Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Microsoft Defender vs Magniber
Message
<blockquote data-quote="Andy Ful" data-source="post: 995864" data-attributes="member: 32260"><p>Although any video with working ransomware can be kinda shocking, the truth is that there is no need to worry. The method used by Magniber (MSI file) is very rarely used against home users. </p><p></p><p>Furthermore, for any AV one can find working malware. There is no perfect & usable protection against malware. Even such a strong protection like CF with [USER=7463]@cruelsister[/USER] settings cannot save many users. Of course, the installer/fix will be blocked, but this is expected for pirated software, game mods, or cracks. The blocked malware cannot expose the malicious actions, so the user will simply turn off the protection and still can be infected.</p><p></p><p>Microsoft can efficiently (but not perfectly) fight such malware in several ways:</p><ol> <li data-xf-list-type="ol">Making the samples very short-living (Block At First Sight + post-execution detections). Even if the sample could infect a few users, then after several minutes other users can be often protected against this sample.</li> <li data-xf-list-type="ol">Adding the methods used by ransomware to ASR rules.</li> <li data-xf-list-type="ol">Blocking delivery paths, when the malicious actors would like to use the malware in widespread attacks (weaponized documents, scripts, etc.).</li> <li data-xf-list-type="ol">Adding the malicious URLs to SmartScreen (used also system-wide by Defender's Network Protection).</li> </ol><p>So, we will see the normal cat & mouse game. When Microsoft (or any other AV) is going to improve the protection, the Magniber fellows will make necessary modifications, and so on.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 995864, member: 32260"] Although any video with working ransomware can be kinda shocking, the truth is that there is no need to worry. The method used by Magniber (MSI file) is very rarely used against home users. Furthermore, for any AV one can find working malware. There is no perfect & usable protection against malware. Even such a strong protection like CF with [USER=7463]@cruelsister[/USER] settings cannot save many users. Of course, the installer/fix will be blocked, but this is expected for pirated software, game mods, or cracks. The blocked malware cannot expose the malicious actions, so the user will simply turn off the protection and still can be infected. Microsoft can efficiently (but not perfectly) fight such malware in several ways: [LIST=1] [*]Making the samples very short-living (Block At First Sight + post-execution detections). Even if the sample could infect a few users, then after several minutes other users can be often protected against this sample. [*]Adding the methods used by ransomware to ASR rules. [*]Blocking delivery paths, when the malicious actors would like to use the malware in widespread attacks (weaponized documents, scripts, etc.). [*]Adding the malicious URLs to SmartScreen (used also system-wide by Defender's Network Protection). [/LIST] So, we will see the normal cat & mouse game. When Microsoft (or any other AV) is going to improve the protection, the Magniber fellows will make necessary modifications, and so on. [/QUOTE]
Insert quotes…
Verification
Post reply
Top