Serious Discussion Are antiviruses unimportant?

Game Of Thrones

Game Of Thrones

Level 6
Verified
Well-known
Jun 5, 2014
267
This became a interesting thread. We had some samples similar to this and Kaspersky, even eset could detect it because it was under evaluation,Kaspersky detected it with system watcher and eset really late(everything was encrypted)

The surprise of the show is McAfee they truly improved every aspect of their home edition product. Seems there are new managers in this company, this kind of stuff mostly happens when people get replaced in key positions in a company and change the way the company works.
 
  • Like
  • HaHa
  • Wow
Reactions: Nevi, Divine_Barakah, simmerskool and 6 others
Game Of Thrones

Game Of Thrones

Level 6
Verified
Well-known
Jun 5, 2014
267
Dr. Wells said:
Friends would it be problem if i share source code public?
Click to expand...
This is not good. You actually are going to give malware in the hands of the people. Which bad ones can use to their own benefit. You can do something better and discuss this with the vendors since you have the source code you can help with sharing it with them. We have some people here who can help you to reach the vendors specialists. But sharing it is a bad move, not professional.


I'm interested to see how Gdata beast would react to it.
 
  • Like
  • +Reputation
  • Hundred Points
Reactions: Dimitriss, Nevi, Divine_Barakah and 8 others
Dr. Wells

Dr. Wells

Level 1
Thread author
Aug 27, 2024
38
Game Of Thrones said:
This is not good. You actually are going to give malware in the hands of the people. Which bad ones can use to their own benefit. You can do something better and discuss this with the vendors since you have the source code you can help with sharing it with them. We have some people here who can help you to reach the vendors specialists. But sharing it is a bad move, not professional.


I'm interested to see how Gdata beast would react to it.
Click to expand...
Bro i actually wanted to show how simple is this ransomware. It encrypts through aes-256 with random key, so if you open it, your files at document, music, videos, desktop will be done. No recovery because of random key.
 
  • Like
Reactions: Divine_Barakah
Game Of Thrones

Game Of Thrones

Level 6
Verified
Well-known
Jun 5, 2014
267
Dr. Wells said:
Bro i actually wanted to show how simple is this ransomware. It encrypts through aes-256 with random key, so if you open it, your files at document, music, videos, desktop will be done. No recovery because of random key.
Click to expand...
well, sometimes simple means no evil intention. the thing is sometimes this kind of encryptor can pass the antimalware, the sample you used does have similar behavior to encryptor apps, and distinguishing between them and ransomware is sometimes hard(if the vendor decides to not use the protected folder tactic and goes for full automated defense without user intervention), as you see with the detections, they detect it with heuristics which means it is showing some codes like a ransom in its genes and if you change its code enough even the current ones who got it with real-time detection can be bypassed.
but your sample simply encrypts files with no intention, distinguishing between an encryptor and ransomware is sometimes hard and this is why some vendors go for protected folders as a second line of defense, so if you used an encryptor you can simply accept the app's message and it will not intervene.
 
  • Like
Reactions: Nevi, roger_m, mlnevese and 2 others
mlnevese

mlnevese

Level 28
Verified
Top Poster
Well-known
May 3, 2015
1,739
That's why in this case it's important to keep the antiransonware modules active in the products that have it. We can see in the videos that when turned on, they detect an unknown software was trying to modify user files in bulk and asked the user if he was ok with it. Exactly because it can't distinguish between a file encryptor the user is using or a malware encryptor.
 
  • Like
  • +Reputation
Reactions: Nevi, roger_m, simmerskool and 2 others
Divine_Barakah

Divine_Barakah

Level 33
Verified
Top Poster
Well-known
May 10, 2019
2,289
mlnevese said:
That's why in this case it's important to keep the antiransonware modules active in the products that have it. We can see in the videos that when turned on, they detect an unknown software was trying to modify user files in bulk and asked the user if he was ok with it. Exactly because it can't distinguish between a file encryptor the user is using or a malware encryptor.
Click to expand...
Bitdefender, Trend Micro, Avast/AVG and MD have it. Regarding Avast/AVG I always change to Strict ransomware protection and I enable protection for all file extensions not only the preset ones for the fact that I have my files encrypted by Cryptomator.
 
  • Like
Reactions: Game Of Thrones and mlnevese
Marko :)

Marko :)

Level 23
Verified
Top Poster
Well-known
Aug 12, 2015
1,251
If you surf carefully, don't download suspicious files from unknown sources and don't open suspicious e-mail attachments, your chances of getting ransomware (or any kind of malware) is zero. I'm still yet to be infected with ransomware. Last malware infection I had when I was a kid in elementary school, really. Use Windows Defender, install ad blocker in your web browser of choice, activate common sense in your brain and this is pretty much everything you need to stay protected. That is if you know at least something about malware and security.

If you don't know anything, to above mentioned security configuration, I'd recommend setting up Quad9 or any kind of malware blocking DNS and additional security in browser like Bitdefender TrafficLight. People should really stop buying AV software because it's no longer necessary. You can be better protected than with those free products than with commercial ones. AV software today exists purely for the purpose of upselling you products you don't really need.
 
  • Like
  • +Reputation
Reactions: Nevi, roger_m, simmerskool and 3 others
Dr. Wells

Dr. Wells

Level 1
Thread author
Aug 27, 2024
38
Game Of Thrones said:
well, sometimes simple means no evil intention. the thing is sometimes this kind of encryptor can pass the antimalware, the sample you used does have similar behavior to encryptor apps, and distinguishing between them and ransomware is sometimes hard(if the vendor decides to not use the protected folder tactic and goes for full automated defense without user intervention), as you see with the detections, they detect it with heuristics which means it is showing some codes like a ransom in its genes and if you change its code enough even the current ones who got it with real-time detection can be bypassed.
but your sample simply encrypts files with no intention, distinguishing between an encryptor and ransomware is sometimes hard and this is why some vendors go for protected folders as a second line of defense, so if you used an encryptor you can simply accept the app's message and it will not intervene.
Click to expand...
Main difference between an encryption software and ransomware is user-input encryption like you said, if you select path and encrypt yourself, yes AV need not to detect it but If it encrypts automatic, av need to block it or at least ask to us for decide block/allow.
 
  • Like
Reactions: Game Of Thrones
Game Of Thrones

Game Of Thrones

Level 6
Verified
Well-known
Jun 5, 2014
267
Dr. Wells said:
Main difference between an encryption software and ransomware is user-input encryption like you said, if you select path and encrypt yourself, yes AV need not to detect it but If it encrypts automatic, av need to block it or at least ask to us for decide block/allow.
Click to expand...
automatic ones do not do it they tend not to let users decide as low as possible. although I have to say the Kaspersky reaction was not because this sample was like an encryptor, it came from not detecting it, and it should have some response. but this sample is hard to detect one aspect of it comes from being similar to an encryptor app
 
  • Like
Reactions: simmerskool and mlnevese

Similar threads

W
    • Like
Serious Discussion Chromstera Browser bug on Windows 10; Installed Arch Linux; Am I good now?
Replies
3
Views
327
General Security Discussions
WhatCanYouBelieve
W
Shadowra
    • +Reputation
    • Like
    • Thanks
App Review Trend Micro Worry-Free XDR Endpoint Security 2024
Replies
14
Views
1,052
Video Reviews - Security and Privacy
Khushal
Khushal
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Avira Pro Antivirus
Replies
5
Views
609
Video Reviews - Security and Privacy
Khushal
Khushal

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top