The Data Breach Thread

Everything else!

Moderators: Bakhtosh, EvilHomer3k

Post Reply
User avatar
Anonymous Bosch
Posts: 10512
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: The Data Breach Thread

Post by Anonymous Bosch »

LordMortis wrote:Edit the Innovis freeze was painless so far... No charge. They will send me mail. *shrug*
...
That's done. I'm $30 lighter and now have to remember PINs.
Trying to remember PINs and passwords is asking for trouble. It's much easier and more secure to use a password manager (e.g. KeePass or LastPass). That way, you only ever need to memorise a single master passphrase, and can comfortably forget about all the rest after adding them to your password manager.
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
User avatar
Moliere
Posts: 12295
Joined: Sun Sep 03, 2006 10:57 am
Location: Walking through a desert land

Re: The Data Breach Thread

Post by Moliere »

Anonymous Bosch wrote:
LordMortis wrote:Edit the Innovis freeze was painless so far... No charge. They will send me mail. *shrug*
...
That's done. I'm $30 lighter and now have to remember PINs.
Trying to remember PINs and passwords is asking for trouble. It's much easier and more secure to use a password manager (e.g. KeePass or LastPass). That way, you only ever need to memorise a single master passphrase, and can comfortably forget about all the rest after adding them to your password manager.
I implemented this 6 months ago along with VeraCrypt. It's not perfect, but still better than not using them.
"The world is suffering more today from the good people who want to mind other men's business than it is from the bad people who are willing to let everybody look after their own individual affairs." - Clarence Darrow
User avatar
Lorini
Posts: 8282
Joined: Wed Oct 13, 2004 8:52 am
Location: Santa Clarita, California

Re: The Data Breach Thread

Post by Lorini »

I use Evernote. I have a note with a password that's randomly generated. That note has all my passwords. When I need my passwords, I copy/paste them. Those password sites are huge targets for hackers, I don't want my passwords on them.
Black Lives Matter
User avatar
Default
Posts: 6416
Joined: Thu Oct 14, 2004 9:01 pm
Location: Handling bombs.

Re: :grund:

Post by Default »

The Meal wrote:Just giving an opinion. Couldn't be wrong. In your face.
Where have I heard that before? :lol:
"pcp, lsd, thc, tgb...it's all good." ~ Kraken
User avatar
Moliere
Posts: 12295
Joined: Sun Sep 03, 2006 10:57 am
Location: Walking through a desert land

Re: The Data Breach Thread

Post by Moliere »

Lorini wrote:I use Evernote. I have a note with a password that's randomly generated. That note has all my passwords. When I need my passwords, I copy/paste them. Those password sites are huge targets for hackers, I don't want my passwords on them.
Copying and pasting passwords can be hacked through standard malware. That's why I like the double pass function of KeePass or other Password Managers. Still hackable of course, but more difficult.
"The world is suffering more today from the good people who want to mind other men's business than it is from the bad people who are willing to let everybody look after their own individual affairs." - Clarence Darrow
User avatar
Lorini
Posts: 8282
Joined: Wed Oct 13, 2004 8:52 am
Location: Santa Clarita, California

Re: The Data Breach Thread

Post by Lorini »

Moliere wrote:
Lorini wrote:I use Evernote. I have a note with a password that's randomly generated. That note has all my passwords. When I need my passwords, I copy/paste them. Those password sites are huge targets for hackers, I don't want my passwords on them.
Copying and pasting passwords can be hacked through standard malware. That's why I like the double pass function of KeePass or other Password Managers. Still hackable of course, but more difficult.
Right except of course I have Windows 10 and Defender up. My Evernote is not nearly the target those sites are.
Black Lives Matter
User avatar
Anonymous Bosch
Posts: 10512
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: The Data Breach Thread

Post by Anonymous Bosch »

Lorini wrote:I use Evernote. I have a note with a password that's randomly generated. That note has all my passwords. When I need my passwords, I copy/paste them. Those password sites are huge targets for hackers, I don't want my passwords on them.
Just to clarfiy, in terms of using a password manager, you needn't be forced into using a proprietary cloud-based service.

That's at least partly why I prefer KeePass, which stores your passwords in a highly-encrypted database wherever you choose. Technically, it's an offline password manager, though its database can also easily be synced between devices by using a service like Dropbox. It's also fully open source (another critical factor for trustworthy and reliable security and encryption software), portable, and extensible.
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
User avatar
gilraen
Posts: 4312
Joined: Wed Sep 04, 2013 7:45 pm
Location: Broomfield, CO

Re: The Data Breach Thread

Post by gilraen »

I regularly apply for credit cards to get advantage of mile offers, so I'm not going to freeze and unfreeze my report on Equifax and Experian for $10 a pop. I just put 90-day fraud alerts on them and left it at that.
TransUnion, however, appears to be free (with their TrueIdentity site), so I locked my credit report there. Also locked it on Innovis and ChexSystems.
Anonymous Bosch wrote: That's at least partly why I prefer KeePass, which stores your passwords in a highly-encrypted database wherever you choose. Technically, it's an offline password manager, though its database can also easily be synced between devices by using a service like Dropbox. It's also fully open source (another critical factor for trustworthy and reliable security and encryption software), portable, and extensible.
Yeah, I just started using KeePass last month (and I sync it via a USB stick when I happen to remember :D) Right now I only have it on my work laptop and home desktop, but I really need to put in on my phone too, so I'll need to upload my password database file to Dropbox.
User avatar
Paingod
Posts: 13132
Joined: Wed Aug 25, 2010 8:58 am

Re: The Data Breach Thread

Post by Paingod »

Anonymous Bosch wrote:Freezing one's credit is a simpler, and safer option.
Though not perfect. A doctor I work with had her identity stolen (along with a number of other doctors) from an association database about a year ago. Even with her credit frozen and LifeLock supposedly protecting her, she still gets notices that places are opening debit cards in her name. The most recent was a week ago.

So the ripples of identify theft remain a hassle for a long time after the initial smash & grab, and there seems little you can do to completely stop it aside from waiting for thieves to get tired of being locked out of cards they open for you.
Black Lives Matter

2021-01-20: The first good night's sleep I had in 4 years.
User avatar
Anonymous Bosch
Posts: 10512
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: The Data Breach Thread

Post by Anonymous Bosch »

Paingod wrote:
Anonymous Bosch wrote:Freezing one's credit is a simpler, and safer option.
Though not perfect. A doctor I work with had her identity stolen (along with a number of other doctors) from an association database about a year ago. Even with her credit frozen and LifeLock supposedly protecting her, she still gets notices that places are opening debit cards in her name. The most recent was a week ago.

So the ripples of identify theft remain a hassle for a long time after the initial smash & grab, and there seems little you can do to completely stop it aside from waiting for thieves to get tired of being locked out of cards they open for you.
That likely has more to do with to do with the previously-mentioned ChexSystems which tends to be a lesser-known credit bureau, primarily used by banks when customers are establishing new accounts.

If your doctor colleague is still experiencing such trouble, it'd likely behoove her to also freeze ChexSystems (or, at the very least, get in the habit of placing a 90-day security alert with ChexSystems, as Krebs suggests).
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
User avatar
LawBeefaroni
Forum Moderator
Posts: 55315
Joined: Fri Oct 15, 2004 3:08 pm
Location: Urbs in Horto, outrageous taxes on everything

Re: The Data Breach Thread

Post by LawBeefaroni »

Apparently failure to patch a bug in Apache for two months led to the Equifax breach.
" Hey OP, listen to my advice alright." -Tha General
"No scientific discovery is named after its original discoverer." -Stigler's Law of Eponymy, discovered by Robert K. Merton

MYT
User avatar
coopasonic
Posts: 20967
Joined: Fri Mar 04, 2005 11:43 pm
Location: Dallas-ish

Re: The Data Breach Thread

Post by coopasonic »

LawBeefaroni wrote:Apparently failure to patch a bug in Apache for two months led to the Equifax breach.
I'm not sure anyone really cares, but Struts is the thing that needed updating and it's a lot more than applying a patch. Apache is an organization that manages a bunch of widely used open source projects like Struts.
-Coop
Black Lives Matter
User avatar
LawBeefaroni
Forum Moderator
Posts: 55315
Joined: Fri Oct 15, 2004 3:08 pm
Location: Urbs in Horto, outrageous taxes on everything

Re: The Data Breach Thread

Post by LawBeefaroni »

The relevant piece:
The flaw in the Apache Struts framework was fixed on March 6. Three days later, the bug was already under mass attack by hackers who were exploiting the flaw to install rogue applications on Web servers. Five days after that, the exploits showed few signs of letting up. Equifax has said the breach on its site occurred in mid-May, more than two months after the flaw came to light and a patch was available.
" Hey OP, listen to my advice alright." -Tha General
"No scientific discovery is named after its original discoverer." -Stigler's Law of Eponymy, discovered by Robert K. Merton

MYT
User avatar
Paingod
Posts: 13132
Joined: Wed Aug 25, 2010 8:58 am

Re: The Data Breach Thread

Post by Paingod »

So, a pain in the butt to fix - but absolutely essential, and they had two months to test and implement repairs but didn't. Beautiful.
Black Lives Matter

2021-01-20: The first good night's sleep I had in 4 years.
User avatar
$iljanus
Forum Moderator
Posts: 13676
Joined: Wed Oct 13, 2004 3:46 pm
Location: New England...or under your bed

Re: The Data Breach Thread

Post by $iljanus »

Paingod wrote:So, a pain in the butt to fix - but absolutely essential, and they had two months to test and implement repairs but didn't. Beautiful.
I think at this point they just need credit monitor, umm, everyone. And screw that free for 30 days offer to freeze your credit bullshit. I think the price is free for pretty much as long as your piece of incompetent shit company is in business.

And I hope quite a few states attorney generals are chomping at the bit to go after them.
Black lives matter!

Wise words of warning from Smoove B: Oh, how you all laughed when I warned you about the semen. Well, who's laughing now?
User avatar
Max Peck
Posts: 13681
Joined: Fri Aug 05, 2005 8:09 pm
Location: Down the Rabbit-Hole

Re: The Data Breach Thread

Post by Max Peck »

FTC probes Equifax; top Democrat likens it to Enron
The U.S. Federal Trade Commission said on Thursday it was investigating Equifax Inc’s (EFX.N) massive data breach, a rare public confirmation, as a top Democrat suggested the credit-monitoring company’s corporate leaders might need to resign.

Senate Democratic Leader Chuck Schumer also compared Equifax to Enron, a U.S. energy company that was consumed in scandal after revealing in 2001 that it engaged in widespread accounting fraud.

“It’s one of the most egregious examples of corporate malfeasances since Enron,” Schumer said, calling Equifax’s treatment of consumers afterward “disgusting” and its inability to protect data “deeply troubling.”

Shares of Equifax have lost nearly a third of their value in the week since the breach was disclosed. They tumbled to a more than two-year low on Thursday after the company confirmed a fixable web server vulnerability was exploited in the hack, but the stock later recovered somewhat.
"What? What? What?" -- The 14th Doctor

It's not enough to be a good player... you also have to play well. -- Siegbert Tarrasch
User avatar
Moliere
Posts: 12295
Joined: Sun Sep 03, 2006 10:57 am
Location: Walking through a desert land

Re: The Data Breach Thread

Post by Moliere »

Supposedly Equifax is waiving the freeze fee until Nov. 21st. Has anyone done this yet? I was told that they were giving out pins in the stupid format of MMDDYYhhmm, making the hacking of pins via brute force much easier. Is that still happening?
"The world is suffering more today from the good people who want to mind other men's business than it is from the bad people who are willing to let everybody look after their own individual affairs." - Clarence Darrow
User avatar
Unagi
Posts: 26376
Joined: Wed Sep 20, 2006 5:14 pm
Location: Chicago

Re: The Data Breach Thread

Post by Unagi »

Lorini wrote:
Grundbegriff wrote:
Bad Demographic wrote:
Anonymous Bosch wrote: (quoted from cnn)
The federal Consumer Financial Protection Bureau recently rolled out rules against these kinds of arbitration requirements by banks and credit card issuers, but not credit monitoring agencies. Republicans in Congress have introduced legislation that would roll back those rules.
Thank you, Republicans, for looking out for us. Oh wait, once again you're not.
I'm no Republican, but I feel moved to point out that the largest, gravest data breaches in US history -- the NSA spills, and especially the OPM hack-- happened under non-Republican "oversight". Both relevant parties are terrible about this, and most corporations are unimaginably sloppy. Consumer protections are, at best, a flimsy bandage with weak adhesive when what's needed is reconstructive surgery, casts, traction, and replacement parts custom fabricated on an industrial lathe. And a time machine.
This. It's not a visible problem until something happens. And then Congress will hold hearings and nothing will change. Maybe something will happen this time because this fucks up the banking and insurance industries and they don't like that.
Smutly's reaction is not in defense of his "Republicanism" - I'm so SURE I am wrong, but here I go: he's feeling enormously guilty about defending something as horrible as Trump. But that's for another forum... But either way - Smutly's reaction isn't about being tired of defending Republicans. He's ashamed of voting for Trump. Frankly, that's healthy.
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: The Data Breach Thread

Post by Isgrimnur »

Krebs
Visa and MasterCard are sending confidential alerts to financial institutions across the United States this week, warning them about more than 200,000 credit cards that were stolen in the epic data breach announced last week at big-three credit bureau Equifax. At first glance, the private notices obtained by KrebsOnSecurity appear to suggest that hackers initially breached Equifax starting in November 2016. But Equifax says the accounts were all stolen at the same time — when hackers accessed the company’s systems in mid-May 2017.
...
Visa has updated their advisory about these 200,000+ credit cards stolen in the Equifax breach. Visa now says it believes the records also included the cardholder’s Social Security number and address, suggesting that (ironically enough) the accounts were stolen from people who were signing up for credit monitoring services through Equifax.
It's almost as if people are the problem.
User avatar
Anonymous Bosch
Posts: 10512
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: The Data Breach Thread

Post by Anonymous Bosch »

Moliere wrote:Supposedly Equifax is waiving the freeze fee until Nov. 21st. Has anyone done this yet? I was told that they were giving out pins in the stupid format of MMDDYYhhmm, making the hacking of pins via brute force much easier. Is that still happening?
According to ArsTechnica, Equifax is purportedly moving to improve the PIN generation process, and ease the process of changing the PIN to something more random for those saddled with timestamp PINs:
ArsTechnica.com wrote:A number of customers discovered that the PINs generated by enrolling in Equifax's TrustedID Premier Service were non-random and apparently sequential—in fact, they were essentially date-time stamps of the time of enrollment. Such PINs could potentially be brute-forced by someone attempting to unlock a credit report for the purpose of identity theft.

Equifax is moving to improve the PIN generation process. In response to an inquiry from Ars, an Equifax spokesperson said:
While we have confidence in the current system, we understand and appreciate that consumers have questions about how PINs are currently generated. We are engaged in a process that will provide consumers a randomly generated PIN. We expect this change to be effective within 24 hours. A consumer has an option, and will continue to have an option, to change an existing PIN. The requested new PIN is sent to the consumer by US Mail to their address of record.
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
User avatar
LawBeefaroni
Forum Moderator
Posts: 55315
Joined: Fri Oct 15, 2004 3:08 pm
Location: Urbs in Horto, outrageous taxes on everything

Re: The Data Breach Thread

Post by LawBeefaroni »

Isgrimnur wrote:Krebs
Visa and MasterCard are sending confidential alerts to financial institutions across the United States this week, warning them about more than 200,000 credit cards that were stolen in the epic data breach announced last week at big-three credit bureau Equifax. At first glance, the private notices obtained by KrebsOnSecurity appear to suggest that hackers initially breached Equifax starting in November 2016. But Equifax says the accounts were all stolen at the same time — when hackers accessed the company’s systems in mid-May 2017.
...
Visa has updated their advisory about these 200,000+ credit cards stolen in the Equifax breach. Visa now says it believes the records also included the cardholder’s Social Security number and address, suggesting that (ironically enough) the accounts were stolen from people who were signing up for credit monitoring services through Equifax.
I've been hearing the term "equifucked."
" Hey OP, listen to my advice alright." -Tha General
"No scientific discovery is named after its original discoverer." -Stigler's Law of Eponymy, discovered by Robert K. Merton

MYT
User avatar
LordMortis
Posts: 70097
Joined: Tue Oct 12, 2004 11:26 pm

Re: The Data Breach Thread

Post by LordMortis »

Moliere wrote:Supposedly Equifax is waiving the freeze fee until Nov. 21st. Has anyone done this yet? I was told that they were giving out pins in the stupid format of MMDDYYhhmm, making the hacking of pins via brute force much easier. Is that still happening?
I was told I would have a $10 fee when I signed up for the freeze but it hasn't billed my card. I never looked at my PIN but I know it started with a 9, so you are probably right. Now I'm going to to have to look into changing my PIN.
User avatar
Lorini
Posts: 8282
Joined: Wed Oct 13, 2004 8:52 am
Location: Santa Clarita, California

Re: The Data Breach Thread

Post by Lorini »

Hopefully Equifax will go the way of Enron. They don't deserve to do what they are doing. I can't imagine many more ways they could have fucked this up. Hopefully they get sued into oblivion and some regulation comes of this.

Their stock is tanking big time too, wonder how many Equifax employees are selling while they can still get something.
Black Lives Matter
User avatar
Carpet_pissr
Posts: 19978
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

The Data Breach Thread

Post by Carpet_pissr »

Shiiiiiiiit. I was 'affected' by the Equifax nonsense, and now this:

Hackers Hid Backdoor In CCleaner Security App With 2 Billion Downloads -- 2.3 Million Infected
Forbes - 1h ago


Users of Avast-owned security application CCleaner for Windows have been advised to update their software immediately, after researchers discovered criminal hackers had installed a backdoor in the tool.

https://www.forbes.com/sites/thomasbrew ... backdoor/
User avatar
Lorini
Posts: 8282
Joined: Wed Oct 13, 2004 8:52 am
Location: Santa Clarita, California

Re: The Data Breach Thread

Post by Lorini »

Upgrade to Windows 10, use Windows Defender and call it a day. Don't use those security apps, as you can see they aren't secure. Microsoft has far far more data than any of them and is better protection.
Black Lives Matter
User avatar
Moliere
Posts: 12295
Joined: Sun Sep 03, 2006 10:57 am
Location: Walking through a desert land

Re: The Data Breach Thread

Post by Moliere »

Next thing you're going to tell me that Spybot and Malwarebytes are secret hacker tools. :grund:
"The world is suffering more today from the good people who want to mind other men's business than it is from the bad people who are willing to let everybody look after their own individual affairs." - Clarence Darrow
User avatar
Paingod
Posts: 13132
Joined: Wed Aug 25, 2010 8:58 am

Re: The Data Breach Thread

Post by Paingod »

Lorini wrote:Upgrade to Windows 10, use Windows Defender and call it a day. Don't use those security apps, as you can see they aren't secure. Microsoft collects your personal info far far more efficiently than any of them and is better protection.
Frightening.
Black Lives Matter

2021-01-20: The first good night's sleep I had in 4 years.
User avatar
Lorini
Posts: 8282
Joined: Wed Oct 13, 2004 8:52 am
Location: Santa Clarita, California

Re: The Data Breach Thread

Post by Lorini »

Sorry but actually validated by security experts. The current advice is to dump anti-virus software and go with Defender assuming you use Windows 10 and keep it updated. Why people marry operating systems is beyond me :) In the post-Ballmer days, MS is much much better about nearly everything.

P.S. I understand that people have legacy software they want to keep, but really your system is much more vulnerable if you don't keep it current.
Black Lives Matter
User avatar
Paingod
Posts: 13132
Joined: Wed Aug 25, 2010 8:58 am

Re: The Data Breach Thread

Post by Paingod »

Lorini wrote:Why people marry operating systems is beyond me :)
If I could, I've had MS running my computer with Linux under the desk and Apple cleaning the house. :wink:

I only fear that handing over too many keys to Microsoft will make them bolder and more arrogant in their choices about what I'm allowed to do with my computer and how much access they have to me through it.
Black Lives Matter

2021-01-20: The first good night's sleep I had in 4 years.
User avatar
Lorini
Posts: 8282
Joined: Wed Oct 13, 2004 8:52 am
Location: Santa Clarita, California

Re: The Data Breach Thread

Post by Lorini »

Well they enable me to play the games I love and I think they aren't going to stop doing that. Linux is of no help to me. I also absolutely hate giving up a day to clean up my computer from malware, hate it!!! My only real point is that using third party anti-virus software is dangerous as we see. Howtogeek on Windows Defender.
Black Lives Matter
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: The Data Breach Thread

Post by Isgrimnur »

Bwahaha!

Image
It's almost as if people are the problem.
User avatar
Kraken
Posts: 43688
Joined: Tue Oct 12, 2004 11:59 pm
Location: The Hub of the Universe
Contact:

Re: The Data Breach Thread

Post by Kraken »

I use CrapCleaner (let's call it by its REAL name) for occasional cleaning up and optimizing, not for realtime protection. Updated it anyway.

Anyone know how to turn off Malwarebytes' nag box? Since I completed the 15-day trial, it asks me to upgrade every time I boot. Choosing "No, stay downgraded" just closes it for that one session.
User avatar
Moliere
Posts: 12295
Joined: Sun Sep 03, 2006 10:57 am
Location: Walking through a desert land

Re: The Data Breach Thread

Post by Moliere »

I would check your msconfig file to see if you can remove it from the Windows startup list.
"The world is suffering more today from the good people who want to mind other men's business than it is from the bad people who are willing to let everybody look after their own individual affairs." - Clarence Darrow
User avatar
Carpet_pissr
Posts: 19978
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

Re: The Data Breach Thread

Post by Carpet_pissr »

Lorini wrote:Upgrade to Windows 10, use Windows Defender and call it a day. Don't use those security apps, as you can see they aren't secure. Microsoft has far far more data than any of them and is better protection.
CC Cleaner (at least the way I use it) is not an anti-virus product, it's used to clean up all the old shit you have hanging around, clogging up everything. Old and no longer used registry entries, duplicates, internet files that are not cleared by simply going into the normal browser settings, etc.

I've used it happily for years, and I do think it makes a difference. However, I don't have it running in the background, so maybe I'm good.

Also, as far as Windows Defender goes, anytime I have had a problem (more frequent now with three kids on the computer), Windows Defender has NEVER caught it or advised me there was a problem (actually not true, it did catch something a couple years...but just one instance).

Most recently (about a month ago), I noticed that in Chrome, I could not use Google as a search engine (as default). Did some research, and one of the symptoms was a virus/trojan (can't remember which). Noticed some other quirkiness as well which made me suspicious. Ran Defender, nothing. Downloaded Malware bytes, and bam, it found about 6 pretty nasty bugs that Windows didn't. It's not that I don't trust Windows' version, it's just that with the few infections I have had in the past, it has not been effective for whatever reason.
Last edited by Carpet_pissr on Mon Sep 18, 2017 1:30 pm, edited 3 times in total.
User avatar
Paingod
Posts: 13132
Joined: Wed Aug 25, 2010 8:58 am

Re: The Data Breach Thread

Post by Paingod »

Carpet_pissr wrote:I've used it happily for years, and I do think it makes a difference. However, I don't have it running in the background, so maybe I'm good.
I think that's the right way to use a tool like this since the advent of SSD's and the elimination of defragging regularly. I've also got it installed, but I don't need my SSD array continually monitored and purged. I just need to be able to reliable nuke temp files from time to time when I feel like flossing my data.
Black Lives Matter

2021-01-20: The first good night's sleep I had in 4 years.
User avatar
Moliere
Posts: 12295
Joined: Sun Sep 03, 2006 10:57 am
Location: Walking through a desert land

Re: The Data Breach Thread

Post by Moliere »

Carpet_pissr wrote:Also, as far as Windows Defender goes, anytime I have had a problem (more frequent now with three kids on the computer), Windows Defender has NEVER caught it or advised me there was a problem (actually not true, it did catch something a couple years...but just one instance).
I had the same experience with the corporate bloatware McAfee. I scan my computer using the company provided tools and nothing triggers an alarm. I don't believe them and so I install the freeware Malwarebytes "and bam"! it finds multiple trojans.
"The world is suffering more today from the good people who want to mind other men's business than it is from the bad people who are willing to let everybody look after their own individual affairs." - Clarence Darrow
User avatar
Lorini
Posts: 8282
Joined: Wed Oct 13, 2004 8:52 am
Location: Santa Clarita, California

Re: The Data Breach Thread

Post by Lorini »

If you read the howto article you'll see that Defender can still be used with a scanner like Malwarebytes, which I scan with from time to time.

Also I'd say that MS has gotten better in the last two years. I'm seeing far fewer OS issues, noting that I mainly use my computer for gaming.
Black Lives Matter
User avatar
gilraen
Posts: 4312
Joined: Wed Sep 04, 2013 7:45 pm
Location: Broomfield, CO

Re: The Data Breach Thread

Post by gilraen »

Carpet_pissr wrote:Shiiiiiiiit. I was 'affected' by the Equifax nonsense, and now this:

Hackers Hid Backdoor In CCleaner Security App With 2 Billion Downloads -- 2.3 Million Infected
Forbes - 1h ago


Users of Avast-owned security application CCleaner for Windows have been advised to update their software immediately, after researchers discovered criminal hackers had installed a backdoor in the tool.

https://www.forbes.com/sites/thomasbrew ... backdoor/
I run CCleaner on my work laptop because occasionally I have to test stuff on old browser versions, and browsers really don't like being downgraded. Got a polite notice from the IT guy today that my CCleaner showed up on the company-wide security scan, and can I please upgrade it immediately to the latest version :) (which I'd already done)
User avatar
gilraen
Posts: 4312
Joined: Wed Sep 04, 2013 7:45 pm
Location: Broomfield, CO

Re: The Data Breach Thread

Post by gilraen »

Moliere wrote:
Carpet_pissr wrote:Also, as far as Windows Defender goes, anytime I have had a problem (more frequent now with three kids on the computer), Windows Defender has NEVER caught it or advised me there was a problem (actually not true, it did catch something a couple years...but just one instance).
I had the same experience with the corporate bloatware McAfee. I scan my computer using the company provided tools and nothing triggers an alarm. I don't believe them and so I install the freeware Malwarebytes "and bam"! it finds multiple trojans.
My previous job forced McAfee onto our laptops. Words can't express how much I hate that piece of crap software, I think it was singlehandedly responsible for cutting my productivity by a third on most days (by half on bad days), but granted, it wasn't just the antivirus piece but also point-to-point encryption.

My current job uses ESET antivirus. I had never heard of it before, but it seems to have a very small footprint, and I don't really care about anything else.

I used Symantec at home for over 10 years, it was reasonably streamlined, didn't cause performance issues and overall seemed very good at actually catching threats. But in the last year it just pissed me off one too many times, when it would insist that a file was a threat and needed to be quarantined (when I knew that it wasn't). Uninstalled it, and now I'm just using MS Security Essentials + Spybot Search&Destroy.
User avatar
Blackhawk
Posts: 43487
Joined: Tue Oct 12, 2004 9:48 pm
Location: Southwest Indiana

Re: The Data Breach Thread

Post by Blackhawk »

gilraen wrote: My current job uses ESET antivirus. I had never heard of it before, but it seems to have a very small footprint, and I don't really care about anything else.
I researched the crap out of AV a while back looking for something good for a gaming PC. I got tired of the false positives from Avast! and the nagging of Avira. The general consensus was was that Defender is good, but not great. I ended up with ESET, and have been in love with it ever since. Small footprint, and zero security issues. No nags (although I do pay for it.) Before I saw this thread, I launched CCleaner. ESET nailed it and cleaned it before it had even finished opening.

I also use CCleaner and have for years, plus System Ninja (which cleans things CCleaner misses), along with periodic scans with Malwarebytes. ESET is the only thing I keep running in the background. My other systems (which aren't used for nearly as much browsing) get the same treatment, but I stick with Defender, as I can't afford multiple copies of ESET.
(˙pǝsɹǝʌǝɹ uǝǝq sɐɥ ʎʇıʌɐɹƃ ʃɐuosɹǝd ʎW)
Post Reply