|
|
|
|
|
|
by proactivesvcs
3074 days ago
|
|
|
> Infection attempts by what?
In January I've seen logs blocking drive-by malware attempts, lots of infected email attachments and an infected USB stick. These are not false positives. They were not legitimate software from trusted sources. The logs I read were real-world true positives and they were not inconsequential trivia like tracking cookies or the like. I don't think that in any of the cases the user would have had a warning to blindly click through. Not entirely sure how an advert blocker can stop email or device-carrying malware. |
|
|
Infected email attachments, unless they come from a trusted sender, I consider "useless positives" because nobody, with the appropriate training, should be opening them in the first place.
Kinda along the same lines of tracking portscans and counting those as "thwarted cyber attacks", like many government agencies tend to boast about, it's nice for padding stats but is it a real security gain?
Afaik by now one of the most common successful attack vectors is drive-by kits [0], increasingly served trough advertisement channels. Ad-blockers/disabling Java minimize this risk quite a bit, with low overhead, while having the added comfort of making the web more user-friendly.
Which to me is the most sensible solution, unless one really likes opening weird email attachments and/or plugging in untrusted devices.
> I don't think that in any of the cases the user would have had a warning to blindly click through.
If the user is already careless enough to connect untrusted devices and/or opening random email attachments, then I have no trust in said user to heed any of the following warnings, as he/she already had to ignore previous best practice warnings to get there in the first place.
[0] http://www.securityweek.com/internets-big-threat-drive-attac...