(www.cyberscarecrow.com)

606 points toby_tw | 1 comments | 18 Jun 24 08:08 UTC | HN request time: 0.218s | source

Show context

scosman ◴[18 Jun 24 08:25 UTC] No.40715334[source]▶

Fun concept.

If the creators read this, I suggest some ways of building trust. There’s no “about us”, no GitHub link, etc. It’s a random webpage that wants my personal details, and sends me a “exe”. The overlap of people who understand what this tool does, and people who would run that “exe” is pretty small.

replies(7): >>40715364 #>>40715425 #>>40715446 #>>40715473 #>>40716059 #>>40716538 #>>40723731 #

vmfunction ◴[18 Jun 24 08:32 UTC] No.40715364[source]▶

>>40715334 #

It is a cat and mouse game. And security by obscurity practice. Not saying it won't work, but if it is open sourced, how long before the malware will catch on?

Here is one on github:

https://github.com/NavyTitanium/Fake-Sandbox-Artifacts

replies(7): >>40715392 #>>40715530 #>>40715603 #>>40715668 #>>40716144 #>>40716690 #>>40716934 #

CyberScarecrow ◴[18 Jun 24 09:06 UTC] No.40715530[source]▶

>>40715364 #

Author of scarecrow here. Our thinking is that if malware starts to adapt and check if scarecrow is installed, we are doing something right. We can then look to update the app to make it more difficult to spot - but its then a cat and mouse game.

replies(2): >>40717240 #>>40717661 #

1. hluska ◴[18 Jun 24 12:52 UTC] No.40717240[source]▶

>>40715530 #

You had an answer canned for one part of the query. Why are you trying to release security software completely anonymously? This is insane - you want an incredible amount of trust from users but can’t even identify a company.

Simply, if users are as intelligent as you think, they’re too intelligent to use your product.

↑

Cyber Scarecrow