Separate names with a comma.
Discussion in 'Video Reviews' started by cruelsister, Dec 16, 2017.
Cute cruelsister can you Plsss tell me how to protect boot?!Do i always need to check my Startup Entries before shutting down the pc?Btw I downloaded that music xd thanks for this great song
Thank you for a revealing test, cruelsister .
PS The atmosphere set by your musical selection was haunting. Was it Celtic?
Mrs. Cats thought so..
There's other ways of automatically executing code at the boot of the environment. Such as through installed device drivers,or the registry to trick a program into loading a malicious DLL, etc. However, you can check Startup Entries for software through Task Manager usually (go to the Startup tab).
For example, if a program stores the file path of a DLL on-disk via the registry so it knows the correct path when it starts up, the value to that key name can be hijacked to provide a path of a rogue DLL. Now when that said program starts up, the rogue DLL is loaded instead.
A different example would be via AppInit_DLLs. Any modules set for this will be loaded in a newly started process as long as the architectures of compilation match, and that the process has User32.dll loaded (therefore affecting GUI processes only).
About the band "Clannad", is the name of one of my favorite anime (photo)
Thank you very much, my friend!you are very helpful!sometimes I use Pchunter for this purpose! pls, see how good it is. everything you said is well covered.
I think this kind of response is what pulled me into MT, your passion for the subject is clear and beautiful and rubs off, thanks.
I sent this video to my Fortinet TAC guys for review so they can send this off to development.
The image you posted shows that Yandex browser is auto-injecting a DLL into processes which load user32.dll (GUI processes), the file-name of the module implies they're performing API hooking within. Unless they have another injection method, if you build a program with no user32.dll or locally intercept Ldr*, you can block Yandex from injecting that module at ease and beat their self-protection/HIPS feature
Don't learn ppl how to bypass my next generation browser.wtf lol
@Opcode is 21st Century hacker
The best protection for this stuff is Excubits MZwritescanner. If something drops a new dll anywhere on the system MZwritescanner detects it, alerts you and blocks it until you certain actions. Also does the same with exe,sys and bat files
Yet to see a 100% fool proof AV till date in my 17 years of PC experience and Forti is no exception. What differentiates Forti from other free AVs is its excellent web block, high quality racer sharp signatures, really low system resource usage and the newer version of Forti AV offer more security features which I haven't tried yet. Anyway a good test by @cruelsister that will help Forti developers to fix the vulnerability.
I was wondering if I could get away with playing a Gaelic lullaby on a security video.
Glad you guys liked it (it's soooo pretty...).
Cats- I've said this before, but your lady has impeccable taste in music (and my Ophelia was on my lap as I made this one).
I have to admit sometimes I find the music a bit annoying, but this one was outstanding. Well done.
Great vid M!
Was it not you who said even your cat could hack a Forticlient firewall a year back
Did they shape up?
Hi Woodrow! Yeah, Fortinet has indeed made advances in their product line over the past year as I stated in the video text. They are primarily an Enterprise Security company and are publically traded on the NASDAQ. It can be seen that they are growing fast and the value of the company over the past year has grown from an Enterprise value of about 4 billion USD to one of about 7.5 billion. Fortunately they have put some of their profits into R&D, and this has trickled down to improved malware detection by FortiClient (which really should be considered no more than a supplement to their excellent Security appliance).
That being said, it is important to note that FortiClient, if used alone by a Home user, remains nothing more than a definition based anti-malware application. You bring up my cat- actually Ophelia did morph (I would never do such a thing myself being Kind and Gentle) a fast encryptor- an XData variant- that blew right past FortiClient.. But what would be the point of highlighting this? The worth of a traditional based AV can be seen in a valid logical argument:
1). Product A is a definition only based security application;
2). malware B is a true Zero-Day malware that no product has yet a definition against;
therefore product A will Fail against malware B.
As anyone in the field already knows this, and most Home users will not want to admit that it is true, why bother to darken anyone's day by including this in the video? Ophelia was actually pissed that I didn't use her malware, but I got her a block of 10 year aged Cheddar from Wisconsin and she forgave me. Never fails...
@cruelsister I'm starting to think you yourself is a cat.
From FortiOS 4.x to 5.0.x Fortinet was soundly in the 'average' territory at best. They started pouring resources into R&D and expansion of their threat lab and analyst personnel in FortiOS 5.2.x. This took several years to mature, culminating in the overdue 5.4.x series. But 5.6.x pushes Fortinet into new, more powerful territories for sure and it should be considered one of the premier UTM/NGFW enterprise grade devices. It's exceeded expectations with all of the certification labs without a doubt and is a leader in ROI among the top players.
FortiClient has benefited some from these advances but more R&D is going into it by the month because of the EMS as part of the Security Fabric. The end goal is to make FortiClient a word class endpoint threat management solution. Which is why from 5.6.0 to 5.6.2 you've seen many features and technology added, such as the anti-exploit module. This advancement will continue as the EMS is pushed for wide adoption.
Watch: An Introduction to FortiClient EMS
Free users benefit from a portion of all of these advances but must realize they won't benefit from all of them simply because of the fact they don't have the EMS or a FortiGate deployed, nor the incredibly important FortiSandbox.
They'll still have world class signatures (including Zoo if enabled), Solid Heuristics, Fantastic Web Filtration, Exploit Protection and Dynamic Threat Detection. All of which should be sufficient for general home use as a free solution, especially considering the power of its web filtration. The real way to test FortiClient is to toss it on a test machine on a DMZ and let people hammer it until it dies. Let me know the results then. (glances over at the lab with dozens of honeypot boxes doing just that) You might be surprised. Hence, my recommendation of FortiClient for folks looking for a free solution not full of cleaners, optimizers, widgets, gadgets and gizmos - just solid protection.
Something to keep in mind on the latest AVC Real World Results where FortiClient scored 98.9% - 1) They were using 5.6 proper, not 5.6.2 - which has additional protection/features.. 2) They didn't have FortiSandbox active on the FortiGate. So while they did test it behind a FortiGate, a crucial component was missing when tested, that FortiSandbox is the ATP/Zero Day detection unit.
I'm told Fortinet is investigating the video.
Note that in the video the Anti-Botnet, Anti-Exploit and Dynamic Threat Detection are all 'disabled'. The product was really functioning as a pure signature based AV in the video without the benefit of the other protection modules working in concert.
Sly- The advanced features are part of the Endpoint product, with the Advanced Threat protection working through FortiSandbox.
So the free FortiClient product is indeed just a traditional AV product.