- Jul 3, 2015
- 8,153
That's what I was gonna ask you, but I shut my mouth.
Must be bad leadership or something.
Do we actually need so many security programs?
- Thread starter bribon77
- Start date
Must be bad leadership or something.
They just need to put up some signs that say "Go around !".
ПоЙдите вокруг !
Gehen Sie herum !
Обійти !
Jít kolem !
Ísť okolo !
Iet apkārt !
:X3:
Thanks for the test Andy, do you know if there is a plan to release MKSV in English?
Thank you very much.
- Jul 3, 2015
- 8,153
But in Polish, it should say, "Go drown yourself in the Baltic Sea!"
- Mar 29, 2018
- 7,596
World's 1st constitution - 3 May, 1791. But oh, so short-lived! The suffering they have endured!
- Jul 3, 2015
- 8,153
Fascinating. I never heard about that. Americans think they have a copyright on democracy.
- Oct 22, 2016
- 409
Nope. That copyright belongs to the ancients. Every American schoolchild is taught this fact. Whether or not that schoolchild pays attention is a different matter.
- Dec 12, 2013
- 542
Constitution of 3 May 1791 - Wikipedia
@Lockdown
I can't uderstand your words
"They just need to put up some signs that say "Go around !". "
- May 1, 2018
- 229
Maybe Poland is not a big country, but it is amiable and fierce.
When other countries gave up, Poland fought. It's just a few times we were erased from the map of Europe - because we always came back
The history of my country is complicated. On the one hand, full of tragedy on the other hand, great. For this I do not even expect anyone to understand it here.
I wonder why a good product from Poland caused such comments.
Politics is a different subject to me and there is no reason to mix MKS with politics.
It does not matter which country the AV comes from, it is important that it is effective and it is rife what to do
When other countries gave up, Poland fought. It's just a few times we were erased from the map of Europe - because we always came back
The history of my country is complicated. On the one hand, full of tragedy on the other hand, great. For this I do not even expect anyone to understand it here.
I wonder why a good product from Poland caused such comments.
Politics is a different subject to me and there is no reason to mix MKS with politics.
It does not matter which country the AV comes from, it is important that it is effective and it is rife what to do
- Dec 23, 2014
- 8,484
Test continuation with script trojan-downloaders.
The testing scripts adopted 7 different methods of downloading files and 8 different methods of executing files from scripts. I used VBScript and PowerShell.
The test was done on Windows 8 in a VM, because on Windows 10 I use ShadowDefender, which is incompatible with F-Secure Safe.. If I correctly remember, F-Secure Safe has not yet adopted AMSI, so the result for Windows 10 should be the same.
F-Secure Safe
Anyway, DeepGuard is not effective for blocking script trojan downloaders.
The testing scripts adopted 7 different methods of downloading files and 8 different methods of executing files from scripts. I used VBScript and PowerShell.
The test was done on Windows 8 in a VM, because on Windows 10 I use ShadowDefender, which is incompatible with F-Secure Safe.. If I correctly remember, F-Secure Safe has not yet adopted AMSI, so the result for Windows 10 should be the same.
F-Secure Safe
- Only one PowerShell sample was blocked by DeepGuard. The System.Net.WebClient class was blocked and could not download the payload. The rest of PowerShell methods were not blocked either by DeepGuard nor by the static detection. The static detection of PowerShell samples was slightly worse as compared to BitDefender. It seems that BitDefender uses a different heuristics.
- Yet, when the same code was transferred to VBScript which ran PowerShell, then DeepGuard did not detect System.Net.WebClient, and the payload was successfully executed.
- The 50% of VBScript samples were blocked by static detection (similar detection as for BitDefender). No DeepGuard detection for VBScript, at all. Next, I turned off the real-time AV scanning, and left DeepGuard active, but the result did not change - only the sample from point 1. was blocked.
Anyway, DeepGuard is not effective for blocking script trojan downloaders.
Last edited:
This is no surprise - at least those of us who know what to generally expect.
If a person expects AV\IS, AMSI and ASR to stop malicious scripts and in-memory attacks, then their expectations are unrealistic.
Despite marketing efforts, claims and some limited AV test lab results... all AV\IS, AMSI and ASR remain ineffective against interpreter and sponsor attacks.
The only sure what to protect a system is to disable interpreters and sponsors in all accounts.
If a person expects AV\IS, AMSI and ASR to stop malicious scripts and in-memory attacks, then their expectations are unrealistic.
Despite marketing efforts, claims and some limited AV test lab results... all AV\IS, AMSI and ASR remain ineffective against interpreter and sponsor attacks.
The only sure what to protect a system is to disable interpreters and sponsors in all accounts.
- Dec 23, 2014
- 8,484
I know very little about the development of mks_Vir. No idea about English version.
- May 16, 2018
- 1,363
Going back to the very beginning....
Discuss: Do we actually need so many security programs?
Yes, we do.
If one does not stack enough security 'solutions' together such that you experience major software conflicts and/or slowdowns ---- you are not trying hard enough.
Always remember -- More is Better.
Discuss: Do we actually need so many security programs?
Yes, we do.
If one does not stack enough security 'solutions' together such that you experience major software conflicts and/or slowdowns ---- you are not trying hard enough.
Always remember -- More is Better.
I can tell about my experience with CCleaner attack
I had v5.33 (affected version) for a few weeks, during that time, I noticed my comodo firewall was blocking some random inbound connections, which I had never seen before
So I guess CF partially protected me from that attack, not very sure though
Since I updated to the newer version, those inbound connections disappeared
Kaspersky has network attack blocker, which worked for me in a few occasions but I didn't use KIS during that time so I can't confirm if it could prevent ccleaner attack or not
I had v5.33 (affected version) for a few weeks, during that time, I noticed my comodo firewall was blocking some random inbound connections, which I had never seen before
So I guess CF partially protected me from that attack, not very sure though
Since I updated to the newer version, those inbound connections disappeared
Kaspersky has network attack blocker, which worked for me in a few occasions but I didn't use KIS during that time so I can't confirm if it could prevent ccleaner attack or not
The CClenaer "attack" would only work on 32 bit systems.
- Jul 3, 2015
- 8,153
I agree. My computer is not slow enough. I think I need to add something to my security config.
- May 4, 2018
- 2,261
Script blocking could be a vital part of security going forward.
~LDogg
~LDogg
- Oct 22, 2016
- 409
It would be interesting and useful to post instructions to disable interpreters and sponsors, even without the use of SysHardener or Hard Configurator.
Vital protections against malicious scripts and post-exploits are at least a decade behind the 8 Ball.
The future (going forward) is now.
People have been on the vendors about this topic forever.
Use this as a general rule... effective management against specific threats takes approximately 10+ years. The first ransomware attack was documented in 1989. In the early 2000s ransomware became a prevalent attack. Not until the past year or two have vendors rolled out effective anti-ransomware protections. So, depending upon how you look at it, they're 15 to 20+ years behind the 8 Ball.
SRP\default deny has been around from the beginning. It has never been behind the 8 Ball.
Last edited by a moderator:
Similar threads
