Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Grandmother sent me an Email
Message
<blockquote data-quote="FleischmannTV" data-source="post: 595049" data-attributes="member: 23687"><p>File-rating based auto-sandboxing is no superior protection routine.</p><p></p><p>Of course the malware has to act somehow on the disk, like writing to the registry, but it can do so without writing a script or executable to the disk and launching it from there, which then does the writing to the registry. Writing to a file like the registry is fileless in a narrower sense because the file already existed and no additional files have to be dropped and launched from the disk. Abused legitimate processes like Powershell, rundll32 and the likes will only be sandboxed by CF if they execute a script or dll from the disk because those filetypes are covered by the file-rating system.</p><p></p><p>If Microsoft Word launches another instance of Microsoft Word, this instance will not be auto-sandboxed. This new instance of Word could act as a backdoor, trojan or encrypt all your documents while CF just sits there and does nothing because Word is a trusted process.</p><p></p><p>Regarding your critique of the aforementioned security programs like Sandboxie, I of course agree. I did not encourage anyone to use them, I just tried to explain how they offer protections which cover (at least to some extent) the abuse of trusted processes independently from file-rating.</p></blockquote><p></p>
[QUOTE="FleischmannTV, post: 595049, member: 23687"] File-rating based auto-sandboxing is no superior protection routine. Of course the malware has to act somehow on the disk, like writing to the registry, but it can do so without writing a script or executable to the disk and launching it from there, which then does the writing to the registry. Writing to a file like the registry is fileless in a narrower sense because the file already existed and no additional files have to be dropped and launched from the disk. Abused legitimate processes like Powershell, rundll32 and the likes will only be sandboxed by CF if they execute a script or dll from the disk because those filetypes are covered by the file-rating system. If Microsoft Word launches another instance of Microsoft Word, this instance will not be auto-sandboxed. This new instance of Word could act as a backdoor, trojan or encrypt all your documents while CF just sits there and does nothing because Word is a trusted process. Regarding your critique of the aforementioned security programs like Sandboxie, I of course agree. I did not encourage anyone to use them, I just tried to explain how they offer protections which cover (at least to some extent) the abuse of trusted processes independently from file-rating. [/QUOTE]
Insert quotes…
Verification
Post reply
Top