Most of the security products he has done videos on are failing with Ransom-ware, even the biggest names?
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Most of the security products he has done videos on are failing with Ransom-ware, even the biggest names?
Thanks for sharing this @Rodney74! 
-----------------------------------------
Looks like Kaspersky had a bad day - it's nothing "new", it happens every-day to at least someone who is click-happy and aimlessly runs programs or visits suspicious sites they don't trust without caring to think first.
The security software isn't meant to be bullet-proof and anyone who wants to do such a thing is going to fail because it cannot be done - there will always be malware out there which will slip-through the static detection methods (e.g. polymorphic/metamorphic samples will potentially be a factor of signature detection, standard obfuscation/packing methods) and of course dynamic protection will neither ever be bullet-proof...
It also depends on the security software configuration since leaving it as Default will not always work best for you and will not use the product to it's full potential always. Some configurations work some people and not others.
It is down to the user to be the main primary defence of protection for their system, since no product will entirely fully protect you. If your mind-set/thinking is very vulnerable then the chances are higher that you will be targeted and affected by a malware infection compared to someone who watches what they do and thinks before they visit websites/allows downloads to run (for example).
-----------------------------------------
Looks like Kaspersky had a bad day - it's nothing "new", it happens every-day to at least someone who is click-happy and aimlessly runs programs or visits suspicious sites they don't trust without caring to think first.
The security software isn't meant to be bullet-proof and anyone who wants to do such a thing is going to fail because it cannot be done - there will always be malware out there which will slip-through the static detection methods (e.g. polymorphic/metamorphic samples will potentially be a factor of signature detection, standard obfuscation/packing methods) and of course dynamic protection will neither ever be bullet-proof...
It also depends on the security software configuration since leaving it as Default will not always work best for you and will not use the product to it's full potential always. Some configurations work some people and not others.
It is down to the user to be the main primary defence of protection for their system, since no product will entirely fully protect you. If your mind-set/thinking is very vulnerable then the chances are higher that you will be targeted and affected by a malware infection compared to someone who watches what they do and thinks before they visit websites/allows downloads to run (for example).
- Aug 30, 2012
- 6,598
Thread title modified. Please don't use the words "Failed!" or other clickbait words in the thread's title, especially with Video Reviews. Let people decide themselves whether product accomplished what it's made for.
Friendly note : Any product can be beaten by (new)malware. The first line of defense is you. Don't click everywhere, and let it run with admin privileges. AV is just your backup buddy, especially nowadays.
Friendly note : Any product can be beaten by (new)malware. The first line of defense is you. Don't click everywhere, and let it run with admin privileges. AV is just your backup buddy, especially nowadays.
according the video, KIS didn't detect the ransomware in the first time and 1 or 2 files were encrypted. However, KIS successfully rolled back malware actions and restored 2 encrypted files. It was a partial success, not really a fail
edit: there were 4 files and 1 folder. 4 files were safe but the folder was fully encrypted
edit: there were 4 files and 1 folder. 4 files were safe but the folder was fully encrypted
- May 14, 2016
- 1,597
Hi Rodney74,
1 - It would be interesting to see how he set up Application Control : default parameters ?
2 - Why running the ransomware using "run as administrator" ?
(You can also make settings to be "default deny")
1 - It would be interesting to see how he set up Application Control : default parameters ?
2 - Why running the ransomware using "run as administrator" ?
=> known malware should be blocked at this moment, but for unknown (for the AV) malware, and if the AV suite is not well set up, it will not help for detecting the file as a malware, until its bad behavior (what KIS has detected).
3 - Application Control : for unknown files => untrusted group
(You can also make settings to be "default deny")
Last edited:
- Dec 30, 2012
- 4,809
Sorry if this is a bit off-topic, I am not trying to hijack the thread!
If you allow a program to run with administrator privileges without trusting it and knowing for certain it does not have malicious intent, then it can be game over for you in a quick flash and you'll have no chance of staying protected. UAC is constantly abused by people who don't understand how it works and then they complain about Windows security because they allowed an unknown download to run with admin privileges... It's really ridiculous, if only people could take the time to research a bit about how it works, it'd only take a few minutes of their life and would save them so much trouble in the future...
For example, if UAC is enabled: programs won't be able to create/delete Windows services/load device drivers, programs won't be able to inject into system processes on previous OS versions like Windows 7 (so before Windows 8/10 introduced additional default protection mechanisms for system processes) like csrss.exe, programs won't be able to communicate with the Windows Task Scheduler to create a task for a program to auto-start at boot with admin privileges whilst bypassing the UAC dialog,... Unless it's elevated!
Of course this does not mean that malware which can infect you without administrator privileges is in-existent because this is neither the case, however the malware which will do the most harm will typically and usually require administrator privileges. For example, a kernel-mode rootkit will need kernel-mode code execution (e.g. device driver) and for this to be loaded it'll require the SeLoadDriver privilege acquired from being ran with administrator privileges, but without this privilege it will fail to load the device driver (e.g. via the Service Manager), and Access Denied would be returned by Windows by default. Whereas, a keylogger may be able to hook the keyboard without needing administrator privileges (via abuse of genuine Win32 functions which weren't designed for malware authors in mind).
I don't want to cause further distraction and therefore I'll end this post reply here since this thread isn't focusing on UAC specifically, I'll make a thread instead. Sorry if I disturbed anyone, it wasn't meant to hijack the thread!
Stay Safe,
Wave.
I'm glad you and @BoraMurdar mentioned administrator privileges (elevated process), and I would like to add as an addition to my previous post the following:
If you allow a program to run with administrator privileges without trusting it and knowing for certain it does not have malicious intent, then it can be game over for you in a quick flash and you'll have no chance of staying protected. UAC is constantly abused by people who don't understand how it works and then they complain about Windows security because they allowed an unknown download to run with admin privileges... It's really ridiculous, if only people could take the time to research a bit about how it works, it'd only take a few minutes of their life and would save them so much trouble in the future...
For example, if UAC is enabled: programs won't be able to create/delete Windows services/load device drivers, programs won't be able to inject into system processes on previous OS versions like Windows 7 (so before Windows 8/10 introduced additional default protection mechanisms for system processes) like csrss.exe, programs won't be able to communicate with the Windows Task Scheduler to create a task for a program to auto-start at boot with admin privileges whilst bypassing the UAC dialog,... Unless it's elevated!
Of course this does not mean that malware which can infect you without administrator privileges is in-existent because this is neither the case, however the malware which will do the most harm will typically and usually require administrator privileges. For example, a kernel-mode rootkit will need kernel-mode code execution (e.g. device driver) and for this to be loaded it'll require the SeLoadDriver privilege acquired from being ran with administrator privileges, but without this privilege it will fail to load the device driver (e.g. via the Service Manager), and Access Denied would be returned by Windows by default. Whereas, a keylogger may be able to hook the keyboard without needing administrator privileges (via abuse of genuine Win32 functions which weren't designed for malware authors in mind).
I don't want to cause further distraction and therefore I'll end this post reply here since this thread isn't focusing on UAC specifically, I'll make a thread instead. Sorry if I disturbed anyone, it wasn't meant to hijack the thread!
Stay Safe,
Wave.
Dear SuperAdminModerator:
No offense intended. BUT "Failed" is in the title of the video made by the author.
"Failed was placed there by him, not by myself..
I'm sure you understand what I'm saying.
I didn't intend to use BAITED words... Like "Failed".
But "Failed" is part of the authors title.
In fact "Failed" is in the title of at least twenty or thirty of his videos, in which the security used by the same author "Failed" to prevent a disaster.
Well I'm not the author, so I can't say what he may have done to the settings...I can say I love his videos, they are all super short.
Concerning Viruses, Adware, Trojans, Malware, Ransomware, and any other kinda wares, that can destroy your data.
THIS IS WHY... ALL my data (Images of C:, photos, music, software), ETC is ON D: and on E:
AND E: is not connected to my PC, unless I am synchronizing it with D: using "Directory Opus".
Then when its finished syncing I disconnect E:
THIS IS WHY... ALL my data (Images of C:, photos, music, software), ETC is ON D: and on E:
AND E: is not connected to my PC, unless I am synchronizing it with D: using "Directory Opus".
Then when its finished syncing I disconnect E:
- May 14, 2016
- 1,597
Good Idea
The author make tests, without all explanations : not all the settings are shown, so we can only make "suppositions".
An important part : Application Control
=> it can make all the difference the way it is set up, with unknown (for the AV) samples.
=> the author should have shown the settings he used.
=> the author should have shown the settings he used.
And posting here, you can't be sure it has really failed.
In fact it is better to put here a title without "failed", because it can really make a confusion.
Title : Kaspersky Internet Security 2017 vs Cerber Ransomware 4.1.1
- Author : some details
- Its conclusion
- Video
- Its conclusion
- Video
But we don't know if the malware was able to run because of the "run as administrator" + unknown sample + bad set up on Application Conctrol.
KSI failed or the author used a methodology with settings that helps KIS to fail on this sample.
An unknown file is allowed to run, but as soon he has a bad / suspicious behavior: KIS detected it, blocked it and helped to decrypt/restore some infected files and to delete the malware => That is also the dynamical part of a good AV Suite
Then discuting about the thread can help each other to determine some other setups,
to test (example) and understand what settup is to improove.
(for example, deffaut deny is eays to setup with KIS)
(Interesting test : launch again the same malware and : see the new behavior => is KIS learned !?)
JOKE ON
The author really need to learn some security tricks
or how to better setup the security tools he used
=> It fails to often when he tests, hahaha
JOKE OFF/DardiM vanished
Last edited:
- Aug 30, 2012
- 6,598
Even if reviewer made a video title "Kaspersky FAILED" you are a member of this forum, so you'll need to find an appropriate title name for the topic and post it in the right subforum. Youtube's video titles are the part of YouTube's job. So no hard feelings, just pay attention in the future.
Have a nice day
Yes I understand and I'm sorry I failed to pick an appropriate name. Failure is part of our nature, at least that is my opinion.
- Mar 15, 2011
- 13,070
For Kaspersky, it something to do by tweaking the Application Control for deny access.
Heuristic/Cloud/signatures or possible behavior are most of the time can be easily bypass because of threat mechanism besides on premature.
So the bypass by Kaspersky just reflect that anything can be trouble without proper configuring.
Heuristic/Cloud/signatures or possible behavior are most of the time can be easily bypass because of threat mechanism besides on premature.
So the bypass by Kaspersky just reflect that anything can be trouble without proper configuring.
Similar threads
