Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Playing with UAC
Message
<blockquote data-quote="Andy Ful" data-source="post: 1079577" data-attributes="member: 32260"><p><strong><span style="font-size: 18px">How to use the stone tool.</span></strong></p><p></p><p>If you can see the UAC prompt, you have two scenarios:</p><ol> <li data-xf-list-type="ol">Expected.</li> <li data-xf-list-type="ol">UnExpected.</li> </ol><p>In the first scenario simply ignore the alert and allow elevation. Use application installers from trusted sources (like Softpedia).</p><p></p><p>In the second scenario gently press the <Enter> key, think, and inspect a little. Now, You have two new scenarios:</p><ol> <li data-xf-list-type="ol"><span style="color: rgb(85, 57, 130)"><strong>The UAC prompt is correlated with opening the particular file.</strong></span></li> <li data-xf-list-type="ol"><span style="color: rgb(0, 168, 133)"><strong>UAC appears "out of the blue".</strong></span></li> </ol><p></p><p><strong><span style="color: rgb(85, 57, 130)">The first case:</span></strong></p><ol> <li data-xf-list-type="ol"><strong><span style="color: rgb(85, 57, 130)">The file is a document, media file, etc., but the application that opens the file wants to update -----></span> <span style="color: rgb(85, 57, 130)">update the application and open the file again.</span></strong></li> <li data-xf-list-type="ol"><span style="color: rgb(85, 57, 130)"><strong>The file is a document, media file, etc. but something else wants to execute & elevate -----> <span style="color: rgb(184, 49, 47)">I can be infected -----> sign out and sign in to another account.</span></strong></span></li> <li data-xf-list-type="ol"><span style="color: rgb(85, 57, 130)"><strong>The file pretends to be a document, media file, etc. but it is an executable instead -----> </strong></span><span style="color: rgb(184, 49, 47)"><strong>I can be infected -----> sign out and sign in to another account.</strong></span></li> </ol><p><strong><span style="color: rgb(0, 168, 133)">The second case:</span></strong></p><ol> <li data-xf-list-type="ol"><strong><span style="color: rgb(0, 168, 133)"><strong>Some application wants to auto-update ------> allow the update and open the file again.</strong></span></strong></li> <li data-xf-list-type="ol"><strong><span style="color: rgb(0, 168, 133)"><strong>Some strange new process asked for an elevation -----> inspect the event.</strong></span></strong></li> </ol><p>I think that even non-techie but security-aware users can learn to recognize the danger related to:</p><p><strong><span style="color: rgb(184, 49, 47)">I can be infected -----> sign out and sign in to another account</span></strong></p><p></p><p>Indeed, this is not a bulletproof method but it is far better than nothing, when using the AV without advanced tweaks.</p><p>It is true that it mostly fails with ransomware. But ransomware is often the payload delivered at a later time by the malware that can be exposed by the above method.</p><p></p><p>Edit.</p><p>In some cases, the ransomware wants to elevate and then waits several minutes to fool the AV sandboxes. The above method can also expose the infection before the files are encrypted.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1079577, member: 32260"] [B][SIZE=5]How to use the stone tool.[/SIZE][/B] If you can see the UAC prompt, you have two scenarios: [LIST=1] [*]Expected. [*]UnExpected. [/LIST] In the first scenario simply ignore the alert and allow elevation. Use application installers from trusted sources (like Softpedia). In the second scenario gently press the <Enter> key, think, and inspect a little. Now, You have two new scenarios: [LIST=1] [*][COLOR=rgb(85, 57, 130)][B]The UAC prompt is correlated with opening the particular file.[/B][/COLOR] [*][COLOR=rgb(0, 168, 133)][B]UAC appears "out of the blue".[/B][/COLOR] [/LIST] [B][COLOR=rgb(85, 57, 130)]The first case:[/COLOR][/B] [LIST=1] [*][B][COLOR=rgb(85, 57, 130)]The file is a document, media file, etc., but the application that opens the file wants to update ----->[/COLOR] [COLOR=rgb(85, 57, 130)]update the application and open the file again.[/COLOR][/B] [*][COLOR=rgb(85, 57, 130)][B]The file is a document, media file, etc. but something else wants to execute & elevate -----> [COLOR=rgb(184, 49, 47)]I can be infected -----> sign out and sign in to another account.[/COLOR][/B][/COLOR] [*][COLOR=rgb(85, 57, 130)][B]The file pretends to be a document, media file, etc. but it is an executable instead -----> [/B][/COLOR][COLOR=rgb(184, 49, 47)][B]I can be infected -----> sign out and sign in to another account.[/B][/COLOR] [/LIST] [B][COLOR=rgb(0, 168, 133)]The second case:[/COLOR][/B] [LIST=1] [*][B][COLOR=rgb(0, 168, 133)][B]Some application wants to auto-update ------> allow the update and open the file again.[/B][/COLOR][/B] [*][B][COLOR=rgb(0, 168, 133)][B]Some strange new process asked for an elevation -----> inspect the event.[/B][/COLOR][/B] [/LIST] I think that even non-techie but security-aware users can learn to recognize the danger related to: [B][COLOR=rgb(184, 49, 47)]I can be infected -----> sign out and sign in to another account[/COLOR][/B] Indeed, this is not a bulletproof method but it is far better than nothing, when using the AV without advanced tweaks. It is true that it mostly fails with ransomware. But ransomware is often the payload delivered at a later time by the malware that can be exposed by the above method. Edit. In some cases, the ransomware wants to elevate and then waits several minutes to fool the AV sandboxes. The above method can also expose the infection before the files are encrypted. [/QUOTE]
Insert quotes…
Verification
Post reply
Top