Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Qihoo Total Security- Random Musings
Message
<blockquote data-quote="cruelsister" data-source="post: 459050" data-attributes="member: 7463"><p>Moose- Excellent points:</p><p></p><p>1). You are correct about Malwarebytes (and the same issue can be seen with HMP); both a horrible against worms in general and scriptors in particular. I’ve been harping on this topic numerous times in my videos and I’m still waiting for users to be outraged.</p><p></p><p>2). The lack of network protection is typical of sandboxes that are just thrown on to security products. Much better off using a more refined product like Comodo or Sandboxie.</p><p></p><p>3). About Tesla- this particular variant doesn’t restart after doing the damage to your files, so no removal is needed. And as there is no private key generated locally the encrypted files can’t be recovered.</p><p></p><p>4). CryptoPrevent would have stopped the files from getting trashed. Policies would be in place to protect. But note well that something like CryptoFortress would still have encrypted files in other directories beside those in the Documents folder. And of course my POC encryptor would get past everything (thinking about a paper on this).</p><p></p><p>5). I’ll be doing a few videos on boot protection for other AV’s in January.</p><p></p><p>6). Still eagerly anticipating WinAntiRansom to come out of Beta prior to testing (only fair).</p><p></p><p>7). I’ll have to keep how the Santa malware worked to myself except to say that as Qihoo has a Startup alert module it was more difficult than anticipated. Things like Avast or Avira are much easier.</p><p></p><p>Also quite a while ago I coded a really simple malware file and a few weeks later this showed up:</p><p></p><p><a href="http://www.herdprotect.com/cruelsisters-rootkit-analyzer.exe-5c98edd4976fd3208cf333fad68c8d9af12c80fa.aspx" target="_blank">Malware scan of cruelsister's rootkit analyzer.exe 5c98edd4976fd3208cf333fad68c8d9af12c80fa - herdProtect</a></p><p></p><p>Really embarrassing!</p><p></p><p>M</p></blockquote><p></p>
[QUOTE="cruelsister, post: 459050, member: 7463"] Moose- Excellent points: 1). You are correct about Malwarebytes (and the same issue can be seen with HMP); both a horrible against worms in general and scriptors in particular. I’ve been harping on this topic numerous times in my videos and I’m still waiting for users to be outraged. 2). The lack of network protection is typical of sandboxes that are just thrown on to security products. Much better off using a more refined product like Comodo or Sandboxie. 3). About Tesla- this particular variant doesn’t restart after doing the damage to your files, so no removal is needed. And as there is no private key generated locally the encrypted files can’t be recovered. 4). CryptoPrevent would have stopped the files from getting trashed. Policies would be in place to protect. But note well that something like CryptoFortress would still have encrypted files in other directories beside those in the Documents folder. And of course my POC encryptor would get past everything (thinking about a paper on this). 5). I’ll be doing a few videos on boot protection for other AV’s in January. 6). Still eagerly anticipating WinAntiRansom to come out of Beta prior to testing (only fair). 7). I’ll have to keep how the Santa malware worked to myself except to say that as Qihoo has a Startup alert module it was more difficult than anticipated. Things like Avast or Avira are much easier. Also quite a while ago I coded a really simple malware file and a few weeks later this showed up: [URL="http://www.herdprotect.com/cruelsisters-rootkit-analyzer.exe-5c98edd4976fd3208cf333fad68c8d9af12c80fa.aspx"]Malware scan of cruelsister's rootkit analyzer.exe 5c98edd4976fd3208cf333fad68c8d9af12c80fa - herdProtect[/URL] Really embarrassing! M [/QUOTE]
Insert quotes…
Verification
Post reply
Top