Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Inside Microsoft's plan to kill PPLFault
Message
<blockquote data-quote="danb" data-source="post: 1059486" data-attributes="member: 62850"><p>I certainly appreciate your enthusiasm for cybersecurity, and I think you have done an amazing job describing several aspects of Windows Security that many people do not spend the time or effort to understand. I also agree with you on the marketing aspect, but please keep in mind that when other people read your verbiage (as well as CyberLocks), they have the same reaction. You and I use particular verbiage because we believe it to be true, but other people might not see it that way.</p><p></p><p>A kernel mode driver will provide a developer all the access they need to properly protect a computer. Even MD uses a kernel mode driver. I think what you are trying to exemplify is that, for example, many users have requested a version of VS / CL for Android and Apple. But since we do not have access to the kernel, we are not able to build a version of our software for their platform.</p><p></p><p>I have read through your material several times, and I could be wrong about WDAC, so I created a new thread so we can intelligently and civilly discuss this further...</p><p></p><p>[URL unfurl="true"]https://malwaretips.com/threads/wdac-vs-kernel-mode-drivers.126141/#post-1059485[/URL]</p><p></p><p>As far as SAC is concerned, here is Microsoft's description...</p><p></p><p>[URL unfurl="true"]https://support.microsoft.com/en-gb/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003[/URL]</p><p></p><p></p><p>I am sorry, but that is not deny-by-default / zero-trust. Auto allowing by digital signature alone is dangerous and lazy.</p><p></p><p>As far as WDAC is concerned...</p><p></p><p>WDAC without ISG is unusable. WDAC with ISG is not true deny-by-default / zero-trust.</p><p></p><p>Edit: I forgot to mention that I have a list of 19,000+ files / hashes from the WhitelistCloud database that are likely malware and will likely bypass SmartScreen, SAC and ISG.</p></blockquote><p></p>
[QUOTE="danb, post: 1059486, member: 62850"] I certainly appreciate your enthusiasm for cybersecurity, and I think you have done an amazing job describing several aspects of Windows Security that many people do not spend the time or effort to understand. I also agree with you on the marketing aspect, but please keep in mind that when other people read your verbiage (as well as CyberLocks), they have the same reaction. You and I use particular verbiage because we believe it to be true, but other people might not see it that way. A kernel mode driver will provide a developer all the access they need to properly protect a computer. Even MD uses a kernel mode driver. I think what you are trying to exemplify is that, for example, many users have requested a version of VS / CL for Android and Apple. But since we do not have access to the kernel, we are not able to build a version of our software for their platform. I have read through your material several times, and I could be wrong about WDAC, so I created a new thread so we can intelligently and civilly discuss this further... [URL unfurl="true"]https://malwaretips.com/threads/wdac-vs-kernel-mode-drivers.126141/#post-1059485[/URL] As far as SAC is concerned, here is Microsoft's description... [URL unfurl="true"]https://support.microsoft.com/en-gb/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003[/URL] I am sorry, but that is not deny-by-default / zero-trust. Auto allowing by digital signature alone is dangerous and lazy. As far as WDAC is concerned... WDAC without ISG is unusable. WDAC with ISG is not true deny-by-default / zero-trust. Edit: I forgot to mention that I have a list of 19,000+ files / hashes from the WhitelistCloud database that are likely malware and will likely bypass SmartScreen, SAC and ISG. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
