| Deutsch English Français Italiano |
|
<101uape$25upm$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder9.news.weretis.net!news.quux.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail From: Paul <nospam@needed.invalid> Newsgroups: alt.comp.os.windows-10,comp.os.linux.advocacy Subject: =?UTF-8?Q?Re:_=e2=80=9cKDE_For_Windows_10_Exiles=e2=80=9dCampaign?= Date: Fri, 6 Jun 2025 05:01:35 -0400 Organization: A noiseless patient Spider Lines: 42 Message-ID: <101uape$25upm$1@dont-email.me> References: <101qp34$14rg1$1@dont-email.me> <HIicncs0prOdut_1nZ2dnZfqnPSdnZ2d@supernews.com> <9u754kl3mqjopb278817peqv3aiksjkotd@4ax.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Injection-Date: Fri, 06 Jun 2025 11:01:35 +0200 (CEST) Injection-Info: dont-email.me; posting-host="ed5680ea863a24800bb29d4f5e9d7533"; logging-data="2292534"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/PrCajo84baS4fCwThHnn4MmRbKYcrmf0=" User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802) Cancel-Lock: sha1:mjINCBoUoRBk4l2ZaEv7RatscPE= In-Reply-To: <9u754kl3mqjopb278817peqv3aiksjkotd@4ax.com> Content-Language: en-US Bytes: 3203 On Fri, 6/6/2025 4:02 AM, chrisv wrote: > Tyrone wrote: > >> Windows 10 will continue to get AV updates. > > If you pay extra for that extended support, right? > These are updated daily. When you air-gap a Windows, you can "bring over" a definition update and install it on an OS. I've done this on numerous occasions, to give the AV something to do :-) Naturally, there are two parts to these -- if a definition needed a newer parser to read it, that's an issue. For unsupported OSes, that is less likely to happen. At a minimum this gives a rough equivalent to a Cisco TALOS ClamAV (in other words, limited heuristic capabilities, but still has some value and could detect Sality inbound). https://www.microsoft.com/en-us/wdsi/defenderupdates "Windows Defender in Windows 7 and Windows Vista 32-bit | 64-bit" But effort is put into those, and it "counts as support". It gets done, because it's a part of the active support structure for the later OSes, and is just a derivative output file. Just as a lot of "junior AV companies" may rely on ClamAV for their definition files. Roughly a third of branded AV products are junk (but you have to start somewhere). For example, Malwarebytes started as a heuristic product, only detecting "novel intrusions" and stopping them. Only later did it get signatures to scan, and so it would have started on a diet of ClamAV at first. It might take a staff of 200, to do a viable ClamAV equivalent. Three guys in moms basement, can't keep up. The junk AV products, don't have the 30 unpackers necessary to check obfuscated files. And this shows up as a recurring pattern in Google Virustotal scan results (product "could not open" file). That's how you can tell what is junk, if it can't even handle an executable-packer. The companies with a staff of 1200-2000 are capable of making worthwhile products (that's if they don't add too much FUD junk and snakeoil). Paul