Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
MacDefender Test #2, "Trojan" Ransomware
Message
<blockquote data-quote="sepik" data-source="post: 858285" data-attributes="member: 74435"><p>One thing i came across when testing malwares on my crappy laptops. When testing, some AVs have an ability to set it up to ASK mode. </p><p>When pop-up window comes, for example "Trojan Generic", "do you want to allow this". Yes, no, quarantine. Leave that pop-up window alive, dont click anything. Then check, does the AV actually STOP the process, or does it allow it to run background. </p><p></p><p>Kinda the same with Windows Firewall, in my opinion, some malwares can disable/modify windows firewall setting during early boot stage and after that. Malwares do not "target" 3rd party firewalls, which loads(what i've heard) way before windows own firewall. Yes, windows firewall is a component of the OS itself. Thats why it gets abused. But if you are using 3rd firewall, it can actually block outgoing connections even during deep boot up secuence. One good example of this is Zonealarm. It blocks low level TCP attemps during the boot up process. Someone in Wilders forum even proved this using Wireshark. </p><p>-sepi</p></blockquote><p></p>
[QUOTE="sepik, post: 858285, member: 74435"] One thing i came across when testing malwares on my crappy laptops. When testing, some AVs have an ability to set it up to ASK mode. When pop-up window comes, for example "Trojan Generic", "do you want to allow this". Yes, no, quarantine. Leave that pop-up window alive, dont click anything. Then check, does the AV actually STOP the process, or does it allow it to run background. Kinda the same with Windows Firewall, in my opinion, some malwares can disable/modify windows firewall setting during early boot stage and after that. Malwares do not "target" 3rd party firewalls, which loads(what i've heard) way before windows own firewall. Yes, windows firewall is a component of the OS itself. Thats why it gets abused. But if you are using 3rd firewall, it can actually block outgoing connections even during deep boot up secuence. One good example of this is Zonealarm. It blocks low level TCP attemps during the boot up process. Someone in Wilders forum even proved this using Wireshark. -sepi [/QUOTE]
Insert quotes…
Verification
Post reply
Top