On Sat, Nov 28, 2015 at 5:28 PM, Mike Hoye <[email protected]> wrote: > One key claim Stillman made, that " A system that takes five minutes to > circumvent does not “raise the bar” in any real way", is perhaps true in an > academic sense, but not in a practical one. We know a lot more than we did a > decade ago about the nature of malicious online actors, and one of the > things we know for a fact is the great majority of malicious actors on the > 'net are - precisely as Jorge asserts - lazy, and that minor speedbumps - > sometimes as little as a couple of extra clicks - are an effective barrier > to people who are doing whatever it is they're about to do because they're > bored and it's easy. And that's most of them.
I don't understand this claim. We are talking about malware authors who have decided to write a Firefox-specific addon, done a bunch of research into how firefox addons work and then written and debugged a working Firefox addon. It does not seem likely to me that a person that has gone through all that trouble would then simply give up after having spent time on all the other steps. Especially given that in many ways, the other steps are more work and takes longer to accomplish. This is also why I think comparison to antivirus software doesn't seem very fitting. Malware authors know that they don't have have to bother with working around antivirus software since a lot of people don't have any antivirus at all. And so not working around it still gives you benefit for your labor. Compare that to firefox addons where if you don't work around the scanner you will soon get literally zero installs. I have a hard time imagining that malware authors are so lazy that they are ok with that number. / Jonas _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
