Video RansomOff - First Look at New User Interface

Do you like new GUI?


  • Total voters
    41

HarborFront

Level 40
Content Creator
Verified
Joined
Oct 9, 2016
Messages
2,974
#21
No worries. Is it the colors or layout or something else entirely?
IMO, the color of black and grey combo is a poor choice. Maybe you can come out with a few GUIs with different color selection for the user to choose

:)
 
Last edited:

cruelsister

Level 36
Content Creator
Verified
Joined
Apr 13, 2013
Messages
2,511
#22
Funny you should ask as I was screwing around with the bunch earlier this week with a specific focus on modified NotPetya variants. The most impressive result came from an application that I mercilessly mocked in the past, that being RansomFree. Not wanting to accept that either they improved or (God Forbid!) that I could have been wrong I also added on some other nasties and sadly got a very good (perfect for my malware set) result. As I misplaced my Ranstop credential so I couldn't test that one.

So although both Ranstop and AppCheck have excellent backup options I question efficacy of AC due to the NP result; jury is still out on Ranstop until I can test it.
That leaves Ransomfree and RansomOff. Once RansomOff comes out of RC status it may (will) have the greater utility due the HIPS, but the HIPS settings have to be optimized some way to prevent FP's. RansmomFree has improved and I guess can now be considered a viable option.
 

HeiDef

From HeiDef
Developer
Verified
Joined
Mar 27, 2017
Messages
87
#23
IMO, the color of black and grey combo is a poor choice. Maybe you can come out with a few GUIs with different color selection for the user to choose

:)
Thanks. We changed some things up a bit from the video but it still has a dark layout. Once we finally get the updated release out maybe we will go back and add an option so you can select a light or dark layout.

Speaking of the updated release, it should be any day now. There are just a few finishing touches left.
 

HarborFront

Level 40
Content Creator
Verified
Joined
Oct 9, 2016
Messages
2,974
#25
@HeiDef

I refer to the features listed on your website particularly

Heilig Defense RansomOff

Startup change detection
System file change detection
Process hollowing detection

Are these protected by RansonOff besides just detection? It's no point having detection without protection.

One suggestion. Can you show what ransomware are being protected against by RansomOff on your website like when the ransomware was neutralized etc This allows the user to know the effectiveness of RansomOff against the latest ransomware. Maybe the earlier ones you can lump them together but starting with some of the latest ones, say for the past 2 months or so, can you assign some dates to them?

Thanks
 
Last edited:
Likes: XhenEd

HeiDef

From HeiDef
Developer
Verified
Joined
Mar 27, 2017
Messages
87
#26
Anker- when you are testing it please note the various settings for the HIPS (which is a good thing). A balance must be struck between applying the settings that will stop malware while also leaving those settings that will trigger FP's alone. I know there is an optimal configuration but only folk like you will lead us into the light!

However I will say that in the short time I had my way with RO I was impressed by its ability to squash worms (even those with unconventional persistence mechanisms) as well as it being able to stop a very nasty RAT. I actually completed a video about the latter last week but am reticent to publish it as I'm not sure of the proper settings to be used to yield real-world applicability.
RO does some analysis on the actions to filter out legit operations but like you said, the tuning of the HIPS settings as well as any exemptions goes a long way in preventing unnecessary notifications.
 

HeiDef

From HeiDef
Developer
Verified
Joined
Mar 27, 2017
Messages
87
#27
@HeiDef

I refer to the features listed on your website particularly

Heilig Defense RansomOff

Startup change detection
System file change detection
Process hollowing detection

Are these protected by RansonOff besides just detection? It's no point having detection without protection.

One suggestion. Can you show what ransomware are being protected against by RansomOff on your website like when the ransomware was neutralized etc This allows the user to know the effectiveness of RansomOff against the latest ransomware.

Thanks
With the addition of the new HIPS settings in the soon-to-be-released version, all of the things that RO detects can be blocked at the point in time of notification.

For the website, do you mean just a list of ransomware families RO protects against? Or video demos of new ransomware strains?
 

HarborFront

Level 40
Content Creator
Verified
Joined
Oct 9, 2016
Messages
2,974
#28
With the addition of the new HIPS settings in the soon-to-be-released version, all of the things that RO detects can be blocked at the point in time of notification.

For the website, do you mean just a list of ransomware families RO protects against? Or video demos of new ransomware strains?
That's great. Waiting for the official release then.

No need video. Just a tabulated reverse chronological listing with dates and status will do. This will keep the user informed of the latest ransomware and the speed at which RansomOff can neutralized them e.g. of status like 'Neutralized', 'Working On It' etc

A table like

Name of Ransomware............Status.............Date Neutralized

Thanks
 
Last edited:
Likes: XhenEd

HeiDef

From HeiDef
Developer
Verified
Joined
Mar 27, 2017
Messages
87
#29
That's great. Waiting for the official release then.

No need video. Just a tabulated reverse chronological listing with dates and status will do. This will keep the user informed of the latest ransomware and the speed at which RansomOff can neutralized them e.g. of status like 'Neutralized', 'Working On It' etc

A table like

Name of Ransomware............Status.............Date Neutralized

Thanks
RansomOff is signature-less so the neutralized date should be whatever date the ransomware is released. Now obviously no software is 100% but for the most part RO can handle the majority of ransomware as it comes out.

But I understand your point. A website refresh is on our to-do list which will make it more informative of RO's capabilities.
 

cruelsister

Level 36
Content Creator
Verified
Joined
Apr 13, 2013
Messages
2,511
#30
Guys- I came to my senses and will be publishing the RansomOff vs RAT video tonight before I go out. This will be for a single RAT sample but will indeed demonstrate the HIPS.

Plus the song is too pretty to waste...

Correction to a previous post above- Although RansomFree did indeed stop BadRabbit and the initial NotPetya malware that I tried, my cat re-coded NotPetya (Ophelia is such a bitch) and RansomFree failed.
 
Last edited:

Lightning_Brian

Level 11
Verified
Joined
Sep 1, 2017
Messages
514
OS
Windows 10
Antivirus
Norton
#31
We released it back in March so a few months old but always constantly evolving and improving.
@HeiDef Nice! I'll be putting this software to test in my virtual machine sometime soon. I'm really liking everything I'm seeing thus far. I'm quite excited about this software.

@cruelsister Thanks for publishing the videos. Nicely done!
 
Likes: XhenEd

Telos

Level 11
Verified
Joined
Jan 29, 2017
Messages
548
#33
@Trickster GUI interface is like a girl.
SHvFl like this girl but you like that girl.
Is your girl ugly? NO
IS @SHvFl GF ugly? Nah:cautious:
I mean it's about Tastes:notworthy:i like this Gui but another one may dislike it:D
Agree 100%.

I seldom interface with the GUI. Set and forget. And should ransomware raise its head, I shan't complain of how my rescuer clothes herself.
 

HarborFront

Level 40
Content Creator
Verified
Joined
Oct 9, 2016
Messages
2,974
#34
@HeiDef

Your website says RansomOff detects and defeats the latest threats with Next-Gen defense by using machine learning techniques to evaluate and stop threats in real-time, even unknown ones.

Heilig Defense

So do you consider RansomOff as a TRULY Next-Gen security software?

Thanks
 

HeiDef

From HeiDef
Developer
Verified
Joined
Mar 27, 2017
Messages
87
#35
@HeiDef

Your website says RansomOff detects and defeats the latest threats with Next-Gen defense by using machine learning techniques to evaluate and stop threats in real-time, even unknown ones.

Heilig Defense

So do you consider RansomOff as a TRULY Next-Gen security software?

Thanks
Our other security product, Correlate, uses ML techniques. RansomOff does not. But I can see how the website could confuse. I'm not sure if the term next-gen has a standard definition but I've generally taken it to mean a signature-less solution able to handle new and emerging threats. In that case, RansomOff fits that definition. So depending on how you define next-gen, your mileage may vary.
 

bjm_

Level 4
Verified
Joined
May 17, 2015
Messages
160
OS
Windows 10
Antivirus
Microsoft
#37
Please do not install RansomOff at this time if you have Secure Boot enabled.
?
isn't there a real security advantages to having Secure Boot enabled

Edit:
@shmu26 Not all Windows 10 w/ secure boot has the issue but only more recent updates (1607+). Either way, we are getting the drivers cross signed for this release so there shouldn't be any boot issues in the future. #13
 
Last edited:

shmu26

Level 65
Verified
Joined
Jul 3, 2015
Messages
5,408
OS
Windows 10
#40
Yikes, I wasn't even aware of this, but I haven't had a problem on my old Dell XPS with Win 10 Pro x64 v1709 16299.19 with Secure Boot enabled.
I have two windows 10 machines, and one gives me stern warnings when the drivers are not co-signed by MS, while the other machine is more lenient. I don't understand why.
But if it works, it works.