| ▲ | baq 2 days ago |
| we've been curl | bashing software on windows since forever, it was called 'downloading and running an installer' and yes, there was the occasional malware. the solution to that was antivirus software. at this point even the younger hners should see how the wheel of history turns. meanwhile, everyone everywhere is npm installing and docker running without second thoughts. |
|
| ▲ | inanutshellus 2 days ago | parent | next [-] |
| > meanwhile, everyone everywhere is npm installing and docker running without second thoughts. Well... sometimes like, say, yesterday [1], there's a second thought... [1] https://www.bleepingcomputer.com/news/security/npm-package-is-with-28m-weekly-downloads-infected-devs-with-malware/
|
|
| ▲ | simonw 2 days ago | parent | prev | next [-] |
| "the solution to that was antivirus software" How well did that work out? |
| |
| ▲ | thewebguyd 2 days ago | parent | next [-] | | > How well did that work out? Classic old school antivirus? Not great, but did catch some things. Modern EDR systems? They work extremely well when properly set up and configured across a fleet of devices as it's looking for behavior and patterns instead of just going off of known malware signatures. | | |
| ▲ | maccard 2 days ago | parent | next [-] | | My last job had a modern endpoint detection system running on it and my 7 year old MacBook was as quick as my top of the line i9 processor because of it. I have never seen software destroy a systems performance as much as carbon black, crowdstrike and cortex do. They’re also not exactly risk free - [0] [0] https://en.m.wikipedia.org/wiki/2024_CrowdStrike-related_IT_... | |
| ▲ | panki27 2 days ago | parent | prev [-] | | If modern EDR systems are so great without relying on classical signature matching, then why are they still doing it? Why do they keep fetching "definition databases" as often as possible? ... because it's the only thing that somewhat works. From my personal experience, the heuristic and "AI-based" approaches lead to so many false positives, it's not even worth pursuing them. The best AV remains and will always be common sense. |
| |
| ▲ | esafak 2 days ago | parent | prev | next [-] | | Great. It motivated me to drop kick Windows and move to Linux and MacOS. | | |
| ▲ | nicce 2 days ago | parent [-] | | Do you know how deeply integrated anti-virus is on macOS? | | |
| ▲ | esafak 2 days ago | parent [-] | | No, and I haven't encountered a virus either. During the Microsoft era viruses frequently did the rounds, becoming water cooler talk. | | |
| ▲ | maccard 2 days ago | parent [-] | | That’s mostly because applications themselves got way more secure. |
|
|
| |
| ▲ | bongodongobob 2 days ago | parent | prev [-] | | As someone who manages 1000s of devices, great. |
|
|
| ▲ | Cthulhu_ 2 days ago | parent | prev | next [-] |
| "everyone else" is using an app store that has (read: should have) vetted and reviewed applications. |
|
| ▲ | tonymet 2 days ago | parent | prev | next [-] |
| windows has had ACLs and security descriptors for 20+ years. Linux is a super user model. Windows Store installs, so about 75% of installs, install sandboxed and no longer need escalation. The remaining privileged installs that prompt with UAC modal are guarded by MS Defender for malicious patterns. Comparing sudo <bash script> to any Windows install is 30+ years out of date. sudo can access almost all memory, raw device access, and anywhere on disk. |
| |
| ▲ | eredengrin a day ago | parent [-] | | > Comparing sudo <bash script> to any Windows install is 30+ years out of date. sudo can access almost all memory, raw device access, and anywhere on disk. They didn't say anything about sudo, so assuming global filesystem/memory/device/etc access is not really a fair comparison. Many installers that come as bash scripts don't require root. There are definitely times I examine installer scripts before running them, and sudo is a pretty big determining factor in how much examination an installer will get from me (other factors include the reputation of the project, past personal experience with it, whether I'm running it in a vm or container already, how I feel on the day, etc). | | |
| ▲ | tonymet a day ago | parent [-] | | Even comparing non sudo / non-privileged, Windows OS & Defender have many more protections. Controlled Folder Access restricts access to most of the home directory . And Defender Real-time is running during install and run. Windows stores secrets in TPM, which isn’t used on Linux desktop. The surface area of malicious code is much smaller. A bash script is only guarded by file system permissions. All the sensitive content in the home directory is vulnerable. And running sudo embedded would mostly succeed. |
|
|
|
| ▲ | ndsipa_pomu 2 days ago | parent | prev | next [-] |
| At least with curl and bash, the code is human readable, so it's easy to inspect it as long as you have some basic knowledge of bash scripts. |
|
| ▲ | fragmede 2 days ago | parent | prev [-] |
| software running in docker's a bit more sandboxed than running outside of it, even if it's not bulletproof. |
