Re: [Gimp-user] Update blocked by trend micro

[Michael Schumacher <schumaml gmx de>]

On 15.11.21 22:55, Ruben Safir wrote:

> On Mon, Nov 15, 2021 at 09:31:20PM +0100, Jernej Simončič wrote:
> > On Monday, November 15, 2021, 13:31:01, Ruben Safir wrote:
> >
> > > In the last 40 years in the GNU field I have heard a lot of bad advise
> > > but rarely as bad as this.  Ignore this advise by Rick Strong and
> > > ditch tend micro - ASAP.
> >
> > I kind of doubt that TrendMicro is the problem,
>
> Set aside with the doubts because they ARE the problem

Ruben, I am pretty sure that the core issue in this thread is experience.


A bit of background:

Security is a process.

For any kind of effective security measures, you have to go through at
least a planning, and implementing and an operations stage. That means
you collect the requirements you have, evaluate what solutions there
are, which of them best suits your needs, decide which one you are going
to use, then install and configure it to your needs, and then run it,
update it, review its findings, keep yourself updated on any of its
known issues, and so on.

At every stage, you will learn a lot if you want to do them properly.

BTW, I know that this is a rather rough and imprecise summary.

Now, any of these stages can become arbitrarily short. Especially if you
are not an employee at a company who gets paid for doing them and
learning, but a user at home who follows the results of a "download
antivirus" query in Google Search and clicks through the installer.

If in doubt, you lack the time, motivation, and maybe the skills to do
more than that, and an issue like that makes you hesitate. And then you
ask people who may know more about the issue, for example people who are
involved with and/or use the application your antivirus just flagged
with a more or less cryptic message.

What would you prefer to read as a reply:

- a flat statement that the antivirus you are using is bad and you
should use something else, without specifying what something would be
good, and why?

- and explanation of what may have happened, what can be done to examine
if that was indeed the case, and potential remedies without changing
your system more than necessary?

It is a well-known fact that every antivirus software will occasionally
find a so-called false positive, a file that is marked as containing a
potential malware. Doing that makes none of them worse than any of its
competition. You usually get a way to upload suspicious files to the
vendor of the software to have it examined - this provides you with a
report of what they found, and gives them an opportunity to improve the
detection and avoid that same issue in future updates.


Now, it is perfectly fine to keep up the statement that "they
[TrendMicro] are the problem" *IF* you can add some
verifiable/falsifiable facts to help others to determine this for
themselves.

This mailing list is not necessarily the best place to do so, however -
I'd do this in a place where other security experts, including outspoken
(but fair) critics of antivirus software, are around and can challenge
your statement.

If this was too much text, let me add one final fact:
We know of no general issues of any specific antivirus solution and the
GIMP installers.

--
Regards,
Michael
GPG: 96A8 B38A 728A 577D 724D 60E5 F855 53EC B36D 4CDD