Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
How to know if my Antivirus is really necessary?
Message
<blockquote data-quote="Windows_Security" data-source="post: 828096" data-attributes="member: 50782"><p>[USER=80927]@Opcode[/USER]</p><ol> <li data-xf-list-type="ol">MemProtect:<br /> It is easy to test, MemProtect is free, I don't need reviews of others. I downloaded and installed it to check it (have de-installed afterwards, because I use M$ code integrity guard, not a fan-boy either). It has a DLL filtering option now, so maybe you should try it out in practice. BTW it also blocks everything I can check with HitManPro test tool.<br /> <br /> </li> <li data-xf-list-type="ol">Code Integrity Guard<br /> When I enable it and install an anti-virus or MBAE it blocks the DLL's loading. I can check that with my own eyes (simply with ProcessExplorer). Everyone can reproduce this. Just show me a PoC and I will state your are right.<br /> <br /> </li> <li data-xf-list-type="ol">Protected processes<br /> Protected processes is designed to prevent side by side infection (link). It would not make sense that when you especially design such a protection mechanism, you would allow third-party software to switch it off and bypass it.</li> </ol><p></p><p>I am aware that stuff always can be bypassed, e.g. protected processes bypass (<a href="https://googleprojectzero.blogspot.com/2018/10/injecting-code-into-windows-protected.html" target="_blank">link</a>), but those loopholes tend to be closed by Microsoft. In science stuff is discovered before it is tested in practice, so I am not saying it can't be done (or you are dead wrong), just don't see it in practice yet. See how easy it is to react politely</p><p></p><p>On the other side when you can program at C or C++ level, that does not mean you know all the code of the Microsoft OS or have the knowledge of well known white <u>HAT</u> hacker organizations. When you understand what they are doing, does not mean that you can do it yourself or discover the same loop holes. That is why I am asking (politely) for proof: show me the money, put your money where your mouth is.</p><p></p><p></p><p>EDIT: MemProtect logging and blocking loading of DLL's</p><p>[ATTACH=full]218678[/ATTACH]</p></blockquote><p></p>
[QUOTE="Windows_Security, post: 828096, member: 50782"] [USER=80927]@Opcode[/USER] [LIST=1] [*]MemProtect: It is easy to test, MemProtect is free, I don't need reviews of others. I downloaded and installed it to check it (have de-installed afterwards, because I use M$ code integrity guard, not a fan-boy either). It has a DLL filtering option now, so maybe you should try it out in practice. BTW it also blocks everything I can check with HitManPro test tool. [*]Code Integrity Guard When I enable it and install an anti-virus or MBAE it blocks the DLL's loading. I can check that with my own eyes (simply with ProcessExplorer). Everyone can reproduce this. Just show me a PoC and I will state your are right. [*]Protected processes Protected processes is designed to prevent side by side infection (link). It would not make sense that when you especially design such a protection mechanism, you would allow third-party software to switch it off and bypass it. [/LIST] I am aware that stuff always can be bypassed, e.g. protected processes bypass ([URL='https://googleprojectzero.blogspot.com/2018/10/injecting-code-into-windows-protected.html']link[/URL]), but those loopholes tend to be closed by Microsoft. In science stuff is discovered before it is tested in practice, so I am not saying it can't be done (or you are dead wrong), just don't see it in practice yet. See how easy it is to react politely On the other side when you can program at C or C++ level, that does not mean you know all the code of the Microsoft OS or have the knowledge of well known white [U]HAT[/U] hacker organizations. When you understand what they are doing, does not mean that you can do it yourself or discover the same loop holes. That is why I am asking (politely) for proof: show me the money, put your money where your mouth is. EDIT: MemProtect logging and blocking loading of DLL's [ATTACH type="full" alt="1565165517964.png"]218678[/ATTACH] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
