Advice Request If you could pick only one program for protection.

Please provide comments and solutions that are helpful to the author of this topic.

ebocious

Level 6
Verified
Well-known
Oct 25, 2018
252
TAM doesn't (directly) block Process injections!
It blocks the associated file (prevent it from running) like HIPS .A Trusted mode!
For some rare reason the file is trusted and has valid signature as per KSN..then TAM is dead!
TAM is not a behavior or reparing module it just a FILE REP module!
Process injections or for instance any sort of infection has nothing to do with TAM
TAM-Whitelisting module as per KSN
So, what about NVT ERP? Would there be a reason why people recommend running it alongside AG or OSA?
 
Last edited:
  • Like
Reactions: AtlBo and Cortex

ebocious

Level 6
Verified
Well-known
Oct 25, 2018
252
So, what about NVT ERP? Would there be a reason why people recommend running it alongside AG or OSA?
Please correct me if I'm wrong, but this discussion suggests that anti-exe does NOT fully protect the memory, like blocking PowerShell may not necessarily stop code injection into chrome.exe, or something like that.

If this is the case, then Kaspersky's TAM module is insufficient. If a browser's existing memory space can be manipulated to add instructions to a running process, then the ability to block PowerShell may not stop keylogging, or something like that. Am I missing something here?
 
Last edited:

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Please correct me if I'm wrong, but this discussion suggests that anti-exe does NOT fully protect the memory, like blocking PowerShell may not necessarily stop code injection into chrome.exe, or something like that.

If this is the case, then Kaspersky's TAM module is insufficient. If a browser's existing memory space can be manipulated to run instructions within a running process, then the ability to block PowerShell may not stop keylogging, or something like that. Am I missing something here?
it's probably true but that's extremely rare for home users. Please don't worry about every tiny detail that paranoid users post because it would scare us for the rest of our life
people are safe with a good AV + good browsing habits
I'm telling you, blocking "Unsigned application" option in Hard_configurator or Syshardener/OSA/ by registry can block >90% of malwares without any AV because most malwares are unsigned

security forums usually inject paranoia and scare average users like us. That's what I don't like
it's better to stick to 1 good security solution -> find its weaknesses and patch them as much as you can -> happy life
also remember usability and productivity (for work and entertainment) are the reasons we bought our computers, not to overprotect them

Kaspersky alone + Windows smartscreen (on windows 10 and 8) are sufficient enough, no need to enable TAM
the more you improve your PC security, the less performance and usability your PC is
 

ebocious

Level 6
Verified
Well-known
Oct 25, 2018
252
Please correct me if I'm wrong, but this discussion suggests that anti-exe does NOT fully protect the memory, like blocking PowerShell may not necessarily stop code injection into chrome.exe, or something like that.

If this is the case, then Kaspersky's TAM module is insufficient. If a browser's existing memory space can be manipulated to add instructions to a running process, then the ability to block PowerShell may not stop keylogging, or something like that. Am I missing something here?
it's probably true but that's extremely rare for home users. Please don't worry about every tiny detail that paranoid users post because it would scare us for the rest of our life
people are safe with a good AV + good browsing habits
I'm telling you, blocking "Unsigned application" option in Hard_configurator or Syshardener/OSA/ by registry can block >90% of malwares without any AV because most malwares are unsigned

security forums usually inject paranoia and scare average users like us. That's what I don't like
it's better to stick to 1 good security solution -> find its weaknesses and patch them as much as you can -> happy life
also remember usability and productivity are the reasons we bought our computers, not to overprotect them
That's what I was afraid of. I understand this is "rare" for home users, but not impossible. With evolving AI malware in the wild now, what was "rare" yesterday will be ubiquitous tomorrow. That's why I don't want to give users a lasting false sense of security by saying all bases are covered, when they're really not.

People are NOT safe with AV + good browsing habits. I know this from personal experience. I had a fully up-to-date system and up-to-date 3-pronged security suite provided by my ISP in October of 2006. And next thing I knew, SQL Slammer and Stack Bot were all over us. I reimaged my system three times, only to get reinfected again within minutes each time. I stopped it by adding ISS BlackICE. Paranoia is better than overconfidence IMO.

MT doesn't exist to assure people that all you need to do is install AV and don't visit any dodgy websites. If you have any real experience, then you know as well as I that most infections come not from bad websites, but from good websites that were hacked by a third party. So safe browsing habits don't cut it.
 
Last edited:

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
That's what I was afraid of. I understand this is "rare" for home users, but not impossible. With evolving AI malware in the wild now, what was "rare" yesterday will be ubiquitous tomorrow. That's why I don't want to give users a lasting false sense of security by saying all bases are covered, when they're really not.
again, back to the previous message, if a malware is not allow to run by TAM, they won't do anything to your PC + you also have Windows smartscreen which is also a reputation-based checker for a file. You already have double protection before the file is even able to execute
reputation-based protection is different from traditional AV. If a file is not safe or not used by many people or it doesn't have enough indicators to be classified as safe, they will be blocked until they are classified as safe

if you block Windows script host, powershell, java,... malwares only have 1 or 2 ways to inject into your process which is itself, an exe file
fileless malwares are scripts. If you block script handlers like windows script host and powershell, they can do nothing to your PC

kaspersky also has memory scanner and exploit protection to detect malicious behaviors such as code injection + it has application control/HIP-like module which you can set to prevent code injection for process A or B or all processes if you want to

for example, google chrome, you can restrict chrome.exe using application control -> it can't do what you restrict it to do

you can't cover 100% weaknesses of your PC.
for example, people are worried about exploits (let's assume it's the last thing to worry) => they install HitmanPro.Alert and hope it can prevent all or most exploits besides updating their Windows => they introduce more instability and more annoying bugs
 

James246

Level 1
Verified
Jan 19, 2018
42
Yandex Browser. Considering, that pretty much the only way I could get infected is via a browser, like 99,99% chance. So I focus my efforts there.
To put it bluntly: Emails are opened in txt, so I could only click on the link. Discord/Steam, again, I could click on the link within the message. :sneaky:

Yep the Yandex browser has a lot of built in protection including Kaspersky which scans for anything downloaded from the web. The UR browser also also scans for malware in web downloads and that appears to also use Kaspersky. A lot of people run with just Windows Defender and literally nothing else for those individuals I would definitely recommend Yandex or UR with VoodooShield Pro
 

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
IMHO most 'attacks' that computer users suffer are often mostly self inflicted, usually but not exclusively by trying to obtain something for free that should be paid for whether it be music, video or even porn, stupidity plays a part too - Somehow & I'm not sure how but I've gone 25 years plus without any serious infection at large. I'm being slowly drawn to the conclusion some of the reason may be the way I do things?

There is the possibility many things may happen but users can end up with a PC that's difficult to use esp by other family members because of severe locking down - Good multiple backups will protect against most eventualities (though I will never use a IOT fridge lest it be attacked and my beer is warm)

Confession: I do accidentally end up at times on sites with ladies scantily no clothed, strangely this occurs when other half not in so I am no internet angel, I'm sure few on the forum do this? :oops::oops::oops:
 

ebocious

Level 6
Verified
Well-known
Oct 25, 2018
252
if you block Windows script host, powershell, java,... malwares only have 1 or 2 ways to inject into your process which is itself, an exe file
fileless malwares are scripts. If you block script handlers like windows script host and powershell, they can do nothing to your PC

kaspersky also has memory scanner and exploit protection to detect malicious behaviors such as code injection + it has application control/HIP-like module which you can set to prevent code injection for process A or B or all processes if you want to
Thank you for that information. I'm not as worried about executable malware; that's old tech. Also, I'm less worried about what malware can do to your PC, than about what it can do to your bank account if a keylogger runs within your browser. I was of the understanding that incomplete strings of code could be injected into a running process, hence the term "fileless." To me, a script still has a file extension (e.g. .js, .vbs); therefore, it is still a file.

you can't cover 100% weaknesses of your PC.
for example, people are worried about exploits => they install HitmanPro.Alert and hope it can prevent all or most exploits besides updating their Windows => they introduce more instability and more annoying bugs
True, but that's no reason not to try. AppGuard claims to have no breaches in 20 years. In my eyes, the existence of a vulnerability means less if it's already mitigated to the point of being non-viable.
 

ebocious

Level 6
Verified
Well-known
Oct 25, 2018
252
IMHO most 'attacks' that computer users suffer are often mostly self inflicted, usually but not exclusively by trying to obtain something for free that should be paid for whether it be music, video or even porn, stupidity plays a part too - Somehow & I'm not sure how but I've gone 25 years plus without any serious infection at large. I'm being slowly drawn to the conclusion some of the reason may be the way I do things?

There is the possibility many things may happen but users can end up with a PC that's difficult to use esp by other family members because of severe locking down - Good multiple backups will protect against most eventualities (though I will never use a IOT fridge lest it be attacked and my beer is warm)

Confession: I do accidentally end up at times on sites with ladies scantily no clothed, strangely this occurs when other half not in so I am no internet angel, I'm sure few on the forum do this? :oops::oops::oops:
Sorry to inform you that you're wrong. Most malware infections come from legitimate websites. Consider this: if you made your money in cybercrime, would it make a lot of sense to you to create a whole new website that nobody knows about, and plant your exploit there? How many computers would you expect to catch that way? You might make better use or your time to find vulnerabilities in established websites that are bringing in traffic. You'll get lots of computers that way.
 

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
Can you? How do you know? Are you running Zemana, and checking your TCP connections? See previous post. You thought AV + safe browsing was sufficient, and you were mistaken there, too.
I can't but I'm pretty sure I'm OK - I do have other ways of checking of course, but learned a fair bit since Windows 3 so not my first day, & used I think every AV solution there is, and I do enjoy messing with things, but I still maintain the big thing between your ears is the best protection of all (not your nose)
 

ebocious

Level 6
Verified
Well-known
Oct 25, 2018
252
I get the idea that we have participants who are pretending to have more authority than they truly have, and are undermining the value of MT. If AV + safe browsing is a panacea, then there's no point in having discussions here.

Fact is, my last known infection on my own PC was in October of 2006. I'm not sure what happened, but a family member said there was news of a recent outbreak, that had infected 11 million computers. I had AV+AS+FW that was provided by my ISP, and I was infected three times in one day without even surfing. Mind you, this was Windows XP, but again, I was running a firewall, and I hadn't even opened a browser!

I reimaged my system from an Acronis backup, only to have the AV throw up alerts in seconds about SQL Slammer and Stack Bot. Within minutes, my computer was slow and sluggish. This didn't stop until I reimaged a final time, disconnected from the Internet, and installed the firewall the hackers used, ISS BlackICE.

Case in point: anyone who says AV + safe browsing is enough, I'm pulling your geek card.
 

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
Sorry to inform you that you're wrong. Most malware infections come from legitimate websites. Consider this: if you made your money in cybercrime, would it make a lot of sense to you to create a whole new website that nobody knows about, and plant your exploit there? How many computers would you expect to catch that way? You might make better use or your time to find vulnerabilities in established websites that are bringing in traffic. You'll get lots of computers that way.
Not my experience with the peoples PC's I clean up, of course I said mostly. NYT was an example of what you said a while back, but I still find its the key genners etc that get the worst hits of all.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
People are NOT safe with AV + good browsing habits. I know this from personal experience. I had a fully up-to-date system and up-to-date 3-pronged security suite provided by my ISP in October of 2006. And next thing I knew, SQL Slammer and Stack Bot were all over us. I reimaged my system three times, only to get reinfected again within minutes each time. I stopped it by adding ISS BlackICE. Paranoia is better than overconfidence IMO.

MT doesn't exist to assure people that all you need to do is install AV and don't visit any dodgy websites. If you have any real experience, then you know as well as I that most infections come not from bad websites, but from good websites that were hacked by a third party. So safe browsing habits don't cut it.
I'm the one who don't like saying good browsing habits because I don't browse safe websites
I haven't been infections for at least 10 years despite having that reckless browsing habits because I know what weaknesses my AV has and how to patch them. I ignore overly sophisticated things like exploits,...

if I suspect something, I simply throw it into sandboxie, virustotal, online sandbox analysis or inside a virtual machine but it takes a lot of time

I have an old PC with first-gen i3, installed Avast free (tweaked with my settings) + Appcheck antiransomware and Syshardener. Install chrome browser + Windows defender browser protection + bitdefender traffilight. More importantly, they don't conflict with each others
malwares have to pass through many layers
this machine has been using continuously for at least 6 hrs per day for 6 years, never be infected

True, but that's no reason not to try. AppGuard claims to have no breaches in 20 years. In my eyes, the existence of a vulnerability means less if it's already mitigated to the point of being non-viable.
I don't believe in claims although it might be true. Appguard is SRP tool. I don't like any thing like that because they will reduce my productivity. I don't buy computers to overprotect them. I want them to perform smoothly and bug-free
anti-exe and SRP simply block. They don't tell you if something is safe or not. If you keep blocking, your apps might be malfunctional and if you take a risk and allow it, you might be screwed

if a hack comes from a good websites, it's very hard to detect and block sufficiently. However, I can suggest you 1 solution -> put your browser into Sandboxie or Comodo Firewall's sandbox (better than sandboxie but much less functional) => your are extremely unlikely to get any infection because they can't escape the sandbox in the first place
if you say some malwares can escape => it will become an endless discussion
 

ebocious

Level 6
Verified
Well-known
Oct 25, 2018
252
Not my experience with the peoples PC's I clean up, of course I said mostly. NYT was an example of what you said a while back, but I still find its the key genners etc that get the worst hits of all.
And how would people have known not to visit NYT? Case in point: never tell people that AV + safe browsing will keep you safe. You don't have to be out looking for trouble, when trouble is out looking for you.
 

ebocious

Level 6
Verified
Well-known
Oct 25, 2018
252
I'm the one who don't like saying good browsing habits because I don't browse safe websites
I haven't been infections for at least 10 years despite having that reckless browsing habits because I know what weaknesses my AV has and how to patch them. I ignore overly sophisticated things like exploits,...

if I suspect something, I simply throw it into sandboxie, virustotal, online sandbox analysis or inside a virtual machine but it takes a lot of time

I have an old PC with first-gen i3, installed Avast free (tweaked with my settings) + Appcheck antiransomware and Syshardener. Install chrome browser + Windows defender browser protection + bitdefender traffilight. More importantly, they don't conflict with each others
malwares have to pass through many layers
this machine has been using continuously for at least 6 hrs per day for 6 years, never be infected


I don't believe in claims although it might be true. Appguard is SRP tool. I don't like any thing like that because they will reduce my productivity. I don't buy computers to overprotect them. I want them to perform smoothly and bug-free
anti-exe and SRP simply block. They don't tell you if something is safe or not. If you keep blocking, your apps might be malfunctional and if you take a risk and allow it, you might be screwed

if a hack comes from a good websites, it's very hard to detect and block sufficiently. However, I can suggest you 1 solution -> put your browser into Sandboxie or Comodo Firewall's sandbox (better than sandboxie but much less functional) => your are extremely unlikely to get any infection because they can't escape the sandbox in the first place
if you say some malwares can escape => it will become an endless discussion
I haven't had an infection since Windows XP. In October, it will be 13 years for me. I used an ACL deny permission on the Windows folder to prevent privilege escalation. I only used it for the account I was logged into, so I could still install new software with an administrator's credentials via RunAs. I was fairly satisfied with this solution, until I started reading about fileless malware.

These days, my top two are AppGuard (which I understand is used by the U.S. Department of Defense) and Cruel Comodo; I also plan to have a look at H_C. Mind you: I haven't encountered a fileless infection yet. But I'm not waiting until AFTER I do. An ounce of prevention is worth a pound of cure.
 
Last edited:

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
Guys do not become paranoid with the computer security. The virus never comes on its own. We invite him. A little mind and a light protection you are very well protected.With a little attention here in the forum you will learn to distinguish the virus very easily. I after so long in this forum before i seeing the virus i smell him :ROFLMAO: :ROFLMAO:
 

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
And how would people have known not to visit NYT? Case in point: never tell people that AV + safe browsing will keep you safe. You don't have to be out looking for trouble, when trouble is out looking for you.
Discussion going at a tangent, I have said how I feel & my experience on my systems & many others but there are no guarantees on PC's or life itself (bigger worry) & no way of protecting against the unknown, but I'm pretty happy I can restore the system(s) critically within minutes & all else within hours - I may be wrong though, my wife thinks I always am so... . Opting out of this discussion.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top