[QUOTE=coolcolors;2788316]Here we go again people thinking they are smarter then the malware people of which your not. They already got those O/S and got malware ready for those outdated O/S to log onto the internet to get infected and to think otherwise is a fool leading the fool. Actually you should post your support information to fix those whom get malware because their O/S no longer protects them if you think your outdated O/S will stop malware infections. A/V work only as good as the O/S can detect outdated Updates and once the user fails to see the problem the malware will take over it’s simple they look for those thinking their outdated software will not be target is so far from the truth it will be to late when they find out.[/QUOTE]
You’re confused so let me explain to you how an antivirus works. The first thing an antivirus software does is it periodically downloads data from the servers of its respective developer, this data contains signatures of known malware that is circulating around. This data allows the AV to identify whether a particular piece of assembly should be considered malicious. And there are 2 main methods how the AV compares these signatures to actual files on the system, the first being it scans files as user action or in some cases automatically and if there is a match at this stage then the AV alerts the user and takes appropriate action against this file. The second mode of operation in cases when there were no detections at scantime, is that the AV creates system-wide hooks to certain API’s which allows them to monitor what an executable/binary does when it is being run (its 10 times easier for malware creators to encrypt their .exe to pass scantime detections than runtime). Again if there is a match during this time then the exe is killed and user alerted. There is a 3rd method used more rarely which is some AV’s actually sandbox all new .exe’s (run them in a VM) which allows more control of that program than simply API hooks would otherwise, but all of these methods can still be bypassed by malware authors (by creating a PE encrypted environment) and therefore considered ineffective which is the reason that AV’s in a classical sense are completely dead. That we have already talked about and is backed up by such industry figures like Brian Dye, the CEO of Symantec/Norton and most other respectable cybersec figures.
So why am I bringing it up again? Well notice that in no part of AV’s operation does it require, check or in any other way interact with any windows updates of any sort whatsoever. There is no cooperation between these two entities at all, at any part of the procedure. Because there is no need to. They deal with entirely different parts of your computer/OS. And imagine if it were otherwise, if AV’s somehow required certain updates to be present… imagine how enormous mess that would be! You’d have an antivirus that is literally compatible with just one particular OS and only with the latest updates, no more support of XP, Vista, Win7, Win8 and 10 for one AV. It would support just one of those. That would be incredibly stupid from many perspectives not least of which is the AV company would make no profit. So next time you make a statement why don’t you first think think think of what you’re suggesting in your head, and then think again if that makes sense before you post it…
Moving on to the accusations of being smarter than the malware authors or being a “fool”. Well I don’t consider other malware authors to be of particularly higher or lower intellect than someone who is in the exact same occupation, with 10+ years of experience with honors, albeit on the other side of the fence. Blackhat hackers and whitehat hackers like myself both have a deep understanding of the actual byte-level methods and functions that a piece of malware does and therefore excuse me if that somehow grinds your gears but I think it’s a reasonable assumption that people of that kind know how to work with and also around malware. That’s all I’m gonna saying on that topic.
And I would respectfully venture to say that the moniker “fool” in the debate of this caliber is more rightfully reserved for the person who is disregarding facts, not backing anything of his own with factual evidence, while having no proper expertise on the subject considers his largely mainstream media driven views superior to those of extremely well known and respected figures in the profession like Brian Dye and in general is being narrow-minded rather than open for real discussion. I’m disappointed with your post. I was honestly expecting a little more evidence based argumentation (even a smither of?) and less character assassination. Can you engage in a civil debate?
As for the invitation to post security patches to what I assume you meant XP and win2k, well I appreciate your interest but I feel I should remind you that Microsoft officially provides those for XP until 2019 (some sources say it’ll extend to 2021) and unofficially for Windows 2000 (they dropped “EOL” in 2010 but have continued to provide them to partners and they’ve leaked online). However despite that there have been efforts by the win2k community to fix certain issues themselves, projects like this is one example. But these efforts are unnecessary if we are strictly referring to the scare tactic you were spreading that is the notion that “you get hacked when you log on online”. There is a very simple solution which is a firewall, of which anyone who understands even the basics of, knows is adequate in preventing remote attacks sufficiently, if not completely. To be brutally honest the effectiveness of blocking remote attacks (ie. “hacking”) by having a firewall block inbound traffic or having no theoretically exploitable daemons binding listening ports is 100%. So we can sit here all day and discuss exploits and what is the most vulnerable type of OS (the answer is “the most used” - ie. has highest amount of manpower trying to break it which right now according to marketshare is Windows 7) but the fact of the matter is that will not make your statements any less false and frankly it’s a waste of time. I just wish you did some research into the things we are discussing so we’d be on an even table to discuss the topics but right now all I can do is disvalidate your statements, which are provably false.
[QUOTE=AaronZ26593;2788345][B]aztekk, [/B]Haha you made a lot of valid points. :)[/QUOTE]
Thanks for the support. I’m just trying to prevent this particular type of misinformation from spreading any further than it already has. Sometimes to achieve that you gotta break some bones