Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Comodo Firewall 10 Setup
Message
<blockquote data-quote="AtlBo" data-source="post: 632524" data-attributes="member: 32547"><p>One key thing about memory exploits based only on my limited understanding is that they can only exist for as long as the application they are attached to is open (without some permanent presence on the system). There could be a number of limitations on working code in the memory space of another process I suppose, but I am curious why so many malware programs contact the internet for a dropper. In the end, I think true fileless requires vulnerabilities in security software and in the application whose space is being hijacked.</p><p></p><p>On this topic, I have a rant. All of this brings into perspective how little we are getting about the actual code behind malware from official sources (so we can know what we need from security) such as online computer news sources and so on. Most of the advice that is presented is useless and amounts to "patch and pray". Thanks to [USER=52613]@DardiM[/USER] and the others on the malware analysis end of things at MTs and all they are doing to expose malicious coding practices to the outside world. I hope someone can find a way to link the results of work such as theirs to us out here is the outside world in a way that helps us make good decisions and that reaches mainstream news sources with a higher competency for instructing computer users.</p><p></p><p>A little bit on how little we get from news and expert sources. For example, information on adylkuzz was so sketchy and the same is true with information on wannacry:</p><p></p><p><a href="https://malwaretips.com/threads/adylkuzz-the-new-virus-that-follows-in-wannacry%E2%80%99s-footsteps.71731/" target="_blank">Security Alert - Adylkuzz, the new virus that follows in WannaCry’s footsteps</a></p><p></p><p>and the Pandasecurity.com link, which basically brags for the hackers was almost identical to everything else on the net about both these malware attacks:</p><p></p><p><a href="http://www.pandasecurity.com/mediacenter/malware/adylkuzz-new-virus-wannacry/" target="_blank">Adylkuzz, the new virus that follows in WannaCry's footsteps - Panda Security</a></p><p></p><p>To fight this malware, more or less I feel like the experts are saying, "check to see if your processor is a little bit sluggish and if so you could be pwned and basically nothing stops it but you better patch up." And the advice is to patch and make sure you have security programs. Srsly? We all know that what security is out there isn't configured to stop the worst threats, and much of it can't stop the worst ones at its best settings. Besides, governments have watchdogs to guarantee that officials are held accountable for their actions. So who holds Microsoft accountable for its actions and can guarantee that M$ patches are adequate? I hate that we have to trust M$'s patches to fix problems which appear to me to be so deeply rooted in an inadequate overall design strategy from the company in the first place. In my opinion and in the every sense, trusting a company that makes invisible products is a BAD idea. We need a link into the internals of MS Windows so that the program can be properly reviewed (and the decisions and responses of Microsoft) and analytically criticized. I think almost everyone agrees that there are chronically poor policy choices from M$ in Windows 10 and back all the way to Win 95.</p><p></p><p>Back to CFW and security, if your security program doesn't crash and isn't bypassed, maybe you are protected. This is true of CFW and other Comodo stuff in a fairly serious way. The simplicity of cruelsister's settings are the biggest strength of them I guess I would say and address this problem mostly. Comodo has fewer opportunities to crash, since it's not being expected to remember anything.</p></blockquote><p></p>
[QUOTE="AtlBo, post: 632524, member: 32547"] One key thing about memory exploits based only on my limited understanding is that they can only exist for as long as the application they are attached to is open (without some permanent presence on the system). There could be a number of limitations on working code in the memory space of another process I suppose, but I am curious why so many malware programs contact the internet for a dropper. In the end, I think true fileless requires vulnerabilities in security software and in the application whose space is being hijacked. On this topic, I have a rant. All of this brings into perspective how little we are getting about the actual code behind malware from official sources (so we can know what we need from security) such as online computer news sources and so on. Most of the advice that is presented is useless and amounts to "patch and pray". Thanks to [USER=52613]@DardiM[/USER] and the others on the malware analysis end of things at MTs and all they are doing to expose malicious coding practices to the outside world. I hope someone can find a way to link the results of work such as theirs to us out here is the outside world in a way that helps us make good decisions and that reaches mainstream news sources with a higher competency for instructing computer users. A little bit on how little we get from news and expert sources. For example, information on adylkuzz was so sketchy and the same is true with information on wannacry: [URL='https://malwaretips.com/threads/adylkuzz-the-new-virus-that-follows-in-wannacry%E2%80%99s-footsteps.71731/']Security Alert - Adylkuzz, the new virus that follows in WannaCry’s footsteps[/URL] and the Pandasecurity.com link, which basically brags for the hackers was almost identical to everything else on the net about both these malware attacks: [URL='http://www.pandasecurity.com/mediacenter/malware/adylkuzz-new-virus-wannacry/']Adylkuzz, the new virus that follows in WannaCry's footsteps - Panda Security[/URL] To fight this malware, more or less I feel like the experts are saying, "check to see if your processor is a little bit sluggish and if so you could be pwned and basically nothing stops it but you better patch up." And the advice is to patch and make sure you have security programs. Srsly? We all know that what security is out there isn't configured to stop the worst threats, and much of it can't stop the worst ones at its best settings. Besides, governments have watchdogs to guarantee that officials are held accountable for their actions. So who holds Microsoft accountable for its actions and can guarantee that M$ patches are adequate? I hate that we have to trust M$'s patches to fix problems which appear to me to be so deeply rooted in an inadequate overall design strategy from the company in the first place. In my opinion and in the every sense, trusting a company that makes invisible products is a BAD idea. We need a link into the internals of MS Windows so that the program can be properly reviewed (and the decisions and responses of Microsoft) and analytically criticized. I think almost everyone agrees that there are chronically poor policy choices from M$ in Windows 10 and back all the way to Win 95. Back to CFW and security, if your security program doesn't crash and isn't bypassed, maybe you are protected. This is true of CFW and other Comodo stuff in a fairly serious way. The simplicity of cruelsister's settings are the biggest strength of them I guess I would say and address this problem mostly. Comodo has fewer opportunities to crash, since it's not being expected to remember anything. [/QUOTE]
Insert quotes…
Verification
Post reply
Top