Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Dr.Web Security Space - Prevention Protection - ransomware test
Message
<blockquote data-quote="Wave" data-source="post: 590270"><p>You don't need to worry about malware bypassing Shadow Defender, the chances of it happening are very slim. However, it is not safe to use Shadow Defender for malware testing on your main system... Problems such as identity theft can still occur, and if you have VPN running then malware will still be able to intercept it's functioning and disable it remotely. For example, the changes are reverted by Shadow Defender, however programs can still manipulate the memory of other programs and prevent things from functioning properly - since it can do this, it can still perform actions such as steal information (data theft) from other software and access other information related to browser history, etc.</p><p></p><p>It is much safer for you to work with a Virtual Machine, where the VM is designed to only be used for malware testing - no personal information stored on it, no personal important documents, etc. </p><p></p><p></p><p>Norton Sonar works based on monitoring the execution flow of the program being executed and monitored - sadly they just are unable to create an identification system for CTB-Locker; it's more difficult than you think and a lot of testing has to be done when developing these sort of behavioral components since the last thing you want is to end up a bunch of false positive detection's flagging up on your customers systems. A better alternate would be for them to implement a proper anti-ransomware component which: identifies suspicious file modification attempts, and blocks off the Master Boot Record from modification via a device driver to prevent ransomware samples like Petya or general bootkits.</p></blockquote><p></p>
[QUOTE="Wave, post: 590270"] You don't need to worry about malware bypassing Shadow Defender, the chances of it happening are very slim. However, it is not safe to use Shadow Defender for malware testing on your main system... Problems such as identity theft can still occur, and if you have VPN running then malware will still be able to intercept it's functioning and disable it remotely. For example, the changes are reverted by Shadow Defender, however programs can still manipulate the memory of other programs and prevent things from functioning properly - since it can do this, it can still perform actions such as steal information (data theft) from other software and access other information related to browser history, etc. It is much safer for you to work with a Virtual Machine, where the VM is designed to only be used for malware testing - no personal information stored on it, no personal important documents, etc. Norton Sonar works based on monitoring the execution flow of the program being executed and monitored - sadly they just are unable to create an identification system for CTB-Locker; it's more difficult than you think and a lot of testing has to be done when developing these sort of behavioral components since the last thing you want is to end up a bunch of false positive detection's flagging up on your customers systems. A better alternate would be for them to implement a proper anti-ransomware component which: identifies suspicious file modification attempts, and blocks off the Master Boot Record from modification via a device driver to prevent ransomware samples like Petya or general bootkits. [/QUOTE]
Insert quotes…
Verification
Post reply
Top