- May 31, 2017
- 1,742
Close enough for me .This is the job of network protection tools. They should block EB to propagate through the network.
Because DP was already in a machine ("patient zero") on the network, the point is not letting it get into the network in the first place.
Many products are able to block the execution of the container (if any) that will deliver EB-DP in the network.
If you can block the the container to be executed in the "patient zero" , EB-DP can't infect the machine and the rest of the network. that is very simple.
All infections start from either a container or via a weak network.
During the Wanacry crisis, we have no evidences how DP/Wanacry was able to get in those networks around the world.
All attack start by the same basic patterns :
- via a browser exploit
- via a file being downloaded in a machine (email/torrent/usb)
- via a weakness of the network (open or misconfigured ports, etc...)
if you can mitigate those 3, nothing can get in your machine. So you won't care of any malware.
That is my belief, it is why i use SRP/Anti-exe/sandboxes/anti-exploits, a FW + NAT router ; to prevent all my machines to be the Patient Zero.
Unfortunately , Average Joe can't say the same...
Yeah, I agree the attack vector is extremely important to consider. But at this point, no one knows what all really happened, and all we know is that it spread like wildfire.
Besides, if the definition of SRP is: Software Restriction Policies (SRP) is Group Policy-based feature that identifies software programs running on computers in a domain, and controls the ability of those programs to run.
If DP was allowed to execute, then SRP did not control the ability for it to run, correct?
Or to put is another way, you would prefer that any given SRP solution blocks DP and its hacker tools, correct?
I'll drink to that (and to Tiny's response ). Thank you guys!I think this thread (along with those of CS) is one of those where I've learned more. The "quarrels", if constructive as in this case, teach many more things than other threads. So thanks Umbra and Dan. Really!
I ran a lot of test, and approximately 70-80% failed to stop the DP installation... no matter how I adjusted the settings, so overall the results were dismal.I would love to see that same test (that Dan did) on machine with Comodo Firewall @cruelsister settings.
Please...
In the interest of limiting the drama as much as possible, it is best to wait for the final MRG report.
If it is made crystal clear that this is an issue that all security vendors should address immediately, then I might consider releasing the other results from my tests. But please keep in mind, VS is not a testing lab.
Basically, the discussion got way out of hand as it was, and I do not want to start a holy war .
I just wanted people to be aware of the issue, and to be as concerned as MRG obviously is.
Last edited by a moderator: