Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Grandmother sent me an Email
Message
<blockquote data-quote="cruelsister" data-source="post: 595038" data-attributes="member: 7463"><p>F TV- Any malware, no matter what type, has to act locally on your system to do whatever damage it is intended to do. I personally like to avoid the use of the term "fileless" as one can easily (and rightfully) infer that no payload will ever exist that will act locally, which is not the case at all.The Angler infection routine should be more properly termed quasi-fileless malware as it will run the payload within whatever exploitable legitimate process (like Flash, Java, Chrome, etc) it can find (or more properly, as it is coded to find).</p><p></p><p>But in no case is a "fileless malware" truly fileless. The malware has to act somehow- and these actions will cause changes can be detected by superior protection routines.</p><p></p><p>You bring up some fine products in your post, each excellent. But the issue that I have with them would be:</p><p>1), SBIE- absolutely excellent sandbox, no question. The problem here is that it is on-demand. I'm sure I'm not the only person that gets distracted and clicks without thought. An auto-sandbox will catch you here; on demand, no so much.</p><p>2), AG- when used properly the user is safe (unless a highly signed malware encountered). But outside of Lockdown Mode and stuff coded by trusted vendors I have my doubts that absolute protection can be afforded. Old hands will have no issue, but rookies may make mistakes (like opening a recipe from Granny).</p><p>3). HMPA is a fine application and the Loman boys take it seriously. But it is fairly specific in its protection routines and can be bypassed even then.</p><p></p><p>Finally, true zero-days are what are being pumped out hour after hour. They can come as web exploits, email attachments, infected downloads. True protection will cover all of the eventualities and obviously the traditional definition method would be without value.</p></blockquote><p></p>
[QUOTE="cruelsister, post: 595038, member: 7463"] F TV- Any malware, no matter what type, has to act locally on your system to do whatever damage it is intended to do. I personally like to avoid the use of the term "fileless" as one can easily (and rightfully) infer that no payload will ever exist that will act locally, which is not the case at all.The Angler infection routine should be more properly termed quasi-fileless malware as it will run the payload within whatever exploitable legitimate process (like Flash, Java, Chrome, etc) it can find (or more properly, as it is coded to find). But in no case is a "fileless malware" truly fileless. The malware has to act somehow- and these actions will cause changes can be detected by superior protection routines. You bring up some fine products in your post, each excellent. But the issue that I have with them would be: 1), SBIE- absolutely excellent sandbox, no question. The problem here is that it is on-demand. I'm sure I'm not the only person that gets distracted and clicks without thought. An auto-sandbox will catch you here; on demand, no so much. 2), AG- when used properly the user is safe (unless a highly signed malware encountered). But outside of Lockdown Mode and stuff coded by trusted vendors I have my doubts that absolute protection can be afforded. Old hands will have no issue, but rookies may make mistakes (like opening a recipe from Granny). 3). HMPA is a fine application and the Loman boys take it seriously. But it is fairly specific in its protection routines and can be bypassed even then. Finally, true zero-days are what are being pumped out hour after hour. They can come as web exploits, email attachments, infected downloads. True protection will cover all of the eventualities and obviously the traditional definition method would be without value. [/QUOTE]
Insert quotes…
Verification
Post reply
Top