Comment by forgotaccount3

Comment by forgotaccount3 3 hours ago

3 replies

View on Hacker News

> Ingress being disabled doesn’t really net you all that much nowadays when it comes to restricting malware.

But how much of this is because ingress is typically disabled so ingress attacks are less valuable relative to exploiting humans in the loop to install something that ends up using egress as part of it's function.

Dylan16807 an hour ago

Since we're talking about programs that are trying to set up a connection no matter what, I'm going to say "not much". It's not significantly shrinking the attack surface and forcing attackers onto a plan B that's meaningfully harder to do. It just adds this layer of awkwardness to everything, and attackers shrug and adapt.

Reply View 2 replies
  • ectospheno an hour ago

    You block inbound to block inbound. Of course it doesn’t do anything for outbound. Acting like you can just turn inbound filtering off because of that is disingenuous.

    Reply View 1 reply
    • Dylan16807 34 minutes ago

      Nobody suggested "just turn inbound filtering off"?? We're talking about an alternate universe of program design.

      And we're talking about malware in general, not inbound or outbound specifically.

      Reply View 0 replies