TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
Considering how many people purposefully run older versions of the NVidia drivers for stability concerns, because newer versions cause crashes/BSODs, I can see this being a real problem moving forward
I'm still waiting for the driver to increment past X.70 because I don't remember which one was the unstable one (I think it was X.67 but I can't be certain). Now I guess I'll have to update it. In general, I have been installing new drivers as they are pushed, unless I hear something from here or Reddit regarding suspect drivers.
I believe the one before x.67 was the one causing issues as x.67 fixed it.
Currently on x.70 and everything seems fine.
And speak of the devil a new update came out today. So I will wait a week before installing it.
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
And speak of the devil a new update came out today. So I will wait a week before installing it.
General consensus is that the latest drivers are broken as all get out. It's recommended to use something later than x.67, but certainly stay away from 375.86.
That explains why my comp freaked out when I attempted to update at the end of the night last night. So I shut off the monitors and let it take its course. We'll see how everything shook out when I get home tonight.
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
That explains why my comp freaked out when I attempted to update at the end of the night last night. So I shut off the monitors and let it take its course. We'll see how everything shook out when I get home tonight.
How did it freak out, if you don't mind my asking?
My computer freaked out last night too - But it turned out to be a HUGE false positive caused by Microsoft Windows Defender. It was panic inducing, but ultimately harmless.
Though, if you're talking about NVidia updates, yeah, 375.86 seems to be causing some serious throttling issues across the board.
Once I told GFE to install, both screens went dark, then only GFE showed up; then parts of the rest of the screen slowly started to come back. The whole time, GFE still said it was "starting the install." By that point, it was nearly midnight and I didn't want to hazard a hard reboot, so I just let it sit. I managed to be able to kill off most of the running programs; which may have been part of the problem. I'm assuming a video driver update leans heavily on the pagefile, so closing programs mid-install was probably not my smartest move.
it looks like Visual C++ 2005 runtimes are now considered end of life. Uninstall if you can. Gotta love how those runtimes sneak onto machines and are often older versions that have security vulnerabilities unless they're patched
JohnnyCacheStarting DefensePlace at the tableRegistered Userregular
I have another odd/newb question.
I put kali linux on a junk laptop I have, for schoolwork, and then took a couple math classes in a row and didn't do any networking stuff for about 8 weeks.
I forgot the root password.
No big deal, right, there's a couple ways to get it, overwrite it, or even I could just re-install, because it was a blank factory install with no data on it
But, I found a step-by-step to write a new root password in this video here .
It worked fine
Now my questions are - surely this isn't a bug, right? This is intended functionality? If so, was password recovery the thinking, or...? Also, what did I actually do, cause I don't really know, and is there anything I need to change back? Thirdly: Can this be hardened so anyone with my laptop can't just turn it on and change the root password?
Yes, it's intentional. All you did was told it to mount the filesystem in read-write mode instead of the default read-only mode so your changes would be saved and then told it to start a bash shell so you could enter the commands.
If an attacker has physical access to the machine, you've already lost. You're only protection from that scenario is to use full-disk encryption, but a forgotten password then means you lose all your data.
Just remember that half the people you meet are below average intelligence.
+1
Options
JohnnyCacheStarting DefensePlace at the tableRegistered Userregular
Yes, it's intentional. All you did was told it to mount the filesystem in read-write mode instead of the default read-only mode so your changes would be saved and then told it to start a bash shell so you could enter the commands.
If an attacker has physical access to the machine, you've already lost. You're only protection from that scenario is to use full-disk encryption, but a forgotten password then means you lose all your data.
all the data from that machine is on a thumbdrive around my neck.
I'm not the most technically savvy person, but if it's in my pocket, it's wrench-encrypted
Yes, it's intentional. All you did was told it to mount the filesystem in read-write mode instead of the default read-only mode so your changes would be saved and then told it to start a bash shell so you could enter the commands.
If an attacker has physical access to the machine, you've already lost. You're only protection from that scenario is to use full-disk encryption, but a forgotten password then means you lose all your data.
all the data from that machine is on a thumbdrive around my neck.
I'm not the most technically savvy person, but if it's in my pocket, it's wrench-encrypted
If you don't have full encryption, like @SiliconStew said, there's nothing you can do to prevent someone with physical access to your machine from accessing your stuff. If you lose the password in this case there is nothing you can do except a fresh install.
0
Options
JohnnyCacheStarting DefensePlace at the tableRegistered Userregular
Yes, it's intentional. All you did was told it to mount the filesystem in read-write mode instead of the default read-only mode so your changes would be saved and then told it to start a bash shell so you could enter the commands.
If an attacker has physical access to the machine, you've already lost. You're only protection from that scenario is to use full-disk encryption, but a forgotten password then means you lose all your data.
all the data from that machine is on a thumbdrive around my neck.
I'm not the most technically savvy person, but if it's in my pocket, it's wrench-encrypted
If you don't have full encryption, like @SiliconStew said, there's nothing you can do to prevent someone with physical access to your machine from accessing your stuff. If you lose the password in this case there is nothing you can do except a fresh install.
I've always understood that someone could say, take the drive out and stick it in another computer, or boot from another bootable media, or any one of a few other things once they were holding the machine. I'm just a little shocked one of them was THIS easy.
This is effectively what you are doing. For Linux, what is happening when you turn on your computer is that it boots into GRUB rather than Linux directly, and GRUB then boots into Linux proper. How exactly it does that is up to a configuration file (the thing you edited). The changes you made to the configuration file told it to load the disk as read/write (which is normally read only so that something like changing the password isn't possible), and to load bash instead of booting up the gnome desktop.
I use Kaspersky (licenses are cheap on Amazon). The UI's a lot better than last years (they brought back shut down on completing scans), and it's as over aggressive as ever. Even the basic antivirus, much less the security suite, probably has way more options than the average person would need.
On the other hand, BitDefender (the least I've heard of it) is perfectly serviceable too.
I use Windows Defender in Win10 and don't have any problems. If you aren't clicking everything in your e-mail, you're probably good.
If you're hanging around on Win7/8, then Bitdefender and Kaspersky are both rated highly.
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
Reminder that there's no such thing as "Safe Surfing". You don't have to be clicking willy-nilly, opening every email attachment, or visiting disreputable/dangerous websites to be hit by a drive-by infection.
+4
Options
OrcaAlso known as EspressosaurusWrexRegistered Userregular
Blocking 3rd party domains at the connection level helps quite a bit (but is neither necessary nor sufficient).
Speaking of all this, it's probably time for me to run another update/scan with MBAM and Spybot S&D.
I'm unfamiliar with spybot. How necessary is it if I have Kaspersky and run an occasional malwarebytes scan?
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
If I recall correctly, Spybot S&D fell out of favor years ago for more or less being ineffective at the time. I'm not sure how well it's held up since then.
My personal opinion is that if you're running MBAM, you shouldn't need Spybot.
Last I heard BitDefender has issues on Win 10. Don't know if they fixed them or not, though.
anecdotally, I've been running the free version of bitdefender on win 10 and had no problems.
The issue was it was basically not updated or something so it ran, but wasn't really doing anything if I recall correctly. But that does seem odd, so yeah.
Reminder that there's no such thing as "Safe Surfing". You don't have to be clicking willy-nilly, opening every email attachment, or visiting disreputable/dangerous websites to be hit by a drive-by infection.
Well yeah, that's why you need an ad blocker and NoScript for your browser, too.
a5ehren on
+1
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
Reminder that there's no such thing as "Safe Surfing". You don't have to be clicking willy-nilly, opening every email attachment, or visiting disreputable/dangerous websites to be hit by a drive-by infection.
Well yeah, that's why you need an ad blocker and NoScript for your browser, too.
Also preferably virtualization or sandboxing on top of that.
0
Options
ShadowfireVermont, in the middle of nowhereRegistered Userregular
I use Windows Defender in Win10 and don't have any problems. If you aren't clicking everything in your e-mail, you're probably good.
If you're hanging around on Win7/8, then Bitdefender and Kaspersky are both rated highly.
I'm not a huge fan of Kaspersky, but that's less for its effectiveness, and more because of the way it's just totally fucking breaking lately. Safe Money has been causing problems with sites, the certificates Kaspersky uses has been blocking legitimate https sites (like fucking Google)... the program is a mess.
Which is too bad, because they're great security researchers.
I recommend anything other than Kaspersky. Use nothing, because installing Kaspersky is basically giving up.
Kaspersky has been found to exfiltrate data from computers it's installed on, and Russian laws mean that any data they hold is freely available to the Russian government.
Do not use Kaspersky unless you are comfortable with Putin having access to everything on your PC.
I use Windows Defender in Win10 and don't have any problems. If you aren't clicking everything in your e-mail, you're probably good.
If you're hanging around on Win7/8, then Bitdefender and Kaspersky are both rated highly.
I'm not a huge fan of Kaspersky, but that's less for its effectiveness, and more because of the way it's just totally fucking breaking lately. Safe Money has been causing problems with sites, the certificates Kaspersky uses has been blocking legitimate https sites (like fucking Google)... the program is a mess.
Which is too bad, because they're great security researchers.
I've never once used Safe Money--mostly because I know it's going to break every other extension I use in Chrome by design. Hell, the <10 extensions I use in Chrome regularly cause conflicts with Google, including those promoted by Google's Parent Company, because Chrome is fucking bonkers, and I'm an idiot for stubbornly returning to it. That would be my suggestion.
I recommend anything other than Kaspersky. Use nothing, because installing Kaspersky is basically giving up.
Kaspersky has been found to exfiltrate data from computers it's installed on, and Russian laws mean that any data they hold is freely available to the Russian government.
Do not use Kaspersky unless you are comfortable with Putin having access to everything on your PC.
I'll bite--would you mind elaborating? Out of a morbid curiosity, as I've heard this theory presented before--and I won't lie that it reminds me of family I have overseas that, a ~2 years ago, discarded their phone plans from US-backed companies because, roughly translated from Mandarin, "Don't use these phone plans unless you are comfortable with Obama having access to all your phone conversations." Now, they just don't use cell phones when they visit the US (which admittedly you can actually adapt to fairly easily).
I recommend anything other than Kaspersky. Use nothing, because installing Kaspersky is basically giving up.
Kaspersky has been found to exfiltrate data from computers it's installed on, and Russian laws mean that any data they hold is freely available to the Russian government.
Do not use Kaspersky unless you are comfortable with Putin having access to everything on your PC.
I'm going to stick a big fat [citation needed] on this, besides the standard "sends back virus samples if the heuristics detect something", which every AV does.
A lot of people who otherwise know what they're talking about have no issues recommending Kaspersky, so I can't imagine they would do so if it was actually sending data to Russia.
(Also if Russia or any other state-sponsored actor wants to get your data, there's nothing you can do to stop them. They aren't going to booby-trap AV software when they can do a million other things.)
In case it wasn't clear, I was genuinely interested in the reasoning--I have exactly 50 days left on my Kaspersky IS subscription, so I'm going to have to make another decision eventually.
Likewise, I can empathize with my extended family's concerns in the wake of those scandals. Sometimes vigilance can be warranted.
I use Windows Defender in Win10 and don't have any problems. If you aren't clicking everything in your e-mail, you're probably good.
If you're hanging around on Win7/8, then Bitdefender and Kaspersky are both rated highly.
I'm not a huge fan of Kaspersky, but that's less for its effectiveness, and more because of the way it's just totally fucking breaking lately. Safe Money has been causing problems with sites, the certificates Kaspersky uses has been blocking legitimate https sites (like fucking Google)... the program is a mess.
Which is too bad, because they're great security researchers.
I've never once used Safe Money--mostly because I know it's going to break every other extension I use in Chrome by design. Hell, the <10 extensions I use in Chrome regularly cause conflicts with Google, including those promoted by Google's Parent Company, because Chrome is fucking bonkers, and I'm an idiot for stubbornly returning to it. That would be my suggestion.
I recommend anything other than Kaspersky. Use nothing, because installing Kaspersky is basically giving up.
Kaspersky has been found to exfiltrate data from computers it's installed on, and Russian laws mean that any data they hold is freely available to the Russian government.
Do not use Kaspersky unless you are comfortable with Putin having access to everything on your PC.
I'll bite--would you mind elaborating? Out of a morbid curiosity, as I've heard this theory presented before--and I won't lie that it reminds me of family I have overseas that, a ~2 years ago, discarded their phone plans from US-backed companies because, roughly translated from Mandarin, "Don't use these phone plans unless you are comfortable with Obama having access to all your phone conversations." Now, they just don't use cell phones when they visit the US (which admittedly you can actually adapt to fairly easily).
Don't think this is limited to Kaspersky. There have been vulnerabilities in all of the software of the big AV players that makes me seriously question if they're qualified to be writing security software.
0
Options
ShadowfireVermont, in the middle of nowhereRegistered Userregular
I use webroot because it's lightweight and allows me to customize just how intrusive I want it. If that changes, I'll just go back to Defender.
Posts
Currently on x.70 and everything seems fine.
And speak of the devil a new update came out today. So I will wait a week before installing it.
General consensus is that the latest drivers are broken as all get out. It's recommended to use something later than x.67, but certainly stay away from 375.86.
How did it freak out, if you don't mind my asking?
My computer freaked out last night too - But it turned out to be a HUGE false positive caused by Microsoft Windows Defender. It was panic inducing, but ultimately harmless.
Though, if you're talking about NVidia updates, yeah, 375.86 seems to be causing some serious throttling issues across the board.
Enlist in Star Citizen! Citizenship must be earned!
I put kali linux on a junk laptop I have, for schoolwork, and then took a couple math classes in a row and didn't do any networking stuff for about 8 weeks.
I forgot the root password.
No big deal, right, there's a couple ways to get it, overwrite it, or even I could just re-install, because it was a blank factory install with no data on it
But, I found a step-by-step to write a new root password in this video here .
It worked fine
Now my questions are - surely this isn't a bug, right? This is intended functionality? If so, was password recovery the thinking, or...? Also, what did I actually do, cause I don't really know, and is there anything I need to change back? Thirdly: Can this be hardened so anyone with my laptop can't just turn it on and change the root password?
I host a podcast about movies.
If an attacker has physical access to the machine, you've already lost. You're only protection from that scenario is to use full-disk encryption, but a forgotten password then means you lose all your data.
all the data from that machine is on a thumbdrive around my neck.
I'm not the most technically savvy person, but if it's in my pocket, it's wrench-encrypted
I host a podcast about movies.
If you want full disk encryption you have to install as such:
http://docs.kali.org/installation/kali-linux-encrypted-disk-install
If you don't have full encryption, like @SiliconStew said, there's nothing you can do to prevent someone with physical access to your machine from accessing your stuff. If you lose the password in this case there is nothing you can do except a fresh install.
I've always understood that someone could say, take the drive out and stick it in another computer, or boot from another bootable media, or any one of a few other things once they were holding the machine. I'm just a little shocked one of them was THIS easy.
I host a podcast about movies.
That's the kind of thing is something you'd drop almost a grand on for someone to do for you.
I use Kaspersky (licenses are cheap on Amazon). The UI's a lot better than last years (they brought back shut down on completing scans), and it's as over aggressive as ever. Even the basic antivirus, much less the security suite, probably has way more options than the average person would need.
On the other hand, BitDefender (the least I've heard of it) is perfectly serviceable too.
None of the above.
anecdotally, I've been running the free version of bitdefender on win 10 and had no problems.
I use Windows Defender in Win10 and don't have any problems. If you aren't clicking everything in your e-mail, you're probably good.
If you're hanging around on Win7/8, then Bitdefender and Kaspersky are both rated highly.
Speaking of all this, it's probably time for me to run another update/scan with MBAM and Spybot S&D.
I'm unfamiliar with spybot. How necessary is it if I have Kaspersky and run an occasional malwarebytes scan?
My personal opinion is that if you're running MBAM, you shouldn't need Spybot.
The issue was it was basically not updated or something so it ran, but wasn't really doing anything if I recall correctly. But that does seem odd, so yeah.
Well yeah, that's why you need an ad blocker and NoScript for your browser, too.
Also preferably virtualization or sandboxing on top of that.
I'm not a huge fan of Kaspersky, but that's less for its effectiveness, and more because of the way it's just totally fucking breaking lately. Safe Money has been causing problems with sites, the certificates Kaspersky uses has been blocking legitimate https sites (like fucking Google)... the program is a mess.
Which is too bad, because they're great security researchers.
Kaspersky has been found to exfiltrate data from computers it's installed on, and Russian laws mean that any data they hold is freely available to the Russian government.
Do not use Kaspersky unless you are comfortable with Putin having access to everything on your PC.
I've never once used Safe Money--mostly because I know it's going to break every other extension I use in Chrome by design. Hell, the <10 extensions I use in Chrome regularly cause conflicts with Google, including those promoted by Google's Parent Company, because Chrome is fucking bonkers, and I'm an idiot for stubbornly returning to it. That would be my suggestion.
I'll bite--would you mind elaborating? Out of a morbid curiosity, as I've heard this theory presented before--and I won't lie that it reminds me of family I have overseas that, a ~2 years ago, discarded their phone plans from US-backed companies because, roughly translated from Mandarin, "Don't use these phone plans unless you are comfortable with Obama having access to all your phone conversations." Now, they just don't use cell phones when they visit the US (which admittedly you can actually adapt to fairly easily).
I'm going to stick a big fat [citation needed] on this, besides the standard "sends back virus samples if the heuristics detect something", which every AV does.
A lot of people who otherwise know what they're talking about have no issues recommending Kaspersky, so I can't imagine they would do so if it was actually sending data to Russia.
(Also if Russia or any other state-sponsored actor wants to get your data, there's nothing you can do to stop them. They aren't going to booby-trap AV software when they can do a million other things.)
Likewise, I can empathize with my extended family's concerns in the wake of those scandals. Sometimes vigilance can be warranted.
This is somewhat older and is mostly speculation: https://www.bloomberg.com/news/articles/2015-03-19/cybersecurity-kaspersky-has-close-ties-to-russian-spies
It's also worth mentioning that one of Kaspersky's upper management people was arrested for treason this month (in Russia, not the US).
Kaspersky in general is not a very good program:
http://www.pcworld.com/article/3154608/security/https-scanning-in-kaspersky-antivirus-exposed-users-to-mitm-attacks.html
https://bugs.chromium.org/p/project-zero/issues/detail?id=978
http://blog.talosintel.com/2016/08/vulnerability-spotlight-multiple-dos.html
Don't think this is limited to Kaspersky. There have been vulnerabilities in all of the software of the big AV players that makes me seriously question if they're qualified to be writing security software.