Ewido or A-Squared ?

Discussion in 'other anti-trojan software' started by oddworld, Mar 27, 2006.

Thread Status:
Not open for further replies.
  1. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Actually the forum has moved - their new site is unaffected (I'll edit the link in my previous post if I can). Also Nautilus him/her/itself isn't greatly bothered about defacements.

    Pretty lame diatribe by "Yusuf" as well, his understanding of history parallels his command of language.
     
    Last edited: Mar 31, 2006
  2. Magnus Mischel

    Magnus Mischel Security Expert

    Joined:
    Oct 24, 2002
    Posts:
    185
    Yes, obviously questioning the hacker's sexual preferences and commenting that he will just be restoring the forum every time he is hacked instead of fixing the security hole is an approach that seems to work for him. How very professional of a security software tester.
     
  3. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    Paranoid2000: Thanks for getting my point :)

    Magnus: oh now that is what i call "security aware".... neatly falls in line with previous unprofessional behaviour on external forums :)
     
  4. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    1.
    In general, I do not post here anymore. This is mainly because the forum is only open to registered users. However, because things are getting personal I would like to make a few comments.

    2.
    Our small forum is based on a free third-party software called phpbb. From time to time, a new phpbb hack is developed so that a phpbb forum can be hacked. If you want to minimize the chance to get hacked you need to constantly update your forum (and make sure that no mods get lost). I have determined that this does not make sense because our forum is very small, does not require a registration, does not contain any secret areas and, most importantly, it has almost no active users. Why should I waste a lot of time in a forum in which nobody is really interested? Maybe I will move the forum to another provider because the funpic adverts bug me. Then I may also update to the latest version of phpbb or a better forum software. But frankly speaking, I do not have much time to invest in hobbies like a security forum. My job generally requires my full attention.

    2.
    I locked and abandoned the boardadmin forum more than a year ago. I generally agree with Magnus that you should not visit a hacked forum because it cannot be ruled out that a hacker places malicious code on a hacked website. This applies to IE users but also to Firefox or Opera users (cf. the recent criticial vulnerability that was fixed in build 8.54).

    3.
    While it is mainly the responsibility of each individual person to keep his/her software up-to-date in order to minimize the chance to suffer damage from an exploit the owner of a forum/website should also try to make sure that such forum/website is not dangerous.

    4.
    I try to regularly check my forums. I have decided to delete the recently hacked boardadmin forum in order to make sure that nobody can get harmed. I will continue to check the illusivesecurity forum and may remove any dangerous hacks or posts (e.g. post containing links to dangerous sites or software). Please note, however, that I cannot rule out that dangerous code will be posted for a short period of time.

    5.
    You shouldn't take Magnus' comments too serious. He is still angry about me because we mentioned a security flaw relating to the public version of his own commercial AT software product called Trojan Hunter. Initially, he offered a free TH license to us, which we rejected because we cannot be purchased and the acceptance of a free license could be interpreted in this way. (We also rejected free licenses from other developers like System Safety etc.) Thereafter, Magnus apparently considered us his friends and got very upset because we allegedly tried to badmouth TH by disclosing a "secret" administrator mode that granted access to TH's entire signature database so that its encryption became obsolete. Actually, we did not and do not want to badmouth TH. However, we will always mention the good things AND the bad things of which we become aware (regardless of whether we like or dislike a software developer or have supported such developer in the past). For instance, we disclosed similar security issues in respect of BOClean (non-encrypted database) and Ewido (hidden switch to read out signatures from the database).

    Please note that we never disclosed HOW to activate the TH admin mode and AFAIK the respective patch has not been made publicly available. I also understand that, in the meantime, the flaw has been fixed. I believe the main reason for Magnus' continued anger is (i) the way he publicly handled this issue (compared to Ewido) and (ii) the fact that he was forced to remove a certain piece of the TH code together with the admin mode because parts of TH (i.e., the signatur creation tool) had not been independently coded but were based on third-party code (from Madshi). Therefore, Magnus could not simply remove the admin mode. But it is still better to remove the entire third-party code (from the public version only) than to rely on the "security by obscurity" principle. Therefore I believe that our disclosure made TH better and not worse.

    *** This posting is protected in accordance with the copyright laws of my and your jurisdiction. You are hereby granted the right to delete it but it may be illegal to edit or deface it. **
     
    Last edited by a moderator: Apr 7, 2006
  5. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Dear ,.- (care to tell us how that is pronounced?)

    The only valid criticism others could have made was of leaving the previous forum available as cracker-bait so closing this down is a good move.

    As for the compulsory registration, although I can't speak for Wilders' admin, I have to say I'm surprised it took them this long. Sadly, any forum with a respectable search engine ranking is now a target for spam postings (porn/drug peddlers, religious crackpots, political trolls) and even with compulsory registration (and the CAPTCHAs that vBulletin now uses), these still happen - though in lesser volume (another reason to Thank the Spammers). At some point, your forum will likely have to make the same decision (see the LogiGamer forums for a sad example of what can happen otherwise).

    However Wilders' doesn't block proxies like Tor or JAP (I wouldn't be posting here either if they did) so while the registration is an extra hurdle, it shouldn't prevent posters from keeping their anonymity. As such, I hope you do consider posting here more often since expertise like yours is very rare and unbiased, informed advice on anti-trojan software is sorely needed here.

    Finally, with regard to the unfortunate tone of some previous posts, I'd say that no explanation is needed. Viewers can make their own judgement as to the professionalism of the individual concerned.
     
  6. Optimist

    Optimist Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    90
    I think: nautilus! :D
     
  7. Fernando Villegas

    Fernando Villegas Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    55
    Location:
    Santiago de Chile
    Nautilus is a good guy. So he angered Magnus by pointing out a flaw in his software, and now Magnus is out ot decredit him? LOL.

    Of course Natulius could be BSing about what he found, so who knows?
     
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,138
    Location:
    Hawaii
    What I know is this: Magnus is out in the open. Above board. He doesn't hide or masquerade as someone else. That warrants respect.

    As for skulkers -- those of many disguises & aliases -- the reverse is also true.
     
  9. azumi21

    azumi21 Registered Member

    Joined:
    Aug 16, 2004
    Posts:
    129
    magnus has a product to sell - he has to be out in the open (especially to defend it's "poor" results). word could get around and he could lose potential subscription fees to competitors.

    "nautilus" isn't selling anything, prefers to be "anonymous" (no reason to defend this).
    he did a great unbiased job on testing products and finding some serious security flaws.
    the products did change for the better from his testing.
    this warrants respect.
     
  10. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    Just for the avoidance of doubt:

    1.
    It does not matter to me whether people like John2G or Bellgamin disrespect me or not.

    2.
    However, I would like to emphasize that I do respect Magnus (notwithstanding that he is angry at me).

    3.
    Our forum has been patched and should be (a little bit) safer than before.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.