Interesting Conversation with a Hacker

Hi

I found an interesting ongoing conversation going on with a hacker on reddit.
He is clearing the doubt of many people, telling many things about security stuff.


Warning: You may loose confidence in your AV if you read this ( which many of already know that you just cant rely completely on a Antivirus )

The link :http://www.reddit.com/r/IAmA/comments/sq7cy/iama_a_malware_coder_and_botnet_operator_ama/

 

Most interesting read there.

To paraphrase Marx "The AV is the opium of the people".

 

Another good one:

Q: What anti virus software free/paid for presents to you the biggest obstacles?

A: Kaspersky was the most challenging at first, Kaspersky is paranoid as f...k! But it has an exploit in KIS, KAV and PURE, allowing to start malicious code in the memory context of a trusted system process unnoticed. Kaspersky won't interfere if it thinks it's the system process doing changes to the system.

LOL.

 

Interesting. Makes me want to keep using Linux (and common sense).

 

H A HA I've been reading that, he's right AV is useless. Only decent tools are Comodo, even Malwarebytes is OK but the attacker knows your using it once you hit a website.

 

very good discussion there in that article. i hope he gets a real job out of it, Lol!! I hear Kaspersky's hiring.

 

... and I like to collect AV licences

 

I don't like what the guy does, but he's pretty much right on as far as the "usual security" not working anymore. The thing about people like this, imho, is that you detest what they do, but, I'd rather learn from them than be "protected" by government measures, which usually only serve to protect them than you. I just wish the message these kind of guys send would get through to users.

 

Ah, a ray of hope.

 

Also shows what a joke UAC and Standard User Accounts are. Sandboxie gets a good mention

 

I missed the Sandboxie mention, and can't find it. Where it be?

 

Far down the (very long) page, towards the bottom.

 

Not seeing it, nor is it showing up in search.
What's the quote?

 

I wasn't too keen on going through all that headache inducement all over again lol but I found it fairly quickly this time; it's a couple of continuation clicks down so doesn't show in seach. Not a very long mention but good to see a 'professional' can't just bypass its protection somehow. Here you go:

 

Uuuhm, could only find this:

EDIT: ooops, 2 minutes late

 

As i'm not a native English speaker,did the guy mentioned something about the HIPS,provide protection of some kind or not?

 

I didn't notice any discussion of HIPS, really for all the endless posts there wasn't that much there about security. Feel free to ask him though lol

 

Interesting . . .
Did not understood anything when they got too technical. *Information Overload*

 

I didn't read it, but I would have to say an AV is not completely useless. While it may not be great for preventing data leaks, it can still stop average malware that simply tries to damage your computer, but then again, most malware noadays tries to steal information doesn't it?

 

It is useless, does nothing even against old malware. All you have to do is edit the malware with a H3X editor and it will bypass the Anti Virus.

Yes and No. Some stuff is out of this world, I'm talking about infecting your monitor/network cards/router/BIOSs & just r00ting your system.

The number of Botnets I think is probably around 400 million machines all up.

 

Malware that does damage to a system (outside of major attacks via Stuxnet-type malware) has no benefit to current cybercrime. If I'm a hacker looking to make a profit (and that consists of the majority of your real threat), I'm not going to harm a hair on your system if I can help it. I'm going to run silent and deep, and wait for you to provide your passwords and accounts willingly without you ever smelling a hint of trouble.

The majority of times, an AV is like a car alarm. It'll tell you when something is wrong in its opinion, but it might be a cat instead of a thief (FP vs real threat..and that's if it even has a definition in the database, in which case it'll sit there on its thumbs). The "old school" no longer works well enough to rely on. The problem is, the more effective methods require babysitting, which isn't effective for a user either.

At this point in the game, the best options are to either, if you can handle such, go the full on default deny route, in which you'll need to make decisions on what and when to allow, use Sandboxie or another similar method (which, as this hacker stated, can't protect from everything), or go Linux. That's my opinion on the matter.

 

......

Am I the ONLY one who thinks it is probably a BAD idea that we are

1) Taking advice from a hacker who is an ACTIVE criminal and admitting he is stealing money from people

2) Telling him our defense strategies so he can improve his offensive strategies

3) Trusting his advice at what seems to be face value (Granted, some of it does sound genuine and not far off, but still)

As for the UAC, if it is set to maximum (Always Notify), I haven't heard of any proof of concept of it being bypassed, and even if it was, then yes something theoretically COULD happen such as an exe being run but it can't actually install onto the system therefore deleting the user account would solve the problem and this effect is enhanced by the SRP because it wouldn't be allowed to run at all in the first place.

He makes some interesting points, but I won't give any credit to an active criminal. I wish him to be caught and slammed to the ground by the feds and handcuffs put on him as rough as possible without crossing the police brutality threshold. I f****** hate malware hackers and have no respect for them.

This also goes for Anonymous. To quote someone else on here (I forget who said it), "For every 1 good hack they do, they do 10 stupid ones".

 

+1

 

It has been said that one must know one's enemies, or be in peril.
The very best detectives think like criminals.
I would dare say there is credit given too.

 

a strong firewall would put an end to this guys mischief. plus i doubt he can bypass UAC and comodo defense plus in tandem