Phorm The Vixdjinn

@PhormTheGenie

Vixen. Genie. Vixdjinn!

She/Her
dragon.style/@Phorm

Hi! I'm Phorm, and I'm a Vixdjinn!

A Friendly Vixdjinn Says Hello!

I'm a genie girl, who really likes being a genie, and really likes everything about genies (really)! I'm a bit confused, lost, and trying to find my way, but I always enjoy interacting with folks here. (Trans🏳️‍⚧️, occasionally NSFW, Be 18+ or please be gone.)

A Genie Bottle, With A Rising Wisp of Pink Smoke In The Shape Of a Heart

See here for the Genie Lore Index!

Profile Art credit to CinnamonSpots!

Avatar by DVixie
Banner image by BlackShirtBoy

Dreamwidth Page

phormthevixdjinn.dreamwidth.org/

Mastodon

dragon.style/@Phorm

Phorm The Vixdjinn @PhormTheGenie4/20/2023, 5:08 PM

I Always Bristle At This...

While I completely and emphatically understand that small developers (and particularly indie developers) don't have the resources to interface with the myriad security vendors out there, the "Trust me" line of advice is actively harmful.

When you tell users to ignore the safety mechanisms in place because you swear, it's totally legit, it makes it so much easier for someone else to exploit those users. Honestly, keyloggers and trojans have been hid in fan works before - And one of the most prevalent Discord scams invovles the attacker getting the victim to install malware under guise of being a game in development.

"Oh, yeah, ignore the warning. False positive," has gotten so common that people pay no mind to any security red flags.

It muddies the waters considerably, and it makes me deeply nervous for my own security when I'm expected to follow this trend.

I dunno. I don't have answers. I'm just rambling.

#Vent #security #I don't know what I'm talking about probably

You must log in to comment.

in reply to @PhormTheGenie's post:

@garudina4/20/2023, 5:24 PM

Automated endpoint protection doesn't do much, except for protect the category of user who would never get so involved with their computer as to read those instructions. Keyloggers have been included in fanworks before - but did Windows Defender detect them? Alert fatigue is a real problem and most people simply do not understand their computer well enough to make an informed decision about when and where to let their guard down and run an unsigned executable.

I will say, virology and computer science are a little different in that computer viruses are subject to the halting problem...

multioculate @multioculate4/20/2023, 11:41 PM

Yeah, the answer here is "stop selling software that mathematically can be proven to not work and start restricting down the execution environment so that it cannot execute malicious code", not "add more bandaids on the bandaid at the expense of people trying to actually ship some software". (And to be clear, I'd like that to look like webassembly or similar atop a really rigorously tested API, not a walled garden with mandatory code-signing)

Phorm The Vixdjinn @PhormTheGenie4/21/2023, 2:32 PM

I don't deny what you say is true - except the idea of "Did Defender Detect Them?", Because the point of conversation is that, yes, detection happens, and this is how people are fooled into ignoring it. That being said, alert fatigue is not only real, it's being actively exploited. Just look at the latest MFA attacks, for example.

I don't know. Like I said, I don't have answers. I just know it all just feels so terrifying to me, and with no end in sight.