Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
Is the improved performance of Microsoft Defender a myth? Should we necessarily be using a 3rd party AV?
Message
<blockquote data-quote="wat0114" data-source="post: 969010" data-attributes="member: 91306"><p>I know this is a super simplistic example of stopping an infection before the malicious process can even infect, reaching ring zero, assuming it's created to do so, and this is also my layman's way of setting up my security approach in dealing with malicious content that may find it's way onto my device, which is to prevent it from even launching in the first place:</p><p></p><p>[ATTACH]262966[/ATTACH]</p><p>[URL unfurl="true"]https://www.welivesecurity.com/2016/04/04/analysis-of-the-locky-infection-process/[/URL]</p><p></p><p>Let's say AV fails to detect it as malicious, well then the next steps could be as follows:</p><ol> <li data-xf-list-type="ol">My brain needs to determine if I think it's safe to open. Yes or No. If No, then I delete it and all is over. if Yes, then step 2.</li> <li data-xf-list-type="ol">I click on the attachment.</li> <li data-xf-list-type="ol">SRP will stop it, because it is setup to block scripts with, among other types, .BAT or .VBS extensions. No harm done.</li> <li data-xf-list-type="ol">If I'm really being stupid and I decide to disable SRP to launch it, then OSArmor will block, giving me more details in that the .BAT script is attempting to launch the <em>asddddd.exe </em>payload. Well hopefully I'm smart enough (I know I would be <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" /> ) to keep this attempt blocked.</li> </ol><p>Again, this is very simple and perhaps I haven't even described the process accurately enough, but I perceive several steps in blocking the malware before it gets a firm foothold in ring 0, and of course more importantly, no infection occurs.</p><p></p><p>BTW, this "example case" also supports the assertions made in this thread that it is the user's fault when they get infected.</p><p>It is also just one example of why I will never fully depend on AV in my security setup , because it is not 100% reliable.</p></blockquote><p></p>
[QUOTE="wat0114, post: 969010, member: 91306"] I know this is a super simplistic example of stopping an infection before the malicious process can even infect, reaching ring zero, assuming it's created to do so, and this is also my layman's way of setting up my security approach in dealing with malicious content that may find it's way onto my device, which is to prevent it from even launching in the first place: [ATTACH alt="Locky infection process.png"]262966[/ATTACH] [URL unfurl="true"]https://www.welivesecurity.com/2016/04/04/analysis-of-the-locky-infection-process/[/URL] Let's say AV fails to detect it as malicious, well then the next steps could be as follows: [LIST=1] [*]My brain needs to determine if I think it's safe to open. Yes or No. If No, then I delete it and all is over. if Yes, then step 2. [*]I click on the attachment. [*]SRP will stop it, because it is setup to block scripts with, among other types, .BAT or .VBS extensions. No harm done. [*]If I'm really being stupid and I decide to disable SRP to launch it, then OSArmor will block, giving me more details in that the .BAT script is attempting to launch the [I]asddddd.exe [/I]payload. Well hopefully I'm smart enough (I know I would be ;) ) to keep this attempt blocked. [/LIST] Again, this is very simple and perhaps I haven't even described the process accurately enough, but I perceive several steps in blocking the malware before it gets a firm foothold in ring 0, and of course more importantly, no infection occurs. BTW, this "example case" also supports the assertions made in this thread that it is the user's fault when they get infected. It is also just one example of why I will never fully depend on AV in my security setup , because it is not 100% reliable. [/QUOTE]
Insert quotes…
Verification
Post reply
Top