Things like Kaspersky are under huge scrutiny by independent security researchers who'd love nothing better than to find some problem with it - that said something that has the ability to execute code on your PC and update at will could always be used for malicious ends in the future if the company went bad or was playing a long game or something, etc.
How to protect from ransomware?
- Thread starter Amaede
- Start date
Things like Kaspersky are under huge scrutiny by independent security researchers who'd love nothing better than to find some problem with it - that said something that has the ability to execute code on your PC and update at will could always be used for malicious ends in the future if the company went bad or was playing a long game or something, etc.
yes you are right.That is nothing compared to some sites these dayI've seen over 100 entries in noscript for a single simple site before. Its not surprising people run ad blockers heh. Very bad for security - its how the Guru3D ad compromise worked a few years back which got a lot of people probably many who didn't even realise.
Overclocker's has a few too, but the forum runs fine/faster with
google-analytics, twitter, facebook, ajax.googleapis all blocked.
Incidentally, just thought - maybe facebook should be categorised as the biggest virus distribution mechanism, it's platform is responsible for killing people (ISIS hate) and maybe saving some lifes too (revolutions),
but as yet no deaths (reported anyway) as a result of WannaCry ransomware (need to get a T shirt with an appropriate FB logo)
Far from pointless. UAC on max/a standard user account will protect against most of the UAC bypasses, including the one posted above. Removal of admin rights has been proven to mitigate well over 90% of all Microsoft vulnerabilities.
You're describing something in the realm of APT, not the average malware attack.
Linux users don't ditch their non-root account every time someone discovers a new way to elevate privileges.
Pointless might not be quite the right way to put it but a lot of people will still be juggling older software that doesn't play well with UAC, etc. making the hassle debatable for the effective security - I would debate the effectiveness though - its often banded about as 90%, etc. but the reality isn't quite as ideal - as events of the last few days demonstrate.
- Joined
- 30 Jul 2006
- Posts
- 12,129
I have done this for years. I used to use "Ghost" but now use "Acronis True Image". I am aware that there are free (Linux) options but I have no experience with them.
Soldato
Nope never experienced slowdown with Norton Security when gaming, browsing and watching videos with Norton Security installed on 4 PCs, desktop PC with Ivy Bridge 3770K CPU, Dell laptop with Haswell CPU, Linx 10 inch tablet with Bay Trail Atom CPU and MeeGoPad compute stick with Bay Trail Atom CPU.
Search for a better solution instead of disabling UAC. Here's one example, others exist.
90% is better than 0%. Effective security requires a layered approach, and this includes includes regular patching, reducing privileges, white listing, etc. The NHS, and many other organisations probably failed to do the basics, which may explain why the malware has been so successful.
Its possible its some compatibility issue with the other ****ware bundled on new PCs but I've had to remove it from several systems people have purchased and replace with other software due to the extreme poor performance (even after giving it time to do its initial scan, etc.) they were seeing out the box. It has been quite awhile since I've tried it alone on an existing installation.
Agreed but I've generally found running a non-admin account for daily stuff on Windows to cause significant hassle if you even remotely use older software and I think there is a bit of romanticising comparing it to the level that it works in Linux - I've seen some fairly common malware go straight through it like it wasn't even there just from someone clicking ok on a prompt to run something as a non-admin user. (While an older one stuff like the clone CD driver vulnerability make a mockery of the claims about UAC, etc. - if you look around some of the darker resources of the internet there are no shortage of proof of concepts for privilege escalation).
just heard first sensible media interview on the topic - guy from IBM ~7:45 on r4 today
- they do not undertand how phishing/patient-zero was achieved, and no big trail of emails in sample they take
- absence of private individuals attacked
- low ransom demand - corp customers usually attract >$10k$ and 50% pay
- quick deployment in organisations too
read another article on jpg ransomware attacks via facebook I had not heard of,
since I still think, via image sharing sites, tha could be easiest vector for OC user infection, say.
(edit: I do not mean using jpg for ransomware, that is not new - the fact it got through any pre-filtering that I thought FB or other image sites employed)
- they do not undertand how phishing/patient-zero was achieved, and no big trail of emails in sample they take
- absence of private individuals attacked
- low ransom demand - corp customers usually attract >$10k$ and 50% pay
- quick deployment in organisations too
read another article on jpg ransomware attacks via facebook I had not heard of,
since I still think, via image sharing sites, tha could be easiest vector for OC user infection, say.
(edit: I do not mean using jpg for ransomware, that is not new - the fact it got through any pre-filtering that I thought FB or other image sites employed)
- Joined
- 30 Jul 2006
- Posts
- 12,129
Rumours started to surface last night and there is now an article discussing this on BBC Online. There appear to be similarities to Lazarus originated attacks.
Why does this surprise anyone?
It's not some anarchic attack by people who wanna watch the world burn, it's a ransom (hence the name) by people who want money, if they didn't give out the keys in exchange for the money then people would stop giving them the money.
I have Windows 10 version 1703, build 15063.296, those updates look like they're for an older version, I don't need to apply them do I, I should already have them?
Still, it is daft to be so careless.
Yeah was saying about that in the thread in GD - some of it just doesn't make much sense when you look beyond the ransomware itself and still lots of unanswered questions that people should really be asking but everyone (media, etc.) is falling over themselves over the wannacry ransomeware bit itself rather than looking at the delivery and deployment mechanism.
I'm fairly sure the recent Microsoft Malware Protection Engine vulnerability (which for some reason MS is trying to downplay in connection) is partially to blame but I don't think it entirely explains it.
I was wondering if someone had somehow found a way to exploit server grade CPUs with vPro even from behind NAT/Firewall but they seem to largely be unaffected unless they were merely used to redeploy the malware onto desktop systems and just have something nasty lurking on the servers not actively attacking the server itself - but that seems somewhat far fetched and unlikely but I can't shake the feeling there is something in the initial attack vector that people are overlooking.
EDIT: https://twitter.com/calebbarlow/status/864232713863213056 same guy - also backs up that it wasn't just phishing.
Last edited:
Soldato
- Joined
- 1 May 2003
- Posts
- 11,099
We use Cylance Next-Gen AV that can detect Zero-day viruses/ Ransomware alike.
https://www.cylance.com/en_us/products/our-products/protect.html
I purposely downloaded WanaCry to my VM running an unpatched Win 7, and tried to execute it. Cylance wouldn't event let me access it as it deleted as soon as I downloaded it.
https://www.cylance.com/en_us/products/our-products/protect.html
I purposely downloaded WanaCry to my VM running an unpatched Win 7, and tried to execute it. Cylance wouldn't event let me access it as it deleted as soon as I downloaded it.
the patch is only relevant for the WanaCry spreading to other machines I thought ? (but if you are testing on a dedicated vm, I guess i am wrong)
would expect all on demand a/v's to have its signature now ? and that the zero-day detection would only have deployed if it started to encrypt ?
Soldato
- Joined
- 1 May 2003
- Posts
- 11,099
Cylance detects and blocks malware before it can affect your computer. Cylance uses a mathematical approach to malware identification, using machine learning techniques instead of reactive signatures, trust-based systems or sandboxes.
The Cylance Agent doesn’t require continuous cloud connectivity or continual signature updates, and works in both open and isolated networks
Gartner have this product listed as visionary
But expect to pay around £50 per licence
Last edited: