Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
A Malicious LNK Stealer Part 2
Message
<blockquote data-quote="Trident" data-source="post: 1032354" data-attributes="member: 99014"><p>You can use Ask Mode but it won’t help when code injection is involved, as it will be a trusted and already whitelisted process doing the malicious actions (via process hollowing, doppelgänging, dll sideloading and other techniques of such). Any firewall (without containment, HIPS and other layers) is useless in such cases.</p><p></p><p>To protect against these attacks, you will have to rely on Avast’s detection abilities (antivirus, behavioural blocking) which are not bad. To protect against theft of passwords saved in Chrome and Edge, Avast has the password protection feature.</p><p></p><p>In the cases when no code injection is performed and malware is not signed (in which case it may be allowed without a prompt depending on the settings), blocking the connection will prevent a lot of headaches coming your way. But then Avast also terminates connections to known CnCs (which in many cases can be helpful as well) and uses reputation, and a host of other methods to block unknown executables. Comodo doesn’t — it’s just you, yourself and your sandbox.</p><p></p><p>So in a nutshell - Comodo is great if you are looking to answer prompts and alerts, and you believe you will answer them correctly. If not, then other solutions are better. What’s displayed in this video is not Comodo’s protection abilities, but [USER=7463]@cruelsister[/USER] ’s knowledge of the threat landscape. And she will be able to protect herself against this malware even without Comodo, as she will not execute a malicious shortcut from an email in the first place.</p></blockquote><p></p>
[QUOTE="Trident, post: 1032354, member: 99014"] You can use Ask Mode but it won’t help when code injection is involved, as it will be a trusted and already whitelisted process doing the malicious actions (via process hollowing, doppelgänging, dll sideloading and other techniques of such). Any firewall (without containment, HIPS and other layers) is useless in such cases. To protect against these attacks, you will have to rely on Avast’s detection abilities (antivirus, behavioural blocking) which are not bad. To protect against theft of passwords saved in Chrome and Edge, Avast has the password protection feature. In the cases when no code injection is performed and malware is not signed (in which case it may be allowed without a prompt depending on the settings), blocking the connection will prevent a lot of headaches coming your way. But then Avast also terminates connections to known CnCs (which in many cases can be helpful as well) and uses reputation, and a host of other methods to block unknown executables. Comodo doesn’t — it’s just you, yourself and your sandbox. So in a nutshell - Comodo is great if you are looking to answer prompts and alerts, and you believe you will answer them correctly. If not, then other solutions are better. What’s displayed in this video is not Comodo’s protection abilities, but [USER=7463]@cruelsister[/USER] ’s knowledge of the threat landscape. And she will be able to protect herself against this malware even without Comodo, as she will not execute a malicious shortcut from an email in the first place. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
