Danger Itachi Sempai's security config for grandmas

[Andy Ful]

@Opcode
and i see just hypothesis that pirated windows could be vulnerable and preactivated software could have vulnerabilities... there are a lot of coulds and ifs in your post but no facts

i can configure my system and dont update windows at all it will be just windows sp1 with no updates and all the other software will be pirated do you think that someone on this forum will be able to infect it?

You are so arrogant. It is like to post on "how to be a killer" forum and ask if someone could kill you because you do not believe that anybody can. If you are so confident in your setup, then why do you post here? This is no mathematical forum, and none of the members will bother to prove you anything.
I think that this is the right moment for MalwareTips staff to close this thread. You do not listen, so it is useless to talk to you.
Be safe, if you can.

 

[Andy Ful]

well yea thats my point... having a seat belt is good but if you need to travel to japan to by the belt then its not worth it... you guys can afford license and you do but here its beyond fantasy for average person to buy the software that can be obtained freely... if someone has a very large business then maybe just maybe he will buy windows for factory PC-s but this claim is questionable



thanks i appreciate your response will deploy it right away

I would suggest also to exchange your computer with grandma computer. You will be safe on Windows 7 (as you said) and your grandma will be much safer on Windows 10.
.
Edit.
Yes, I forgot that grandma does not like Windows 10.

 

[Itachi Sempai]

You are so arrogant. It is like to post on "how to be a killer" forum and ask if someone could kill you because you do not believe that anybody can. If you are so confident in your setup, then why do you post here? This is no mathematical forum, and none of the members will bother to prove you anything.
I think that this is the right moment for MalwareTips staff to close this thread. You do not listen, so it is useless to talk to you.
Be safe, if you can.

i am ready to listen if there is some sort of evidence... i may be wrong i cant be sure but i dont see anything solid

for example you could tell that if you dont update windows then this X vulnerability what was discovered 2 years ago can be used to hack your system and anti exe or shadow defender wont help you... i can google that vulnerability read how it works and if it is true then you will be right... did someone said something specific? the only thing that i see is a very general discussion that i need updates... or you can provide some past example... i understand that many of you know more than me in security but i cant just belive everything you say no matter of your status


and i opened this topic in order to see if i can use some other software that is better than what i listed... exe radar pro was nice advice by the way

 

[Deleted member 65228]

I see something solid. That configuration. Whoa blows my mind every time. I promise!

About NVT EXE Radar, it's very good I agree. It's made by a member who is on this forum as well, and has been built over a very long time.

 

[lowdetection]

Example: Why update Microsoft Office:

@CVEnew tweeted this at January 10, 2018 at 02:47AM: CVE on Twitter

CVE (@CVEnew)
CVE-2018-0792 Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0794. CVE - CVE-2018-0792
Twitter
@CVEnew tweeted this at January 10, 2018 at 02:47AM: CVE on Twitter

CVE (@CVEnew)
CVE-2018-0793 Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is ... CVE - CVE-2018-0793
Twitter
@CVEnew tweeted this at January 10, 2018 at 02:47AM: CVE on Twitter

CVE (@CVEnew)
CVE-2018-0794 Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code ... CVE - CVE-2018-0794
Twitter
@CVEnew tweeted this at January 10, 2018 at 02:47AM: CVE on Twitter

CVE (@CVEnew)
CVE-2018-0795 Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability". CVE - CVE-2018-0795
Twitter
@CVEnew tweeted this at January 10, 2018 at 02:47AM: CVE on Twitter

CVE (@CVEnew)
CVE-2018-0796 Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Excel Remote Code ... CVE - CVE-2018-0796
Twitter
@CVEnew tweeted this at January 10, 2018 at 02:47AM: CVE on Twitter

CVE (@CVEnew)
CVE-2018-0797 Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability". CVE - CVE-2018-0797
Twitter
@CVEnew tweeted this at January 10, 2018 at 02:47AM: CVE on Twitter

CVE (@CVEnew)
CVE-2018-0798 Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory ... CVE - CVE-2018-0798
Twitter
@CVEnew tweeted this at January 10, 2018 at 02:47AM: CVE on Twitter

CVE (@CVEnew)
CVE-2018-0799 Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka "Microsoft Access ... CVE - CVE-2018-0799
Twitter
@CVEnew tweeted this at January 10, 2018 at 02:47AM: CVE on Twitter

CVE (@CVEnew)
CVE-2018-0801 Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote ... CVE - CVE-2018-0801
Twitter
@CVEnew tweeted this at January 10, 2018 at 02:47AM: CVE on Twitter

CVE (@CVEnew)
CVE-2018-0802 Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory ... CVE - CVE-2018-0802
Twitter
@CVEnew tweeted this at January 10, 2018 at 02:47AM: CVE on Twitter

CVE (@CVEnew)
CVE-2018-0804 Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka ... CVE - CVE-2018-0804
Twitter
@CVEnew tweeted this at January 10, 2018 at 02:47AM: CVE on Twitter

CVE (@CVEnew)
CVE-2018-0805 Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka ... CVE - CVE-2018-0805
Twitter
@CVEnew tweeted this at January 10, 2018 at 02:47AM: http://twitter.com/CVEnew/status/950906892649459712

CVE (@CVEnew)
CVE-2018-0806 Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka ... https://t.co/GgtqdAWCpS
Twitter
@CVEnew tweeted this at January 10, 2018 at 02:47AM: http://twitter.com/CVEnew/status/950906894507442176

CVE (@CVEnew)
CVE-2018-0807 Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka ... https://t.co/yE8jer3y6J
Twitter
@CVEnew tweeted this at January 10, 2018 at 02:47AM: http://twitter.com/CVEnew/status/950906897409945601

CVE (@CVEnew)
CVE-2018-0812 Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka ... https://t.co/reEjBlcGeI

 

[Itachi Sempai]

@lowdetection
well yes thats what vulnerabilities are but wouldnot anti executable block all of them if it is set to control child processes aswell?

if i recall correctly only SMB protocol was vulnerable in such a way that malware was executed on kernel level and could not be detected by ordinary solutions... but even in such a rare case when antiexecutable will be bypassed shadow defender should still protect the system... no?

 

[Deleted member 65228]

shadow defender should still protect the system

Shadow Defender doesn't prevent malicious software from attacking the system; it only recovers the state at boot once the new session is starting up. Data theft can still occur during the session if you become infected, and it won't be reset until the next reboot. However, depending on the attack, the damage could already be done.

 

[tim one]

First of all, there is the legal factor: using pirated software is illegal and, more recently, some companies that used cracked productivity software got penalties of thousands of dollars after the controls of the authorities.
Keep in mind that most of the software can check and keep your IP the first time you connect online and if it is detected a violation, you are criminally liable.

About Windows pirated, usually there are 2 ways to activate it:

1) Using a variety of loaders or activators
2) Using preactivated OS copies.

In the first case, the activator may be proposed to be completely malware-free: "no virus, no spyware, no adware, 100% virus-free!!!" LOL of course....but you really believe that this is the truth? They say:"Oh, don't worry if your AV detects the file as infected, it is just a FP, please disable your AV"........ of course!
Have you tried to reverse out the code to see if it is really malware-free?
Very often malicious code is obfuscated in the activator and, as a minimum, it can share all of your information to a remote server.

In the second case everything is much easier, Windows pirated copy is a huge backdoor completely embedded and invisible to AV that shares everything you do with that PC, and the OS is completely exposed to attacks!

Then I don't see the need to use pirated software: Windows is pre-installed on every computer you buy, and if you follow some giveaways, every day there are many opportunities to get paid software for free.

 

[Andy Ful]

@Itachi Sempai
There are many Windows 7 vulnerabilities discovered, year by year, the year 2018 will be just another one. The same is true for any MS Office (2007, 2010, 2013, 2016, etc.). After some months malware will use some of them.
Anti-exe with learning feature, like NVT ERP, could help but there will be a problem with major AV or Web Browser updates, because of some new possibly not signed executables. Your grandma will not know how to response the alerts, and every decision will be dangerous (broken updates contra allowing possible malware).
Shortly, the unpatched Windows requires minimizing the attack surface, so default deny solutions (anti-exe, SRP, sandboxing) are welcome. But, then grandma will have some problems with alerts.
The other solution is installing AV with decent EXE files protection (Avast + Hardened Aggressive mode, Kaspersky Free + KSN) and finding additional protection against malicious documents, macros, scripts, scriptlets, etc. You do not need an EXE file to have the keylogger, RAT, etc. Furthermore those non-EXE malware are often used to download/run 0-day EXE malwares, which can be missed by Kaspersky + KSN.
And in the end, it would be good when grandma would not use the computer for banking and online shopping.
Installing something like Adguard DNS will also be better than using web browser addon - the first will monitor also connections made by the script trojan downloaders.