5
509322
In the home environment, the fileless attack can start mostly when the user opens something with embedded malicious content (web page, document, etc.). So, the first defense line should not be Anti-Exe, memory monitoring, and some other advanced security features but rather reducing the attack vectors:
There are surely some more. The stronger is using default-deny solution. The Enterprises have to use something like ATP, because they cannot adopt such solutions like points 4, 5 and 6. and they are much more vulnerable via network attacks and generally via targetted attacks.
- Safe web browser with sandboxing.
- Anti-spam software.
- Safe DNS (anti-phishing, anti-malware, anti-adware URL blocking) or web filtering via web browser extension.
- Avoiding the commonly abused software (MS Office, Adobe Acrobat Reader, etc.) or blocking the active content (at least) for viewing documents.
- Blocking script engines.
- Updating the system and software.
- Using trusted software portals to install applications.
Enterprises certainly can do 4, 5 and 6 - more or less. Microsoft has given them ways to do it and they have options other than Microsoft available to them. Some just don't or refuse to do it. I see it all the time.
There is no reason to allow script engines to run full-time in most commercial settings.
The objections are invariably... "We don't want to change", "It will cost money", "It will be inconvenient", "It is too much work", etc, etc. For the exceptional cases, these objections are just objecting for objection's sake. It is all about willingness - as opposed to what will work without major inconvenience.
Just remember... these enterprises that object so much have your personal data on their systems.