App Review Bitdefender Antivirus Free [v1.0.14.76] vs Project57 ransomware

[JM Safe]

The easy way is 1 . test the file at sanbox. 2. check your file to virus total. I do that and I never did any infection on my computer. And realy i play many with virus and cracks

Sometimes malware are FUD (on VirusTotal the detection ratio is 0). A really good method is to analyze the malware with tools like ILSpy, PEiD, IDA, etc. To check file behaviour. Obviously if you find suspicious indicators this doesn't mean a file is malicious but ONLY suspicious.

 

[stefanos]

 

[stefanos]

Sometimes malware are FUD (on VirusTotal the detection ratio is 0). A really good method is to analyze the malware with tools like ILSpy, PEiD, IDA, etc. To check file behaviour. Obviously if you find suspicious indicators this doesn't mean a file is malicious but ONLY suspicious.

Every time i use sandbox first. The only secure way for me

 

[JM Safe]

Every time i use sandbox first. The only secure way for me

Unfortunately some malware are able to detect sandbox/VM and they won't run.

 

[stefanos]

 

[brod56]

Agree. Download blocked = problem solved LOOOL or just use Sandboxie always and you will not get infected because even if the download isn't blocked the ransomware is in the sandbox and it cannot touch real OS.

I'm not a huge fan of sandboxing programs on a regular basis (for a home user), the last time I tried it caused a considerable performance it. I may be too nitpicky though.
Of course a Virus Total check is always a good practice.

 

[stefanos]

Unfortunately some malware are able to detect sandbox/VM and they won't run.

After you can anderstand somethink is wrong

 

[JM Safe]

I'm not a huge fan of sandboxing programs on a regular basis (for a home user), the last time I tried it caused a considerable performance it. I may be too nitpicky though.
Of course a Virus Total check is always a good practice.

I meant use SBIE always for browsing

 

[JM Safe]

After you can anderstand somethink is wrong

Yes, atleast you can understand something is suspicious!

 

[brod56]

That's strange guys. I think the ransomware of this test is sophisticated and it could use AVs bypass techniques.

It would be interesting to analyze this sample, because it doesn't seem to generate any child processes or trigger wscript/powershell etc

 

[stefanos]

I'm not a huge fan of sandboxing programs on a regular basis (for a home user), the last time I tried it caused a considerable performance it. I may be too nitpicky though.
Of course a Virus Total check is always a good practice.

You don t need to sandboxing everythink.

 

[stefanos]

Yes, atleast you can understand something is suspicious!

My english is terible

 

[brod56]

You don t need to sandboxing everythink.

Yeah, but it would make sense to sandbox every installer, which I'm not a fan of

My english is terible

It's perfectly understandable! I wish I could speak Greek like you speak English

 

[stefanos]

Yeah, but it would make sense to sandbox every installer, which I'm not a fan of


It's perfectly understandable! I wish I could speak Greek like you speak English

No every installer. Sure you know if the installer is safe or not safe. And how many installs do every day??

 

[brod56]

Sure you know if the installer is safe or not safe.

Then what's the purpose of sandboxing? It's a contradiction imo

 

[stefanos]

Then what's the purpose of sandboxing? It's a contradiction imo

Because of my bad english i can t expain you.You can understand if the file is suspicious for sanboxing or not. Sure you not sanboxing the Kaspersy installer or the Comodo installer if you downloaded from the original site

 

[stefanos]

Sometimes malware are FUD (on VirusTotal the detection ratio is 0). A really good method is to analyze the malware with tools like ILSpy, PEiD, IDA, etc. To check file behaviour. Obviously if you find suspicious indicators this doesn't mean a file is malicious but ONLY suspicious.

Never install something if i anderstand is and only suspicious. I wait until I see that I'm sure it's safe

 

[brod56]

Because of my bad english i can t expain you.You can understand if the file is suspicious for sanboxing or not. Sure you not sanboxing the Kaspersy installer or the Comodo installer if you downloaded from the original site

The way I see is: if you're only sandboxing suspicious software (cracks, keygens, etc) then you'd be better not running them at all. That's way I don't see much purpose on sandboxing on a regular use, perhaps except for the browser.
@JM Security I see you sandbox your browser which I find interesting. Is it only to prevent possible exploits or any other reason?

 

[stefanos]

The way I see is: if you're only sandboxing suspicious software (cracks, keygens, etc) then you'd be better not running them at all. That's way I don't see much purpose on sandboxing on a regular use, perhaps except for the browser.
@JM Security I see you sandbox your browser which I find interesting. Is it only to prevent possible exploits or any other reason?

I can expain you with my bad english what you can protect with sanbox. 1. browsers. 2 exe. 3. ms office. Maby one person with good english can explain what you can do with sandbox. And is many thinks. One post from AtlBo

 

[g4nu5]

free BD ?? still sleep ?