Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Webroot Secure Anywhere vs Zero Day Scriptor
Message
<blockquote data-quote="cruelsister" data-source="post: 395397" data-attributes="member: 7463"><p>A few things- Please note that although I term this type of malware a Scriptor (I hope this catches on!), it is not actually a script, but has script-like properties, Something like a vbs script normally will spawn in Roaming and can be detected; a batch file, even if converted to an executable will also just spawn the original batch file into Temp where it can also potentially be detected (and neither would bypass UAC). This malware is sadly much more insidious.</p><p></p><p>1). Umbra- I know that you are aware of the complexities of setting up SEP properly, the discussion of which would be over the top for MT. I can assure you though that SEP failed, mainly because it was initially discovered bringing down endpoints of SEP protected organizations. But the SEP bypass should come as no surprise- the last two extreme beaches of US retailers, namely target and Home Depot, were caused by basic targeted scripts on SEP protected networks (Personally I love Symantec- cleaning up their messes keeps me in jimmy choo's).</p><p></p><p>2). Regarding the Webroot Rollback feature- I have chosen not to add any code to the malware that would force a Shutdown/Reboot (mainly to do other things while the malware is working). But this would have been rather simple to do. It would have also rendered any chance of Webroot Rollback from working, as the system is totally trashed. Note that the malware is invisible, so after clicking on the file a user not aware of what it was would be smiling up until the time the system shut down.</p><p></p><p>3). Umbra (again)- Thank you for the comment:</p><p></p><p></p><p></p><p>That was actually my only point. Not so much that people should switch to anything now, but instead should be outraged that the security protection currently used is inadequate for malware attacks that are on the horizon. Many vendors are aware of this "flaw" in their products, but choose not to close it because they may get False Positive deductions on the major AV test sites, or else blow off further development due to financial expediency. Not sure which is more contemptible.</p></blockquote><p></p>
[QUOTE="cruelsister, post: 395397, member: 7463"] A few things- Please note that although I term this type of malware a Scriptor (I hope this catches on!), it is not actually a script, but has script-like properties, Something like a vbs script normally will spawn in Roaming and can be detected; a batch file, even if converted to an executable will also just spawn the original batch file into Temp where it can also potentially be detected (and neither would bypass UAC). This malware is sadly much more insidious. 1). Umbra- I know that you are aware of the complexities of setting up SEP properly, the discussion of which would be over the top for MT. I can assure you though that SEP failed, mainly because it was initially discovered bringing down endpoints of SEP protected organizations. But the SEP bypass should come as no surprise- the last two extreme beaches of US retailers, namely target and Home Depot, were caused by basic targeted scripts on SEP protected networks (Personally I love Symantec- cleaning up their messes keeps me in jimmy choo's). 2). Regarding the Webroot Rollback feature- I have chosen not to add any code to the malware that would force a Shutdown/Reboot (mainly to do other things while the malware is working). But this would have been rather simple to do. It would have also rendered any chance of Webroot Rollback from working, as the system is totally trashed. Note that the malware is invisible, so after clicking on the file a user not aware of what it was would be smiling up until the time the system shut down. 3). Umbra (again)- Thank you for the comment: That was actually my only point. Not so much that people should switch to anything now, but instead should be outraged that the security protection currently used is inadequate for malware attacks that are on the horizon. Many vendors are aware of this "flaw" in their products, but choose not to close it because they may get False Positive deductions on the major AV test sites, or else blow off further development due to financial expediency. Not sure which is more contemptible. [/QUOTE]
Insert quotes…
Verification
Post reply
Top