[UPDATE #3: It's 5:30AM local, now. I'll check back periodically, but I really need to get some sleep. ^AG]

[UPDATE #2: It's 5:30PM local and I think I am going to call it an evening. I would like to thank all of you for joining me today and your interesting and thought-provoking questions. Stay safe online, now! ^AG]

[UPDATE #1: It's 2:30PM local and I'm taking a brief AFK break. Back in a bit. ^AG]

Hello,

My short bio:
In September 1989, I became John McAfee's first employee at McAfee Associates, where I answered the phone at the kitchen table. Just three years later, in October 1992, the company went public with only about three dozen employees, one of the fastest IPOs at the time, especially given the staff size.

In 1995, I followed John McAfee to his next startup, where we pioneered instant messaging software, inventing many of the features now in use today. Sadly, the dot-com bubble burst before that technical success could become a commercial one. In the background, I continued my participation in trust groups like TH-Research (trojan horse), DA (bots), MWP (malicious websites and phishing) and ZERT (to name a few), which lead to the formation of the Internet Security Operations Task Force and the Internet Security Operations and Intelligence conferences which grew out of that.

Today, some thirty years later, I find myself the Distinguished Researcher for ESET, a large global security provider, where I help create the next generation of security technologies, act as an internal technical resource and even occasionally post memes. Every so often I am able to share some of my research with the public via their blog.

Along the way to doing all of that, I helped tens of thousands of people with computer hardware, software and networking issues, ranging from fax and phone calls to BBSes, through online services and now the world-wide web. That culminating in me being recognized by Microsoft with their MVP Award for 14 consecutive years. As an MVP I was able to help Microsoft by giving early feedback and introduce features to better help their users.

I still continue to participate in private and public groups, including volunteering as staff at tech news site Neowin, with former ComputerWorld Editor-In-Chief Scot Finnie's, here and there in places on Reddit like /r/24hoursupport/ (well, mostly their Discord server), and at computer manufacturer Lenovo, for whom I'm also a brand advocate (what they call their Lenovo INsiders).

My Proof: https://twitter.com/ESET/status/1174827286018842624

Some fine print before we begin (or, in other words, things that make HR, PR, lawyers, marketing and bosses happy): I'm not here to promote something like a new software release from ESET—they release new versions of their software all the time, and have a PR team that does that for them. This Reddit AMA is being done by me as a personal activity because I thought be something interesting to do my on 30th anniversary in the industry and the views expressed are solely mine and not endorsed by ESET, Lenovo, McAfee, Microsoft or Neowin. That said, I have a lot of good ideas that are eminently practical and they should listen to them...

TL;DR: I am Aryeh Goretsky, and you may ask me almost anything.

Regards,

Aryeh Goretsky

Comments: 155 • Responses: 65  • Date: 

gruntothesmitey70 karma

On a scale of "the spiders are under my skin" to "the moon is making me do things", how batshit insane was McAfee back then as compared to now?

goretsky96 karma

Hello,

I had first met Mr. McAfee in the late 1980s while I was still in high school, after being a caller on a BBS that he acquired from the original owner.

At that time, he was still working as an engineer for LMCO, and while he said outrageous things even back then, a lot of it was tongue-in-cheek type humor obviously mean to be facetious.

He kept things together pretty well through his entire time at McAfee Associates and through Tribal Voice, a span of about 11 or so years in which we were pretty much constant contact. After 2001, the contacts became fewer and fewer over time, and the reporting turned from being more about his companies to being more about him, and became more extreme and exaggerated. He then largely faded out of media coverage except for some coverage about his ultralight flying until events in Belize brought him back into the limelight.

That said, you have to understand that Mr. McAfee is incredibly smart, and tends to react quickly and goes about creating on almost on an instinctual level of knowing what to say to get the kind of exposure he is looking for.

I remember him spending a lot of time and thinking very hard about what exactly to say in things like press releases and statements, in order to convey his message.

This is very similar to what celebrities and politicians do, but as with those, it often becomes an oscillating effect of "what can I do to top this" which becomes more and more outrageous with each new addition to the mythos.

Regards,

Aryeh Goretsky

Retireegeorge13 karma

Nice answer

goretsky6 karma

Hello,

Thank you for your kind words, RetireeGeorge.

Regards,

Aryeh Goretsky

fadingfastsd38 karma

In 1988, Dade "Zer0 Cool" Murphy crashed 1,507 computers in a single day, causing a 7-point drop in the NYSE. Did this legendary hack have any influence on you getting involved in the cybersecurity industry the next year?

goretsky25 karma

Hello,

The Morris Worm (1988) and the Datacrime computer virus the following year generated some local TV news coverage for Mr. McAfee. Having seen him appear twice on television, I simply asked him for a job and he hired me. I had helped a few times with things like envelope stuffing to ship out information packets about computer viruses, so was something of a known quantity.

The next threat to arise, the AIDS Introductory Information Diskette), kind of cemented that, with my running various errands for Mr. McAfee as the media descended upon his house.

Regards,

Aryeh Goretsky

froggacuda16 karma

Can you confirm or deny that you hacked the Gibson and copied their trash file to a floppy disc?

goretsky24 karma

Hello,

We were all reading William Gibson's Neuromancer in the office in 1990, as well as listening to Information Society's HACK CD. The last track was (if memory serves) titled "300 7E1" and, as one might suspect with a name like that, a recording of a modem. I built a 2.5" to RJ11 cable to pipe the audio from the CD into my modem, ran Procomm Plus, hit play on the CD and ended up with a story about the band while they were touring in Brazil, I think. Good times, indeed.

Regards,

Aryeh Goretsky

_haha_oh_wow_6 karma

Pretty sure I've seen you on there before but just in case I'm mistaken, check out r/Cyberpunk

goretsky14 karma

Hello,

You would not be mistaken.

Regards,

Aryeh Goretsky

xrandx5 karma

ran Procomm Plus

It had Y-modemG! You could resume downloads when call waiting nuked you!

goretsky10 karma

Hello,

There were certainly advantages to using YMODEM-g, however, I had taken over the running McAfee Associates BBS (originally called Homebase) from Mr. McAfee and ZMODEM was a better choice. Phone calls cost money, and most of our callers were long distance or international long distance using the GUEST USER account to download our software. It had to be as fast and as reliable as possible for them to get on, download and get off to allow the next person on for their download.

The BBS was very much at the center of McAfee Associates revenue stream, at least pre-IPO.

Regards,

Aryeh Goretsky

D1UNVE25 karma

Do you think he will really eat his dick if btc doesnt hit 1,000,000 next year?

goretsky52 karma

Hello,

I think you have to understand that Mr. McAfee says a lot of things that are not necessarily true... or necessarily false, for that matter.

What he does do--and he is quite brilliant at this--is saying things which capture people's attention and gets them talking about him, or whatever it is that he wants to bring to the public's attention.

The fact that you've brought this up some two years after his public pronouncement indicates to me that he has not lost his touch after all these years.

Regards,

Aryeh Goretsky

boston_shua19 karma

Aryeh, please answer this question. No more deflection. Will he eat his penis? Yes or no?

goretsky24 karma

Hello,

There really is no way of telling. If knowing the answer is that important to you, I think it would be best to ask him yourself directly via social media.

Regards,

Aryeh Goretsky

boston_shua8 karma

Aryeh, if it were you. And you had to eat penis. Would you grill it or eat it sashimi style?

goretsky54 karma

Hello,

Shortly after I started working for him, Mr. McAfee made me some vegetable soup in his kitchen at home, a family recipe. It was getting into fall, but in the Bay Area at that time of year that meant mostly patchy clouds and blustery winds than stormy skies.

It was a vegetable soup, and a family recipe, he told me. He got various root vegetables and a tomato out of the refrigerator, cut them up and put them into a small stove pot. He may have peeled the tomato--I do not recall exactly. Then, he explained the secret of his vegetable soup to me: Adding a full glass of water to the pot and letting it cook.

Again, you have to take a look at the context of things: It was 1989, and 19 year old me had lead a very sheltered life. My mom cooked dinners, or we went out to a restaurant on occasion. But men cooking in the kitchen was different to me.

The soup was delicious.

A few times in the years afterward, I asked Mr. McAfee for the exact recipe to his vegetable soup, but he would always change the subject or never reply.

Regards,

Aryeh Goretsky

PorkRindSalad4 karma

Asking for a friend

goretsky6 karma

Hello,

I once asked a question for a friend, too. I hope things go well and you were able to help your friend.

Regards,

Aryeh Goretsky

daxxruckus22 karma

Hi, /u/goretsky,

In 1983, David Lightman used an IMSAI 8080 to perform a war dialing attack on a range of phone number in Sunnyvale, CA and ended up accessing a NORAD supercomputer, WOPR (War Operation Plan Response). He ended up kicking off a simulation of Global Thermonuclear War that triggered an actual Threat Response scenario at NORAD who thought actual Soviet nuclear missiles were inbound.

Do you think a scenario like this is still possible given current day cybersecurity enhancements?

goretsky24 karma

Hello,

Okay, this is getting a little off-track, but let me share with you what little I know of nuclear incidents under the mountain.

Back in the mid 1990s I had nice view from my backyard of Cheyenne Mountain, under/inside of which NORAD was located. It was eighteen years ago that all flights were grounded, and I remember going outside that day and how quiet it was with virtually no ground or air traffic. The sole exception being the rumble-whine of an Air Force fighter looping through the sky overhead on actual combat air patrol over this most American of cities. It was a scary time, and a fearful one. The grim resolve that arose out of that time changed us and warped us in ways I am not proud of, culminating in a generation at war both everywhere and, increasingly, nowhere at all because it was now occurring in that fifth domain, the cyber.

I have heard tales from personnel who worked under the mountain about near nuclear mishaps they have had (training simulations being mistaken for live actions due to miscommunication during a shift change) and am sometimes surprised a limited nuclear exchange hasn't happened already.

It was almost two years ago to the day that Stanislawv Petrov passed away. I remain glad that people like him were on duty at the times they were.

Regards,

Aryeh Goretsky

BruceRL6 karma

beautiful prose, not to mention a fascinating answer

goretsky8 karma

Hello,

Thank you. I was an adult when 9-11 happened, and I think there are a lot of Redditors who were not of age to understand what had happened, or maybe not even born back then.

It was one of those inflection points or nexuses that changed us and, in many respects, not for the better.

I should have mentioned this in the post but did not, so I'll mention it here: I'm not a fan of the prefix "cyber-" or using it as a stand-alone word.

You don't deal with cybercrime. You deal with crime.

You don't deal with cyberwarfare. You deal with warfare.

Prefixing and using the 'cyber', to me, feels more like someone's money grab or attempt to ratchet up fears in search of a desired outcome. Whenever someone uses it, take a careful look at not just what they are trying to say, but what they are trying to accomplish.

That said, I have used it in presentations and talks from time-to-time, but I am very careful about how and when.

Regards,

Aryeh Goretsky

punk_00013 karma

How do you feel about the nature of security products like ESET/McAffee/BitDefender etc essentially being allowed low level administrative access to a local machine and its functions? Does your product go through a third party code review to check for vulnerabilities? Does antivirus have a future an increasingly mobile world?

goretsky21 karma

Hello,

Defenders need to operate in the same places that the attackers go, otherwise, you are going to have limited understanding of what you are defending against and how you are protecting it.

Code reviews are kind of a part of any software project, aren't they? In ESET's specific case, the company acquired a company (the third-party firm). I'm not sure if that makes them a third-party, though, still. ESET, like other companies, has a vulnerability reporting program, and I think it is important for companies to be active in accepting reports about security vulnerabilities. I do wish the guy (gal?) who kept trying to pop a JavaScript alert box on our forum would cut it out, though; it's out of scope and, frankly, boring.

There's actually no such thing as antivirus software, anymore. More seriously, I got into this in more detail a couple of years ago, about how the bad things changed and evolved over time. The mobile (smartphone, tablet, etc.) space has security challenges, some of which are identical to the desktop (including server and laptop) space, but some of which are more different (new modalities of privacy that you might not have conceived of in 1989). There are forms of criminality as well as a large ares of privacy-invasive actions, and I think there needs to be protection against those being abused, both at a technical and legal levels. A thief wants your money regardless of whether you access it on a desktop or a smartphone.

Regards,

Aryeh Goretsky

UnmeshDatta2612 karma

In all your years of experience in information security, what is the worst experience or incident of a security breach you've ever seen? Also, were there any viruses that the public may not have heard about but were very dangerous back in the day?

goretsky21 karma

Hello,

The OPM hack comes immediately to mind in terms of severity. There have been far larger ones like Yahoo!'s, but that pales in terms of national security compared to OPM. I am not sure if you consider it a breach, per se, but the Stuxnet worm also brought to the public's attention a realm of conflict that I think many had delegated to the realm science fiction.

A lot of the earliest DOS-based computer viruses intentionally caused damage: The Disk Killer (aka Computer Ogre) computer virus and Dark Avenger (aka Eddie) computer virus were two that altered data and that was highly problematic back in a time when backups were a rarity.

Regards,

Aryeh Goretsky

froggacuda10 karma

Security researchers with your longevity and experience are sometimes thrust into weird and unique situations. Can you describe the most bizarre task you have ever tackled or most unsavory discovery you have made without requiring mandatory /r/Eyebleach?

goretsky19 karma

Hello,

I once assisted with a law enforcement investigation into CSAM (child sexual assault material, aka kiddie porn).

All that I was doing was simply helping the police identify the format of some CDs they had recovered (asking and answering questions about the structure) of the CD, not the contents), but each time afterwards, I ended up taking a hot shower until the water began to get tepid, just to get the thought of what might be on those out of mind.

By the way, it turned out they were video CDs encoded in a format not covered by the Red Book that could be read by SCSI CD-ROMs with modified firmware and Amiga CD32's, as I recollect.

I also had to do some investigations involving the display of Mac-specific fake AV programs on porn sites, which was frankly just boring and a little depressing.

Regards,

Aryeh Goretsky

IceWizardGrayz8 karma

Do you think McAfee Anti-virus software is any good?

goretsky26 karma

Hello,

When I worked there (1989-1995) I thought it was the best anti-virus out there. Nowadays, I work for a competitor and have different opinions about what is good and why.

Regards,

Aryeh Goretsky

Lolaiscurious7 karma

Was he has deranged when you worked for him back then as he seems to be now?

Did you ever think he would murder someone?

goretsky19 karma

Hello,

Please see replies here and here. There's a big difference between being actually deranged and carefully cultivating a public persona.

As for your other question, I really couldn't say.

Regards,

Aryeh Goretsky

froggacuda7 karma

Would you rather fight 1 horse sized duck, or 100 duck sized horses?

goretsky31 karma

Hello,

This guy gets it.

100 duck-sized horses, but I would try to safely capture as many of them them as possible, because I could then try and establish a stable and start a breeding program for duck-sized horses as pets, and I think a lot more people would like a duck-sized horse for a pet than a horse-sized duck.

Regards,

Aryeh Goretsky

original_greaser_bob7 karma

who do you want to play Aryeh Goretsky when they make the John Macafee bio-pic?

goretsky52 karma

Hello,

I think that I mentioned this before on Reddit, but since I cannot find a link, I'll just paraphrase for now.

I had actually thought about this a while ago, and decided that I wanted an actor who looked at least a little bit like me to play me, since Hollywood is usually so full of people with these unrealistic portrayals of what their bodies look like and such.

I was quite pleased when I found an actor who aside from physical similarities, seemed to have a sense of humor and joie de vivre that I think would make a great match.

There's a picture of me here on my MSDN profile (it's not the best, but it came up first in the search engine results).

A picture of the actor who I think would do a great job playing me is located here. His name is Dwayne Johnson and he's a fairly successful movie star.

Just to clarify, the first picture is of me, while the second is of Mr. Johnson. This is not something that I faked and just pasted my photo twice. If you are having trouble determining which of us is which, in my photo I am wearing a tie, and Mr. Johnson is not in his.

Regards,

Aryeh Goretsky

primeirofilho12 karma

The resemblance is overwhelming. He's practically your doppelganger.

goretsky9 karma

Hello,

Thank you. A lot of people say they cannot notice it.

Regards,

Aryeh Goretsky

II-MooseMan-II6 karma

Do you still talk to John? If not, is there any bad blood?

goretsky14 karma

Hello,

We stopped talking around 2015.

Regards,

Aryeh Goretsky

bbsittrr6 karma

You've met Bruce Schneier, or sat on a panel with him?

Schneier facts: Bruce Schneier can decrypt a bowl of alphabet soup.

Note: Bruce Schneier joke aside, wondering if you've either worked with him, or, what you think of his approach(es) to security.

goretsky13 karma

Hello,

No, I have never met Prof. Schneier or, correspondingly, sat on a panel with him.

As someone who works around the area of malware, I tend to gravitate towards smaller conferences that have more of a focus in this area like ACoD, CARO, ISOI, VB and so forth. These tend to be more specialized than DEF CON, RSA and so forth and allow for some type of conversations and discussions that simply cannot be had in a larger environment. I have also represented my employer as needed at AMTSO and the CSA, which are perhaps more administrative than technical in nature, but that's sometimes just a matter of practicality--I'm available to go when the normal person is not. Considering the last conference I went to was two days long and I ended up turning in a 13,000 word (70 pages printed) trip report, there's only a finite number I can make it to and come back without risking carpal tunnel syndrome.

I think Prof. Schneier has a lot of good information to share, but I am not qualified to understand the ramifications of all of it. I work in a very specialized corner of the field.

Regards,

Aryeh Goretsky

daxxruckus6 karma

Do you play any video/board/rpgs? And if so, please regale us with your most epic adventure. Bonus points for mentions of Lexxxington Slade, most epic fighter in all the (ork)lands!

goretsky15 karma

Hello,

I don't have as much time as I used to, but on the PC I used to play Diablo II, WoW, ARK: Survival Evolved and Borderlands 2 quite a bit. I just started to get into Borderlands 3.

For the table top, I have played things like CaH, Settlers of Catan, and Ticket to Ride. As for actual RPGs, I played D&D, Gamma World, the Morrow Project and Traveler back in the 1980s. More recently, Pathfinder 1E and Starfinder, but I'm not in any campaigns right now.

Regards,

Aryeh Goretsky

daxxruckus3 karma

I'm not in any campaigns right now.

SAY WHAT?! The Calamitous Intent Adventuring Company would beg to differ!

goretsky3 karma

[UPDATE: 20190921-1415 GMT±0: Okay, there seems to be some confusion here, so let's see if I can dispel it, or at least try to clarify things. Over the course of my thirty year professional career, I have not, nor have I ever been employed, worked for, assigned to or otherwise assisted any Calamitous Intent Adventuring business, company, legal-liability partnership or any other kind of corporate entity. Period. Now, if I had been asked about being a member of any gaming guilds, that would be a separate conversation. ^AG.]


Hello,

I did not see the Calamitous Intent Adventuring Company today. The only company I saw today was ESET.

Regards,

Aryeh Goretsky

bbsittrr2 karma

I played D&D...back in the 1980s.

Stranger Things. You've been in the upside down?

goretsky8 karma

Hello,

It some ways, it seems like I never left there.

Regards,

Aryeh Goretsky

fadingfastsd9 karma

Another question related to RPG's. Do you believe there should be repercussions when the GM heavily implies bonuses will be rewarded after inserting a giant squid pearl in your butt, then doesn't follow through?

goretsky6 karma

Hello,

I think if there's a bad situation at the table, the players and the GM should stop, take a break and hash things out amicably, especially if anyone is a new to gaming and may not understand the implications of what they are suggesting.

Regards,

Aryeh Goretsky

froggacuda7 karma

Are you, or are you not, impregnated by an adolescent Kraken while trying to escape the long arm of the Orkland law after escaping the prison in Gronk?

goretsky20 karma

[UPDATE: 20190921-1409 GMT±0: Okay, there seems to be some confusion here, but since this was a (not the, mind you, but a) highly-upvoted comment, I think some clarification is necessary. But first some context: I think it was BBS historian and Internet archivist Jason Scott who stated that technically-minded people (whom, non-technically-minded people might call "geeks" or "nerds") communicate with each other by rapidly sharing information with each other in story, puns and like forms of oration. So, it should come as no surprise that if a group of these so-called-technically-minded people were (and by were I mean hypothetically-speaking, were, not necessarily actually-were) playing a tabletop role-playing game, and the game master introduced elements to that game consisting of a BBEG battle in a cavernous cliffside maritime environment that evoked elements of popular culture ranging from Captain Scarlett and her Pirate's Booty to Stephen Spielberg's 1985 opus adventure comedy The Goonies to Jules Verne's classic Twenty Thousand Leagues Under the Sea (in particular, the architethus from the well-received 1954 movie) that it should only be normal, customary and expected that one of the players (again, hypothetically-speaking) should inquire as to whether the monstrous kraken the game master has sprung on them has a hectocotyl arm and the 2012 South Korean spematophore event. This should, by no means, mean that the game master should (quite unfairly, IMHO) introduce the concept of the player characters being impregnated if an attack role crits, nor should the game master require the players to make a saving throw each round or be incapacitated by regurgitating up a baby kraken each round, and then having makes decisions as to whether nurture and care for it, deal with the parenting issues across species with bipedal symmetry and radial symmetry or have the proto-monster slide over the side to join their other parent in the waters below. Furthermore, this should by no ways or means indicate that it is proper, appropriate, or either otherwise wanted for the game master to continuously keep bringing up tentacle porn throughout the rest of the campaign, which, if I were to feel, would be felt in a purely hypothetical way, to show a (hypothetically) decided (hypothetical) lack of (hypothetical) imagination solely on the basis of one of the players innocently and without malice or ill-intentioned forethought having brought up the question in passing during any such "hypothetical" game. ^AG]


Hello,

Maybe.

Regards,

Aryeh Goretsky

JewieDabooi-6 karma

How was your day?

goretsky7 karma

Hello,

So far, so good. And you?

Regards,

Aryeh Goretsky

dibba95 karma

How did the ipo pan out for the initial employees?

goretsky14 karma

Hello,

For the pre-IPO employees such as myself, I think we all basically got enough to make a sizeable down payment on a house, get a car, and have some spending money. Mr. McAfee and (the then) Mrs. McAfee were, of course, set for life. Two of Mr. McAfee's brother in laws worked at the company, too, and I believe they were compensated quite well. I don't really know for certain.

Regards,

Aryeh Goretsky

dibba93 karma

Thanks, I really appreciate the reply. Enjoy your wknd

goretsky3 karma

Hello,

Thank you for your kind words Dibba9. You, too, now.

Regards,

Aryeh Goretsky

ctlawyer2035 karma

Questions:

What do you think about the Kaspersky politics?

Why does windows defender refuse to play nice with third party software such as ESET and others? Specifically, keeping periodic scanning and ransomware protection on despite other suites being active.

Does chromeware really not need an antivirus?

Thanks!

goretsky4 karma

Hello,

In response to your questions:

  1. Kaspersky Lab is a security software company that has been around for many years and their researchers perform some top-notch research. They are a legitimate company, but like any legitimate company, they have to comply with all of the laws of the countries in which they do business.
    I think it is fair to say they are one of Russia's success stories, and it would be short-sighted of the Russian government to do something that would damage their business. I actually had a chat here on Reddit with their founder Eugene Kaspersky. Perhaps you will find it of interest.

  2. Microsoft (formerly Windows) Defender does disable itself when security software from another company is installed, so from that perspective. they do "play nice" with others.
    Having a second-opinion scanner to check for malware is something that has been done for a long time (ESET has one as do many other firms.
    Likewise, ransomware protection (by which I think you mean what Microsoft calls controlled folder access) is available in many other programs as well--it's basically just just a dumbed-down skin to create directory-focused HIPS rules.
    That said, I think it should ultimately be decided by whomever is responsible for securing their computers to make decisions about whether they want to use these types of things. Also, if they are going to cause issues (compatibility, performance, stability, etc.) then Microsoft had better make sure they are thoroughly tested and debugged, beforehand.
    I do not think ESET has has ever had a problem with them, but there are other companies and technologies which could have problems (not just anti-malware, but file replication, disk imaging, encryption and other types of utility programs).

  3. I am not as familiar with Chrome OS as I am with, say, Microsoft Windows, but there are all sorts of things which you protected against these days besides viruses, such as malicious web sites, phishing attacks, malicious browser extensions and so forth. And you do want some kind of protection against those.

You are welcome.

Regards,

Aryeh Goretsky

bbsittrr5 karma

State level malware, like Stuxnet: I think you know the guy who found it?

Were you surprised when state-level stuff started getting found, and by how good it is? (Stuxnet is pretty impressive.)

goretsky12 karma

Hello,

Stuxnet was first identified by the Belorussian security software company VirusBlokAda. I'm sure I have met and communicated with some of their employees over the years [it's a small industry, after all], but I do not recollect any specific individuals from there.

There is a lot of mythology around Stuxnet, its attribution and origins, and there's still information coming out about it today (in 2019, I mean).

I guess it was something of a surprise when malware attributed to nation-states began to appear. There was always mutterings and rumors that these types of things must exist, but until copies of it appeared it still seemed a far-fetched kind of thing.

Regards,

Aryeh Goretsky

AnotherAnonGringo5 karma

In your opinion, why, with the advent of technologies like machine learning, is the issue of pulling a signal out of the noise (with respect to logging, for example) still so difficult? It doesn't seem like any tools get even simple stuff right out of the box, like failed AD or SSH logins.

I've trialed about every SIEM out there and they are all needlessly complex and require an exorbitant amount of hand-holding to get even rudimentary metrics and reporting.

goretsky10 karma

Hello,

I tend to think of AI and ML as labor-saving techniques. They are not magic tools that automatically make your job easier, but specific tools to apply when working with certain sets of data, and sometimes, they might not be the most cost-effective tool to deploy.

I left McAfee Associates in 1995, and even then they were already experimenting with precursors to this technology like fuzzy logic, companies like F-PROT and ESET were playing around with heuristics, Flu-Shot+ and Trend had behavior blocking and so forth.

You basically take all the tools and techniques at your disposal, and you use them where it makes the most sense to do so. There's no one universal technique that is going to solve all the security problems. It's lots of little ones and even then there is always the issue of a determined adversary with a bigger budget.

Regards,

Aryeh Goretsky

AnotherAnonGringo1 karma

That is an amazingly lackluster response. It seems you don't even understand what machine learning is, since you called it 'AI'. ML and AI are nothing alike.

goretsky2 karma

Hello,

AI and ML are *separate* things, but I was conjoining them because my *use* cases for them overlap, which is going to be different from yours and from other peoples, which is probably a mistake I made by not clarifying earlier. For me, being able to reduce an FP rate is a pretty useful thing, but if you're talking about SNR in logs, I'd have to wonder if you're using the right kinds of analysis tools. BTW, I'm not suggesting to go by something from ESET or whomever, but rather that there is some more suitable tool for your purpose that you just haven't come across yet. Or, maybe the assumption that this can be automated to the degree that you are looking for is unproven for the volume of data you are dealing with, the ratios of events in that data, or something else there--call it an X factor. Security is often not often a "set it and forget it" type of thing, no matter what vendors tell you (we can save "promises my vendor made to me" for another day). At the end of the day, it could very well be something like that what you actually need is bodies in seats to look at and interpret the results of your software has been looking at and interpreting the results of. I'm sorry if you're finding this a lackluster response, and I'm not trying to be flippant here, but I think it could be that what you're trying to accomplish isn't yet realizable with the resources (technology, staffing, capital) you have to invest in it. Not a dig or criticism of you, but just a commentary on what's available.

Regards,

Aryeh Goretsky

AnotherAnonGringo1 karma

[deleted]

goretsky2 karma

Hello,

Apologies, on a smartphone in the middle of nowhere.

I am not blaming you; I was stating that you might not have the right tools at hand--which isn't your fault, it was whomever who was giving you the tools saying they are fit for purpose when they really aren't. Or at least that is my interpretation.

The work that I do is for a different scale and a different layer than what you are asking me about. I have tried to answer your question, but the problem from my perspective obviously looks different to me.

You have obviously put some thought in this problem, but maybe it would be better to ask someone who works in this domain with this set of tools. I'm guessing its a sales engineer for one of these companies, but could also be a TAM, integration partner, professional services, etc. I just don't feel I have the answers you are looking for.

Regards,

Aryeh Goretsky

PM_ME_YOUR_COWS_MAN5 karma

What are your thoughts regarding the recent news of the Airforce allowing a team of hackers to "attack" one of their satellites at the upcoming DEFCON conference?

goretsky12 karma

Hello,

My initial thoughts are that generating "out of the box" type solutions to problems are positive, as long as they are good, helpful, and relevant to the issue at hand. That said, I do not know enough about the competition to have a more informed opinion than that.

Regards,

Aryeh Goretsky

bbsittrr4 karma

at computer manufacturer Lenovo

Hi Aryeh,

the Lenovo rootkit: you advised them against this?

https://thehackernews.com/2015/08/lenovo-rootkit-malware.html

goretsky10 karma

Hello,

Lenovo is a very big company, and while I have had the opportunity to talk with some of their employees like Dr. Hortensius and members of their PSIRT and I have certainly recommended things like their ThinkShutter, I certainly do not tell them what to do or not to do. I have read they have over 50,000 employees and in any kind of environment like that it is always a challenge to coordinate your security posture.

A lot of the time, people are thinking about things they can do at work which can add value to their products--what sort of features or products or services can I add that will make things better for my customers/clients/users. Not everyone who is doing that is thinking about the long-term security implications of those things.

I certainly do share my feedback and suggestions with them, probably sometimes more than they would like to hear, just as I did with Microsoft when I was an MVP for them.

Being one of their volunteer forum staff as well as an employee of a security company has been interesting at times, and you all get to learn some new things, sometimes in ways and at times you did not anticipate.

Regards,

Aryeh Goretsky

salsa_chip4 karma

-What new technology that can be applied to IT security excites you?

-In 30 years of experience what has been your most challenging problem/work?

-Are there any new emerging fields of study that excite you?

-Does your family/friend’s basic tech questions you’ve answered plenty of times before still bug you?

goretsky21 karma

Hello,

In response to your questions:

  1. Oh, there's so many new technologies. At one end, you have the arrival of lower-and-low-cost computing devices with corresponding changes to processing and storage, which means implementing defenses in much different fashions than we have traditionally thought about. At the other end of the spectrum, but also just as ubiquitous and pervasive, we have cloud computing (which might also be called grid computing, client-server computing and so forth); that operates with very different processing, storage and communications requirements, and the kinds of protections you apply to those, and how you aply them is very different.

  2. Dealing with a novel problem for the first time is always challenging. I was really unprepared for my first day at work, but even when you have some experience behind you, it can be challenging when an important person contacts you with an issue no one has ever heard of before.
    There are some problems which are very difficult because of the scale they can occur at, and how quickly you can respond to and resolve them. A good example of this is a false positive alarm, i.e., the incorrect reporting of a detection when none is actually present. Having one of those is never a good day, and resolving them is sometimes a lot more difficult than detecting malware in the first place.

  3. The pace of technology means there's always something big and new coming, and a lot of the time the speed at which that occurs means that threat modeling and security is not being fully realized. I think it would be pretty rare to see something that is as secure as it is on its last day of support before it goes EOL as it was on the first day it released.

  4. Sure, it does sometimes, but everybody has that occur to them in their field, and you just take it in stride.

Thank you for asking!

Regards,

Aryeh Goretsky

residue692 karma

This post reminded me to let you know that I've found several of your answers on the Thinkpad forums to be extremely helpful.

goretsky2 karma

Hello,

Thank you for your kind words, Residue69.

Actually, funny story: When I originally interviewed with ESET's U.S. office (back when they were in Coronado) my soon-to-be-boss mentioned he had been helped by a post I had written about how to view TNEF emails on the Lockergnome Help Forum (which is sadly no longer around).

Regards,

Aryeh Goretsky

MlleGateaux4 karma

What are you doing first in Colorado? Getting a dog, or getting the deck fixed?

goretsky2 karma

Hello,

First off, apologies for the delay in a reply; this is one of those seemingly-deceptively-easy-to-answer questions, and I wanted to give a measured well-thought out a response.

I have been away from Colorado for far too long. That said... having a dog is a huge responsibility. You have to take care of them for their entire life, and your life has to be scheduled and structured around them. When I had dogs, I loved having them. They were the proverbial G O O D B O Y E's whose wet noses and thumpy tails (or stubs) brought happiness and joy with them. As well as the occasional bit of mud and grass and snow in with them, too. Keeping a house clean can become a bit more challenging if you have a shedder, not even counting the usual kinds of mishaps pets sometimes have.

So, I think my first priority would be to get the deck checked out, and whatever needs fixing fixed.

Another complication is my travel schedule: Mine has been very light relative to some of my colleagues, but even a 10-20% travel schedule means having to make arrangements for someone else to care for your dog. If I get another doggo, I want him (or her) to be a constant faithful companion, and not something that I check in and out of a kennel. That's not having a pet, that's more like having a living teddy bear you throw away and pick up depending on your workload, and I think that is an incredibly unfair and cruel thing to do to a dog, who just wants to be with you.

So, definitely one of those kinds of baby-steps things, moving forward very carefully and with lots of cut-outs in case things look like they aren't going to work out. By comparison, deal with a deck is a lot easier. And, if you get repaired, stained and finished and all the bolts tightened up, etc., both you and the dog can use it together! So, that's kind of an added benefit for both of you.

Regards,

Aryeh Goretsky

CarnivalCarnivore4 karma

Tell us more about the growth of the AV industry in those days from the kitchen table to IPO. How many new viruses a week were there? What was the transition to Network Associates like?

goretsky14 karma

Hello,

Heady days, indeed. When I entered the field in 1989, the number of computer viruses was in the tens, with slightly more of them being for the Classic Mac OS than for DOS, that flipped in a year or so to DOS, and hasn't changed back since then.

We used to advise customers to update their software once a quarter, and monthly for high-risk computers like those belonging to secretaries and technicians who might be accessing floppy diskettes from untrusted sources. That recommendation changed to two months and then a single month as the number of new viruses being seen increased. When I left in 1995, there was already work underway to automate the download of updates by dialing into a dedicated BBS system. These days, anti-malware programs update themselves hourly with continuous checking between that for additional types of telemetry which might mean a threat was detected.

At the beginning, we might receive 2-3 floppy diskettes a month with new viruses on them, that increased to weekly, and uploads of suspect files were occurring multiple times a day to our BBS.

Computer viruses were initially spread mostly through floppy diskettes at the speed at which they could be couriered around the globe, and sometimes through BBSes (intentionally or otherwise). Worms like the Morris Worm were not really thought about in the same way as computer viruses, and would not be for years until internet access started to become ubiquitous when consumer desktop operating systems started to come with TCP/IP stacks and dial-up networking began to replace BBSes.

Dozens became hundreds and hundreds became a couple of thousand by the time I left McAfee Associates in 1995. That was steep hockey curve back then, but a blip by today's standards, where you might see 250,000-300,000 malware samples arrive on a daily basis.

Regards,

Aryeh Goretsky

ross5493 karma

Hi Aryeh!

What has been your most unique travel experience that you’ve had in your job?

Adam

goretsky6 karma

Hello,

Ten years ago, I had a really horrible experience getting to my employer's partner conference. That, so far, has been unique.

I have taken some very short commuter flights (like 15-20 minutes) to get from like a spoke airport to a hub. That might not be unique, but it's kind of odd when you spend more time at both ends taxiing on the ground then you do wheels up in the air.

Location-wise, my work-related travel is mostly North America and occasionally to parts of Europe. I only traveled internationally once the entire time I was at McAfee Associates, and that was to go to Australia to replace Mr. McAfee at a series of events he was unable to attend.

Regards,

Aryeh Goretsky

herbtarleksblazer3 karma

How much did you make off the initial IPO?

goretsky11 karma

Hello,

Enough to make a sizeable down-payment on a house, purchase a car, and have some nice computers and a home theater. Not enough to be set for life, though.

Regards,

Aryeh Goretsky

_Mechaloth_3 karma

Hello,

How are you enjoying your time at ESET? Especially after what I'm sure was a thrilling tenure at McAfee.

Sincerely,

Captain Raymond Holt

goretsky10 karma

Hello,

This Thanksgiving will mark my 14th year at ESET, and I am still enjoying it. ESET is headquartered in central Europe, and the culture and the whole approach to the business is very different from what I had been used to working for American companies all of my life before.

I like to think of my ESET career as my upgrade from McAfee. ;)

Regards,

Aryeh Goretsky

Soulfly373 karma

If you had to sneak into a highly controlled area, what disguise would you choose?

goretsky18 karma

Hello,

I think I would probably want to surveil the target over time to see what sort of people were entering the highly-controlled area, when they were doing it, and how they looked and behaved.

I would then try to choose something reasonably appropriate to wear to get in, like wearing a high-visiblity vest or a hard hat, carrying a ladder, metal clipboard or pizza box or whatever.

Instead of trying to very obviously sneak in, I would try to go at a time of maximum chaos (shift-change?), and do something so obvious like asking someone to get the door for me when my hands are full that it couldn't be a covert insertion.

Then I would probably look for a bathroom to change to the next disguise.

Regards,

Aryeh Goretsky

Soulfly373 karma

And here I figured you would hide as a janitor, cleaning everything as you went.

goretsky6 karma

Hello,

That's actually not a bad idea, but it depends upon the resources available to me. If I had a janitorial company to work with, sure.

Regards,

Aryeh Goretsky

KumBlyat2 karma

What was it like when you first worked with McAfee before he got "throwaway everything" life and after you have seen his life now would you still work with him? Thanks for the AMA

goretsky3 karma

Hello,

At the beginning, it was very very cool. McAfee Associates had been any one of numerous side hustles that Mr. McAfee had going. He was always spinning off ideas and looking for alternate/additional sources of revenue, and McAfee Associates was the one that just happened to take off.

At the beginning, as soon as it started to become more than a single person job, he followed the 3F rule of hiring: When a business expands, you staff it by first hiring your family; secondly by hiring your friends; and lastly by hiring your freaks (the superusers of your products who believed in it/you). At the very beginning, he started with number two as he didn't have a huge number of family members available, and those that were already had careers, so he hired users from his BBS, and then their friends, based on their recommendations. So, we all knew each other, and we formed a very tight, cohesive group. Mr. McAfee was our leader, and he was incredibly charismatic and inspirational. Those of us who worked there at the beginning believed we were on a mission to protect the world from computer viruses, and that it was our job to help first, and seek payment as a business later.

Remember, all of McAfee Associates programs were distributed as shareware, and people has 30 days to use them free of charge, after which they were required to either purchase a license, or stop using the software. And it was all done by the honor system; in fact, our "sales" department for the first several years just took inbound calls from people who wanted the software. You know you're on to something when people are calling you to five you money.

So, we had this very fast growing business that was already profitable from the beginning being lead by a charismatic boss, with a group of people who were bonded tightly together. We felt like we could take on the world.

Mr. McAfee was not good about giving people raises relative to their performance and workload, but he would sometimes surprise us in other ways: After once having a good vacation in Hawaii he decided, pretty much on a lark, to take the whole company there for a long weekend. So, we did that.

Several years later, at Tribal Voice in Woodland Park, Colorado, he got a great massage from the masseuse across the hall from us, and then decided all employees would get one weekly, which we did for the longest time. Sadly, people took advantage of this generosity, too: We spent $3000 on coffee the first year Tribal Voice was in operation... for six people. Some of them saw the coffee as "free office supplies" and were taking bags home.

Throughout his tenure as an employer, one thing that was pretty consistent was how he didn't pay people market rate, or what they were worth. When you are a college kid or a housewife (husband?) that may be fine, but it's kind of hard to when you engaged in a shouting match because you are asking for a dollar more an hour while he is buying his-and-hers new Mercedes Benz's every few weeks for him and his wife. Some years later at McAfee Associates, I remember him telling me that he would always hire college students because they could do 75% of the work for 50% of the cost. Another time, after interviewing a programmer, he told me how pissed off he was that someone asked for a market wage that he decided then and there that he'd no longer hire any more Americans, just foreigners because they could be paid less. After that point, the development side of the company became what we referred to as Little Europe.

After he has returned from Belize, he had at one point approached me about coming to work for him again to work for him again as his support, idea bouncer and fixer, but he wanted to pay me less than what I was making. And, frankly, I've been pretty happy working for ESET most of the time; I have had the opportunity to grow over the decades and come out from being in Mr. McAfee's shadow, and I have been able to use my experiences and knowledge to contribute and create things at a scale I couldn't have dreamed of. I also have the opportunity for education via things like going to technical conferences and workshops and groups, some of which are invite-only, and that would be gone. So, no, I wouldn't work for him again at this point in my life.

Regards,

Aryeh Goretsky

puntloos2 karma

In the security community, many people have the attitude that hackers etc are absolute evil faceless enemies. And let's be clear, they are performing criminal acts that hurt people in various ways- usually financial.

But I'm wondering what is your take on the 'human side' here? Know your enemy and all that, I wonder how we can address the issue with cybercrime on a human level.

For example: I heard many ransomware writers/users feel that if you are stupid enough to click on some link, you deserve to lose somee money, or perhaps hackers in a developing country justify attacking victims in 'the west' because people in their country are less affluent..

goretsky3 karma

Hello,

First off, a bit of a disclaimer: I'm not particularly fond of the term hacker as a pejorative, which is how it is usually used in discussions today. To me, a hacker is an explorer; someone who does useful, interesting and possibly even sometimes amazing things with technology. Likewise, I am not fond of using the term cracker as short for "criminal hacker," which is how that is often suggested for use. To me, a cracker is a programmer who is focused on circumventing copy protection techniques. Different times, different connotations for these words to me. I do realize how the terms are used broadly today, and try to avoid using them without qualifying.

A large part of what we spend our days protecting against are automated processes (with varying degrees of automation ranging from "semi-" to "highly-"). They are not people, they are things. But, behind these tools are people, and when those tools are used for criminal acts, the people responsible are criminal.

When at McAfee Associates in the 1990s, I had the opportunity to have a few conversations with people claiming to be computer virus writers. In some cases, 2 or 3 of them described things which convinced me they had written computer viruses and that left me a little angry and disappointed: Back in these days, computer viruses were often written with payloads that triggered and intentionally caused damage, and these people who had created them seemed to delight and revel in this. They felt no sense of responsibility for the damage they caused, and that it was all of their victims' fault for getting infected in the first place because those victims lacked the knowledge to protect themselves. These phone calls came from within the United States (long distance calls were still expensive back then, and international calls *ridiculously* so), and when I talked with these people and attempted to ascertain some details of their personal lives, they mostly claimed to be young (teenaged) white males of an upper-middle class (or having outright familial wealth) background. For them, writing computer viruses was an act of rebellion because they had no actual power in their every day lives. For them, this was a way to get back at parents, teachers and random people. As far as I was concerned, these were acts of sociopathy.

That all changed, though. These days, the people behind malicious software are usually doing it for financial gain. For them it's a business. A criminal business, mind you, but a business, nonetheless. For years, I have always been surprised that the volume of malware goes down around holiday times. But then, I have to remember, that these malware operators are businesses, too, and they are taking time off to do holiday things, the same as people who aren't criminals.

Regards,

Aryeh Goretsky

puntloos2 karma

Thank you for your response, and thanks for calling me out on the wrong(ish) use of the word 'hacker'. It was mostly my shorthand, not the implicit assumption that hackers are by definition evil/criminal (I call myself a hacker sometimes, since I haven't started a source code file from scratch since I was 15.. I always hack together stuff). And agreed, crackers = copy circumvention, Sadly, that doesn't really leave a current word for 'person performing acts of circumventing computer security with the intention to cause harm or loss'.

Your observations indeed resonate well with my experience, and I suppose criminals won't be deterred by the damage they do, the medium in question doesn't matter. It's just that as you pointed out, a criminal in software with the right angle has the tools (bots..) to grow quite exponentially for a while. Perhaps something worth considering when pursuing them. Especially since when they are still beginners they might not realize it's not clever to flaunt successes etc.

goretsky2 karma

Hello,

I certainly wasn't attempting to call you out, and apologize if it came across that way. You were using the term correctly as it is used today, and I was just talking about one of my pet peeves (the C-word is another one of these).

The criminal ecosystem is... bizarre and amazing in some ways, a kind of parallel universe that operates off of ours like a parasite or... virus (the metaphors only extend so far). There are actors in there who have been criminal enterprises with structures analogous to organized crime families (or how they *think* those are structured), with some actors having high degrees of specialization, etc. And, of course, they use the same technologies and tools and read the same articles and blogs that we do, so there's always this constant kind of evolutionary pressure being applied back and forth as you try to counter each others moves.

Regards,

Aryeh Goretsky

puntloos2 karma

Thank you for responding, as a (cloud) security specialist myself I'm always trying to figure out motives, weaknesses etc. And indeed, a bored 'just because I could' motive is surprisingly pervasive which makes me think maybe a funny 'well done you get a cookie' message somewhere might actually deter some attackers.

goretsky1 karma

Hello,

It's always interesting to speak to cloud security folks, as they always have interesting things to share due to the scale at which they operate (attack patterns and trends, cadences, etc.) that provide insight you don't get at smaller scales.

So much of attacks are automated these days that it is interesting when you finally get some intelligence on what they are doing, and you realize that they had something that might have been useful/valuable to them (root on boxes in colo farms, host access on cloud providers, etc.) but they were unaware of it because they were overwhelmed by the data generated by the success of their own attacks.

On the malware side of things, you occasionally see a comment embedded as a string that they intend for someone to read, but those are few and far in-between, which also says something about the "maturity" of the criminal ecosystem: For them, it's largely become a job.

Regards,

Aryeh Goretsky

KieronMcD84732 karma

How much wood could a woodchuck chuck it a woodchuck could chuck be wood?

goretsky8 karma

Hello,

If this article is to be believed, about 35 square feet (3.25m3) of soil, weighing about 700 pounds (317kg).

Regards,

Aryeh Goretsky

bbsittrr3 karma

African or European woodchuck?

goretsky11 karma

Hello,

Woodchucks are indigenous to North America, as far as I know.

Shouldn't you be asking me about duck-sized horses or horse-sized ducks?

Regards,

Aryeh Goretsky

bbsittrr2 karma

Do duck sized horses float?

goretsky20 karma

Hello,

I think it depends on whether horse-sized ducks are integers or not.

Regards,

Aryeh Goretsky

BIGBOIIONGIB2 karma

What's your favorite color?

goretsky2 karma

Hello,

There are some color combinations that work really well together, like black and red. And there are some that do not, like trying to read a printed version of a document that prints out with lighter gray text on a darker gray background because it was originally designed to be displayed on a computer's screen (additive versus subtractive processes in color theory), so black and white and blue for highlights or callouts or whatever have their places, too.

The last few cars I have purchased have been green (there was a blue one in there, too) so that's something I must have thought about when making a substantial purchase like that.

I do not really know if I have a favorite color, come to think of it.

Regards,

Aryeh Goretsky

TheEternalWoodchuck2 karma

What do you believe is the core of building a solid development team. What qualities do you think are the most desirable when you're in the startup phase? How much would you weigh trust vs prowess vs vision at the beginning?

goretsky7 karma

Hello,

I'm most comfortable with small scale teams doing realizable projects, so not like some "we're going to solve this particular problem for the entire world," but more like "I have an itch. It itches. We are going to scratch that itch by doing X." Maybe it eventually scales up to world-level problem solving, but you start with scratching that itch.

You absolutely have to start with some kind of vision. It might not be a very clear vision, with parts that are hazy or seemingly undefinable. But you document the heck out of it anyways, and you leave some room for the assumptions.

Trust has to be implicit. You are building the core here, and your core have to be believers in the vision. Not blindly, mind you, but close enough that you are working towards the same goal, and not cross purposes.

Prowess? At least enough to get you to the MVP (and by that I mean minimum viable product). You can refactor, have a Version 2, adopt an iterative or agile methodology that constantly spits out updates, but remember who the audience is that your building for, and sanity check that from time to time, because you may end up with a different audience using your product in a different way than you anticipated.

In a startup environment, you have to move nimbly, and make changes very quickly. Don't get paralyzed. Make the decision. If it's a bad one, fix it. Many times, bad decisions are not fatal, just bad and can be recovered from by using the experience you have just learned.

And try to bake some security in at the beginning. It's a lot easier to fix things when the scope and affect of the problem is small.

I have always been of the opinion it is better to have a tool that does fewer things but does them very well than it is to have a tool that does lots of things... poorly.

Regards,

Aryeh Goretsky

TheEternalWoodchuck6 karma

This is a stellar response, and I will take it to heart. I appreciate the care you put into this so very much.

I don't know if you've seen these Reddit AMAs before but your formality and attention to detail are very rare. This is the best AMA I've ever been party to and that includes Jack Black and President Barack Obama's AMA.

I'm new to computer science, but I've got ideas and dreams and your words were exactly what I needed to hear at this stage. Genuinely, thank you.

I'll take your advice and make what I make with care and purpose.

goretsky5 karma

Hello,

Thank you for your kind words, TheEternalWoodchuck! I look forward to seeing whatever programs your ideas or dreams turn into. Who knows, perhaps your code will change the world.

Regards,

Aryeh Goretsky

Richie44222 karma

What is your stance on Linux malware? Do you think it is a real threat and do you see potential increase in Linux-specific malware? If not, what makes Linux systems more secure than Win and Mac counterparts?

goretsky7 karma

Hello,

A lot of the world's computing resources run on Linux and Unix-like operating systems and that's what makes it so attractive to an attacker: Gaining root on some server in a colo facility is a great place to put your drop server, host some of your command and control infrastructure, etc.

The thing, though, is that it's a bit of a different use case by the adversary, which means you have to be a bit different in terms of how you model threats and design the defenses against them. Think of a bank robbery: How you design for bullet resistance into your lobby and counters where the bank's tellers are located is different than how you design the bank's vault.

While I have looked into Linux-based malware in the past (I wrote this a few years ago about whether there was even a need to protect desktop Linux users) it's not an area of specialization for me. I would suggest looking at this article by some of my colleagues on OpenSSH backdoors targeting Linux servers. That's quite a big different from things like adware or ransomware one typically comes across on a Windows desktop.

Attackers have different skill sets as well as different motivations to apply them. One group of criminals might specialize in Windows malware while another in Linux malware. Something like Linux which is normally pretty secure might be vulnerable to some mass exploitation due to a configuration mistake that was replicated across the server farm.

The point I'm trying to get around to, is don't think that A is more secure than B. There are varying levels of risk, and it can be a bit better to think in terms of "which would be more painful if the data on it was compromised" versus the kind of operating system it is running.

Regards,

Aryeh Goretsky

LeonSonix2 karma

Hey, err can you give me some keys to nod32 antivirus/smart security?

goretsky8 karma

Hello,

I'm not one of the marketing guys, and this is something I'm doing kind of by myself so I didn't plan on sitting down with a stack of keys for giveaways. I can ask around, but at 5PM on a Friday night, I don't think I'm going to get anything to give away.

Oh, you can grab a copy of our Linux Live ISO from: https://www.eset.com/int/support/sysrescue/

Regards,

Aryeh Goretsky

LeonSonix2 karma

Well I certainly didn't expect that PM. Thank you very much!

goretsky2 karma

Hello,

You are very welcome, LeonSonix.

Regards,

Aryeh Goretsky

ZhugeTsuki2 karma

Hello Mr. Goretsky,

how do you feel about people who continuously use the free trial of Eset and never purchase it?

goretsky5 karma

Hello,

I like to think that I am a hard worker and it is kind of disheartening when I see that--from my point of view, when people talk about stuff like how to do that, it's like coming up to me and telling me "your work is worthless and amounted to nothing."

At the same time, though, I know that most people don't have the experience of working at a software company and don't know what it's like, let alone a security software company, which is this huge chain of continuous development. You wonder if you're going to be able to get a raise this year? Are there going to be layoffs (redundancies)? Will we be able to get any new equipment for my team this year? Those are the kinds of things that start cycling through your head. I was in charge of support at Tribal Voice (the instant messaging company), and when the decision was made to close it, I had to figure out in what order we were going to let go of the support engineers and reduce/stop providing support and that just sucked.

I think that people create something like software, they have the right to determine if it is given away for free or sold and that they deserve to get paid for their work, if that's what they want. If what they are asking for is completely unreasonable, though, then they may have priced themselves out of whatever market they think they are. In the security software space, there are lots of companies at lots of price points, including free. But as with other free programs, you should very carefully read those terms and conditions in the end user license agreement, because it might be that you are just paying in a different way.

I think ESET is pretty up-front about things. 30 day trials and there are some various free utility programs (decryptors for various ransomware, specialized cleaners and diagnosts, etc.). That seems to be pretty standard practice in the industry.

Regards,

Aryeh Goretsky

JOHANSENATOR1 karma

Were you surprised, or not at all, when you discovered that Mr. McAfee eats fresh feces under a hammock?

goretsky7 karma

Hello,

Okay, there was something of a precursor to surprise that happened shortly after I started, but that may be more /r/talesfromtechsupport material as it didn't occur to me at the time, so let me start with the first actual surprise.


Maybe the first or second week I was there, Mr. McAfee just asked me, out of the blue, "Son, are you using drugs?" He called everyone "son," which one of his brother's in law found annoying.

Now, let me frame the context for you. It is 1989, and this was my first real job out of high school. I had led an incredibly sheltered, Jewish, middle-class life, and had not been exposed to a lot of the world. Wine was something you had an occasional sip of on Shabbos or holidays (and, frankly, it tasted horrible). As for drugs? Well, my father was a physician, so I suppose I had access to some drugs. But he was a gastroenterologist, which meant things more along the lines of weapons-grade stool softeners and Fleet enemas then actual drug-type drugs.

I must have been confused by Mr. McAfee's question, because he followed up with The Speech. "Son, if you are using drugs you have to come clean and tell me now. Because if you're using I'll know, because I have done... (at this point I think he mentioned every kind of street drug and opioid pain killer out there) and know exactly what to look for." He then went on to explain how he had never accomplished anything worth a damn in his life until he had sobered up. I recall the then-Mrs. McAfee standing behind the kitchen counter nodding at me in a fashion not unlike one of those bobble head dolls people put on their car's dashboard. It was surreal.

I think I probably squeaked out that I had some kosher Manischewitz wine at Passover that year but did not particularly care for it.

Mr. McAfee's statement about alcohol and drug use made a big impression on me, and for decades I avoided everything and drinking alcohol meant accepting a drink to be social, and sipping with the majority left still in the glass at the end of the evening. I think it was just 3 years ago that I tried a teaspoon of Scotch whiskey for the first time. I actually thought it tasted pretty good, so I decided then and there that I was done drinking it for the evening after my spoonful.


At ESET, I think my first surprise was a month or so in to working there. I was still learning the ins and outs of the company and its products, and had to deal with someone who had reported a false positive alarm (e.g., a report of a detection when no infection was actually present). Back at McAfee Associates, a FP was a colossal issue to deal with, that would take days to weeks to solve, involving stopping to develop to build a custom version for the affected customer. At ESET, it involved emailing the FP'd file over in a password-protected archive and waiting an hour or two for the lab to push an update out to fix it. What was a major engineering undertaking had become a minor annoyance, if that. That was a very pleasant surprise for me.

Regards,

Aryeh Goretsky

machinegunlaserfist0 karma

McAfee branded software has done little more than take advantage of people who lack the know how to defend themselves. Generally speaking, and especially in this era, anti-virus software offers little to no advantage at the cost of performance and of course, money.

In a lot of ways, anti-virus companies across the board have taken advantage of this situation to bank millions.

What do you do that separates you from this collective of greedy individuals and corporations that only exist and profit by preying on the fears of the common user and laziness of the typical small office sysadmin?

goretsky6 karma

Hello,

I left McAfee Associates in early 1995, a year after Mr. McAfee did. When I left, the company made anti-virus software for DOS and OS/2, plus a Windows 3.1 shell for its DOS programs. What happened afterwards there I really cannot comment on--I wasn't there, after all.

I touched on this before in one of my earlier replies (and linked to an even earlier post of mine from a couple of years ago), but there just isn't anything called anti-virus software anymore. There are like maybe two or three families of malware (Virut, Sality, etc.) that still have some virus-like mechanisms in them, but a lot of what is seen day in and day out by your security software is non-replicating malware.

Now, if it is properly engineered, written, and tested, your security software is going to protect you from all sorts of threats, both known ones like classic recursively-self-replicating computer viruses as well as even new stuff, sometimes.

It is critical to understand, though, that your anti-virus/anti-malware/endpoint protection/endpoint detection-and-response/{insert marketing term du jour here} software is but one piece or layer of your security strategy. It is an important one, but it is not the sole one, and it may not even be the most important one, at least in respect to training your users or your business continuity efforts. Yes, user education and backups are important, too.

Anti-virus (et al) companies have done some incredibly sleazy stuff, and there are ones out there that if they don't straddle the border of what is and is not malware, fall into those areas where we use terms like "potentially unwanted" and "potentially unsafe" to describe them.

What do I do? I try to find things that will genuinely improve the state of things wrt. the confidentiality, the integrity and the availability of information. I try to help people solve their computer problems, and I try educate people so that they can better help themselves in the future. While some of what I do is, by its nature, not public, there's also a lot that is. You can easily look at my post history here or copy and paste my name into a search engine if you'd like to know more.

Regards,

Aryeh Goretsky

knowingmoredaily-1 karma

Its well rumoured that he created both the problems and the "cure" to earn a fast buck thereby screwing up computer programming forever. Where is your shame?

goretsky15 karma

Hello,

I knew and worked for Mr. McAfee across his time with the National BBS Society, Computer Virus Industry Association, McAfee Associates and Tribal Voice. He never wrote a computer virus during those eleven years that I spent (mostly as a direct report) and never programmed anything more complex than a WordPerfect macro or Harvard Graphics presentation.

Mr. McAfee did program mainframes as well as mini computers in his career, but he never wrote any of the anti-virus. He designed it, wrote the specs, managed the development and the developers but he did not program any of it himself.

I have seen and heard the same rumors every day, too. Mr. McAfee never wrote a computer virus, nor did he pay anyone for uploading new computer viruses to us, etc. What we would do is provide people (and businesses) with an updated version of the software to detect and possibly remove the virus if it was a new one for free and that might have been worth quite a bit of money if it was some big infection involving hundreds of computers. But, the feeling was we were providing a public service by helping prevent the further spread of something new before it might become pandemic and, in all likelihood, they might be so happy that we were able to come to their assistance for free that they would eventually get a site license out of gratitude. And that worked out a lot of times.

When I worked for Mr. McAfee, all of the software was distributed through our BBS (and later CompuServe, the internet, etc.) without any use counters, time locks and so forth as shareware. You had thirty days to evaluate it, after which it was up to you to either remove it or purchase a license. I was the person who was building and testing those distribution .ZIP files for the DOS and Windows 3.x versions (and later the InstallShield executables for OS/2). Hell, I probably wrote more code than he did while I was there. Eventually, the company started to enter the retail channel with boxed product, but by that time Mr. McAfee was no longer even coming into the office.

We believed that we were on a mission to help people, and we did, giving people a lot of software for free because we felt it was the right thing to do, and I have nothing to feel ashamed about over that.

Regards,

Aryeh Goretsky

loldragon05-2 karma

[deleted]

goretsky6 karma

Hello,

I think you may have me confused with someone else's AMA?

Regards,

Aryeh Goretsky

bbsittrr0 karma

Well, can we use your Wifi regardsless?

goretsky5 karma

Hello,

If you need to log on to it, ask the front desk for a visitor's password.

Regards,

Aryeh Goretsky