flat assembler
Message board for the users of flat assembler.

Index > Heap > i wasted my today with killing ...

Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next
Author
Thread Post new topic Reply to topic
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
Azu wrote:
And you base this on... your imagination.
What's this now, I have to PROVE A NEGATIVE?
I have to prove that a virus does not exist on my system?
Why not ask me to prove that God does not exist then? I mean both are "indetectable" right?

Why don't you apply your atheist/agnostic principle here as well?

Azu wrote:
It's obvious that you didn't get one that has obvious visual giveaways, which occured while you were at the computer, were noticed by you, and attributed to a virus.. that's some pretty wishful thinking, though. Haven't you heard the saying "better safe than sorry"?
Yes, and I agree, but I also heard of the old romanian story about "paranoid people" (we call it 'prostia omeneasca' which means 'human stupidity' Razz). They worried about stuff like "what if an earthquake were to come now and drop that lamp on the baby?", you know paranoid like that.

Even if they can easily be protected against, you will never be safe against all possible paranoid situations.

Azu wrote:
You said that if they were general they wouldn't have any ways around many AVs.. I'm saying that you're abusing the English language. By definition, if they are general, it won't matter which brand of AV you're using or whatever. They will have some kind of general workaround that bypasses them all.
What I mean by general is a virus that isn't specifically designed to attack one particular configuration or AV. Thus, while it may work on some AVs, it is unlikely it will work on advanced ones. To do that, it must be specifically designed to counter them. Which is not easy considering it must do so for multiple ones at once.

Not to mention the other conditions I posted, at the same time.

Azu wrote:
So because there's one thing you can't protect against, you're going to take that retarded example and apply it to completely unrelated things like computer security? That makes no sense whatsoever. Smile
Well technically, there are some pentagon servers that were hacked (read it on newspaper) but not badly (and the attackers were caught by the FBI of course, the "virus are indetectable" is a bit dreamish). So, going by your paranoia, this virus flaws can directly influence whether I get a nuke on my head or not.

Azu wrote:
You keep completely ignoring my questions. What are these "two hashes" you keep going on about (for all I know they could be Adler-32 and count of set bits Laughing)? And are they even checked during runtime, or just as startup (which, as I just said, would be useless against viruses that reside in memory.. if you're not even going to read what you're replying to, why reply?).
BTW, there's nothing difficult about checking network usage, sorry to burst your bubble. But I guess you'll continue pretending this to be "imaginary" even with all the applications out there that already do this. That's being delusional.
Let's drop this.
The bold part, you keep claiming it. I know a friend of mine, a malware kiddo, who thinks the same.
Problem is, whenever he tries to "prove" it to me, he ends up with "crap, I have to take care of the hash now" or "crap, this 'easy' method for network usage triggers AVs" or stuff like that.

It sounds easy in theory, but to bypass ALL CONDITIONS it is difficult, if not impossible. Just like your "check every xth day of month" example, which would likely be triggered by AVs if it did something maliciously on that day. It ain't easy to bypass them ALL at the same time.


As for your question, of course it checks them from file when launched, I don't need an active firewall to make my computer slow. But what's wrong with that, if I always relaunch Firefox anyway usually when downloading non-encrypted apps or when I visited sites that I allowed JavaScript?

Even more so if I delete the Sandbox as I started to do recently. Or does the browser get automagically infected when launched and going to the download link directly?

Azu wrote:
Windows security just keeps getting worse. The newest iteration of Windows (which Microsoft is pushing like hell) doesn't even ship in a state where UAC can do anything to malware, yet it is still annoying Rolling Eyes
Not to mention the countless 0-day vulnerabilities in ALL versions of Windows which continually pop up out of the blue.
I'm still with a stable and old, patched-to-hell Windows XP. And patched slipstreamed into the install with nlite, not with manual installations/updates, for potential "infestations" before I get it patched Smile

_________________
Previously known as The_Grey_Beast
Post 05 Aug 2009, 14:52
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1160
Azu
Borsuc wrote:
Azu wrote:
And you base this on... your imagination.
What's this now, I have to PROVE A NEGATIVE?
I have to prove that a virus does not exist on my system?
Why not ask me to prove that God does not exist then? I mean both are "indetectable" right?

Why don't you apply your atheist/agnostic principle here as well?
...
You don't even know what you are replying to. Please stop pruning the quotes every time they get 2 levels deep, unless you are going to start remembering them. Laughing

I'm not going to restore them for you, so go back a page and re-read the conversation, so you can make a reply that actually makes sense within it.

Borsuc wrote:
Azu wrote:
It's obvious that you didn't get one that has obvious visual giveaways, which occured while you were at the computer, were noticed by you, and attributed to a virus.. that's some pretty wishful thinking, though. Haven't you heard the saying "better safe than sorry"?
Yes, and I agree, but I also heard of the old romanian story about "paranoid people" (we call it 'prostia omeneasca' which means 'human stupidity' Razz). They worried about stuff like "what if an earthquake were to come now and drop that lamp on the baby?", you know paranoid like that.
If you live in earthquake country, you would be pretty stupid to leave a baby somewhere with unsecured lamps or other hot/heavy/sharp objects that might fall on it. You would be extremely stupid to deny the possibility of that happening, unless you were somewhere that had no earthquakes, and/or there was no lamp, and/or there was no baby.

Borsuc wrote:
Even if they can easily be protected against, you will never be safe against all possible paranoid situations.
Calling everyone paranoid at the top of your lungs doesn't change the fact that you must be mentally retarded to honestly believe that just because something seems unlikely means it is impossible.

Borsuc wrote:
Azu wrote:
You said that if they were general they wouldn't have any ways around many AVs.. I'm saying that you're abusing the English language. By definition, if they are general, it won't matter which brand of AV you're using or whatever. They will have some kind of general workaround that bypasses them all.
What I mean by general is a virus that isn't specifically designed to attack one particular configuration or AV. Thus, while it may work on some AVs, it is unlikely it will work on advanced ones. To do that, it must be specifically designed to counter them. Which is not easy considering it must do so for multiple ones at once.

Not to mention the other conditions I posted, at the same time.
Running multiple anti viruses with advanced real-time memory scanning heuristics activated simultaneously might not be a good idea though. They could conflict in ways that cause stability problems (e.g. data corruption or BSOD) at unexpected times out of the blue, or even silently interfere with eachothers' ability to detect viruses.

Borsuc wrote:
Azu wrote:
So because there's one thing you can't protect against, you're going to take that retarded example and apply it to completely unrelated things like computer security? That makes no sense whatsoever. Smile
Well technically, there are some pentagon servers that were hacked (read it on newspaper) but not badly (and the attackers were caught by the FBI of course, the "virus are indetectable" is a bit dreamish). So, going by your paranoia, this virus flaws can directly influence whether I get a nuke on my head or not.
Did you miss the paragraph that was in reply to, and the "That makes no sense" at the end of mine? Wink

Borsuc wrote:
Azu wrote:
You keep completely ignoring my questions. What are these "two hashes" you keep going on about (for all I know they could be Adler-32 and count of set bits Laughing)? And are they even checked during runtime, or just as startup (which, as I just said, would be useless against viruses that reside in memory.. if you're not even going to read what you're replying to, why reply?).
BTW, there's nothing difficult about checking network usage, sorry to burst your bubble. But I guess you'll continue pretending this to be "imaginary" even with all the applications out there that already do this. That's being delusional.
Let's drop this.
Okay. It's obvious what the answer is, by your refusal to answer. Smile
Borsuc wrote:
The bold part, you keep claiming it. I know a friend of mine, a malware kiddo, who thinks the same.
Problem is, whenever he tries to "prove" it to me, he ends up with "crap, I have to take care of the hash now" or "crap, this 'easy' method for network usage triggers AVs" or stuff like that.
Well.. I guess you got me.. I mean it's not like I could just tell you "Press CTRL+SHIFT+ESC and click Networking" or "install Process Explorer and run it" or "install the G15 plugin called LCDSirReal" or "read the MSDN documentation of Windows API functions" to prove my point. No, that would be impossible.
Oh, wait, actually, it wouldn't. It would be like stealing candy from a baby, though. So I won't do it. Laughing

Borsuc wrote:
It sounds easy in theory, but to bypass ALL CONDITIONS it is difficult, if not impossible. Just like your "check every xth day of month" example, which would likely be triggered by AVs if it did something maliciously on that day. It ain't easy to bypass them ALL at the same time.
Well I explained how each of them can be gotten around.. and you didn't refute any of that.. and there is no reason to believe that would not work in unison, so.. ya.. maybe not easy, but definitely possible. Why can't you just accept this? The solution you've described isn't perfectly secure. You could get infected with it.


Borsuc wrote:
As for your question, of course it checks them from file when launched, I don't need an active firewall to make my computer slow. But what's wrong with that
Well, most buffer overflow and other exploits work in memory without accessing the filesystem. Meaning that unless you restart your browser every time you download something, there's no reason a virus resident in the browser couldn't infect that.



Borsuc wrote:
if I always relaunch Firefox anyway usually when downloading non-encrypted apps or when I visited sites that I allowed JavaScript?
If that were the case (you haven't mentioned it until now, so I'm guessing not), then the only way the virus could succeed would be if it didn't get detected, or if there was some imperfection in the sandbox that it could get out through.

Borsuc wrote:
Even more so if I delete the Sandbox as I started to do recently. Or does the browser get automagically infected when launched and going to the download link directly?
You said before that you only did that once every 24 hours.. which would give any viruses in it a 24 hour window to get into a download. If you reset the whole thing before every download, than yes it would be impossible. Unless there is some imperfection in the sandbox/VM/whatever(what's the difference between them?).

Borsuc wrote:
Azu wrote:
Windows security just keeps getting worse. The newest iteration of Windows (which Microsoft is pushing like hell) doesn't even ship in a state where UAC can do anything to malware, yet it is still annoying Rolling Eyes
Not to mention the countless 0-day vulnerabilities in ALL versions of Windows which continually pop up out of the blue.
I'm still with a stable and old, patched-to-hell Windows XP. And patched slipstreamed into the install with nlite, not with manual installations/updates, for potential "infestations" before I get it patched Smile
That should work.. unless a new vulnerability gets found. I'm pretty sure that that last one that got fixed isn't going to be the last one to surface. They just keep coming. But maybe you'll be lucky, maybe no more will come up. Maybe. Rolling Eyes
Or not.


Gonna call be paranoid for this, too? And if you do, do I get a cookie next Tuesday when I'm proven right? ^_^
Post 05 Aug 2009, 16:07
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
You know what I'm just gonna drop this because I know what I'm quoting but it seems you think you mean something else. For instance from this:
Azu wrote:
Borsuc wrote:
Oh yeah, I was lucky! That's right. I'd say, for me it's "obvious" that I didn't get a virus yet (read: no account lost, no computer acting weird symptoms, everything else is SPECULATION). I mean why I think it is obvious is because the chances are astronomically low.
And you base this on... your imagination.
my obvious conclusion you meant that it is my imagination that viruses are not on my computer.

Yes I only did it 24 hour period before, but just to give you less reasons to complain I changed my habit to "paranoid level" to clean it more often Smile

Azu wrote:
That should work.. unless a new vulnerability gets found. I'm pretty sure that that last one that got fixed isn't going to be the last one to surface. They just keep coming. But maybe you'll be lucky, maybe no more will come up. Maybe. Rolling Eyes
Or not.
There's a limit to the vulnerabilities in the kernel and user APIs, where they get "perfected" (security-wise I mean). Most fixes are for IE. I don't use it.

Azu wrote:
Gonna call be paranoid for this, too? And if you do, do I get a cookie next Tuesday when I'm proven right? ^_^
How can you can a cookie for proving something indetectable? That's like expecting to prove God exists to get a cookie.

On the other hand I'm not holding my breath, since I've been running it for 6 years like this (even worse in the first few years).

_________________
Previously known as The_Grey_Beast
Post 06 Aug 2009, 18:51
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1160
Azu
Fine, if you refuse to actually read the conversation before replying, I refuse to take any more part in it. This is pointless.
Post 06 Aug 2009, 18:54
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
windwakr



Joined: 30 Jun 2004
Posts: 827
Location: Michigan, USA
windwakr
Hmm, I guess you CAN get a virus from a trusted source.
http://au.sys-con.com/node/1077167

_________________
----> * <---- My star, won HERE
Post 21 Aug 2009, 16:45
View user's profile Send private message Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
OMG fasm can be infected without being detected as a virus. ZOMG what shall I do? Don't download any apps?

please.

(also, if it "spreads", I would see in the sandbox that it affects other files)

and this has nothing to do with browser vulnerabilities. Maybe our Windows OSes are also compromised? What about linux sources? This sounds like a conspiracy.

_________________
Previously known as The_Grey_Beast
Post 21 Aug 2009, 17:47
View user's profile Send private message Reply with quote
Plue



Joined: 15 Dec 2005
Posts: 151
Plue
Quote:
In particular, neither Linux nor BSD recognizes the ethernet controller on the Biostar motherboard with the aforementioned 64 bit cpu. This is a Realtek RTL 8111DL controller, probably about 15 months old, i.e. not something that came on the scene yesterday, and the Unix world has no idea that it exists....
When I started trying Linux, they said my hardware was not supported because it was too new. Then, all of a sudden, it was not supported because it was too old...

_________________
Roses are red
Violets are blue
Some poems rhyme
And some don't.
Post 21 Aug 2009, 18:32
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1160
Azu
Borsuc wrote:
OMG fasm can be infected without being detected as a virus. ZOMG what shall I do? Don't download any apps?

please.

(also, if it "spreads", I would see in the sandbox that it affects other files)

and this has nothing to do with browser vulnerabilities. Maybe our Windows OSes are also compromised? What about linux sources? This sounds like a conspiracy.
The Linux part does, since it's open for all to see what's in it. Windows is a very real threat though, since nobody gets any idea of what's going on inside it except for Microsoft themselves and some government agencies.
Post 22 Aug 2009, 03:20
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
Delphi source code was kinda open for all to see too. In fact if it wasn't, the virus couldn't even propagate!
Post 22 Aug 2009, 15:14
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1160
Azu
Okay...? Delphi isn't a trojan horse, and you're free to take a look at the source to confirm this. Obviously if you have a virus running on your computer it might infect Delphi, or any other program on your computer.. regardless of whether it's closed source or open, freeware or commercially licensed.


Last edited by Azu on 23 Aug 2009, 00:15; edited 1 time in total
Post 23 Aug 2009, 00:06
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
The virus infected the SOURCE CODE, not the executable.
People don't notice this shit immediately, even if it is "open" and "everyone can see it". It's like infecting the standard library in C. ANY program compiled with it would get the virus (which does nothing more but see if the target computer also has the source code, and if so, infect it).

Same can be done with Linux, especially if it infects a rarely-modified part (like starting kernel or something), people won't look into it until a few months passed and until then the virus is already spread etc.

_________________
Previously known as The_Grey_Beast
Post 23 Aug 2009, 00:15
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1160
Azu
Actually, they do. That's what changelogs are for. They let you see what exactly has been changed, without having to look through the whole source.
Post 23 Aug 2009, 00:18
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
Yeah every 6 months or so (the kernel) I think Wink

Remember that the dude who looks at the kernel doesn't necessarily have the infected one the moment he looked at it.

_________________
Previously known as The_Grey_Beast
Post 23 Aug 2009, 00:19
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1160
Azu
What I mean is, this is a complete non-problem, since it's trivial to see what changes were made, and simply undo the malicious commit before recompiling.
Post 23 Aug 2009, 00:22
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17279
Location: In your JS exploiting you and your system
revolution
Azu wrote:
What I mean is, this is a complete non-problem, since it's trivial to see what changes were made, and simply undo the malicious commit before recompiling.
If it is such a non-problem as you say then how come people have the problem?

Borsuc is correct, most people never check diff's. Change logs can be faked, they won't help one bit. There are existing examples of changes made to OSS that severely reduced security and nobody noticed for more than a year.

[edit] link


Last edited by revolution on 23 Aug 2009, 00:33; edited 1 time in total
Post 23 Aug 2009, 00:28
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1160
Azu
revolution wrote:
Azu wrote:
What I mean is, this is a complete non-problem, since it's trivial to see what changes were made, and simply undo the malicious commit before recompiling.
If it is such a non-problem as you say then how come people have the problem?

Borsuc is correct, most people never check diff's. Change logs can be faked, they won't help one bit. There are existing examples of changes made to OSS that severely reduced security and nobody noticed for more than a year.
Okay.. no, you can't, sorry. You do know how SVNs work, don't you? The client sends a request to the server, saying which version it is currently at, and asking for the latest version.
The server replies with what the latest version is, and what changes to the source code have been made since then.
The client then applies those changes to the source code it currently has.
Thus it is impossible to prevent the client from seeing what has been changed, even if the source code repository itself has been completely taken over by malware.
Post 23 Aug 2009, 00:33
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17279
Location: In your JS exploiting you and your system
revolution
People write change logs.
Computers write diffs.
Many people don't check diffs.
All computer don't check change logs.
Post 23 Aug 2009, 00:37
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1160
Azu
revolution wrote:
People write change logs.
Computers write diffs.
Many people don't check diffs.
All computer don't check change logs.
Sorry for confusing you. I was referring to the actual changes (diffs) not the comments left by the author. Obviously somebody could write "this change is completely harmless" in the comment, which should be taken with a grain of salt.



revolution wrote:

[edit] link
If a change is made to the god damn CSPRNG and you don't even check out what it does before applying it, that's your own fault.
Post 23 Aug 2009, 00:39
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17279
Location: In your JS exploiting you and your system
revolution
Azu wrote:
If a change is made to the god damn CSPRNG and you don't even check out what it does before applying it, that's your own fault.
People don't have time to check each and every change in Linux, there are too many changes happening every second (and any one of those changes could be a bug or malware or a fix). And who says that someone looking would even know that some change is a bug, there is just no time to do it, so people accept the changes and install.
Post 23 Aug 2009, 00:45
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1160
Azu
revolution wrote:
Azu wrote:
If a change is made to the god damn CSPRNG and you don't even check out what it does before applying it, that's your own fault.
People don't have time to check each and every change in Linux, there are too many changes happening every second (and any one of those changes could be a bug or malware or a fix). And who says that someone looking would even know that some change is a bug, there is just no time to do it, so people accept the changes and install.
If the CSPRNG (or other similarly vital function) is being edited every second it's time to find a more stable repository. Try to avoid trunk.
Post 23 Aug 2009, 00:48
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.