Jump to content


Photo

Top 20 (Vulnerabilties) Quarterly update


  • Please log in to reply
14 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 02 May 2005 - 11:52 AM

FYI...

- http://isc.sans.org/...date=2005-05-02
Updated May 2nd 2005 16:44 UTC
"On May 2, 2005, the sponsors of the Top20 project released the first installment in a new program of quarterly updates to the Top20. It updates the annual Top20 and provides an additional roadmap to the new vulnerabilities that must be eliminated in any Internet-connected organization..."

Q1-2005
- http://www.sans.org/.../Q1-2005update/
May 2, 2005

SANS Top 20 Internet Security Threats
- http://www.sans.org/top20/#threats

:oops: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 02 May 2005 - 02:04 PM

FYI...

- http://www.techweb.c...urity/162100660
May 02, 2005
"..."Hackers haven't stopped attacking Microsoft products, but they've started attacking everything else as well," Alan Paller, director of research for Sans said. "The reason is this is a huge criminal business now. Capturing another 100,000 computers to be used for spam can be worth a million bucks"..."


:eek: :ph34r: :eek: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#3 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 03 May 2005 - 05:35 PM

I'm not surprised. Any software is vulnerable (yes, even Firefox) and it will get worse in the future.
Malware increases much faster than anti-malware and we get more new TYPES of malware, than new TYPES of protection.

The final goal of malware/anti-malware is M.O.N.E.Y. and that's why the (anti-)malware business will run as long as possible.
Malware companies and anti-malware companies earn both alot of money. Why would they kill eachother ?
Of course they fight against eachother, but just enough to have a good show in the media.
Only the law will punish a malware-writer/scammer/spammer and that doesn't happen enough.

Anti-malware companies offer the users a non-foolproof protection, because a foolproof protection would kill their business.
The advantage of this non-foolproof protection is that it needs a neverending upgrade and malware writers provide that upgrade by creating new malware programs, while the users keep on paying.
Anti-malware companies don't want a malware-free internet, because you don't kill the goose with the golden eggs and internet is indeed a GOLD-MINE, if you know how to use it.

Some anti-malware companies offer freeware, but never to companies, only to home users.
That's because companies have the money and need the protection to run their business.
Home users get freeware to remain online, because they like to buy other stuff on the internet.
Freeware also makes an anti-malware company sympathetic and popular amongst home users and home users, as an employee, will often buy or recommend the same software at their job.
So freeware isn't really an act of charity, but has an indirect commercial purpose.

Meanwhile the media increases the fear of malware and the need for protection amongst the users and anti-malware companies publish their improvements to assure users, that everything is done to protect them.
Users need to be brainwashed and manipulated in order to get/steal their money.
Let the users complain, that doesn't matter, because they are POWERLESS.
Users are only able to help eachother in the struggle against malware and that's what happens at this forum and others.
Users are the play-thing of those, who rule the internet, just like kings and slaves in the dark ages.

Three forces rule the world : MONEY, WOMEN and RELIGION.
In case of malware/anti-malware it's money and if you want to find out who is involved and what their motive is, just follow the money and ask the right questions, but don't get killed.
Follow the tax payer's money in a government and you will find one financial scandal after another.
Money has always been a QUALITY KILLER too, because people love the profits, but hate the expenses.
ErikAlbert
Simplicity is always brilliant.

#4 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 03 May 2005 - 06:34 PM

Don't we have a "rant" blog here somewhere?


:huh:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#5 cheglabratjoe

cheglabratjoe

    Member

  • Full Member
  • Pip
  • 65 posts

Posted 04 May 2005 - 06:50 AM

I think it's a pretty harsh statement to claim that antimalware programs are only designed to make money. If I were Merijn, I would forward you all my spam for such a post ...

#6 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 04 May 2005 - 07:20 AM

Merijn = Anti-Malware COMPANY ? I'm talking about the big guys.
Sorry but you have to give me a better example.
Your spam is welcome, I delete spam without reading it.
ErikAlbert
Simplicity is always brilliant.

#7 cheglabratjoe

cheglabratjoe

    Member

  • Full Member
  • Pip
  • 65 posts

Posted 04 May 2005 - 07:36 AM

The final goal of malware/anti-malware is M.O.N.E.Y.


I know you wrote mostly about companies, but you generalized in a few places (like in the aforementioned quote) and I just found that frankly offensive on a site full of people giving up their free time to fight malware for free.

I'm as cynical as they come, but there are some decent people out there who don't just whore themselves out for money. (Here, for instance.)

#8 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 04 May 2005 - 08:44 AM

SWI doesn't create anti-malware software, so SWI isn't an anti-malware company that sells software.
SWI recommends anti-malware software, that is written by anti-malware companies.
So there is nothing wrong with my statement or do you think that employees work for free at an anti-malware company ?
In my opinion you confuse anti-malware companies with malware forums. Both have total different activities.
For the record and again, I'm talking about ANTI-MALWARE COMPANIES and I mentioned the word "companies" more than enough.

If you like to think that Anti-Malware COMPANIES are crusaders (like Merijn) in stead of business-men, that's OK with me.
ErikAlbert
Simplicity is always brilliant.

#9 cheglabratjoe

cheglabratjoe

    Member

  • Full Member
  • Pip
  • 65 posts

Posted 04 May 2005 - 09:34 AM

Yes, anti-malware companies are indeed companies, and thus do strive to make money. If you don't trust a company whose main goal is to make money, you'll never trust any company. There can be decent companies that also strive to do other things. Don't hate companies for doing what they are meant to do, make money!

You also basically accuse anti-malware companies of intentionally not killing all malware to propagate themselves. I feel you're digging a bit too vigorously for a conspiracy. Enough new malware crops up every day that anti-malwares far behind naturally without conspiring to leave stuff out to continue their own necessity. I cannot imagine the recommended anti-malwares looking at a piece of malware and going "nope, we're not going to program the fix for this into our software, we're going to let that one rage unchecked through the internet so that more people will purchase security software!"

Again, I think you're reaching here.

#10 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 04 May 2005 - 11:11 AM

Conspiracy ? No that wasn't or isn't possible. Too many people involved. It just evolved that way.
What bothers me is that it STAYS that way.
The only improvement is more fingerprints while I'm waiting for new methods of protection.
Is the creativity gone at the anti-malware companies or are they satisfied with the actual solutions and do nothing anymore but upgradings and counting money ?

If you put the upgrade of fingerprints aside, what really changed profoundly in the year 2004 ?
I don't call new scanners (like MS AntiSpyware) an improvement, because they work the same way as all the other scanners.

Is that the future : a bunch of scanners on my computer with each a HUGE fingerprint database and a run-time of several hours ?

Edited by ErikAlbert, 04 May 2005 - 11:13 AM.

ErikAlbert
Simplicity is always brilliant.

#11 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Retired Staff
  • PipPipPipPipPip
  • 15,830 posts

Posted 04 May 2005 - 02:23 PM

Three forces rule the world : MONEY, WOMEN and RELIGION.


I'll have to ask my girlfriend if that's true!!!! :D
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#12 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 04 May 2005 - 09:31 PM

Three forces rule the world : MONEY, WOMEN and RELIGION.


I'll have to ask my girlfriend if that's true!!!! :D

View Post

I couldn't translate "MONEY, WOMEN, RELIGION" literally.
In Dutch/Flemish it sounds vulgar, especially the WOMEN-part.
They already accused me of being "rant", I couldn't risk "vulgar" too. :D

My father said often "No" in the evening and "Yes" in the morning.
I never understood that as a kid.
Now I know that my mother had something to do with it.
ErikAlbert
Simplicity is always brilliant.

#13 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 05 May 2005 - 10:05 PM

...And to all you mothers out there, this Sunday, "Happy Mother's Day".

To be continued in the next thrilling episode of (What was this then? Oh, yeah...) the

Top 20 (Vulnerabilties) Quarterly update.


Good grief, Charlie Brown...unbelievable.


:blink:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#14 hawksrus

hawksrus

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 06 May 2005 - 03:28 AM

but!!
Snoopy might help...
or..
Linus!!!
:oops:
Tony

"Nonviolence is the greatest force at the disposal of mankind. It is mightier than the mightiest weapon of destruction devised by the ingenuity of man."

Mohandas K. Gandhi
Oct 2, 1869 to Jan 30, 1948

#15 Paranoid

Paranoid

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 533 posts

Posted 06 May 2005 - 11:38 AM

Enough new malware crops up every day that anti-malwares far behind naturally without conspiring to leave stuff out to continue their own necessity.  I cannot imagine the recommended anti-malwares looking at a piece of malware and going "nope, we're not going to program the fix for this into our software, we're going to let that one rage unchecked through the internet so that more people will purchase security software!"

Again, I think you're reaching here.

View Post


No, Erik is convinced that every 'expert' out there knows a 100% foolproof method of catching all the malware but is just holding out on him because the release of such a product would just mean the end of the cash stream brought by constant updates.

And you know what? He's right. It came to me one morning (hence I'm obviously expert now), it's pretty simple really. Took me a couple of weeks to iron out all the bugs but in my malware testing it catches everything I test it against, all WITHOUT fingerprints!

But what's the point, the fact that I figured out the secret means that I'm automatically inducted into the conspiracy that prevents me from revealing the secret!

Besides so what if I had a method 100% superior to all the other products on the market. There wouldnt be any point in releasing a much superior product right? It's not as if it would make more money or anything :rofl:
Please note that the software I recommend above is entirely based on only my own experience and testing. In no way should my comments,opinions and endorsements be construed as an endorsement by the forum, nor do they reflect the advise or recommendations by the experts or helpers at spywareinfo.





Member of UNITE
Support SpywareInfo Forum - click the button