How to Pick Your Antivirus

I get asked this question a lot.  “What antivirus program should I use?”  It’s also probably the question I dread the most, in large part because if I recommend something and someone gets infected anyway, it’s suddenly my fault.  So before I provide any semblance of an answer, I want to start off by making something very clear.

All antivirus software sucks.

Yeah, all of it.  Even what I run, which is currently ESET NOD32 (which, despite its name, also comes in a 64-bit version), has some really severe limitations based on how it works.  I run it at home because historically, it’s pretty solid, doesn’t break many things, and fits what I need.  But I’ve run up against it in a penetration test and got past it.  The question invariably comes around: Then why run it?

Continue reading “How to Pick Your Antivirus”

How the Biggest Hack Ever Wasn’t

There’s been a lot in the news lately talking about the largest hack–I mean, the biggest attack–no, wait, that the Internet almost–

I can’t even come up with a summary of the reports, because most of the general reports have been exceptionally bad at explaining what happened.  Mostly, they have far overblown the technical prowess required and the effects on the Internet (even if a few servers were inaccessible for a little while).  So here’s my attempt (one among thousands) to explain what happened.

One of the major providers of spam sources is called Spamhaus.  They’re a good group of people, and I highly recommend that most companies use them as part of their spam solution.  (End users don’t really have a way of using them directly, so if you’re not running an IT department, don’t worry about it.)  Some reports call them “cyber vigilantes,” but the truth is that they basically build up a list of IP addresses that send spam or that shouldn’t be sending out large quantities of e-mail.  Their customers use these feeds to help determine when a message is likely from a spammer so it can be dropped early in the process.

The only people who really think they’re vigilantes are the people whose addresses end up on their lists.  One of these groups was apparently associated with a company called CyberBunker, so named because they set up shop in an old NATO bunker.  They would do business with anyone unless it involved terrorism or child porn.  Spammers were perfectly welcome to set up shop.

When CyberBunker’s address space got listed by Spamhaus, someone decided to remedy this by knocking Spamhaus offline.  It was hit with a combined 300Gbps of traffic.  That’s 300,000Mbps.  Consider that the high-speed connections most people have at home are perhaps 10Mbps, or maybe 20Mbps if they’re gamers.  Even my own FiOS connection at 150Mbps is a mere 0.05% of that stream.  Spamhaus, of course, has better feeds, but even if it has a carrier-grade connection like an OC-48 and its 2.5Gbps capacity, the traffic it was hit by was still more than 120 times that capacity.

How ever does one do a hack like this?  It’s almost impossible to consider the power at the fingertips of these people!  They must own every system on the planet to do this!

Well, not quite.

Continue reading “How the Biggest Hack Ever Wasn’t”