* Posts by goretsky

18 publicly visible posts • joined 5 Nov 2012

No defence for outdated defenders as consumer AV nears RIP

goretsky

Hello,

Mr. McAfee certainly did not write any computer viruses or other malware. He had not programmed a computer for years before starting McAfee Associates, and those were minicomputers, not personal computers. He certainly understood programming and programming concepts, but the most complex thing he wrote were WordPerfect macros.

The idea that, some three decades later, he at some point infected a bunch of netbooks with malware is farcical. At the time he made this statement, he was dealing with the Belizean authorities and simply wanted to scare them by making them think he had something on them. Mr. McAfee regularly made many statements to the media during his ordeal because he felt it helped keep pressure on Belize to leave him alone. The fact that The Register still brings it up today shows that Mr. McAfee's strategy for using the media worked rather well, it would seem.

Regards,

Aryeh Goretsky

John McAfee dead: Antivirus tycoon killed himself in prison after court OK'd extradition, says lawyer

goretsky

Hello,

Apologies for the delay in a reply; I didn't realize I had a response to my post until now.

Mr. McAfee was not insane. He was very savvy about drawing attention to himself, and used to spend time thinking about what he could say to do that. The fact that things he said still get talked about years later is sort of a testament to how well that worked out.

I had always just assumed he would be extradited back the United States, and then apply the same set of responses to his trial. I really did not expect him to do what he did, but in a way, I can understand why he must have felt that was his path. He had spent decades being completely in charge of his own life. And I think this is the way he saw that he could remain that way.

Regards,

Aryeh Goretsky

goretsky

Hello,

After all the trash and unfunny memes I saw today, it was nice to come here and see a few positive comments about Mr. McAfee and the software.

He stopped coming into the office every day in 1993, and by 1994 was gone from the company. At the time, the company had DOS and OS/2 and NetWare versions, and that was kind of it (the "Windows" version just launched the DOS version in a shell). Mr. McAfee took a lot of pride in the software that bore his name, and that feeling spread from the top all the way down the engineering side of the company. It wasn't until the suit-wearers came in and took over that the software changed, and by that time, Mr. McAfee was long gone and had nothing to do with it.

Regards,

Aryeh Goretsky

Windows 11: Meet the new OS, same as the old OS (or close enough)

goretsky

Windows 11 benefits the to retail channel

Hello,

The article was interesting to read, but I was surprised that it did not mention the IHVs, online shopping sites and traditional brick and mortar stores that in the past have relied on periodic releases of new versions of Windows.

There are a large number of small business and home users that purchase a PC once, and then use it until a new version of Windows appears or it crumbles to dust.

For those manufacturers and retailers, this represented a once-in-a-few-years chance to generate some profits as people bought those new computers to run that new version of Microsoft Windows. And maybe a new version of Microsoft Office and whatever antivirus software they use.

That type of upgrade cycle hasn't occurred since 2015, and it has affected the bottom line of businesses that used to be able to expect them, and the analysts who priced their stock accordingly when they new an uplift was coming.

Of course, one of the reasons that such cyclical upgrades no longer occur is that improvements in computer performance have slowed dramatically over the years. Processors have gone from triple-digit to double-digit to single-digit levels of performance improvement. In any case, people are going to experience more benefit from replacing their computer's HDD with a SSD if they have a reasonably modern computer. Windows 11 bypasses a lot of those roadblocks to sales, and brings back some of the reasons for buying a new computer.

Regards,

Aryeh Goretsky

Cryptography whizz Phil Zimmermann looks back at 30 years of Pretty Good Privacy

goretsky

Re: A little story about how PGP was first distributed

Hello,

Small update: The van was not green but brown and white. The green van was Steve Chang's, the founder of Trend Micro. He visited Mr. McAfee a few times to discuss antivirus things.

Regards,

Aryeh Goretsky

goretsky

A little story about how PGP was first distributed

Hello,

I was working at McAfee Associates office at 1900 Wyatt industrial park (long since converted to more expensive real estate) on June 5th, 1991 when "K" showed up at our office, asking to make use of our internet connection. "K" was, well, not so much a friend of Mr. McAfee, per se, but an acquaintance who was heavily involved in mainframe and workstation security (Amdahl, Sun, etc.) and would later go on to be active on the original cypherpunks mailing list. A military vet, "K" took his security seriously, to the point of rigging his van with a groovy green metallic paint job to electrocute anyone who touched it with a 50,000 volt system.

Anyways, "K" drove up in the late morning (might have been around lunch time, even) and ran into the office with a floppy diskette in his hands, saying he urgently needed to speak with Mr. McAfee, who wasn't there at the time. He ended up going back to speak with "M," the developer who wrote all of McAfee Associates' algorithmic detections, disinfectors and other low-level things that had to be coded in assembly. "M's" office, a repurposed janitorial closet, was right outside my office, a repurposed hallway, so I got to listen to their discussion of public and private keys, elliptical curves, and that it was completely urgent that "K" make use of our connection to Netcom, a local ISP, in order to upload this revolutionary (in the more traditional sense of the world) software before it was outlawed by the government.

After a couple of uploads to open ftp servers run by universities outside of the United States, "K" drove away to go to the next company on his list and repeat the process of uploading that first version of PGP to a couple of servers outside the U.S., and repeat.

I had let Mr. McAfee know about our visitor, who came into the office later that afternoon brandishing a South African "street sweeper" style riot shotgun with a huge drum clip slung below it--I'm not sure of the model, it looked like an oversized M-16 to me. Anyways, Mr. McAfee then proceeded to sweep the entire office, ducking around corners before entering rooms and hallways, etc. Lest anyone be concerned, I would note that Mr. McAfee did keep his finger off the trigger, and kept the barrel vertical--he always had good trigger discipline. Finally, he came back to the front of the building (towards where his office was), let the ten (or so) of us employees know that he had swept the building and "K" was no longer present in it, and then proceeded to go into his office, place the shotgun in a corner, and begin his work day. All in all, it was a very Mr. McAfee thing of him to do.

Regards,

Aryeh Goretsky

This isn't Boeing to end well: Plane maker to scrap some physical cert tests, use computer simulations instead

goretsky

Not the devs, but the execs...

Hello,

Will Boeing's executives (and its board of directors) be required to fly on all flights where a plane has only gone through digital simulation certification? Their company AD&D (accidental death and dismemberment) insurance should also be waived so that neither the company nor their family members can receive any compensation from that in case a life changing (or ending, as it may be) event occurs whilst on said plane.

Regards,

Aryeh Goretsky

Vlad the blockader: Russia's anti-VPN law comes into effect

goretsky

Hello,

One candidate reason for enacting this law, along with other requirements from Roskomnadzor, such as the Yarovaya law package (Russian federal bills 374-FZ and 375-FZ) requiring the capture of calls and their metadata, registration of blogs with more than 3,000 readers, requirement that social media services store data from Russian accounts in Russia, and the perennial proposals of requirements for Internet users to register, etc., is in large part due to concerns over their citizens being influenced from foreign meddling.

As to why Russia is concerned about these services being used by hostile nation state actors engaging in such meddling, the simplest answer is that they use these techniques themselves with a high level of efficacy Having seen their success, they have s strong desire to prevent the same techniques from being used against them.

Regards,

Aryeh Goretsky

You know who else hates Windows 8? Hackers

goretsky

Re: Skeptical...

Hello Anonymous Coward,

It's quite possible I'm prone logical fallacies. I have, however, dealt with a few RFCs, specifications and the like from the IEEE, IETF, various trade associations and other organizations over the years so I'm used to seeing sections labeled MANDATORY, OPTIONAL, REQUIRED and so forth.

If a widget (software, hardware, etc.) does not implement all of the functionality that's required as part of a specification, it typically does not get to claim that functionality, use the appropriate logo(s) on its packaging and so forth.

I was aware of the UEFI requirements on ARM-based Windows RT devices while writing my white paper, however, because I did not have one to test with, nor, for that matter, were there any Windows-on-ARM tablets available that I'm aware of (aside from very old and underpowered Windows CE-based PDAs, which I do not think are modern enough to even be worth mentioning). The tablet space is very different from the PC space in that vendor lock-in is the norm rather than the exception, at least from looking at the dominant players like Apple and Android. Admittedly, a number of Android tablets can be rooted, but all the ones I have seen or used come with an operating system and software loaded, including some kind of appstore.

In the case of UEFI firmware and Secure Boot on ARM, I did not feel it was worth discussing since the experience there is largely one of a closed ecosystem already.

Regards,

Aryeh Goretsky

goretsky

Re: Secure Boot

Hello,

Secure Boot helps protect the computer against bootkits and rootkits before the operating system and anti-malware software has fully initialized and had a chance to set up security. This is covered in detail in the white paper. :)

Regards,

Aryeh Goretsky

goretsky

Re: Two things:

Hello Robinson,

If you have not read the white paper, here is what I actually wrote in it:

<i>"Windows Defender as included with Windows 8 is a good product and does, in fact, provide a decent level of protection, especially when compared against other free anti-malware programs. However, Windows Defender does not contain many of the advanced features and functions of paid-for solutions, such as a high level of granularity for threat detection, task scheduling, centralized management and reporting and so forth. As with other free anti-malware programs, support options for Windows Defender are limited."</i>

It is <b>not</b> an issue with detection, but rather lack of functionality. Now, admittedly, most home users do <b>not</b> have a need for centralized management or support, but such features are pretty much requirements in the business world.

I hope that explains things for you.

Regards,

Aryeh Goretsky

goretsky

Re: UEFI bootloader

Hello Anonymous Coward,

As Dogged noted, the requirement for UEFI to be enabled on Windows 8 is only for new installations of the 64-bit version, and not upgrades. Additionally, many computer manufacturers have shipped existing systems where UEFI support is somewhat... problematic, shall we say, and they have been suggesting that customers leave their firmware in BIOS mode when upgrading to Windows 8.

Regards,

Aryeh Goretsky

goretsky

Re: That's not why hackers dislike Windows 8

Hello,

PowerShell is a really interesting technology and one I wish I had time to go over in the white paper, along with IE10 and AppLocker. Unfortunately, the white paper was getting a bit long and I ran out of time on my self-imposed deadline of getting it done before Windows 8 was released to the public, so I had to skip a few things.

One of the most interesting uses that I saw of PowerShell was the ability to provision a DirectAccess (an IPsec-like VPN connection) in one line. My previous job was at Linux-based embedded hardware systems manufacturer, and setting up IPsec connections was always difficult.

Some of the most fascinating things that I saw with Windows 8 during my research were not security technologies but networking ones. Unfortunately, networking is not always a very user-facing technology and it is hard to get most consumers interested in things which happen below the GUI.

Regards,

Aryeh Goretsky

goretsky

Re: Anti-virus

Hello Koolholio,

Microsoft obtains licenses of anti-malware software from most companies. This is simply to scan their own files for false-positive alarms before release (and periodically afterwards, I suppose) so that their mutual customers do not have to deal with the problems that come from having core business software mistakenly identified as a threat.

As far as I know, the expertise behind Microsoft Security Essentials/Forefront/Windows Defender were developed through acquisitions of GIANT Company Software and GeCAD Software as well as through hiring a lot of very skilled people from the anti-malware community. No one from ESET has been hired by Microsoft that I'm aware of, though. A few have gone the other way, though. :)

Regards,

Aryeh Goretsky

goretsky

Re: Windows Defender

Hello Annihilator,

Yes. In Microsoft Windows 8, Windows Defender has the equivalent functionality that Microsoft Security Essentials did under Windows 7 and other prior versions of Windows that it supported.

Regards,

Aryeh Goretsky

goretsky

Re: AGAIN:

Hello James,

At the time I wrote the white paper, I only had a limited number of systems that had UEFI firmware to test with, but all of them supported toggling between BIOS and UEFI firmware functionality. Given that hardware changes tend to occur slowly over time (I just bought a motherboard with a PS/2 port earlier this year!) and the need for compatibility with legacy hardware and software for years or even decades after it has been released I do not expect this to change.

Regards,

Aryeh Goretsky

goretsky

Re: Skeptical...

Hello Anonymous Coward,

I do not have a copy in front of me, but I believe that the ability to toggle Secure Boot has been a part of Section 27.1 or 27.2 of the UEFI specification for quite some time.

Regards,

Aryeh Goretsky

goretsky

Re: Skeptical...

Hello Anonymous Coward,

I do not really see the move towards Secure Boot as reducing consumer choice. After all, there is nothing which prevents other companies from setting up their own signing authorities, and, of course, other operating system vendors can certainly approach BIOS/UEFI firmware developers and motherboard manufacturers about including their keys. As a matter of fact, it is kind of disappointing that other operating system vendors have not stepped forward to do so.

If you are actually interested in increasing the range of supported operating systems, I would strongly suggest contacting the developer(s) of your favorite distribution(s) and asking them to add support for Secure Boot functionality.

Regards,

Aryeh Goretsky