Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Inside Microsoft's plan to kill PPLFault
Message
<blockquote data-quote="Andy Ful" data-source="post: 1059606" data-attributes="member: 32260"><p>I think that ISG or WLC / VoodooAi are sufficient when the home users browse the web or check email.</p><p>Such activities are well-tested by AV_Test, AV_Comparatives, and SE Labs.</p><p></p><p>For example, Microsoft Defender on default settings can miss approximately one malware per 250 samples.</p><p>When you add WDAC (ISG), WLC / VoodooAi, or even SAC, the chances are probably one infection per several thousand samples. Most users can see (at maximum) a few malware per year, so they should not worry about the infection, except when one would like to be Matuzalem. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p></p><p>A different situation is in enterprises when the machine can likely work in a compromised environment, and the attacker can know the details of the implemented security. WDAC can be configured with Hypervisor-protected Code Integrity, and the policies can be signed. Such protection is much more resistant to attacks via kernel compared to any security based on kernel driver.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1059606, member: 32260"] I think that ISG or WLC / VoodooAi are sufficient when the home users browse the web or check email. Such activities are well-tested by AV_Test, AV_Comparatives, and SE Labs. For example, Microsoft Defender on default settings can miss approximately one malware per 250 samples. When you add WDAC (ISG), WLC / VoodooAi, or even SAC, the chances are probably one infection per several thousand samples. Most users can see (at maximum) a few malware per year, so they should not worry about the infection, except when one would like to be Matuzalem. :) A different situation is in enterprises when the machine can likely work in a compromised environment, and the attacker can know the details of the implemented security. WDAC can be configured with Hypervisor-protected Code Integrity, and the policies can be signed. Such protection is much more resistant to attacks via kernel compared to any security based on kernel driver. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
