Stop the Bullshit, People
Here is the top 5 list of bad ideas that show up every time you discuss malware or desktop security. These ideas are so bad that they get you sucked into a depressingly bad exchange of stupid arguments. So please, stop using them. Or else I’ll kick you in the nuts.
“Yeah sure it works… if there’s no vulnerability in it lol”
That, sir, is a tautology. Besides, with this kind of argument, you can quickly infer that nothing actually works.
“Yeah your technique is nice and all, but there’s no way it’s going to be included in mainstream computers (i.e. Windows)”
This is such a bad idea, that I’m not even going to comment on it.
“Your anti-malware technique will not work in cases X and Y”
Of course it won’t. We only have informal definitions of malware, so basically every anti-malware scheme is based on heuristics (i.e. sometimes they work, sometimes not)
“You can’t ask the user to make informed decisions”
As stated above, we have no automatic way to decide if actions are malicious or not. So of course at some point we’ll have to ask the user. Just because the Vista UAC sucked does not mean all ask-the-user schemes suck.
“I don’t care about malware, I’m not running Windows”
Deep inside you, you know that there is no secret sauce in other OSes that make them magically immune to malware, don’t you?
Just LoL :)
Wad
October 30, 2009 at 07:14
Ok Dan, I won’t make it anymore. But I’ll check you follow your lines too ! Take care of your nut, you’ve already cut one ;).
Here follows my confession.
“You cannot prove it because you can always sneak out the box”
Yes, proofs are always valid within a restrictive model and you cannot prove that your model match reality. But keep in mind that being secure within a model is better than being insecure.
“You cannot do it there is too much work to do”
I known that x86 semantics is just a pain the ***, but it may worth it.
“This is smart, but nobody will buy it”
Why should you always do things for money ? Why research should be useful ? You have to gamble in order to find good solutions.
Matthieu
October 30, 2009 at 18:25
Good additions indeed :) This post was a bit of a confession too, I was also using this kind of nasty arguments. I should have titled the post “Let’s all build a better world, people”
dan
October 30, 2009 at 18:50