you sure about that? IIRC it inserts the miner id in the reserved extra space.

just d/checked, you are correct, just a single byte. It is not, like the other proxy, rebuilding the hashing blob.

haha, read the question in that issue to hidden miner hosted on github

of course it will be detected by AV, it has xmrig built-in

heh. we're sure to see a new crop of mining software

i remember monero YAM (yet another miner).... im pretty sure the sole purpose was to avoid detection

If hidden/illicit mining gets big, AV software will just integrate randomx sniffer

would be great if anti-virus software actually analyzed a system and traced a virus back to its point of entry into a system, then closed the hole.

all the existing stuff is just so much bloatware

if you take periodic snapshots of signatures of every file on the system, you can narrow down the time of infection. then just search system logs to see what activity occurred at that time.

we used to do this for firewalls back in the 1990s. Run tripwire, syslog to a remote loghost so the logs can't be erased/modified.

today you could do the same thing by running all of your main user activity in a VM or container, and log to a separate VM or container (or just the main host)

as long as everything you rrun or download only gets written into the container/VM, your log infrastructure is secure

if the VM/container uses shared storage accessible from the host, the signature scanning can be done on the host, invisible to any malware running in the VM/container

If it could close the hole automatically, it could go through all known holes in the first place and close the ones it finds, no ? No need to wait for it to be used.

I suppose waiting for it to be used makes your software seem like the valliant defender rather than than plodding engineer though.

most of the time the security hole is between chair and monitor

The... keyboard! :o

I guess the question is whether you believe you can reliably enumerate all possible holes in advance, when writing the antivirus. If you could do so, you could just get the S vendor to fix them all and be done with it.

s/S/OS/

but yeah, I suppose the majority of malware these days just enters a system because some user clicked "OK"

personally I like seeing new Android exploits because my phone is otherwise locked and I want root access

lol

lmao

tevador hyc I bought Radeon RX 5500 XT and results are interesting. I've tested only unoptimized generic OpenCL code so far, but it's 2 times faster than Vega 64 even though it's half of it by specs.

270 h/s vs 137 h/s

RX 5700 XT should do around 500 h/s with unoptimized code (VM interpreter)

I wonder now what it can do with optimized code...