I know! I have to wait for the white hats to find the botnets and make them public. And I have to be reading tech news when they do.mimzy wrote:Possibly, but these are things that even anti-virus programs cannot detect.
That is the fundamental question of ANY service I have ever purchased. How do I know doctors are doing what is best for my health rather than what will get them the best insurance payment? How do I know auto mechanics are not fixing one thing and damaging another so they will have more work to do in a few months?Moreover, how do you know that anti-virus software itself is not spying after you?
Dead Kennedys wrote:Trust your mechanic to plug your holes
Trust him to make more somewhere else
Trust your mechanic, he'll always come through
And rip you off
If you want expert information on internet security then go to the experts, right?' I used to have Kaspersky back when I used paid security packages rather than just Windows Defender. The question is, can I trust Microsoft to be looking out for my best interests either?Maybe the fact that Kaspersky was related to KGB is not a coincidence...
Eugene Kaspersky of course is Russian and "graduated from The Technical Faculty of the KGB Higher School in 1987 with a degree in mathematical engineering and computer technology."[1] Of course that is an excellent place for that kind of education! Reading about his company is quite fascinating. While he has consistently worked AGAINST cyberwarfare, there are some troubling accusations. I was surprised to find this quote in Wikipedia that is totally pertinent to our discussion:
There. VirusTotal has been hacked to produce false positives, and it is exactly false positives that I suspected. I attributed it to incompetence on the part of the security packages rather than a malicious attack, but still ...In August 2015, two former Kaspersky employees alleged that the company introduced modified files into the VirusTotal community anti-virus database to trick its rivals' programs into triggering false positives. The result of the false positives was that important uninfected files would be disabled or deleted.
It seems like ALOT to me at times, and I look in Task Manager to see what is visibly running and using bandwidth but never see anything particularly suspicious. But I am not knowledgeable enough to know what I should find suspicious in the first place, particlarly when Windows processes are routinely given indecipherable nonsense names.There is of course lots of control data that goes along with actual payload, so small overhead is nothing to worry about
And then when one of them says "Danger, danger Will Robinson!" I have to investigate their credentials to find out if they know what they are talking about and are not just trying to sabotage a software competitor.Open-source software is usually developed by hundreds of people around the world and the code is public to everyone. All code changes are tracked. It is very difficult to deliberately sneak something malicious into the code so that no-one notices.
WHEN was the latest version of eMule released?But even such vulnebarities are usually discovered and fixed quickly in open-source code (that's why you should always upgrade to the latest version).
(We are screwed, totally screwed!)
Why are official sources trustworthy? Why should we trust a software creator to have good intentions? Even if their work is legitimate, how do we know their site has not been hacked and had code replaced? Open-source code I admit is a good start, but we have to wait for the public code-peepers to review, decipher and report. I may have used it for some time at that point. And honestly, I find it a chore to keep up with tech news. I just recently had to upgrade my 3G emergency phone because the 3G network was being dismantled. I found out about it by accident when I noticed an article on CNET. Nobody freaking told ME!Python is an open-source package and if you download it from official source, it can be trusted.
That sounds like a developer attitude to me! Assume software users are all experts who can take care of themselves. I would prefer software not be bundled with unnecessary addons at all, but that is not going to happen.but I do remember reading about malware in jdownloader and the response of developers was something like "what's the problem, just clear that checkbox". That was several years ago, though.