diff options
author | Adam T. Carpenter <atc@53hor.net> | 2020-12-29 13:20:25 -0500 |
---|---|---|
committer | Adam T. Carpenter <atc@53hor.net> | 2020-12-29 13:20:25 -0500 |
commit | f270b63f80ce440f5b07f07e70e0f022293082d3 (patch) | |
tree | 0e7a36a6fddbb674a6c9f5c0ecdabe74782b1bd4 | |
parent | 43d77b17731196d37a6ea6c1f2e025dd1a3497e4 (diff) | |
download | 53hor-f270b63f80ce440f5b07f07e70e0f022293082d3.tar.xz 53hor-f270b63f80ce440f5b07f07e70e0f022293082d3.zip |
added antivirus post, updated dell dock draft
-rw-r--r-- | Makefile | 2 | ||||
-rw-r--r-- | drafts/dell-dock.html | 2 | ||||
-rw-r--r-- | index.html | 40 | ||||
-rw-r--r-- | posts/computing/2020-12-29-antivirus-software-is-a-hack.html | 195 | ||||
-rw-r--r-- | rss.xml | 6 |
5 files changed, 239 insertions, 6 deletions
@@ -20,7 +20,7 @@ post: cp $(TEMPLATE) $$FILENAME; \ sed -i '' "s/{{ title }}/$$TITLE/g" $$FILENAME; \ $$EDITOR $$FILENAME; \ - sed -i '' "s#</channel> </rss>#<item> <title>$$TITLE</title> <pubDate>$$LONG_DATE</pubDate> <link>https://www.53hor.net/$$FILENAME</link> <guid>https://www.53hor.net/$$FILENAME</guid> </item>\n</channel> </rss>#" rss.xml; \ + sed -i '' "s#</channel>#<item> <title>$$TITLE</title> <pubDate>$$LONG_DATE</pubDate> <link>https://www.53hor.net/$$FILENAME</link> <guid>https://www.53hor.net/$$FILENAME</guid> </item>\n</channel>#" rss.xml; \ sed -i '' "s#<ul id=\"index\">#<ul id=\"index\">\n<li> <a href=\"/$$FILENAME\">$$TITLE <code>$$LONG_DATE</code> </a> </li>#" index.html live: diff --git a/drafts/dell-dock.html b/drafts/dell-dock.html index 5b2526f..4be6691 100644 --- a/drafts/dell-dock.html +++ b/drafts/dell-dock.html @@ -1,3 +1,5 @@ +<h1>Make Your Docking Station Work for You on FreeBSD</h1> + <p class="description"> Here's the problem. I have a Dell Latitude E-series laptop running FreeBSD 12.1-RELEASE. I also have a Dell E-Port II docking station on my desk. I @@ -8,7 +8,10 @@ property="og:description" content="The World Wide Web pages of Adam Carpenter" /> - <meta property="og:image" content="https://nextcloud.53hor.net/s/iBGxB7P3BKRbj9P/preview" /> + <meta + property="og:image" + content="https://nextcloud.53hor.net/s/iBGxB7P3BKRbj9P/preview" + /> <meta property="og:site_name" content="53hor.net" /> <meta property="og:title" content="Home" /> <meta property="og:type" content="website" /> @@ -64,10 +67,37 @@ </h1> <ul id="index"> -<li> <a href="/posts/computing/2020-12-22-why-does-everyone-use-adobe-acrobat-reader.html">Why Does Everyone Use Adobe Acrobat [Reader]? <code>Tue, 22 Dec 2020</code> </a> </li> -<li> <a href="/posts/programming/2020-12-08-useful-sprint-planning-from-a-certified-scrum-master.html">Useful Sprint Planning from a Certified Scrum Master <code>Tue, 08 Dec 2020</code> </a> </li> -<li> <a href="/posts/programming/2020-12-04-aoc-2020-day-1-in-cbm-basic.html">AOC 2020 Day 1 in CBM Basic <code>Fri, 04 Dec 2020</code> </a> </li> -<li> <a href="/posts/programming/2020-12-01-the-guides.html">The Guides <code>Tue, 01 Dec 2020</code> </a> </li> + <li> + <a + href="/posts/computing/2020-12-29-antivirus-software-is-a-hack.html" + >Antivirus Software is a Hack <code>Tue, 29 Dec 2020</code> + </a> + </li> + <li> + <a + href="/posts/computing/2020-12-22-why-does-everyone-use-adobe-acrobat-reader.html" + >Why Does Everyone Use Adobe Acrobat [Reader]? + <code>Tue, 22 Dec 2020</code> + </a> + </li> + <li> + <a + href="/posts/programming/2020-12-08-useful-sprint-planning-from-a-certified-scrum-master.html" + >Useful Sprint Planning from a Certified Scrum Master + <code>Tue, 08 Dec 2020</code> + </a> + </li> + <li> + <a + href="/posts/programming/2020-12-04-aoc-2020-day-1-in-cbm-basic.html" + >AOC 2020 Day 1 in CBM Basic <code>Fri, 04 Dec 2020</code> + </a> + </li> + <li> + <a href="/posts/programming/2020-12-01-the-guides.html" + >The Guides <code>Tue, 01 Dec 2020</code> + </a> + </li> <li> <a href="/posts/interesting/2020-11-30-titanic's-last-signals.html" >Titanic's Last Signals <code>Mon, 30 Nov 2020</code> diff --git a/posts/computing/2020-12-29-antivirus-software-is-a-hack.html b/posts/computing/2020-12-29-antivirus-software-is-a-hack.html new file mode 100644 index 0000000..b3f99ce --- /dev/null +++ b/posts/computing/2020-12-29-antivirus-software-is-a-hack.html @@ -0,0 +1,195 @@ +<!DOCTYPE html> +<html> + <head> + <link rel="stylesheet" href="/includes/stylesheet.css" /> + <meta charset="utf-8" /> + <meta name="viewport" content="width=device-width, initial-scale=1" /> + <meta + property="og:description" + content="The World Wide Web pages of Adam Carpenter" + /> + <meta + property="og:image" + content="https://nextcloud.53hor.net/s/iBGxB7P3BKRbj9P/preview" + /> + <meta property="og:site_name" content="53hor.net" /> + <meta property="og:title" content="Antivirus Software is a Hack" /> + <meta property="og:type" content="website" /> + <meta property="og:url" content="https://www.53hor.net" /> + <title>53hornet ➙ Antivirus Software is a Hack</title> + </head> + + <body> + <nav> + <ul> + <li> + <a href="/"> + <img src="/includes/icons/home-roof.svg" /> + Home + </a> + </li> + <li> + <a href="/info.html"> + <img src="/includes/icons/information-variant.svg" /> + Info + </a> + </li> + <li> + <a href="https://git.53hor.net"> + <img src="/includes/icons/git.svg" /> + Repos + </a> + </li> + <li> + <a href="/hosted.html"> + <img src="/includes/icons/desktop-tower.svg" /> + Hosted + </a> + </li> + <li> + <a type="application/rss+xml" href="/rss.xml"> + <img src="/includes/icons/rss.svg" /> + RSS + </a> + </li> + </ul> + </nav> + + <article> + <h1>Antivirus Software is a Hack</h1> + + <p> + <img src="https://nextcloud.53hor.net/s/NDL7WZYZKbm8jJK/preview" /> + </p> + + <p class="description"> + I read a really terrific article today about computer security and + really dumb ideas or trends that have developed in this field. It's + <a + href="https://www.ranum.com/security/computer_security/editorials/dumb/" + >M. Ranum's <em>The Six Dumbest Ideas in Computer Security</em></a + >, and I highly recommend reading through the whole thing. It's got + great anecdotes and really simple language for what I consider to be + some of the obvious issues with the way programmers and sysadmins think + about security (myself included). One portion of it (idea #2), however, + finally put something into words that I've felt for a really long time. + It enables me to explain why I think all antivirus software is a total + hack and is virtually useless. + </p> + + <blockquote + cite="From The Jargon File (version 4.4.7, 29 Dec 2003) [jargon]" + > + hack<br /> + 1. n. Originally, a quick job that produces what is needed, but not + well. + </blockquote> + + <p> + This is the Jargon File's definition of a hack. And to me, this is what + antivirus software is. Antivirus software, as I understand it, emerged + in the mid to late 1980s and became prolific in the 1990s. In the 2000s + it was considered an essential piece of software and people were paying + for yearly subscriptions for antivirus suites from Norton, Avast, and + McAfee. + </p> + + <p> + The most basic functionality of an antivirus program is to determine + whether malware exists on a host operating system. The typical method of + doing this is to use a collection of virus definitions and compare each + and every potentially-infected file with each and every definition to + determine whether the file is malware or has been infected by some. An + over-simplified way of implementing this is to store a collection of + hashes, each taken from a known potentially unwanted program or + infectious executable. You can then hash entire files or portions of + files and compare the checksums to see whether a file contains or is + equivalent to the definition, and is therefore infected and shouldn't be + executed. Some security suites go beyond this with heuristic matching, + but if you run an antivirus that has to "update definitions" on a + routine basis, it probably works something like this*. With any luck, it + does it without being a total detriment to system performance. Ideally + it also doesn't act like a piece of malware itself by making itself near + impossible to remove (looking at you, McAfee). + </p> + + <p> + To me, a virus definition database is "enumerating badness" (Ranum's + Dumb Idea #2). The premise is that it is not only logical but even + possible to compile a list of <em>all</em> potentially unwanted + programs, viruses, ransomware, and worms. An environment of trust should + be built around the programs that you want to run (read: + <em>allow to run</em>), not the other way around. Picture an operating + system where no binary file can be executed unless it is specifically + flagged as being allowed to. Oh and picture also being able to restrict + this execution to just the file's owner, or other groups of users. + Wouldn't it be easier to store the list of 30 odd programs that you and + other system users trust to be run than the thousands (millions?) of + programs that are infectious, forbidden, or unwanted? What about when + those trusted applications become compromised? Would it not also be + easier to maintain a list of checksums for those binaries and compare + those checksums before they're executed to make sure they haven't been + infected or replaced? + </p> + + <p> + The answer is yes, it would be easier. And yes, it is easier. Of course, + your system has to work that way. Antivirus software is a hack because + it's a hack-y solution to a problem that has a better, simpler solution. + It also has the potential for making a ton of money but I won't go into + that. It's easier to enumerate goodness, to specifically open up to a + select few trustworthy applications. Good lists are usually shorter than + bad lists. This builds on top of Ranum's Dumb Idea #1: Default Permit. + You wouldn't configure a firewall to just block some known bad ports and + traffic. You configure it to block all of it, and then whitelist the + ones you know you can trust. You wouldn't configure a browser ad-blocker + to permit all ads, and select the ones you don't want to see. You block + all of them! Then, if there are sites or ads you're okay with seeing, + you whitelist them. You shouldn't default permit all programs to be + given control over your computer, and then meticulously list the ones + that don't have that permission. + </p> + + <p> + Oh and of course, as always, there's free software that lets you do + this. You don't have to pay for an antivirus suite, or even use an + unpaid one that slows down your computer or barrages you with ads. On + the BSDs and virtually all Linux distributions, there are built-in tools + to control access and execution of binaries. There are additional tools + that you can install that check whether binaries (in locations like + <code>/bin</code> or <code>/usr/local/bin</code> have been modified + since you last used them. On Windows, the story is a little different. + Most home Windows 10 users are automatically allowed to install and run + any software they want to by default. Windows Server does have Software + Restriction Policies that allow you to create a "default deny" policy + and whitelist only the software that's allowed to run. If you're using a + home edition you probably have to look for software that lets you do + this. I haven't tried any of them so I'm not going to endorse or even + name them here. + </p> + + <p> + Preventing malware from running on your system is a problem. Solving + this problem is the right thing to do. But please, try to solve it the + right way. I stopped using an antivirus after I moved out and got to + control my own computer. I don't think it ever did me any good besides + flag false positives (a lot of the time with programs or applications + that I wrote, which weren't malicious in any way!) and grind my spinning + disk to a halt. Evaluate what software you use. Is most of it online? + Are there one or two applications that you know you need to use? How + often do you install and use unknown or untrusted software? Odds are you + can come up with a list of very few programs that you want or need to + use. If it's less than 100,000, you're probably better off with a + default deny policy than an antivirus suite. + </p> + + <p> + * What I didn't mention here is that as soon as a new piece of malware + is constructed, if it's different enough from its predecessors, it's + impervious to all antivirus suites on the planet that don't have it in + their definitions. So until that malware is used, detected, and added to + the list, it has free reign. + </p> + </article> + </body> +</html> @@ -125,5 +125,11 @@ <link>https://www.53hor.net/posts/computing/2020-12-22-why-does-everyone-use-adobe-acrobat-reader.html</link> <guid>https://www.53hor.net/posts/computing/2020-12-22-why-does-everyone-use-adobe-acrobat-[reader]?.html</guid> </item> + <item> + <title>Antivirus Software is a Hack</title> + <pubDate>Tue, 29 Dec 2020</pubDate> + <link>https://www.53hor.net/posts/computing/2020-12-29-antivirus-software-is-a-hack.html</link> + <guid>https://www.53hor.net/posts/computing/2020-12-29-antivirus-software-is-a-hack.html</guid> + </item> </channel> </rss> |