Battle Best programs for default deny protection

Software comparison
Vs comodo
Feature comparison
  1. Ease of use
  2. Proactive protection (anti-exploit, behavior blocker, IDS-HIPS, sandbox)
  3. Machine learning and A.I. capabilities

Andy Ful

Level 71
Verified
Trusted
Content Creator
Dec 23, 2014
6,015
...
The Point is Balance - If you want to be that secure - Simple run a Live CD / Live USB ^^ <- Easy Administration - Burn it / Write it - Use it - Browse it - Reset it >>>> XD
Ha, ha. There was a time I used Live CD + Pendrive for banking. The computer did not boot from Pendrive (old machine), so the Live CD started Linux from ISO on Pendrive.
That was a true default-deny. Anything was denied except banking.:)
 

SecurityNightmares

Level 40
Verified
Jan 9, 2020
2,955
Ha, ha. There was a time I used Live CD + Pendrive for banking. The computer did not boot from Pendrive (old machine), so the Live CD started Linux from ISO on Pendrive.
That was a true default-deny. Anything was denied except banking.:)
And comfort in it’s worst form.

If I want use most secure solution, it would be a iPhone or iPad as desktop PCs aren’t build with security in mind.
 

Andy Ful

Level 71
Verified
Trusted
Content Creator
Dec 23, 2014
6,015
...
Everybody wants and expects the one-pill solution and there's an stream of fools thinking they can deliver that solution to those users.. Everybody tries the one-button security software solution.
...
I share a similar viewpoint (although it is not related to most MT members).:)
People tend to choose convenience over security, so the battle will never end.
From the point of view of a single person (but not an Enterprise manager), it is not as bad as it seems. One can easily increase safety by learning, developing a few safe habits, and applying basic security recommendations. Why? Because most people do not do this.:unsure:

Edit.
Anyway, the safety of people's data in the public sector is something that worries me. One can lose money or privacy by the insecurity of institutions, organizations, shops, etc.
 
Last edited:

Andy Ful

Level 71
Verified
Trusted
Content Creator
Dec 23, 2014
6,015
Criminals use psychological tricks to fool users. These tricks are usually based on the convenience and miracle of the easy profit. So, the criminals do not bother to fight (smart) default-deny solutions in the widespread attacks. They know that most people do not use such security because it is not so convenient and requires more skills. That is why even very old and simple solutions like Windows built-in SRP can be still very efficient.
 

Andy Ful

Level 71
Verified
Trusted
Content Creator
Dec 23, 2014
6,015
...
People do not use default deny. Only security geeks do. Default deny cannot generate revenues sufficient to keep a biz afloat unless it is a one man shop with minimal overhead. Default deny as a mode of protection is barely hanging on. And larger organizations that have deep pockets are not interested in default deny. Default deny is not someting that orgs are interested in adding to their products or line up.
That is normal. Anyway, even if default-deny was popular, this could not solve the problem. Simply, the criminals would be forced to use already known bypasses to fight default-deny (and find many others). For now, this happens only in highly targeted attacks.
Default-deny is so effective because it is "above average" solution. SRP would not be effective when most people would start using it, although the life of criminals would be harder.
 

Andy Ful

Level 71
Verified
Trusted
Content Creator
Dec 23, 2014
6,015
Default deny implemented in a way that users, both enterprise and consumer, cannot change their systems would result in an incredible reduction in successful attacks.
...
Yes, the current attack surface will be reduced. But, it will not help much. We can see it in the examples of Linux or iOS. They were much safer a few years ago compared to the present time.
If this kind of default-deny you think of would be applied, the criminals could focus on other attack vectors (blackmail, exploits, physical access, etc.). Furthermore, if the new strong security is invented then people always tend to increase convenience that also increases the attack surface. It seems that people can accept some level of insecurity in their lives (we can see it also in the relation to COVID-19). When one invents seat belts, then we drive faster and use smartphones when driving.:(

Edit
I think that you correctly noticed that the user is always the problem. I can only add that this will not change in the future.
 
Last edited:

JoyousBudweiser

Level 12
Verified
Aug 22, 2013
580
Because hoomans are illogical and Spock was right - hoomans are idiots.
I became a member of this forum in the year 2013 and during these 8 years or so I have not seen any of the active members complaining they have got a serious malware infested device, so I respectfully disagree, not all are idiots, there are some like my fellow MalwareTips members who does know what they are doing.
 

valvaris

Level 5
Verified
Jul 26, 2015
215
Ill second @JoyousBudweiser

stuff getting a little harsh from the tone here.

The Topic was about Default Deny Apps!!! Thing like Humanity and References on a State being hacked is not cool...

That is why we have in the IT World - White Hats maybe a Gray Hat - Some are very good IT-Security Specialists - We learn from each other - We also have to live with the OS Systems in the Market like - Windows / Apple OSX - iOS / Linux - If ppl think they can do it better then them power to you :cool:

Just be mindful that there are Member here in the Forums that come from the Field and try there best to handle stuff with things given. (Not even the IT Guys fault!)

Best regards
Val.
 
Top