App Review More Fun with Ransomware Part 4

[cruelsister]

Consisting of two products against ransomware:

Sector 1- Avast Internet Security
Sector 2- Bitdefender AntiRansomware

 

[Duotone]

Nice video Avast detected almost all except Zero-Day(Petya) and that where the problem lies, BDAR didn't fare much either even to an older ransomware variant.

 

[hjlbx]

Nice video - as always @cruelsister.

 

[Mihir :-)]

One problem is that if Avast! Hardened Mode is on then Deep Screen is not working anymore.

 

[Mihir :-)]

Can you please provide the VT link of the Petya(Zero-Day)Ransomware? @cruelsister

 

[Cats-4_Owners-2]

One very relevant test, and yet another remarkable musical accompaniment which my wife also adds her kudos towards!
Well done, and many thanks O 'sister' whom is 'cruel' yet cool!

 

[SHvFl]

Nice video as always. A channel i am excited when i see it has a new video.

So Webroot claims to have Anti-Ransomware protection. Can you test it with newer stuff that will not be detected by their engine?

 

[Deleted Member 333v73x]

@cruelsister Can you please try Crypto Prevent on Program Filtering next?

 

[Dirk41]

Thank you for the tests! I posted the news here days ago . So it fails against tesla 3.

Maybe my question will sound stupid: have you ever test defender on w10?

 

[jamescv7]

Clearly Avast rely on the signatures which why the Hardened Mode nor the DeepScreen help a lot, considering that its still a lack of analysis how to prevent the possible buffer overflow attack.

Unfortunately the HIPS concept didn't help either which better to rely on the traditional ones.

Meanwhile for BDAR like other products, it should be up to date for latest ransomware variants.

 

[cruelsister]

Tornado- I already had a video finished about CryptoPrevent and similar Group policy modifiers that was to be published instead of this one, but just as I was going to upload it I discovered that CP will have a major new build coming out soon. Therefore I felt a video on the current version would be neither fair nor especially relevant.

But as soon as CP version 8 finishes beta I'll be all over it (for fair or foul).

 

[Der.Reisende]

Bit late to the party, but great vid as always Nice to see Avast! work well Had it in the past, quite good software, but the time I used it, agressive settings made the system quite slow. However I love their UI and the tons of stuff it has - and can be configured to the users wishes

 

[Andytay70]

A friend of mine asks would avast free protect the same way avast internet security did?

 

[minegroasprilla]

Hey @cruelsister, What antivirus do you use?.

 

[Circe]

I imagine none, just Comodo firewall tweaked.

 

[Mihir :-)]

A friend of mine asks would avast free protect the same way avast internet security did?

YES.Only change is the firewall.

 

[cruelsister]

minegroasprilla- as Circe (nice name, btw) stated I don't use an AV as I really don't see much point in them as they are fairly easy to bypass with any serious zero-day coding. For an example, if you have seen any of the Boot time videos you would have noticed that none of the AVs tested detected my timing Trojan, and only a minority detected the ransomware that was dropped (I made sure all of them would have stopped it if run normally).

The real issue would be if instead of an old ransomware sample I coded in a zero-day version...

Also, this may be of interest:

Google Online Security Blog: New research: Comparing how security experts and non-experts stay safe online