Useless out of the box: "If there are no USB devices added or removed to the lap... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jvgiuiigvuuc on May 16, 2017 \| parent \| context \| favorite \| on: Osquery Useless out of the box: "If there are no USB devices added or removed to the laptop, this query would never log a result again. The query would still run every 60 seconds but the results would match the previous run and thus no state change would be detected. If a USB memory stick was inserted and left in the laptop for 60 seconds the daemon would log" So if you unplug your evil USB earlier, this won't tell you. I wonder if they've heard of udev.

JosephRedfern on May 16, 2017 [–]

Oh please. It may be useless out of the box at detecting evil USB devices, but to accuse it of being outright useless is ridiculous.

I'm sure it was sarcastic snark, but of course they have heard of udev: https://github.com/facebook/osquery/search?q=udev.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact