Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Eehh... This is more like "you drove through a red light but luckily no one T-boned you;" a cop will rightfully pull you over to let you know "nothing happened." I'd say the driver definitely should be alerted that that PDF they opened was infected. At minimum to alert them to the fact that they should keep their guard up, and that further investigation of potential compromise could be necessary depending on your threat model.

Virus almost running on your PC is not a routine product feature that should be swept under the rug - at best it's bad security hygiene, at worst it's symptomatic of a targeted/ongoing compromise.



> I'd say the driver definitely should be alerted that that PDF they opened was infected

When you actively open an infected or malicious file you do get alerted - those are the alerts shown in TFA.


Hasty example on my part but point stands when scenario is replaced by "background virus" (i.e. detected by Remediator as an active threat, instead of being preemptively blocked when opening a file).

Could be the PDF example still too, if XProtect misses it on initial file scan, but then Remediator picks it up later. Not sure if they use different detection engines (database matching on the file vs active process heuristics)?


>At minimum to alert them to the fact that they should keep their guard up

or to not share it with others!


Or warn the person (friend, coworker, family member) who sent it that they have a malware problem!


> This is more like "you drove through a red light but luckily no one T-boned you;"

Huh? The malware getting removed is not evidence that no harm occurred. Perhaps the malware stole something of importance. If that something was just power and network (e.g., for a DDoS farm), then it's of little importance, but if that something was keystrokes, then it could be a major importance. The user not knowing is a real problem.


> a targeted/ongoing compromise.

Not to worry! Because XProtect and similar have such a narrow scope, it is unlikely to protect against targeted attacks anyway.


> Virus almost running on your PC is not a routine product feature

Maybe on macOS it is, and the only reason it isn't broadly knows is because Apple is sweeping this under the rug?


It is typical apple dumbness - form over function.

The same dumbness exists on windows where it would silently remove files like keygens with its 'antivirus' making it a mandatory drill to disable it completely (no easy task too) on any new installation. Even worse you would sometimes forget that it does that and then be dumbfounded for about 30 minutes as to why the file is in the archive but not on the filesystem after its extraction.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: