Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Scriptor Infection Who You Gonna Call?
Message
<blockquote data-quote="hjlbx" data-source="post: 433672"><p>How to stop\defend against scriptors ? = Don't install the interpreter and use an anti-executable (e.g. NVT ERP).</p><p></p><p>You can use Comodo products - which will sandbox Unrecognized script files, but be forwarned that there are scripts that can "reach outside" the sandbox and make permanent changes to the system - like deleting files (I just submitted one to Comodo Engineering).</p><p></p><p>Of course, you can set the Comodo sandbox to Block any Unrecognized file - and that will include scripts.</p><p></p><p>Unless you are an indiscriminate downloader\installer I wouldn't worry about it too much. Plus, you won't be installing Python, perl, AutoIT interpreters and running those type scripts, so the issue really is moot.</p><p></p><p>You are much more likely to experience a drive-by download of the javascript (.js) variety than anything else - which Comodo will handle either with via the sandbox or HIPS (I use HIPS - but it causes novices more mistakes than anything else since rule creation is not clear in some CIS HIPS alerts).</p><p></p><p>Comodo does much better at protecting against scriptors than all other suites I have tested. The user can just go with the default sandbox settings = Fully Virtualized or for maximum security set it to Block (all Unrecognized files).</p><p></p><p>Comodo isn't absolutely perfect, but then, nothing IT ever is... it's got you covered in the vast majority of scriptor cases.</p><p></p><p>Anti-executable configuration settings are included in CIS because that is an option for the user - as part of the Comodo default-deny protection model.</p><p></p><p>I can tell you from a lot of testing that it really does work.</p></blockquote><p></p>
[QUOTE="hjlbx, post: 433672"] How to stop\defend against scriptors ? = Don't install the interpreter and use an anti-executable (e.g. NVT ERP). You can use Comodo products - which will sandbox Unrecognized script files, but be forwarned that there are scripts that can "reach outside" the sandbox and make permanent changes to the system - like deleting files (I just submitted one to Comodo Engineering). Of course, you can set the Comodo sandbox to Block any Unrecognized file - and that will include scripts. Unless you are an indiscriminate downloader\installer I wouldn't worry about it too much. Plus, you won't be installing Python, perl, AutoIT interpreters and running those type scripts, so the issue really is moot. You are much more likely to experience a drive-by download of the javascript (.js) variety than anything else - which Comodo will handle either with via the sandbox or HIPS (I use HIPS - but it causes novices more mistakes than anything else since rule creation is not clear in some CIS HIPS alerts). Comodo does much better at protecting against scriptors than all other suites I have tested. The user can just go with the default sandbox settings = Fully Virtualized or for maximum security set it to Block (all Unrecognized files). Comodo isn't absolutely perfect, but then, nothing IT ever is... it's got you covered in the vast majority of scriptor cases. Anti-executable configuration settings are included in CIS because that is an option for the user - as part of the Comodo default-deny protection model. I can tell you from a lot of testing that it really does work. [/QUOTE]
Insert quotes…
Verification
Post reply
Top