The instructions are posted here and all over the internet.
Want a fast and dirty way to disable something ? Navigate to a file, rename it, and append the _ character to the file name - e.g. wscript.exe_ .
The smartest way to disable stuff is SRP.
Do we actually need so many security programs?
- Thread starter bribon77
- Start date
The instructions are posted here and all over the internet.
Want a fast and dirty way to disable something ? Navigate to a file, rename it, and append the _ character to the file name - e.g. wscript.exe_ .
The smartest way to disable stuff is SRP.
- May 13, 2017
- 2,630
Symantec still offers the download of noscript, but not that publicly anymore, since it works, so people might not need to buy theirs AV then.
Code:
http://www.symantec.com/avcenter/noscript.exe
- May 1, 2018
- 229
That's what I expected from F-Secure, but I wanted to make sure there would not be a surprise
- Dec 23, 2014
- 8,484
A few words about the idea of many security programs and script blocking.
I did some tests to show, that generally, AV vendors did not solve the malicious scripts problem. So, it would be reasonable for the home user to block the script execution by the external tool or by the reg tweak. Script interpreters can be also renamed, but that can be reverted by the system, for example, after a major update.
I used very simple and very special scripts, so from the fact that particular AV blocked all my samples does not follow that it has got a great anti-script protection. In fact, all my samples could be blocked just by the proper firewall rules. The opposite reasoning can be more sound, because if the AV cannot mitigate such simple scripts (commonly used in the wild), then it has not got a great anti-script protection.
I did some tests to show, that generally, AV vendors did not solve the malicious scripts problem. So, it would be reasonable for the home user to block the script execution by the external tool or by the reg tweak. Script interpreters can be also renamed, but that can be reverted by the system, for example, after a major update.
I used very simple and very special scripts, so from the fact that particular AV blocked all my samples does not follow that it has got a great anti-script protection. In fact, all my samples could be blocked just by the proper firewall rules. The opposite reasoning can be more sound, because if the AV cannot mitigate such simple scripts (commonly used in the wild), then it has not got a great anti-script protection.
- Dec 23, 2014
- 8,484
The layered security is a good idea on the stable, non-changing system. There are some, like Windows XP, Windows Vista, and Windows 8. The user can experiment on such a system to adjust the layered security based on 3rd party security applications.
But, I do not believe that this would be a good idea on Windows 10, when 3rd party real-time security applications are used for that. Even when using only Windows built-in features, the user can be faced with some problems.
Personally, I like the below idea:
For the layered security, use Windows built-in features as much as it is reasonable. Do not use 3rd party solution, if the problem is solved already by Windows built-in feature.
If you have something like KIS, do not install 3rd party security applications, but learn how to tweak KIS and learn how to avoid its weak points. Usually, you can also adopt Windows built-in features.
Last edited:
Security config:
HIPS + sandbox + AV + firewall + 2nd AV + 7 browser extensions + desktop adblocker + DNS filtering + DNS encryption + VPN + rollback + backup + anti-executable =
Oh and I forgot all the other apps I collect... PDF reader, office suite, video player, games, 1000s of vids, etc, etc, etc.
I'm lucky my system doesn't fall right through the floor it is downloaded so heavily. Heavier than a battleship. 75 programs installed...
HIPS + sandbox + AV + firewall + 2nd AV + 7 browser extensions + desktop adblocker + DNS filtering + DNS encryption + VPN + rollback + backup + anti-executable =
Oh and I forgot all the other apps I collect... PDF reader, office suite, video player, games, 1000s of vids, etc, etc, etc.
I'm lucky my system doesn't fall right through the floor it is downloaded so heavily. Heavier than a battleship. 75 programs installed...
- Dec 23, 2014
- 8,484
This proggie has to be run with admin rights to work. If not, then you will see the message that scripts are disabled, but in fact they are not. It was probably not intended to be run as a standalone tool.Symantec still offers the download of noscript, but not that publicly anymore, since it works, so people might not need to buy theirs AV then.
Code:http://www.symantec.com/avcenter/noscript.exe
This tool can simply rename the file associations for the script files. For example, disabling the *.vbs scripts is done as follows:
The Windows default key name:
HKLM\SOFTWARE\Classes\VBSFile
The key renamed by Symantec:
HKLM\SOFTWARE\Classes\VBSFile.SymantecDisabled
Yet, this cannot prevent script execution via the below command:
C:\Windows\system32\wscript.exe /e:vbscript path_to_script
Last edited:
- Dec 12, 2013
- 542
@Andy Ful
And what about Script Defender (AnalogX)?...it's quite old tool but it can be still valid on Windows 7...maybe even higher?
System Downloads : Script Defender /// AnalogX
Could you test it?
And what about Script Defender (AnalogX)?...it's quite old tool but it can be still valid on Windows 7...maybe even higher?
System Downloads : Script Defender /// AnalogX
Could you test it?
- Dec 23, 2014
- 8,484
This tool can change the file associations in a slightly different way, so instead of wscript.exe the sdefend.exe (from the application folder) is used to open scripts. The executable sdefend.exe can ask if the script has to be run or blocked. The tool can be bypassed by using the command lines, for example (*.vbs scripts):
C:\Windows\system32\wscript.exe /e:vbscript path_to_script
and also
C:\Windows\system32\cscript.exe path_to_script
Last edited:
- Mar 29, 2018
- 7,596
This is the idea that makes the most sense to me, with W10 changing so often.
- Dec 23, 2014
- 8,484
Back to the layered protection with several applications. Do MT members need additional tools for anti-script protection over the standard AV?
Let's suppose that the user has the below setup on Windows 10 (home environment with a NAT router):
Let's suppose that the user has the below setup on Windows 10 (home environment with a NAT router):
- Default Windows settings + Standard AV based on signatures and heuristics.
- No installed MS Office and Adobe Acrobat applications + updated software.
- Explorer set to show file extensions + the basic knowledge about entries in the Type column.
- Basic knowledge, that most files used for installing applications and sharing files with other people, have the above extensions: .exe, .msi (installers), .docx, .xlsx, .pub, .pptx, .accdb (MS Office), .pdf (Adobe), .mobi, .epub, .azw (ebooks), .png, .jpg (photos), .mp3, .wma, .flv, .wmv, .mp4, .avi, .mkv (music and video), .zip (archive).
- All other file extensions should be considered as suspicious, except if the user expects such a file and know the application that opens it. Especially suspicious are of course the files wit a double extensions (.docx.exe , .jpg.scr, .mp3.js, etc.)
- UAC set to max and enabled SmartScreen.
- Safe web browser (Edge, Chrome, ...).
Last edited:
Disable the script interpreters if you don't need them enabled. Scripts issue solved in 5s.
A user that knows all of the above of course anti-scriptor is not needed, but you have to remember the amount and level of irrational paranoia here on the forums. Not to mention the rampant addiction of playing with security softs just for the sake of having something to play with.
Anyway... Microsoft itself (it's security division) advises that IT Pros disable a whole list of things if they aren't needed. So if they tell that to IT Pros, then it is doubly true for home users. It's not the home users' fault that Microsoft is negligent in properly informing and protecting consumers.
- Dec 23, 2014
- 8,484
If you do not need two bicycles, then sell the second one. It will be easier to keep an eye on the first.
- Dec 23, 2014
- 8,484
That is right.
There is also another kind of paranoia in restricting the system without understanding the consequences. It can be as dangerous as using several security applications.
It is reasonable to sell one of the two bicycles if you only need one. But, it is not reasonable to sell two bicycles, because it can be done and someone did so, successfully. I have observed such tendention on the threads of SysHardener, OSArmor, and Hard_Configurator. Especially dangerous can be restrictions applied via the several reg tweaks, because after some time the users often forget what had been restricted. Also, some of them do not even know, how to revert the restrictions.
Last edited:
- Jul 3, 2015
- 8,153
Yup.
I ran SysHardener several times, with different sets of tweaks, and also Hard_Configurator, plus a few of my own manual system tweaks, and I got to the point that I wasn't sure I knew what my settings really were anymore, so I did a Windows Reset.
- May 29, 2018
- 2,728
Just download ram from the internet, and youre fine
- Dec 23, 2014
- 8,484
What an excelent idea of the layered protection:
Comodo Firewall (set to Anti-exe) + Windows Defender + WD Network Protection + Adguard DNS + VPN.AC (VPN + DNS encryption) + RollBack Rx PRO + Macrium Reflect + 7 extensions (Grammarly, Word Online, Excel Online, PowerPoint Online, DNS over HTTPS, Enhancer for YouTube3, Netcraft, Canvas Defender).
Many MT members would love it.
It depends on what security you need. For computer, you only need one service because if you have multiple anti virus installed, it may disrupt your computer.
There are web application firewall for websites which is different kind of security.
There are web application firewall for websites which is different kind of security.
- Oct 22, 2016
- 409
Similar threads
