload and when you visit a website browser javacript runs the embedded code.
And how would the browser access that code in a pdf on your computer? (Answer: it can't.)PDF has the payload and when you visit a website browser javacript runs the embedded code.
There's kind of a difference between unauthorized changes to files and unauthorized network connections / host intrusions. BTW, FreeBSD has security/snort and Wireshark for packet sniffing, if you like. It's usually kind of a pain to remember to turn the antivirus off every time you need to upgrade/patch something. This is why most companies just have a few dedicated appliances set up as firewalls. You gotta have appropriate tools for the job.Agreed. On the flip side of virus scanning is ensuring none of your critical O/S (and app) files have not been altered. This is where tripwire and aide can help out. Of course tripwire and aide are not a silver bullet. You simply can't install and forget them. Each needs a comprehensive change management strategy to work properly. Otherwise it's just noise.
Many companies want that silver bullet to solve this problem. They fail to realize that tripwire and aide are only 15% of the solution. The other 85% is organizational to track change and communicate that to the security officer who maintains the baseline signatures in tripwire and aide. Otherwise every alert is a "compromise" where in fact it's probably a patch or legitimate software install. The time spent doing this after the fact will quickly result in missing an unauthorized change to a critical file.
Totally agree. The JS bug was probably written for a windows client.And how would the browser access that code in a pdf on your computer? (Answer: it can't.)
Firewall is not the same as patching, antivirus, file signatures and the like. Firewalls are one piece of the puzzle. People who stand up a firewall and consider the job done are always surprised when when their site is compromised. (Just like people who think a VPN will protect them.)There's kind of a difference between unauthorized changes to files and unauthorized network connections / host intrusions. BTW, FreeBSD has security/snort and Wireshark for packet sniffing, if you like. It's usually kind of a pain to remember to turn the antivirus off every time you need to upgrade/patch something. This is why most companies just have a few dedicated appliances set up as firewalls. You gotta have appropriate tools for the job.
I do agree that security is a layered approach. But there are appropriate tools for every layer. You can't exactly tell snort to act like pf. This is partly why I'm not wild about solutions that claim to be all-in-one, like Aide or Tripwire. They tend to focus on just one layer, and other layers suffer as a result.Firewall is not the same as patching, antivirus, file signatures and the like. Firewalls are one piece of the puzzle. People who stand up a firewall and consider the job done are always surprised when when their site is compromised. (Just like people who think a VPN will protect them.)
Security is a layered approach. One piece of the puzzle does not secure a site.
That goes directly to my point about what is actually doing rendering of the document. Most browsers have a knob that lets you disable automatic execution of javascript, of course doing that can break a lot of websites.
Absolutely. On top of that I use xpdf which does not have modern virus prone features.I've always preferred downloading and using my own application to open or explicitly set my application as the one to use in the browser.
Well, Kaspersky is a particularly interesting case of virus work. It is well known that Kaspersky and InfoWatch are deeply tied to the Russian espionage service (the FSB), and to Russian black-hat culture (some of which work for the Russian government, some for criminal organizations). Kaspersky is also a white-hat business that sells legitimate virus scanning software, and it has gone to some effort to legitimize itself. This double-duty setup is very much like a bad mafia movie, where the mafioso guarantees your security, but also takes protection money for that.Uhhhh... It was researchers at Kaspersky who uncovered the Stuxnet virus back in 2010's. To build an effective defense against a virus or a DDoS - it does take a bit of knowledge of how it even works, and what's targeted.
I did not know this!InfoWatch are deeply tied to the Russian espionage
… Security is a layered approach. …
… I typically report to Newest IP or URL Threats - Malwarebytes Forums. …
You you have citable sources or is it chitchat?InfoWatch are deeply tied to the Russian espionage service (the FSB), and to Russian black-hat culture ...
Yeah! I did not know either. But I still do not know it.I did not know this!
Malware BrowserGuard would be replaced by ublock Origin, noScript, deCentralyse extensions here. Any reason to use it in addition or as a replacement? I know Malware coy is an antivirus coy though.I use it as much for blocking advertisements etc. as I do for blocking things such as scams.
View attachment 13983 View attachment 13984
Also Trocker, CSS Exfil Protection and minerBlock. Bonus for Privacy Badger.Malware BrowserGuard would be replaced by ublock Origin, noScript, deCentralyse extensions here. Any reason to use it in addition or as a replacement? I know Malware coy is an antivirus coy though.
Start at the Wikipedia page. In particular the ones for Mr. and Mrs. Kaspersky (they are the CEOs of the Kaspersky anti-virus company and of InfoWatch, an anti-leak company, respectively).You you have citable sources or is it chitchat?
Be assured that I do at least low hanging research before pressing the "Post reply" button. My conclusions from reading Wikipedia was and still is, that what you said cannot be confirmed by reliable sources. As long as you cannot provide appropriate cites from credible sources you make assumptions.Start at the Wikipedia page. In particular the ones for Mr. and Mrs. Kaspersky
Are you sure? I really don't think FreeBSD is that invincible.And how would the browser access that code in a pdf on your computer? (Answer: it can't.)
Of course. If for no other reason than it allows you to pass it on to others.Regardless having malware or virus infected files on you computer is not good.
Can we agree on that?
Malware BrowserGuard would be replaced by ublock Origin, noScript, deCentralyse extensions here. Any reason to use it in addition or as a replacement? …
I freely admit that I do not have citable sources for my opinion that both these businesses are tied to the Russian state intelligence operations. There is lots of circumstantial evidence on the web; search for "FSB Kasperskaya" or InfoWatch or Kaspersky (Kasperskaya is the last name of Mrs. Kaspersky in the Russian way of writing it, she's the CEO of InfoWatch, and co-founder and ex-wife of Kaspersky anti-virus). This includes legal documents and articles in respectable newspapers. Hard facts that are published tend to not exist when government intelligence is concerned.My conclusions from reading Wikipedia was and still is, that what you said cannot be confirmed by reliable sources.
I was sure that the Malware Browser Guard would focus on malware while uBO is meant to block scripts, XS scripts, etc almost similar to noScript. I was not so sure *ware was necessary on *BSD as most people have been saying here.I can't imagine uBlock Origin being a suitable replacement for Malwarebytes Browser Guard. (Not unless uBlock Origin is set so aggressively that it breaks many websites.) Please see, for example:
Worth noting: Expanding a malware domain list : uBlockOrigin – too arduous, I abandoned attempts to improve what was used by the extension at the time.
It is.I can't imagine uBlock Origin being a suitable replacement for Malwarebytes Browser Guard.
None of that is needed. Complete waste. The provided lists are all you need. Keep it updated.Worth noting: Expanding a malware domain list : uBlockOrigin – too arduous,
I was sure that the Malware Browser Guard would focus on malware while uBO is meant to block scripts, XS scripts, etc …
It is. …
… The provided lists are all you need. …
set so aggressively that it breaks many websites.
Thank you for your honerable clarification.I freely admit that I do not have citable sources for my opinion
Have you seen this paper? Do you remember when it was issued (month/year)? And which agency issued it?... if US federal agencies tell their contractors (which includes pretty much all large computer companies) that they must not use Kaspersky antivirus products (nor SuperMicro motherboards) on any work that involves the federal government as a customer.