-WARNING-

I'M GONNA DO IT!

Get updated, faggot.

This guy knows something.
In most cases, updating is just 'adding features'.
Don't add additional features.
If you want that features, just install other simple and stable programs and let them communicate with simple text files.

If this guy actually knows anything, it's probably that there's a big exploit out there which he wants to take advantage of to build a botnet that will soon be patched. Probably some crypto mining shit like the facebook messenger thing that went around recently.

A Thompson Hack has been injected in several gcc and linux binaries and by now it has probably infected thousands of systems.
It don't matter how LEEBRAY they are at the source level, what you run is a binary, and most probably one that has been compromised years ago.
Now you know.

The fuck is a "Thompson Hack"?

google it you fucking weeb.
when youre done we can then discuss it.

I did. It's terrifying.
wiki.c2.com/?TheKenThompsonHack

It already has started, faggot.

Just look at what Japmoot did to the site; he made it a full on botnet already.

End is nigh for you jackasses.

I know right
on a side note this kind of shit is why I install my os from a nonrewritable system onwhich the iso was burn from another safe system installed from a non-rewritable media. Its my concern a virus could manipulate an iso and inject itself into the new os.

Can't the virus just manipulate memory?
How do you even make memory read-only and it actually work in that case?

memory gets wiped on every reset. something would have to specifically attempt to retrieve data from the ram, relable it as an executable, and specifically execute said recovered executable.
why would a fresh os do this? If a "fresh" os were malicious to the point of recovering old viruses, why wouldnt it just skip the bullshit and download a fresh copy from the web and execute it that way

>read only
some programs do some sort of gymnastics to quarantine other programs from reading stuff that isnt their memory. those programs and I think the os aswell, have the ability to prevent this from happening. But the short answer is you dont, thats why shit like cheat engine works.

Internet access is not guaranteed.
A virus stub could exist reasonably undetected and grab the rest of itself from somewhere on the filesystem.

What we really need to do is segment memory access from all programs in a radical new kernel design. Make everything an encrypted (memory) virtual machine, I don't care.

>some programs do some sort of gymnastics to quarantine other programs from reading stuff that isnt their memory.
That's actually memory protection, isn't it? Which is done by every single modern OS

interesting idea but I dont see where such limited space is really an issue for a virus and if network access isnt available then what value is the new slave? I dont see it as reasonable to target computers without a way to report back unless you are specifically trying to worm into an offline network and communicate back though alternative means (speakers and mics trancieving at inaudible frequencies).

>virtual machines
Thats what I have moved to. Everything I do is in and spread across multiple virtual machines that are isolated and on multiple bridges. Everything is firewalled from even being able to talk to each other or anything else in any other network I own. Some virtual switches cant even go on the internet because that isnt required for their function.

>isnt it
idk
>moder os
Ive been under a rock for 10 years. Id expect and hope that it was implemented by now. Recently windows 10 has began using some shit to protect games memory, but thats windows 10 and we live in a world where shit is still unironically running windows 98.

People don't program viruses with those kinds of thoughts. Any computer that gets infected is a plus.

Aside from all CPUs being botnets, AMD's secure memory for virtual machines is promising, and on Epyc right now IIRC.

Youd be surprised.
There isnt as much checks as Id like to see in viruses, but youre right they are often rushed and half ass compilations of crap they found online. It seems standard procedure is to just keep checking for an internet connection. Ive seen them check so frequently and/or have memory leaks in the recheck function to the point it crashes the system if a network isnt present. Id imagine a good idea would be to check if there is a connection and if not sleep for an hour or so and check back. after so many checks only check once a day.

Ill have to look into the amd thing, sounds neat.

developer.amd.com/amd-secure-memory-encryption-sme-amd-secure-encrypted-virtualization-sev/
Their https certificate expired lmao, so you'll have to add an exception.

> AMD Secure Processor integrated within SoC ‒ 32-bit microcontroller (ARM Cortex-A5)
>ARM Cortex A5 - a microcontroller
I dont think so tim.jpg
the gymnastics they go through to avoid admitting there is yet another coprocessor hidden on the dame dye
>inb4 the nsa me think comes around to say that they can remotely decrypt your ram at will
>inb4 they can actually remotely decrypt your ram at will

Honestly, with how processors are built, if you're "trusting" the main processor, you might as well trust the co-processor(s) running who the fuck know what, since your main processor is probably doing worse.
The only escape is open schematics that you can 3D print/produce at home.

I agree.

>HW MEMORY ENCRYPTION – SECURE ENCRYPTED VIRTUALIZATION (SEV)
>Protects VMs/Containers from each other, administrator tampering, and untrusted Hypervisor
>One key for Hypervisor and one key per VM, groups of VMs, or VM/Sandbox with multiple containers
>Cryptographically isolates the hypervisor from the guest VMs
>Integrates with existing AMD-V technology
>System can also run unsecure VMs
I need this.

Rejoice. The needed patches are already incorporated into the Linux kernel.