Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Emsisoft Anti Malware (default) vs Ransominator
Message
<blockquote data-quote="Fabian Wosar" data-source="post: 876905" data-attributes="member: 24327"><p>Same. We generally don't make changes unless it is genuine ransomware seen in the wild. This is what the ransomware landscape looks like at the moment:</p><p></p><p>For home users, the only relevant ransomware threat is STOP! and on occasion ransomware produced by either free or leaked generators (Xorist, Scarab being the main ones). STOP! in particular, will arrive bundled in pirated software setups. Pirates will usually just ignore their AV anyway, as a lot of cracks will also trigger alerts and warnings. None of these ransomware families will pose any issues to any AV out there.</p><p></p><p>For enterprise users, the ransomware is deployed after attackers already gained control over the network or system. The protection software used is completely irrelevant, as attackers will just deactivate any protection software by just clicking allow or by using the central management dashboards that are usually also used to deploy the ransomware to all endpoints at once seconds before the actual attack took place.</p><p></p><p>So the "use case" a lot of ransomware PoCs test doesn't even exist anymore, which is why a lot of security companies stopped caring about them. Paradoxically, detecting and preventing bots on the local network is far, far more important for preventing ransomware than actually preventing the ransomware, as the ransomware comes so late in the attack chain that at that point the security software is already compromised/deactivated.</p><p></p><p></p><p>It has never happened. They turned "either share the samples or don't bother testing as we can't do anything based on a video" into "they prohibit me to test them!" There is no way we could prevent anyone from testing our products in the first place, as in most countries reviews and criticism are covered by freedom of expression.</p></blockquote><p></p>
[QUOTE="Fabian Wosar, post: 876905, member: 24327"] Same. We generally don't make changes unless it is genuine ransomware seen in the wild. This is what the ransomware landscape looks like at the moment: For home users, the only relevant ransomware threat is STOP! and on occasion ransomware produced by either free or leaked generators (Xorist, Scarab being the main ones). STOP! in particular, will arrive bundled in pirated software setups. Pirates will usually just ignore their AV anyway, as a lot of cracks will also trigger alerts and warnings. None of these ransomware families will pose any issues to any AV out there. For enterprise users, the ransomware is deployed after attackers already gained control over the network or system. The protection software used is completely irrelevant, as attackers will just deactivate any protection software by just clicking allow or by using the central management dashboards that are usually also used to deploy the ransomware to all endpoints at once seconds before the actual attack took place. So the "use case" a lot of ransomware PoCs test doesn't even exist anymore, which is why a lot of security companies stopped caring about them. Paradoxically, detecting and preventing bots on the local network is far, far more important for preventing ransomware than actually preventing the ransomware, as the ransomware comes so late in the attack chain that at that point the security software is already compromised/deactivated. It has never happened. They turned "either share the samples or don't bother testing as we can't do anything based on a video" into "they prohibit me to test them!" There is no way we could prevent anyone from testing our products in the first place, as in most countries reviews and criticism are covered by freedom of expression. [/QUOTE]
Insert quotes…
Verification
Post reply
Top