Advice Request I am head of research at Emsisoft. Ask me anything! :)

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

Digmor Crusher

Level 23
Verified
Top Poster
Well-known
Jan 27, 2018
1,236
Approximately how long ago did you wish that you would never had made this thread and that it takes up way too much of your time? :ROFLMAO: Actually you deserve a medal as I'm fairly certain that no other company reps would even attempt this. I hope people here see that Emsisoft sets the standard for honesty, privacy and morals and that they all buy your product.
 

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
Approximately how long ago did you wish that you would never had made this thread and that it takes up way too much of your time? :ROFLMAO:
It's not so bad. Essentially like 10 to 15 minutes a day and you guys seem to enjoy it. So I just do it while eating. ;)

He was going to do it for 24 hours but its been 24 days already. Really appreciate it Mr Wosar for giving this much time!
You are welcome. :)
 

ebocious

Level 5
Verified
Well-known
Oct 25, 2018
232
My first PC was a 486 DX2 with 66 MHz, 8 MB of RAM, 400 MB of HDD and an SVGA graphics card. It was a beast at the time. ;)
My first was a 286 SX2 running at 25 MHz, with 640 KB of RAM and a 20 MB HDD with compression; running DOS 6.22 with Automenu. My second was a 486 DX2 running at 66 MHz, with 8 MB of RAM, SVGA, and a 100 MB HDD; running Win 3.1. I used SB16 WaveStudio to loop a song for a bridal chorus. It took 5 minutes to copy 16 seconds of WAV audio.
 

TheMalwareMaster

Level 21
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
I read a part of this thread, and it seemed really nice, so I decided to write again in this forum (I haven't written for a long time):
1) Do you think security of Public Wi-Fi is still an issue today, even if most sites (and well-known apps) are now using TLS? I mean, let's say I connect to a public network with my smartphone. I only use well-known apps which sends information in an encrypted form (WhatsApp, Facebook, Instagram, Gmail). Where is the risk? Then, it's true that most of the apps communicate with the internet before you can even connect your VPN (unless you use a firewall to block access to the internet until you are on your VPN), so what's also the point of using a VPN on smartphones? It may be useful only if you surf the web
2) I have been interested in security for some time now, and what I find really interesting are supply chain attacks. What do you think about the latest attack which happened to Asus, and last year's CCleaner one? How to protect from a supply chain attack? (assuming you are ever a target, considering you must be quite an important figure, because the actual malware is downloaded only on few machines). I assume that using linux is the most obvious way, as software is open-source there, but, if one wants to run Windows, there should be no easy way to protect (most software is proprietory) so I believe that running "only what you need" is a good practise, and remove whatever you don't use anymore. What do you think?
3) What do you think of application-whitelisting based products, and the general use of a whitelist approach instead of the traditional blacklist one in security?
Best regards
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
What is the story behind your avitar?
Read this brilliant article on Fabian. You'll get to know more about his personal life as well as his hard work and sacrifices and also the story behind his avatar. Anyone who hasn't read this article please read.

 

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
@Fabian Wosar who thinks about the default denial as configuration. Thank you:giggle:
Same as HIPS: If you can use it to its full effect, you probably don't need it. Other than that it's kind of not practicable for general purpose. I can see it working well in an enterprise environment where you are only supposed to run a very limited number of applications, to begin with.

What is the story behind your avitar?
Essentially a cartoonist I helped drew them for me as his way to say thank you for my help with his ransomware infection.

1) Do you think security of Public Wi-Fi is still an issue today, even if most sites (and well-known apps) are now using TLS? I mean, let's say I connect to a public network with my smartphone. I only use well-known apps which sends information in an encrypted form (WhatsApp, Facebook, Instagram, Gmail). Where is the risk? Then, it's true that most of the apps communicate with the internet before you can even connect your VPN (unless you use a firewall to block access to the internet until you are on your VPN), so what's also the point of using a VPN on smartphones? It may be useful only if you surf the web
Depends on the applications. In the end, there can always be a transparent proxy, forcing your TLS connections through a central server, potentially looking into your encrypted connections. So it all depends on whether certificates are pinned or whether those applications accept just about any certificate that is "valid".
Personally, I just don't use wifis I don't trust. Then again, I have unlimited mobile data for about 20 Euros a month. So not everyone has that luxury.

2) I have been interested in security for some time now, and what I find really interesting are supply chain attacks. What do you think about the latest attack which happened to Asus, and last year's CCleaner one? How to protect from a supply chain attack? (assuming you are ever a target, considering you must be quite an important figure, because the actual malware is downloaded only on few machines). I assume that using linux is the most obvious way, as software is open-source there, but, if one wants to run Windows, there should be no easy way to protect (most software is proprietory) so I believe that running "only what you need" is a good practise, and remove whatever you don't use anymore. What do you think?
There have been numerous cases of update servers being compromised and open source applications being backdoored for ages without anyone noticing. Would you read the millions of source code every time Firefox releases an update? If not, then you know why open source isn't the solution.

In the end, whenever you use any software product, you make a decision whether you trust the vendor or not. It's always possible that their update infrastructure gets hacked or that one of their employees is dirty or that the local government forces them to add a backdoor. There is no way around that simple fact.

For the vast majority of users, this will never be an issue. You don't drop 6 figures and more on zero days and set up a supply chain attack just to infect as many home users as possible. Something like that would be so blatantly obvious and be detected almost immediately. The whole attack itself was pretty noisy and most AVs with decent behaviour monitoring catch it. Except that it doesn't trigger on the majority of all machines. So, therefore, it never really got noticed.

3) What do you think of application-whitelisting based products, and the general use of a whitelist approach instead of the traditional blacklist one in security?
Same as default deny above.
 

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
Do you think your security knowledge is something people should pay for, or do you just do it for the pleasure? I know you've developed decrypters for free, and I also think knowledge needs to be shared in order to evolve, nevertheless I always find people which technically demand help, related to hardware or security infections, and of course for free because "it's not hard for you to do it".
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Read this brilliant article on Fabian. You'll get to know more about his personal life as well as his hard work and sacrifices and also the story behind his avatar. Anyone who hasn't read this article please read.


Good find.

The examples of malware authors taunting Fabian in the article seem more like grudging mutual respect as opposed to threats. Much like the Nazi's respected Patton, or the Allies respected Rommel in WWII.

But... since they are part of the criminal element, it probably is wise to assume that a threat might be involved. And indeed... the grudging mutual respect of the adversary generals in WWII did not preclude them from trying to kill each other..
 

TheMalwareMaster

Level 21
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
Depends on the applications. In the end, there can always be a transparent proxy, forcing your TLS connections through a central server, potentially looking into your encrypted connections. So it all depends on whether certificates are pinned or whether those applications accept just about any certificate that is "valid".
Personally, I just don't use wifis I don't trust. Then again, I have unlimited mobile data for about 20 Euros a month. So not everyone has that luxury.
Thank you for your explanations! So, basically, if one connects a VPN, there should be no way for them to decrypt traffic? (Assuming the traffic is encrypted with a high-security standard)
 

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
Do you think your security knowledge is something people should pay for, or do you just do it for the pleasure? I know you've developed decrypters for free, and I also think knowledge needs to be shared in order to evolve, nevertheless I always find people which technically demand help, related to hardware or security infections, and of course for free because "it's not hard for you to do it".
It always depends. There is a difference between people genuinely looking for help and people who fall into the category "choosing beggars". People with that "it's not hard for you to do it, so it should be free" attitude belong to the latter category and I meet them a lot, unfortunately. But ultimately I don't want to have a couple of people who feel entitled and come off as demanding assholes ruin it for all the other genuinely thankful people.

But... since they are part of the criminal element, it probably is wise to assume that a threat might be involved. And indeed... the grudging mutual respect of the adversary generals in WWII did not preclude them from trying to kill each other..
There are some aspects of this, that most non-German people may not be aware of. In Germany, there is a central register of all people living in Germany. You are legally required to register with the local municipality and keep your personal and address records updated. In addition, any person can go to the local municipality and get a copy of your address. The only requirement is, that based on the information you provide, the person needs to be uniquely identified. Depending on how unique your name is (Fabian Wosar is quite unique), the name alone may be enough. Otherwise, the name plus the birthdate will do the trick in almost all cases. Such a request costs about 8 Euros. If you can prove that you have some form of claim against the person, in addition to your current address, they may hand out way more detailed information about you. Like former addresses, your religion, names of your relatives etc.. So when there were messages alongside "we have friends in Hamburg", with Hamburg being the city I had set in my Linkedin profile, things got to a completely different level.

I never actually lived in Hamburg. I just had it in there, because it was only 1 - 2 hours away and if I told people where I lived, they had no concept of where it was, while Hamburg is usually quite familiar with people even if they aren't German. I actually lived in one of the harbour cities next to the Baltic Sea. In fact, there was a shipyard in my town who was bought by a Russian shell company. The owner of the shell company was later executed by the Russian mob in Moscow and the entire operation turned out to be a huge money laundering ring for the mob. So I literally had the Russian mafia right in front of my door.

The last bit is that there actually have been attempts to narrow down where I live. One example is this Twitter account:



That's the only message it has and if you look closer, you can see that there is a bit in the middle of the message that looks odd. It turns out that's a BASE64 encoded URL to an IP logger. My guess is they were hoping I would find it, then get curious about it and hope I would visit the link to know my rough vicinity. That would have allowed them to know which municipality was responsible for my area (or narrow it down to like 2 or 3) and then request my address from those.

So yeah, I can understand that without context it is easy to kind of dismiss. I had one person, who has a Youtube Channel, try to tell me that they got haters and get threats in their comments like all the time! But the key difference is, that he and his Youtube Channel don't cost the angry commenters literally millions of dollars every year and that the commenters most likely don't already have connections to organised crime, while the usual ransomware gang does. They still need to convert the bitcoins they collect into clean money and money laundering is kind of big business for most cartels.

Thank you for your explanations! So, basically, if one connects a VPN, there should be no way for them to decrypt traffic? (Assuming the traffic is encrypted with a high-security standard)
Correct.
 
Last edited:

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
@Fabian Wosar I'd like an Emsisoft VPN. And if you can Free best hahaha.(y)
There are only two viable ways to do a free VPN service and it not being a money sink:

1. Sell all the data you collect through the VPN to advertisers or switch out ads in websites people visit with your own.
2. Turn every person participating in the VPN into a VPN node themselves, so traffic gets routed through them.

Neither of this is something we want to do.
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
I actually lived in one of the harbour cities next to the Baltic Sea. In fact, there was a shipyard in my town who was bought by a Russian shell company. The owner of the shell company was later executed by the Russian mob in Moscow and the entire operation turned out to be a huge money laundering ring for the mob. So I literally had the Russian mafia right in front of my door.

The last bit is that there actually have been attempts to narrow down where I live. One example is this Twitter account:



That's the only message it has and if you look closer, you can see that there is a bit in the middle of the message that looks odd. It turns out that's a BASE64 encoded URL to an IP logger. My guess is they were hoping I would find it, then get curious about it and hope I would visit the link to know my rough vicinity. That would have allowed them to know which municipality was responsible for my area (or narrow it down to like 2 or 3) and then request my address from those.


Yeah, that definitely adds context.

I think.... you are doing the right thing in being careful.

Now.... I would wonder if you should even take more extreme measures..
 

TheMalwareMaster

Level 21
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
I notice that the average windows user may know about a lot of AV software, but not of VirusTotal. Why do you think nobody knows about it, and google doesn’t advertise it? Even if it’s mainly used by people who work in the field, it could actually be quite useful to the average person
 

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
I notice that the average windows user may know about a lot of AV software, but not of VirusTotal. Why do you think nobody knows about it, and google doesn’t advertise it? Even if it’s mainly used by people who work in the field, it could actually be quite useful to the average person
Not working for Google. What they do or don't do is not something I would know.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top