View Single Post
Old March 16th 19, 05:10 AM posted to
external usenet poster
Posts: 10,503
Default Can I install Win 10 like this?

T wrote:
On 3/15/19 3:10 PM, Jonathan N. Little wrote:
Paul wrote:
It is, after all, a fork of another tool. Which
means a miscreant *could* be a malware expert and
not a boot expert, just reusing the boot-making code
and be up to monkey-business.

1) The PPA is on launchpad and is copen for all to review
2) The code is on github and the
source is also reviewable and open for comments by others.

Big difference in transparency with OpenSource where the code is open
for review, whereas Win-folks have to trust the binaries they install
without hesitation. You only install things from the Microsoft Store?

With Windows Stuff, I always run them through Virus Total
before trusting them

And you don't really "trust" them.

Doing that is only a cursory examination.

If someone discovers a new exploit, and offers it in a
download, how much good do you think Virustotal is
going to do ?

And the authors of badware have to be careful. At least
on one occasion, a malware author "showed their skirt in public"
once too often. They were careless in handling a new creation.
And a malware researcher got a sample to look at, before the
malware was "launched". And the item in question was totally
ineffective at launch, because everyone by that time knew about
the exploit.

But we can't plan on malware people being stupid enough
to test a new exploit against Virustotal. As an indicator
that they're off Scott Free.

Trust involves a number of things. Including some history
of the product too. If a product pops up "today" and passes
a Virustotal scan "today", that's hardly enough history
for any sort of trust. If a product has had the same
sha256 for the last two years, and it's still passing
virustotal, I feel "warmer" but there's still no
reason to celebrate.

There have been some recent instances of ransomware
which remains submerged for a month before attacking.
You would think there would be little benefit from
waiting to attack, and that a resident AV could
destroy your creation in that one month interval.
There are people though, who are using exactly
that approach, and, with some success. And that to
me is a nightmare scenario. It implies the bad guys
feel "immune" for some reason. And that they're not
going to get caught.