Do we actually need so many security programs?
- Thread starter bribon77
- Start date
- Dec 23, 2014
- 8,484
That's how your SYSTEM gets spanked. You can thank Microsoft for it.
And just a FYI, that script does not need to run for Windows to function correctly.
AppGuard will block it.
- Jul 3, 2015
- 8,153
But Appguard at default settings would let it do its thing, right? Just for the record...
For the past two Windows, Sandboxie is "perpetual" beta, v. 5.27.1 to be precise. The day Windows does not play nicely with Sandboxie is the day I look at stopping updates for Windows 10 or moving to a friendler operating system. No Microsoft monopolies on here. Now I begin to understand why people get so tired of their favorite longtime third party software suddenly not happening on Windows 10. (Hey, bo elam has the right idea.
)
- Jul 3, 2015
- 8,153
Some security softs survive better. Sandboxie takes it on the chin, but AppGuard and ReHIPS are pretty resilient.
Sometimes, AppGuard needs a little configuring to fit in with Windows changes, but that's about it.
Sometimes, AppGuard needs a little configuring to fit in with Windows changes, but that's about it.
There is no default-setting in Appguard (and other SRPs) , you are supposed to implement your own policy right away when you use it, those that let it at default missed the whole point of SRPs.
Better for them to use an AV then.
- Jul 3, 2015
- 8,153
You are right, but nevertheless, the default config does a lot. Slap that on a system, and it is much better protected than before.
- Nov 19, 2014
- 2,350
For rehips change sub program to alert for script you wish to block on system account. Though if the malware has system privileges it's already game over normally if the malware is not terrible or you are targetted.Indeed, after running the Hard_Configurator tool to reveal autoruns, I got this result, on Windows 10 1809:
SCRIPT AUTORUNS REPORT DATE (Y:M
@@@@@ Script Autoruns:
c:\windows\system32\gathernetworkinfo.vbs
It's a VBS script run by Windows, with system privileges. It will not be blocked by SRP or by ReHIPS, because it is run by SYSTEM, but it will be blocked by some other solutions.
If the script is signed by a trusted vendor it will not matter if you don't set it as block.
Last edited:
Guys you talk like suddenly people from AV's will switch to SRPs, it's not going to happen. Security geeks can run whatever they want, while McAfee will still be automatically recharging from elder credit cards every year. Nothing in home security industry will change if people will not be willing to change themselves.
- Jul 3, 2015
- 8,153
Right. I like the ReHIPS default settings, in which SYSTEM allows it to run, and inspects children.
Everyone has his favorite cup of tea, mine is ReHips on Expert + Lockdown mode, for unexpected but legit blocks, i modify the rule via the interactive logging tab.
People don't need security software in home security, they need safe habits.
I would say yes and no.
Despite safe habits, if your usually safe site/program/mail contact is compromised, only a security soft will save you.
I wonder if the safe habits argument is a myth, do you remember the ccleaner case? I think that in a scenario like that, only post-exploit security software could save us, e.g. OSArmor.
I can assure you it's not a myth, as I ran Windows without any security software for over 10 years, and never got infected nor accounts stolen.
In fact the closest I got to accounts stolen, is when the websites themselves are compromised (which is exactly what Umbra said). Not that worries me, as I use 64-bit different passwords in all the websites ¯\_(ツ)_/¯
PS: As for the CCleaner case, you should block software that doesn't Internet connection in the Firewall, that is also a safe habit (it even helps you get rid of forced telemetry).
Last edited:
Situations like the one with CCleaner are impossible situations.
Trying to prepare to defend against attacks which will be coming through rogue updates which are unknown of for genuine and popular software is an impossible solution. You can block automatic updates and wait X amount of time before allowing them in or use a firewall to restrict network access but specifically going out of your way to try and form some cocktail combination of paranoia real-time defence usually never does any good... it just teaches you to be more paranoid the next day and get unreal expectations that your configuration cannot be beaten, when in reality it can.
Every single online company can be attacked by an attacker one way or another... it is simply a guessing game on how long it will take for it to happen or be identified once the breach has already happened. There's always someone better than you out there... faster, smarter, experienced and patient.
It goes without saying that piling on security software increases the risk of compatibility issues and more vulnerabilities being introduced - like with anything else.
Let me guess... you then changed the password after the notifications/news and any other necessary account information, and it didn't put any of your other accounts for other services in danger, because you don't re-use the same password across services?
If only more people bothered to do these things... e-mail accounts wouldn't still be getting compromised because of credential dumps from service breaches that happened 3 years ago! But... here we are.
Safe habits is just one part of a proper security strategy, like a good driver in a well maintained car is less prone to create accidents.
A post-exploitation soft will probably save the poor user, but if properly configured.
Sadly many people add tons of redundant apps/extensions left at default settings, instead of just using one or two ideally configured.
I kept saying here to stop stockpiling but instead learn how to configure and use what you have.
I see some guys being proud about wasting lot of money on dozen apps when just one properly configured would suffice.
Similar threads
