Q&A Firewall Control notifications - How common is it for malware to be digitally signed?

Templarware

Level 7
Thread author
Verified
Well-known
Mar 13, 2021
319
I started using Malwarebytes Firewall Control. I'm thinking that "Learning mode" is good for 24/7 usage? Because it's already better than Windows's default, which allows ALL outbound connections.

1617983375737.png


But I'm wondering, how common is it for malware to be digitally signed?
 
Last edited:

Gandalf_The_Grey

Level 61
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
5,009
Wow MalwareBytes acquired Binisoft in 2018 who knew. (y)
I did know that :D
A lot of info and contact with the developer can be found here:
 

The_King

Level 12
Verified
Top poster
Well-known
Aug 2, 2020
559
I did know that :D
A lot of info and contact with the developer can be found here:
I did use Binisoft WFC when it was popular a lifetime ago and thought the Malwarebytes interface looked familiar then ran
a search and found out MB acquired them.

Was a really great software to configure windows firewall back then.
 

The_King

Level 12
Verified
Top poster
Well-known
Aug 2, 2020
559
If you think it's worth paying for an AV... Comodo Firewall is too nagging, I prefer to just to just use the windows built in.
I paid 249 rupees (3.5 USD) for a 3 year sub to BIS so for me it was worth it.

I only used WFC to configure windows 7 firewall years ago not sure how good it is now also its been
updated last August 2020

CF was updated just a few days go.
 

plat1098

Level 27
Verified
Top poster
Well-known
Sep 13, 2018
1,646
Windows's default, which allows ALL outbound connections.
No way would I use Windows firewall at default settings. A front-end like WFC or TinyWall is nice and effective if you know how to configure it. I prefer H_C Firewall Hardening plus creating my own outbound rules for specific apps.
Only experience I had w/third party firewall was Emsisoft's, and that's gone with the wind now. 😒

Here's a nice thread at Wilders, though it's about 3 years old now. Should still have some relevance, though.

 

Templarware

Level 7
Thread author
Verified
Well-known
Mar 13, 2021
319
I paid 249 rupees (3.5 USD) for a 3 year sub to BIS so for me it was worth it.

I only used WFC to configure windows 7 firewall years ago not sure how good it is now also its been
updated last August 2020

CF was updated just a few days go.
Not really much to update, it just works with Windows Firewall, it's not an actual firewall. So it will probably only need updating if Microsoft changes something in Windows Firewall. Especially now that Malwarebytes acquired it, I don't think updating will be an issue.


No way would I use Windows firewall at default settings. A front-end like WFC or TinyWall is nice and effective if you know how to configure it. I prefer H_C Firewall Hardening plus creating my own outbound rules for specific apps.
Only experience I had w/third party firewall was Emsisoft's, and that's gone with the wind now. 😒

Here's a nice thread at Wilders, though it's about 3 years old now. Should still have some relevance, though.

Yup... Windows default settigns are chockingly bad, but if you're behind a router with built in firewall and disable UPnP it's not that huge of a deal.
I found TinyWall to be worse making you have to configure more rules yourself. Does TinyWall prevent tempering with Windows Firewall like MFC?
 
Last edited:

plat1098

Level 27
Verified
Top poster
Well-known
Sep 13, 2018
1,646
Both devs hang out at Wilders. So, there's a dedicated thread for each. They also talk amongst themselves which can be very amusing and insightful--doesn't happen often, though.

This is the only thing relevant I could find and it dates back to 2011. If he (ultim) changed anything about tamper protection since then, it didn't come up in a search. I think this feature is crucial to security software in general, right?

Haven't used TinyWall in a while. Can't recall exactly why I stopped using it either, hmm. :unsure:

 

plat1098

Level 27
Verified
Top poster
Well-known
Sep 13, 2018
1,646
OK, it seems TinyWall is no longer considered a "front end" for Windows firewall. I corrected that in my earlier post.

I was attempting to answer some questions, not make qualitative statements or comparisons about anything, certainly not about BiniSoft which I have no experience in using. So, I'll bow out of this thread now.
 

cruelsister

Level 39
Verified
Helper
Top poster
Content Creator
Well-known
Apr 13, 2013
2,839
But I'm wondering, how common is it for malware to be digitally signed?
Sadly it's common enough, and would be more common except it takes more work (expertise) and money to get away with it.This being the case digitally signed malware is normally initially targeted at the Enterprise and not so much home users.

Also some security applications go beyond accepting a Dig Sig and actually vet the program so signed, and will alert the user if that program has not met this "higher" standard (example- try installing WiseVector on CF).

But if you are really interested, here is a paper from the University of Maryland with a link to a pdf download:

Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI