- May 17, 2015
- 714
Please provide comments and solutions that are helpful to the author of this topic.
Both of those are covered by the behaviour blocker already.Process Hollowing
Fileless malware
Privacy reasons. Not everyone is fine with us knowing all the programs they are running.- why don't you automatically show the AMN findings for all files in the BB panel?
The function isn't supposed to be used in that way and more for informational value. If we wanted to do something like that, we would outright check every starting application against the cloud, to begin with. Kind of like SmartScreen.- if you check for a program property in BB it will check AMN...why doesn't it automatically block it as soon as it finds out the file is malicious through AMN?
There are multiple outstanding issues with signed malware. Which specific one are you talking about?- did you solve the detection issue with signed malware/ when will the update be available?
Same as for anyone else really. There are pretty amazing programming books for kids and especially recently there are a lot of high school competitions and CTFs going on. CyberFirst in the UK is a great example.- imagine you have a young child that wants to follow your lead .....how would you train him/her, what would he/she start with...and then...then?
Uninstalling Powershell is the only thing a user can do really. Doing anything else will seriously mess up your Windows installation as so much depends on it. Luckily uninstalling Powershell will also break the majority of malware using it. It just won't stop a truly motivated attacker. But that's the case with everything.- powershell is not needed by many and can be uninstalled but this is still not enough as you stated in a previous answer.
What's the best way to protect from it/ from the script interpreter /command line parser, what else can a user do?
VMware. No special hardening. If malware is vm-aware, I just patch the checks out.- what VM do you use to test malware and which one would you recommend here?
How do you "harden it" to reduce the chance the malware detects it?
We do have a sandbox system to detonate malware files in for a quick first look (kind of like Hybrid Analysis). If that doesn't show anything in particular, I usually just jump straight to a debugger and disassembler to check out the code.- how you find out if a file is malicious? Do you run it and check what they do- in this case what programs do you use, how do you proceed- or do you immediately check their code?
Mostly Twitter and Reddit. I do have a list of curated subreddits:Asides from the Emsisoft blog, do you have any other security blogs and or podcasts that you read/listen to?
Sokoban on a C64. Good old cassette drives.What was your first ever video game (console or PC)? For me the earliest video game(s) that I can remember playing for the first time was back in the original Nintendo days. Duck hunter, blades of steel and the first 3 Mario games were my go to at the time.
Thanks for your reply. So what do you think about providing a platform-specific installer (Windows 7 and Windows 8/10) or something similar? I like EAM and I think it's great if EAM fully supports Windows 10 security technologies like AMSI, ELAM, CFG ...They require certain groundwork that isn't in yet, because it is specific to Windows 8/10 only and we still need to support Windows 7.
That has already been answered:Do you see IOT malware being an issue in 2019 and beyond? Such as someone turning off my fridge or blowing up my toaster?
I find the thought of trying to protect your IoT devices by just adding another IoT device in your network kind of ironic.And that leads me to a different question too, do you see AV's moving from Windows/Mac to router based such as Gryphon to protect the entire home network?
I find the thought of trying to protect your IoT devices by just adding another IoT device in your network kind of ironic.
In general, these boxes have two issues:
- In order to intercept downloads and web traffic, they have to MITM all your web traffic. That is something that many people tried to do and they repeatedly messed it up. I absolutely doubt they will be the ones that got it right this time. They too will not update OpenSSL in time one day and expose all their users to SSL/TLS vulnerabilities like Kaspersky and many others did before them. That is if they even get the certificate verification right, which they likely won't. Not to mention that it will outright break certain security features like certificate pinning for example.
- For proper protection, you really require behaviour data collected right on the endpoint. So if you have to install an AV on every Windows and Mac client anyway to have proper protection, why have a box that snoops around in all your traffic and may potentially send it god knows where?
Absolutely nothing can protect your outdated IoT device. The same way absolutely nothing is going to protect your Windows XP box. Throw it in the garbage.So my question in general would be, you sold me for my protection on Windows machines (which I appreciate you doing this at MalwareTips). How can Emsisoft in the future protect my outdated IOT devices also? Wouldn't the home router make sense?
What about a special deal or discount for us loyal malwaretips.com fellows? :emoji_ok_hand:
I think mine ran off bigg floppies and often needed reloading of the OS. Came with W95 or earlier versions.My first PC was a 486 DX2 with 66 MHz, 8 MB of RAM, 400 MB of HDD and an SVGA graphics card. It was a beast at the time.