Don't trust anti-viruses for your security

QuickAccount

member

Activity: 189

Merit: 52

In a world of coins, use them.

Quote from: libert19 on July 20, 2021, 08:24:30 AM

Context: https://mobile.twitter.com/jamiebxne/status/1414972231055298560

Guy clicked on phishing link because the bitdefender showed green tick to it.

Its not just phishing thats an issue for anti viruses, most anti viruses scan your device to see if anything on it matches something that it has seen before, almost all antiviruses do this. Any new malware made from scratch will not be detected. Anyone over the age of 12 could look up how to make malware, and within 10 minutes make a keylogger that is undetected by malwarebytes, bitdefender, Windows Defender, the like. An antivirus isnt needed unless you love downloading random garbage and clicking every link you see.

DeathAngel

legendary

Activity: 3304

Merit: 1617

#1 VIP Crypto Casino

Yeah I totally agree with the OP, I am my own anti virus. This sounds a little bit like trusting the novel covid vaccine to be good for you. I’d rather trust myself to be honest, I can manage my own computer. I don’t visit any bogus websites or download any shady files.

I do have Windows Defender running in the background admittedly but I disabled Mcafee antivirus.

boyptc

hero member

Activity: 3024

Merit: 680

★Bitvest.io★ Play Plinko or Invest!

Quote from: sandymandy on October 06, 2021, 05:24:05 PM

So then what can i trust to keep me protected?

Trust yourself and your browsing experience and attitude. You have to be careful as you browse the web despite having the anti-viruses.

There are malware that they can't detect but there are those that can detect it.

sandymandy

newbie

Activity: 30

Merit: 0

So then what can i trust to keep me protected?

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Quote from: Ucy on July 22, 2021, 09:45:30 AM

How is that possible... I mean a phishing site getting a green tick? Guess the site would be very close to the real one in similarity to be missed by a human or AI/bots who probably gave the green tick.
Anyway, it's important to always double check and not just completely put your trust in things like that

I assume it got a green tick not because BitDefender thinks it's legit, but simply because BitDefender didn't detect the scam website to be in a sort of scam database. It's just the logical reason I could think of.

Ucy

sr. member

Activity: 2674

Merit: 403

Compare rates on different exchanges & swap.

Quote from: libert19 on July 20, 2021, 08:24:30 AM

Context: https://mobile.twitter.com/jamiebxne/status/1414972231055298560

Guy clicked on phishing link because the bitdefender showed green tick to it.

How is that possible... I mean a phishing site getting a green tick? Guess the site would be very close to the real one in similarity to be missed by a human or AI/bots who probably gave the green tick.
Anyway, it's important to always double check and not just completely put your trust in things like that

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Quote from: Lucius on July 21, 2021, 07:37:18 AM

Does one wonder what young people learn in school in computer science classes? If they play games and just surf the internet, and everything important could be presented to them in less than 60 minutes. I often meet people who complain to me that their computer is slow and that some strange things are happening to them - and this is no surprise because they have no protection and have never heard of malware or adware in their lives. It may just seem that way to me, but people seem to be getting dumber - and the only ones happy about it are hackers - easy money everywhere.

I assume it's the typical Microsoft Office stuff and creating basic html pages; which I definitely think should be changed in some way. And yea, I've always been an advocate in heavily prioritizing internet security in computer-related subjects, and should be taught as early as probably 5th grade.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: pilosopotasyo on July 21, 2021, 05:31:06 AM

I'm surprised for a guy with $50k coins on his wallet but is not aware of the many tricks scammers and hackers are doing...

He could have millions of $ in his crypto wallet, but that doesn’t mean he’s intelligent enough to figure out how to handle his digital assets. It is completely wrong to link someone's wealth and intelligence, because there are a lot of stupid people who are very rich, but have never earned anything in life - inheritance can be a great curse for some people.

Quote from: mk4 on July 20, 2021, 08:32:50 PM

I mean, clicking Google ads and not having uBlock Origin installed on your browser in the first place in freakin 2021?

Does one wonder what young people learn in school in computer science classes? If they play games and just surf the internet, and everything important could be presented to them in less than 60 minutes. I often meet people who complain to me that their computer is slow and that some strange things are happening to them - and this is no surprise because they have no protection and have never heard of malware or adware in their lives. It may just seem that way to me, but people seem to be getting dumber - and the only ones happy about it are hackers - easy money everywhere.

pilosopotasyo

member

Activity: 952

Merit: 27

I'm surprised for a guy with $50k coins on his wallet but is not aware of the many tricks scammers and hackers are doing and even uses a search engine to get into MyEtherwallet which is the most used wallet by hackers to phished if you are going to invest or keep a huge amount of money learn how to protect yourself and your wallet first before thinking of building your portfolio, ignorance of how scammers work excuses no one, the blame is on the guy for neglecting how to protect and secure his wallet.

dkbit98

legendary

Activity: 2212

Merit: 7064

Most antivirus software are junk that just waste resources of your computer and doing nothing much to protect you from threats, or they have a bunch of false alerts
On top of that, nothing can protect you from phishing and fake websites that pop-up all the time like mushrooms, and most mistakes are done by human errors.
Having Malwarebytes installed and doing periodic scans is not a bad idea, but I would not use the same computer for general stuff, internet and for holding Bitcoin and other cryptocurrencies.
Some basic protection is to use offline computer or hardware wallet for your crypto, switch to DuckDuckGo or BraveSearch for internet search and use adblockers to remove ads from websites.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

That green tick give false sense of security when the AV only use blacklist feature (rather than both blacklist and whitelist), but he's also at fault because what @o_e_l_e_o and blindly trusting advertising.

Quote from: Saidasun on July 20, 2021, 05:01:47 PM

Quote from: hatshepsut93 on July 20, 2021, 04:06:56 PM

This is fundamentally stupid, because these antiviruses just match an url in their database and conclude that if it wasn't yet reported as a scam, than it is not a scam. So first dozens of people who rely on this are guaranteed to get scammed if they trust their antivirus and don't take any measures. Antiviruses are handling malware in similar way - if it hasn't been reported as a malware yet, it would have a higher chance of remaining undetected.

They false flag anything that has not got an author assigned to it. If you are using Windows and start an exe or msi to install something it will usually say "from firefox" or from "Google" but if your application has not got that or if the developer forgot to add it they automatically flag it as a threat. I have had this happen so many times with github programs and its frustrating.

You could change Windows User Account Control (UAC) to be less strict or even disable it completely.

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Using some anti-virus or not, that's a very very amateur mistake to make. I mean, clicking Google ads and not having uBlock Origin installed on your browser in the first place in freakin 2021?

Saidasun

sr. member

Activity: 334

Merit: 275

Quote from: hatshepsut93 on July 20, 2021, 04:06:56 PM

This is fundamentally stupid, because these antiviruses just match an url in their database and conclude that if it wasn't yet reported as a scam, than it is not a scam. So first dozens of people who rely on this are guaranteed to get scammed if they trust their antivirus and don't take any measures. Antiviruses are handling malware in similar way - if it hasn't been reported as a malware yet, it would have a higher chance of remaining undetected.

They false flag anything that has not got an author assigned to it. If you are using Windows and start an exe or msi to install something it will usually say "from firefox" or from "Google" but if your application has not got that or if the developer forgot to add it they automatically flag it as a threat. I have had this happen so many times with github programs and its frustrating.

hatshepsut93

legendary

Activity: 3024

Merit: 2148

This is fundamentally stupid, because these antiviruses just match an url in their database and conclude that if it wasn't yet reported as a scam, than it is not a scam. So first dozens of people who rely on this are guaranteed to get scammed if they trust their antivirus and don't take any measures. Antiviruses are handling malware in similar way - if it hasn't been reported as a malware yet, it would have a higher chance of remaining undetected.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: sheenshane on July 20, 2021, 11:21:00 AM

they're a big company but they can't able to filter those phishing and malicious links that who paid ads

Quote from: BitMaxz on July 20, 2021, 12:20:43 PM

Actually, google also has a mistake here in accepting fake websites they should manually review websites before they release it to the public as ads.

Google don't care. You think a multi-billion dollar company like Google can't hire a couple of people on minimum wage to check the authenticity of ads which are submitted? Of course they could, they just don't care. Google are not your friend. They don't care about you, your data, your coins, your privacy, your security, your computer, your phone, your life, anything. They care about money. If a scammer is willing to pay money to advertise their scam, Google are quite happy to accept. If a scammer is willing to pay money to have their malware infected app listed on the Play Store, Google are quite happy to accept. As long as they make a profit, they don't care in the slightest if people lose their life savings to a scam ad they are showing.

This has been going on for years. Google have proven time and time again they are quite happy for users to have their lives ruined as long as they keep making those sweet, sweet profits. Still using Google products or trusting Google with anything is pretty much Stockholm Syndrome as this point.

BitMaxz

legendary

Activity: 3374

Merit: 3095

Playbet.io - Crypto Casino and Sportsbook

The big mistake here was he didn't notice the domain or URL of the website why would he blame antivirus for his mistake.

Look at the details of the domain

Code:

Domain:myewetlhervwallet.com
Registrar:NameCheap, Inc.
Registered On:2021-05-08
Expires On:2022-05-08
Updated On:2021-05-08
Status:clientTransferProhibited
Name Servers:dns1.namecheaphosting.com
dns2.namecheaphosting.com

The domain is pretty new that's a 2 month's old website so I think the antivirus only puts a red flag on the website if they only receive reports but since the domain is newly registered and no one reported it yet they shows a green flag.

I hope that man learns from his mistake, always check the domain URL before you log in.

Actually, google also has a mistake here in accepting fake websites they should manually review websites before they release it to the public as ads.
I'm sure those people who made the phishing site abusing the Google ads weakness they also giving free ads credit for new advertisers.

sheenshane

legendary

Activity: 2492

Merit: 1232

It's another victim just because of Google ads, shame on them, they're a big company but they can't able to filter those phishing and malicious links that who paid ads, as long as they had paid, they are free to advertise.

The victim was lack of research and was a little bit lazy because even checking and verifying the links as long as there's a green check doesn't mean it is safe in Google, using our common sense sometimes will protect us from a scam like this. We shouldn't trust Google ads clicking on it because we know that they aren't safe at all.

The consequences of using chrome extension wallets, it's better to use hardware wallets. The victim had been got hacked for $40,000 - $45,000 but why can't able to purchase even a small amount of hardware wallet.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Things he did wrong:

Kept $50,000 on a hot wallet.
Used a search engine to find a link instead of bookmarking it or typing it by hand.
Used Google, which is known to host and promote scams.
Clicked on a Google ad, which are like 95% scams at this point.
Isn't using an ad blocker which would have blocked the scam ad.
Didn't read the obviously incorrect URL. (I mean, REALLY obvious - "myewetlhervwallet")
Didn't use a password manager which would have not entered his credentials in a website with a non-matching URL.

Not doing any one of those things would have been enough to protect him from this scam. I feel bad for him, but that's a big list of very newbie mistakes he had to make to fall victim to this.

What he (and everyone else) should be doing:

Use a hardware wallet or other cold storage
Use Firefox or Tor (and never Chrome)
Use DDG (and never Google)
Use uBlock origin
Use KeePass
Bookmarked the link

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Don't do anything if you're too tired to read a domain name above a search engine result imo.

Free av will only pick up stuff it's seen before in most cases (and that link didn't look like it was phishing - too many extra letters - I assume that's why the av didn't flag it).

If you don't know something well enough to type in its domain name - I think you need to do some more research on it first.

libert19

hero member

Activity: 2520

Merit: 952

Context: https://mobile.twitter.com/jamiebxne/status/1414972231055298560

Guy clicked on phishing link because the bitdefender showed green tick to it.

Topic: Don't trust anti-viruses for your security (Read 230 times)