Do we actually need so many security programs?

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
That's how your SYSTEM gets spanked. You can thank Microsoft for it.

And just a FYI, that script does not need to run for Windows to function correctly.

AppGuard will block it.
But Appguard at default settings would let it do its thing, right? Just for the record...
 
  • Like
Reactions: oldschool

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Because Windows 10 is now a perpetual beta, breakages and conflicts are Microsoft's doing and not anyone else's.

.....However, for other 3rd-party softs such as Sandboxie, it is an ongoing struggle.

For the past two Windows, Sandboxie is "perpetual" beta, v. 5.27.1 to be precise. The day Windows does not play nicely with Sandboxie is the day I look at stopping updates for Windows 10 or moving to a friendler operating system. No Microsoft monopolies on here. Now I begin to understand why people get so tired of their favorite longtime third party software suddenly not happening on Windows 10. (Hey, bo elam has the right idea. :giggle:)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Some security softs survive better. Sandboxie takes it on the chin, but AppGuard and ReHIPS are pretty resilient.
Sometimes, AppGuard needs a little configuring to fit in with Windows changes, but that's about it.
 
  • Like
Reactions: Local Host and plat

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Indeed, after running the Hard_Configurator tool to reveal autoruns, I got this result, on Windows 10 1809:
SCRIPT AUTORUNS REPORT DATE (Y:M:D H:M): 2018:11:05 10:35
@@@@@ Script Autoruns:
c:\windows\system32\gathernetworkinfo.vbs

It's a VBS script run by Windows, with system privileges. It will not be blocked by SRP or by ReHIPS, because it is run by SYSTEM, but it will be blocked by some other solutions.
For rehips change sub program to alert for script you wish to block on system account. Though if the malware has system privileges it's already game over normally if the malware is not terrible or you are targetted.
If the script is signed by a trusted vendor it will not matter if you don't set it as block.
 
Last edited:
D

Deleted Member 3a5v73x

Guys you talk like suddenly people from AV's will switch to SRPs, it's not going to happen. Security geeks can run whatever they want, while McAfee will still be automatically recharging from elder credit cards every year. Nothing in home security industry will change if people will not be willing to change themselves.
 
D

Deleted member 178

Right. I like the ReHIPS default settings, in which SYSTEM allows it to run, and inspects children.
Everyone has his favorite cup of tea, mine is ReHips on Expert + Lockdown mode, for unexpected but legit blocks, i modify the rule via the interactive logging tab.
 
L

Local Host

Guys you talk like suddenly people from AV's will switch to SRPs, it's not going to happen. Security geeks can run whatever they want, while McAfee will still be automatically recharging from elder credit cards every year. Nothing in home security industry will change if people will not be willing to change themselves.
People don't need security software in home security, they need safe habits.
 

128BPM

Level 2
Verified
Feb 21, 2018
90
if your usually safe site/program/mail contact is compromised, only a security soft will save you.

I wonder if the safe habits argument is a myth, do you remember the ccleaner case? I think that in a scenario like that, only post-exploit security software could save us, e.g. OSArmor.
 
  • Like
Reactions: oldschool
L

Local Host

I wonder if the safe habits argument is a myth, do you remember the ccleaner case? I think that in a scenario like that, only post-exploit security software could save us, e.g. OSArmor.
I can assure you it's not a myth, as I ran Windows without any security software for over 10 years, and never got infected nor accounts stolen.

In fact the closest I got to accounts stolen, is when the websites themselves are compromised (which is exactly what Umbra said). Not that worries me, as I use 64-bit different passwords in all the websites ¯\_(ツ)_/¯

PS: As for the CCleaner case, you should block software that doesn't Internet connection in the Firewall, that is also a safe habit (it even helps you get rid of forced telemetry).
 
Last edited:
E

Eddie Morra

I wonder if the safe habits argument is a myth, do you remember the ccleaner case? I think that in a scenario like that, only post-exploit security software could save us, e.g. OSArmor.
Situations like the one with CCleaner are impossible situations.

Trying to prepare to defend against attacks which will be coming through rogue updates which are unknown of for genuine and popular software is an impossible solution. You can block automatic updates and wait X amount of time before allowing them in or use a firewall to restrict network access but specifically going out of your way to try and form some cocktail combination of paranoia real-time defence usually never does any good... it just teaches you to be more paranoid the next day and get unreal expectations that your configuration cannot be beaten, when in reality it can.

Every single online company can be attacked by an attacker one way or another... it is simply a guessing game on how long it will take for it to happen or be identified once the breach has already happened. There's always someone better than you out there... faster, smarter, experienced and patient.

It goes without saying that piling on security software increases the risk of compatibility issues and more vulnerabilities being introduced - like with anything else.
 
E

Eddie Morra

In fact the closest I got to accounts stolen, is when the websites themselves are exploited and hacked. Not that worries me, as I use 64-bit different passwords in all the websites
Let me guess... you then changed the password after the notifications/news and any other necessary account information, and it didn't put any of your other accounts for other services in danger, because you don't re-use the same password across services?

If only more people bothered to do these things... e-mail accounts wouldn't still be getting compromised because of credential dumps from service breaches that happened 3 years ago! But... here we are.
 
D

Deleted member 178

I wonder if the safe habits argument is a myth, do you remember the ccleaner case? I think that in a scenario like that, only post-exploit security software could save us, e.g. OSArmor.
Safe habits is just one part of a proper security strategy, like a good driver in a well maintained car is less prone to create accidents.

A post-exploitation soft will probably save the poor user, but if properly configured.
Sadly many people add tons of redundant apps/extensions left at default settings, instead of just using one or two ideally configured.

I kept saying here to stop stockpiling but instead learn how to configure and use what you have.

I see some guys being proud about wasting lot of money on dozen apps when just one properly configured would suffice.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top