This forum is in permanent archive mode. Our new active community can be found here.

Don't Use Anti-Virus Software

1356710

Comments

  • Even if it might be perfectly fine software, I'm not about to download it. If you don't have the ability to make a web site not scary looking, then how can I believe you have the ability to make a program worthy of installing? If you don't have the time or effort to bother making your web site not scary, then can you be bothered to make sure your software is secure?
  • edited May 2012
    JESUS' COCK, STOP EXCAVATING YOUR ASSHOLE WITH YOUR MOUTH, YOU BLEEDING CUNT. NOW I'LL GO AND PRAY TO ANY GOD, HOPING I'M NOW TALKING ON YOUR LEVEL OF UTTER STUPIDITY, BECAUSE I AM SCARED SHITLESS IF I HAVE TO GO LOWER JUST TO COMMUNICATE WITH YOU.
    Post edited by Not nine on
  • My computers never have problems and always work perfectly. Other people get viruses and don't know how they got them even though they think they are vigilant.

    It's the wild west on the Internet. Trust nothing and make security and backups your highest priorities. Better to err on the side of distrust. Distrusting trustworthy things won't hurt. Trusting just one untrustworthy thing and you are fucked.
  • Even if it might be perfectly fine software, I'm not about to download it. If you don't have the ability to make a web site not scary looking, then how can I believe you have the ability to make a program worthy of installing? If you don't have the time or effort to bother making your web site not scary, then can you be bothered to make sure your software is secure?
    Then download the source from Google Code and compile it yourself if you're that paranoid. It compiles just fine with the free Visual C++ Express Edition according to the programmer. The PDF renderer itself is the open source MuPDF library -- Sumatra is just a wrapper around said library.

    It's obvious the programmer behind it is not a web designer. The site itself is pretty much just plain, static HTML with a little bit of JavaScript -- no fancy CMSes or anything like that. Frankly, I don't care as I'm not looking for a web designer -- I'm looking for a simple, open source PDF reader that doesn't have all the crap that Adobe Reader has that makes it such a security nightmare (who in their right mind though having executable JavaScript in a PDF was a good idea?!) Also, just because you can make a slick looking website, it doesn't mean you can write secure software. Adobe Reader itself is proof of that.
  • Scott's right. That looks like some dodgey-ass shit that I wouldn't trust without a lot of independent research.
  • edited May 2012
    Or run in Sandboxie or on a VM and then do some vulnerability testing. There's a few tools you can download that you run in a VM that automate the process of clearing a program for direct installation (check for unsafe networking, stealth processes, hidden installs, stuff like that).

    My PC at home has a bunch of warez on it. Still no viruses. I like your tin hat, though, Scott. It is very shiny and must be excellent at repelling the orbital thought beams.
    Post edited by WindUpBird on
  • download the source from Google Code and compile it yourself if you're that paranoid. It compiles just fine with the free Visual C++ Express Edition according to the programmer. The PDF renderer itself is the open source MuPDF library -- Sumatra is just a wrapper around said library.
    Yeah, people like you and I can do that. But the average user?

    The vast majority of computer problems in the world are, in my professional opinion, caused by people installing broken or malicious software. People need to err on the side of skepticism, not credulity, when installing ANYTHING.

    Sure, that one piece of stranger candy is probably fine. At worst, it's poorly written but not outright malicious. At best, it works fine.

    Most stranger candy is fine. Hence, Halloween. Downloading much of the software people here have talked about in recent memory is, to the trained eye, like accepting free candy from a guy in a back alley wearing an eyepatch and driving a windowless van.

    He might just be a helpful, candy-bearing stranger. But if you take his candy, you're still making a mistake.
  • edited May 2012
    Adobe Reader is perfectly safe, as long as you always keep it up to date. No matter what OS or software you use, that is true. I keep all software up to date constantly. That is something you have to do even if you run a purely open source Linux distro. Adobe Reader always works on every PDF just fine. Never got bit, because it's always updated, as is everything else. Are you updating Sumatra regularly? Yeah, I bet it doesn't even auto-update.

    As for making a slick looking web site, I can't do it. But I can be bothered to go and get a default theme from someone else that looks good. Twitter Bootstrap default at least. Takes two seconds.

    Remember, also that graphic design represents the psychology of the person behind it, regardless of skill level. Why does Time Cube look the way it does? Why does it look similar to Rumsfeld's PowerPoint slides? Why does it look similar to Neal Adam's expanding Earth nonsense? Why do religious leaflets all have similar graphic design patterns? Looking at the things someone puts out tells you something about that person.
    Post edited by Apreche on
  • Or run in Sandboxie or on a VM and then do some vulnerability testing.
    Again, out of reach for the vast majority of computer users.

    My PC at home has a bunch of warez on it. Still no viruses. I like your tin hat, though, Scott. It is very shiny and must be excellent at repelling the orbital thought beams.
    Are you sure? How precise was your methodology. I studied warez from the pirate bay quite a bit years ago, and found few non-compromised binaries (comparing checksums and monitoring egress). Are you so confident in your methodology as to stake your computer and data on it?

    I'm a senior engineer. I run with some of the top of my industry. I'm appealing to authority. It is my professional opinion that almost no one here who is downloading and installing things I would consider "shady" is doing any manner of due diligence beforehand. There is no afterhand. Compromised once, you're fucked and must reinstall. To say otherwise, I would want to personally investigate before even dreaming of suggesting otherwise to anyone.
  • Shady website design too much green not enough graphic design DO NOT TRUST
    That's actually a professional and slick design. You really can't tell the difference? I freely admit I do not have any skills of graphic design. I can't design my way out of a paper bag. But what I can do is judge design. I know good design from bad when I see it, even though I do not have the design education necessary to explain why in great detail.

    It seems that people do not have this ability?
  • Scott's right. That looks like some dodgey-ass shit that I wouldn't trust without a lot of independent research.
    Well, it has gotten a lot of good reviews as well... and since the source is open, it's much less likely to have anything obviously dodgy in it. Yes, it's possible that the pre-compiled binaries have extra "goodies" in them that the source releases don't have, but it's not very likely.

    Granted, it's not perfect with respect to security, but given how some security researches consider it relatively secure, I think it's a good bet overall it's fine.

    FYI, supposedly the reason why the Sumatra site looks the way it does is because the author's a fan of the Watchmen comics and chose the same color scheme.
  • edited May 2012
    Really, until your open source project is something widely accepted, a component of an actual business, exclusively used by professionals, and/or completely fueled by the community, is there really any reason to host it on your own site? Not only will you look better on SourceForge or some other repo, but you will be able to display your cred with no risk at all.
    Scott's right. That looks like some dodgey-ass shit that I wouldn't trust without a lot of independent research.
    Well, it has gotten a lot of good reviews as well... and since the source is open, it's much less likely to have anything obviously dodgy in it. Yes, it's possible that the pre-compiled binaries have extra "goodies" in them that the source releases don't have, but it's not very likely.
    If it has gotten good reviews, it should display them proudly. Link to some blogs that recommend them, or track down reviews from a credible source with some type of widget. The color scheme doesn't matter to me, it's this neglect of credentials that should raise a flag. The only thing on the main page that suggests this is a credible piece of software from the homepage is the poorly placed Google+ icon with 1.8k +1's.
    Post edited by Schnevets on
  • My computers never have problems and always work perfectly. My computers never have problems and always work perfectly. Other people get viruses and don't know how they got them even though they think they are vigilant. My computers never have problems and always work perfectly. Other people get viruses and don't know how they got them even though they think they are vigilant.

    It's the wild west on the Internet. My computers never have problems and always work perfectly. Other people get viruses and don't know how they got them even though they think they are vigilant.

    It's the wild west on the Internet. Trust nothing and make security and backups your highest priorities. Better to err My computers never have problems and always work perfectly. Other people get viruses and don't know how they got them even though they think they are vigilant.

    It's the wild west on the Internet. Trust nothing Trust nothing Trust nothing My computers never have problems and always work perfectly. Other people get viruses and don't know how they got them even though they think they are vigilant.

    It's the wild west on the Internet. Trust nothing and make security and backups your highest priorities. Better to err on the side of distrust. Distrusting trustworthy things won't hurt. Trusting just one untrustworthy thing and you are fucked.
    image
  • Even if you compile the code yourself, did you read the source code? A popular open source project like Linux has a lot of eyeballs on it. I know who a lot of those eyeballs belong to, and they are individual people I trust. Who is this guy who writes Sumatra and how many eyeballs are on the code? I never heard of it before today.

    Also, seclists.org looks super shady! I know it's just an HTTP view of some mailing lists, which themselves are as trustworthy as any other mailing list, but still.
  • Adobe Reader is perfectly safe, as long as you always keep it up to date. No matter what OS or software you use, that is true. I keep all software up to date constantly. That is something you have to do even if you run a purely open source Linux distro. Adobe Reader always works on every PDF just fine. Never got bit, because it's always updated, as is everything else. Are you updating Sumatra regularly? Yeah, I bet it doesn't even auto-update.
    How fancy of an auto-update functionality do you want? Sumatra does check the website for updates at startup, even if it doesn't automatically download the updates. Every so often I fire it up and it tells me that there is an update available on the website. This is more or less akin to what Firefox does.

    Also, I wouldn't call Adobe Reader perfectly safe as long as you keep it up to date. Keeping it up to date keeps it relatively safe, but it's got so much crap in it (like executing JavaScript in PDF files) that makes me thing that security was not one of its original goals. Plus, Adobe doesn't have a very good history when it comes to security in general.

    SumatraPDF, at least, has the advantage of having a much smaller code base (less code = less likelihood for bugs to slip in), being open source, and using a well-vetted open source PDF rendering library to handle PDFs. It also doesn't do stupid things like execute JavaScript.
    As for making a slick looking web site, I can't do it. But I can be bothered to go and get a default theme from someone else that looks good. Twitter Bootstrap default at least. Takes two seconds.
    Default theme? He's not using a CMS -- he's using purely static HTML for this page. For that matter, the Sumatra site is the only one of his that has that color scheme (which is the only thing one can complain about). His main site, while spartan, doesn't have the garish color scheme.
    Remember, also that graphic design represents the psychology of the person behind it, regardless of skill level. Why does Time Cube look the way it does? Why does it look similar to Rumsfeld's PowerPoint slides? Why does it look similar to Neal Adam's expanding Earth nonsense? Why do religious leaflets all have similar graphic design patterns? Looking at the things someone puts out tells you something about that person.
    So in this case, Alan Moore is a shady nutjob because he picked the same color scheme for Watchmen as this guy used for SumatraPDF.
  • I never heard of it before today.
    AMAZING. SEEING AS HOW IT WAS MENTIONED TWO FUCKING DAYS AGO ON YOUR OWN TWO-TONE COLOURED FORUM.
  • I don't download shady PDFs, and rarely download PDFs at all for that matter. Almost every PDF I've even used in months is one I've made myself by exporting panel slides as PDF from Google Docs/Drive.

    Also why are you so focused on just the colorscheme? Can you guys really not tell that that side looks unprofessional and shady? Can you really not tell? We might have to make a video on this.

  • Also why are you so focused on just the colorscheme? Can you guys really not tell that that side looks unprofessional and shady? Can you really not tell? We might have to make a video on this.
    The color scheme has literally nothing to do with it.

    You guys probably haven't read all the studies showing that most non-technical people literally can't tell the difference between obvious phishing sites and legitimate sites. While not all "shady" looking sites are bad, almost all "bad" sites are shady looking.

    The studies I saw mostly showed that technology professionals scored near-perfectly, and the population at large was at best random.

  • edited May 2012
    Really, until your open source project is something widely accepted, a component of an actual business, exclusively used by professionals, and/or completely fueled by the community, is there really any reason to host it on your own site? Not only will you look better on SourceForge or some other repo, but you will be able to display your cred with no risk at all.
    It's hosted on Google Code as well as his website.
    If it has gotten good reviews, it should display them proudly. Link to some blogs that recommend them, or track down reviews from a credible source with some type of widget. The color scheme doesn't matter to me, it's this neglect of credentials that should raise a flag. The only thing on the main page that suggests this is a credible piece of software from the homepage is the poorly placed Google+ icon with 1.8k +1's.
    Yeah, I dunno why he doesn't post the reviews, unless he just doesn't care to do so for some reason.
    Even if you compile the code yourself, did you read the source code? A popular open source project like Linux has a lot of eyeballs on it. I know who a lot of those eyeballs belong to, and they are individual people I trust. Who is this guy who writes Sumatra and how many eyeballs are on the code? I never heard of it before today.
    I've been using it for years. There are 5 other committers to the Sumatra code according to the Google Code page for it. The MuPDF library that it's based on has many more committers.
    Also, seclists.org looks super shady! I know it's just an HTTP view of some mailing lists, which themselves are as trustworthy as any other mailing list, but still.
    Seclists.org is run by Gordon Lyon (AKA "Fyodor"), the author of Nmap. Seems pretty legit as far as security circles are concerned.

    Oh, and maybe it's just me, but Sumatra's PDF site doesn't look shady at all to me. It looks spartan, with a lousy color scheme, but not shady. Then again, it's not like my own website looks any better either (I'd argue my website, except for the Wordpress blog on it, looks worse). It looks about like what someone who isn't a web designer would put together for a hobby project, which pretty much describes what's going on with Sumatra PDF is.
    Post edited by Dragonmaster Lou on
  • Guys, just because Scott insulted poop does not mean you have to defend poop. It's sometimes baffling how predictable these forum flame wars can get...

    Scott: Farmer Kowalczyk's milk is always sour. I prefer to buy my milk from Adobe Ranch.
    Others: What are you talking about!?! Farmer Kowalczyk's milk is fine!
    Scott: I don't know. He painted his barn that weird bright yellow color. He never says how popular his milk is. He's giving off the wrong vibe.
    Others: HOW DARE YOU INSULT SUCH A GREAT, BRAVE, SAINTLY MAN. I ONCE SAW A THEATER PAINTED IN THAT SAME COLOR AND IT WAS MAGNIFICENT. YELLOW IS THE LATEST THING IN BARN COLORS. WHY, I WISH I HAD THE GREAT AESTHETIC INSTINCTS OF FARMER KOWALCZYK!

    And thus, the subject stopped being about milk.
  • Part of providing security services for others is gaining their trust. This is why banks always make their branches and buildings really impressive. This is why people in the financial industry live lavishly and drive fancy cars. This is why military contractors conduct themselves so seriously. If you want someone else to trust you to protect their things, especially their money, then you have to put on airs to give the customer a feeling of safety.

    Yes, the feeling of safety has nothing to do with the actual security. It is possible to make people feel very safe and be the most insecure thing in the world. It is also possible to be super secure, but be very hard to trust.

    Despite that there is no causal relationship between the two. If you do not have the ability to make something secure, then it is very unlikely that you have the skill to make something feel secure. Thus, when something appears trustworthy and professional, it is, more often than not.

    And when it comes to software specifically, professional software may have just as many holes as any other software. But at least you know that when you download Adobe Reader from Adobe.com it won't have malware in it to begin with. That's a guarantee. When you download something like Joy2Key, sure it may not have security holes, but how do you know it isn't malware in and of itself? How do you know that pirate copy of Photoshop from Pirate Bay is really free of malware? You ran a useless anti-virus on it?
  • You may have a point there in that we're defending SumatraPDF a bit too strongly. However, I don't understand this love affair with Adobe Reader either. It's slow, buggy, insecure as all hell (despite what Scott says about keeping it updated -- it has far too many poor design decisions in it to make me trust it). Plus the fact that it's a 40 meg or so PDF reader is just ridiculous when you have other readers, such as Sumatra, that clock in at under a meg.

    I don't download shady PDFs either. Most of the PDFs I've downloaded recently are manuals for my lawnmower and such as it's often easier to find them online than to figure out where I put the printed ones.
  • edited May 2012

    Also why are you so focused on just the colorscheme? Can you guys really not tell that that side looks unprofessional and shady? Can you really not tell? We might have to make a video on this.
    The color scheme has literally nothing to do with it.
    ARE YOU SURE? DO YOU THINK APRECHE READ THAT? MAYBE YOU COULD SAY IT AGAIN TO HIM. MAYBE EVEN IN PERSON SO HE MIGHT HEAR IT AS WELL AS POTENTIALLY READ IT. I WORRY FOR HE APPEARS TO HAVE APRECHE-ONLY-O-VISION READING SKILLS. AND EVEN WITH ALL MY LITTLE TRICKS AND METHODS TO TRY AND GET HIM TO SPOT MY POSTS, HE APPEARS TO BE THE ONLY PERSON COMPLETELY IMMUNE TO IT. EVEN I FOOLED MYSELF ONCE. I AM THAT FUCKING GOOD, BUT GOOD IS NOT GOOD ENOUGH WITH APRECHE. SO WE SHOULD USE SOME HEAVIER FIREPOWER. RYM, DON A APRECHE-MASK AND TELL HIM THAT TO HIS FACE. HE NEEDS TO COMMUNICATE.
    You guys probably haven't read all the studies showing that most non-technical people literally can't tell the difference between obvious phishing sites and legitimate sites. While not all "shady" looking sites are bad, almost all "bad" sites are shady looking.

    The studies I saw mostly showed that technology professionals scored near-perfectly, and the population at large was at best random.
    MOSTLY BECAUSE THESE OBVIOUS PHISHING SITES LOOK LIKE THEIR ACTUAL BANK WEBSITE, OR LIKE THE WEBSITE FOR THE PIECE OF SOFTWARE, WITH URLS THAT LOOK DECEPTIVELY LIKE THE REAL DEAL WHEN VIEWED AT A GLANCE. WE ALL KNOW PEOPLE DON'T LOOK AT THEIR FUCKING SCREENS AND READ WHAT'S ON IT. WE'VE GOT A PRIME EXAMPLE IN APRECHE OVER THERE.

    EDIT: NESTED COMMENTS ARE HILARIOUS.
    Post edited by Not nine on
  • edited May 2012
    Guys, just because Scott insulted poop does not mean you have to defend poop. It's sometimes baffling how predictable these forum flame wars can get...

    Scott: Farmer Kowalczyk's milk is always sour. I prefer to buy my milk from Adobe Ranch.
    Others: What are you talking about!?! Farmer Kowalczyk's milk is fine!
    Scott: I don't know. He painted his barn that weird bright yellow color. He never says how popular his milk is. He's giving off the wrong vibe.
    Others: HOW DARE YOU INSULT SUCH A GREAT, BRAVE, SAINTLY MAN. I ONCE SAW A THEATER PAINTED IN THAT SAME COLOR AND IT WAS MAGNIFICENT. YELLOW IS THE LATEST THING IN BARN COLORS. WHY, I WISH I HAD THE GREAT AESTHETIC INSTINCTS OF FARMER KOWALCZYK!

    And thus, the subject stopped being about milk.
    I FELT LIKE YOU MISSED SOMETHING CRUCIAL IN YOUR ARGUMENT. I FIXED IT FOR YOU. NO NEED TO THANK ME.
    Edited by mod. Don't spam huge text blocks: you've already made your point.
    JUDGING BY YOUR COMMENT, MOD, IT SEEMS MY POINT HAS NOT YET BEEN MADE PROPERLY. I SHALL TRY TO MAKE MY POINT BETTER SO THAT IT WILL BE CLEARER TO EVERYONE. I APOLOGIZE FOR THE SUB-PAR MAKING OF MY POINT, I HOPE YOU WILL EXCUSE ME FOR THAT. THANK YOU MOD.

    AS A SMALL ASIDE, STOP USING DEPRECATED TAGS, AND CLOSE YOUR FUCKING STATEMENTS. I THOUGHT GEEKNIGHTS WAS TRYING TO GO PROFESSIONAL. DON'T SKIMP OUT ON THE FORUM SIDE.
    Post edited by Not nine on
  • edited May 2012
    It's a PDF reader. It always works. It opens every PDF perfectly every time. If the PDF has weird features like allowing you to type into the PDF (Burning Wheel character sheet), those features work. It's free. Name another PDF reader that does all that.

    As for your complaints. It's not slow. I've never encountered a bug. You've also previously heard my arguments about how it is stupid to care about "bloat." I don't give a shit about how much RAM or hard drive space a program uses, and you shouldn't either.

    Also, to add one more point. Distrusting software that comes from a web site with shitty graphic design is the same as ignoring an argument from someone in a forum, or ignoring a resume, because of bad grammar and spelling. Not smart enough, or willing to work hard enough, to get your grammar and spelling correct? Then clearly you aren't even worth listening to.
    Post edited by Apreche on
  • edited May 2012
    It's a PDF reader. It always works. It opens every PDF perfectly every time. If the PDF has weird features like allowing you to type into the PDF (Burning Wheel character sheet), those features work. It's free. Name another PDF reader that does all that.
    Apple Preview for OS X. :P

    Actually, does work as you describe, I give you that. I'm not even sure Sumatra lets you type into the PDF, but given how rarely I do so, it doesn't bug me (and I keep Adobe around for just those occasions anyway).
    As for your complaints. It's not slow. I've never encountered a bug. You've also previously heard my arguments about how it is stupid to care about "bloat." I don't give a shit about how much RAM or hard drive space a program uses, and you shouldn't either.
    It is slow, maybe due to its bloat or maybe not. "Bloat" in this case isn't only referring to only its outright size, RAM usage, etc., but due to its questionable features like JavaScript support. I mean, I can load a PDF in Sumatra (or OSX Preview) and get a good start on reading the first page in the amount of time it takes for the splash screen to load in Adobe Reader. If it loaded PDFs as quickly as the other PDF readers I've used, then I wouldn't complain about it either. However, it is noticeably slower at loading.

    Edit: Okay, I just tried loading a PDF in both now and noticed that Adobe canned the splash screen, so Reader does load significantly faster now -- fast enough that I can't tell the difference between it and Sumatra for the most part -- at least not within any reasonable margin of error. However, given some of the questionable design decisions in Adobe Reader, I still don't trust it as my primary PDF reader.
    Post edited by Dragonmaster Lou on
  • edited May 2012
    Part of providing security services for others is gaining their trust. This is why banks always make their branches and buildings really impressive. This is why people in the financial industry live lavishly and drive fancy cars. This is why military contractors conduct themselves so seriously. If you want someone else to trust you to protect their things, especially their money, then you have to put on airs to give the customer a feeling of safety.

    Yes, the feeling of safety has nothing to do with the actual security. It is possible to make people feel very safe and be the most insecure thing in the world. It is also possible to be super secure, but be very hard to trust.

    Despite that there is no causal relationship between the two. If you do not have the ability to make something secure, then it is very unlikely that you have the skill to make something feel secure. Thus, when something appears trustworthy and professional, it is, more often than not.

    And when it comes to software specifically, professional software may have just as many holes as any other software. But at least you know that when you download Adobe Reader from Adobe.com it won't have malware in it to begin with. That's a guarantee. When you download something like Joy2Key, sure it may not have security holes, but how do you know it isn't malware in and of itself? How do you know that pirate copy of Photoshop from Pirate Bay is really free of malware? You ran a useless anti-virus on it?
    Agreed. More importantly, this is not the same wild west as yesteryear. There are well established repo sites, communities, and professionals who will endorse your product (admonish, not so much - there's way too much malware on the internet). Until your project consists of multiple products (like the product, the documentation, the plug-in/fork/related side project, etc.), there's no reason not to make Google Code or Sourceforge your headquarters. Hell, how do we know the bright yellow site actually is the real creator? If you take out a few important details, it could just be some very clever phishing scheme.

    And until something is such a buggy mess that I deem it unusable, I'll stick to whatever comes by default/my OS recommends. I'm 90% certain I'm using Adobe for windows, and on my Linux Mint machine I use Evince, which came with the distro. Until the community that developed my system suggest otherwise, it will be good enough for me.

    I'd just like to add that Evince's main page looks stellar and very professional. But why does this pdf reader get free reign to have a home page? Because they know how to design it, and because they're hosted by fucking Gnome.
    Post edited by Schnevets on
  • Evince.
  • Just search for Sumatra PDF. You trust that shady looking site?
    It looks no shadier than a SourceForge site to me. The yellow is a bit eye-razory, and the URL is shady as shit, but the design of the site isn't that shady to me.
    You need to fix your shade-dar.
    Never ad a virus or Trojan. I'm either fine in the shadear department or the luckiest asshole ever.
Sign In or Register to comment.