Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
A Malicious LNK Stealer Part 2
Message
<blockquote data-quote="ForgottenSeer 98186" data-source="post: 1032440"><p>Linux has a list of LOLBins that is larger than Windows.</p><p></p><p></p><p>As long as a user is not downloading and executing code on their system -- either by choice or blocked from doing so by policy, then LOLBin blocking is not necessary except if you fear exploits (e.g. you are running Windows with unpatched software). If they user is downloading stuff and executing it, then to protect the system LOLBins can be blocked to break the kill chain.</p><p></p><p>If you want case-hardened security against the greatest number of potential eventualities of rogue code execution, then there is no other localhost protection that beats SRP global blocking.</p><p></p><p>Blocking LOLBins can create corner case issues, but virtually all of them are manageable. It is based upon SRP with the purpose of configuring a known-clean system, enabling and configuring policies, and then modifying that system carefully only once in a while.</p><p></p><p>If users want to use stuff, then default deny really isn't for them. If a user never wants to look at a log, then default deny definitely is not for them.</p><p></p><p>It all comes down to what a user wants. Do they want ballistic nuclear armor security or are they a "user that wants to use stuff."</p></blockquote><p></p>
[QUOTE="ForgottenSeer 98186, post: 1032440"] Linux has a list of LOLBins that is larger than Windows. As long as a user is not downloading and executing code on their system -- either by choice or blocked from doing so by policy, then LOLBin blocking is not necessary except if you fear exploits (e.g. you are running Windows with unpatched software). If they user is downloading stuff and executing it, then to protect the system LOLBins can be blocked to break the kill chain. If you want case-hardened security against the greatest number of potential eventualities of rogue code execution, then there is no other localhost protection that beats SRP global blocking. Blocking LOLBins can create corner case issues, but virtually all of them are manageable. It is based upon SRP with the purpose of configuring a known-clean system, enabling and configuring policies, and then modifying that system carefully only once in a while. If users want to use stuff, then default deny really isn't for them. If a user never wants to look at a log, then default deny definitely is not for them. It all comes down to what a user wants. Do they want ballistic nuclear armor security or are they a "user that wants to use stuff." [/QUOTE]
Insert quotes…
Verification
Post reply
Top
