Most security software cannot effectively defend against fileless or script-based malware. From my perspective, Comodo's approach is the standout option for preventing script-based malware.
Is Defender good against scriptors or malicious pdf and word files?
- Thread starter Azazel
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
The OP asked about scripts with PDFs/Word files not malware in general, VT "Virus Total" there is nothing difficult about uploading a file to Virustotal and scanning it, before anyone states well there is no privacy of my files if i upload them, what do you think most Av's will do based directly on your desktop? The difference is on Virus total it utilizes many engines at once increasing the odds of detection. Does not get any simpler than that.
Those suggestions i provided were to cover beginners to advanced users, so they knew those options exist. VT being among the most easiest. Look at the thumbnail below this, what is difficult about navigating to this website and clicking the upload button?
Could the user just spend money on more security, yes, or better yet, the user could install an advanced application and learn how to lock his system down, or they could learn how to use manual methods of detection, or simply, take a few extra moments to follow this very simple suggestion.
- Feb 25, 2017
- 2,505
I also don't really see what's wrong with uploading scripts to virustotal before running them. The average user doesn't see many scripts in day to day use anyway. So why not taking the extra minute to check if it's actually safe. Especially considering that many AVs have problems detecting scripting malware.
- Mar 9, 2014
- 545
Actually, the OP was asking if Defender is good enough. It appears that it's not, so the default advice is to get something better.
Why would using VT be unreasonable, as pointed out earlier? Because people tend not to do things manually, especially if they're in a hurry. That's why a better option is a real-time program that can automatically upload the file to VT for checking.
How about using a VM? It's similar: consider security programs that sandbox by default instead of the user having to do things manually and run files in VMs.
How about hex editors? I think the security program, if not sites like VT, should handle analysis as well.
In short, the gist is that people will have to learn how to do this or that or do things manually, but that's not easy if they have many other things to do or forget to do things manually because they're rushing to meet a deadline, etc.
- Mar 9, 2014
- 545
There's nothing wrong with that. It's just that in the real world average users don't have the time to do manually what security programs are supposed to do automatically.
That's why in light of the thread title the OP has to use a security program that's good against such, and if it can't detect it, automatically send it to a cloud that can check it against multiple databases while running it in a sandbox.
And if that also costs more time and resources, then pay for better machines and Internet services, too.
Well I guess that user who is too busy to take a minute to check or is forgetful, or someone has them at gun point forcing them to hurry, or astroids are dropping and they need to send, better hope that product they chose to rely on does not miss anything that may stem from their lack of time.
If I sound sarcastic it is because I wanted to make sure I had all basis covered before you throw another reason a user can not take their security more seriously instead of unrealistically relying on some AV to do it for them.
Similar threads
