App Review Ransomware- Musings with UAC

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
Smartscreen Filter has some holes. It cannot block files copied to the FAT32 flash drives or files extracted from archives. But anyway, it is very useful.
 
  • Like
Reactions: done
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
cruelsister - thanks for all of Your very informative videos.

FleischmannTV - You often get to the point in Your posts.

To be more precise: Smartscreen (App Reputation on RUN) checks Zone.Identifier file stream.
For a file downloaded from the Internet the content is typically:
[ZoneTransfer]
ZoneId=3

Files without Zone.Identifier file streams cannot be blocked by Smartscreen Filter (App Reputation on RUN).
Archives (zip, arj, etc., no executables) downloaded from the Internet are not blocked by Smartscreen Filter (App Reputation).

Files copied to Fat32 flash drive lose their Zone.Identifier file streams.
The bad guy can download malicious 0-day file, delete Zone.Identifier file stream, pack the file, and upload to the web. You can download the packed file, decompress, run, and get infected.

The Zone.Identifier file stream can be added to file.exe by executing from command prompt:
more Zone.Identifier.dat > file.exe:Zone.Identifier

where Zone.Identifier.dat is a text file with two lines below:
[ZoneTransfer]
ZoneId=3

Some more info:
http://www.sandersonforensics.com/Files/ZoneIdentifier.pdf
 
  • Like
Reactions: DardiM, Der.Reisende, silversurfer and 1 other person
cruelsister

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
F TV- Good question and one that is deserving of its own topic. Remember that when discussing any anti-malware defense in Windows 10 it really should be contrasted with the stuff seen in previous Windows builds; and if this is done Win 10 is natively superior totally and completely. Why?:

1). Win 10 has the Antimalware Scan Interface which will work with Windows Defender to yield better detection results, especially against scriptors.

2). The UAC of Win 10 will protect system files (including System Restore points) even if the user turns UAC off.

3). Smart Screen filter will protect from web based exploits whereas previous Windows builds will not.

So- is Windows 10 proof against all malware? No.
But, is Windows 10 much better natively against malware than any previous build? Absolutely Yes.

Considering that Microsoft also gives away Windows 10 for free (Gratis), it amazes me that some refuse to install it because some Whack-Job keeps posting that Microsoft is looting personal information.

The Blackhats must be rolling around in Glee to see how many are falling for this type of trash.

Finally, will Window 10 stop my malware?

Of course not!
 
  • Like
Reactions: DardiM, done, Der.Reisende and 3 others
done

done

Level 5
Verified
Mar 19, 2015
217
cruelsister said:
Considering that Microsoft also gives away Windows 10 for free (Gratis), it amazes me that some refuse to install it because some Whack-Job keeps posting that Microsoft is looting personal information.
Click to expand...
first of all thank you for sharing your knowledge
It is not quite that simple. windows 10 has compatibility problem with computers that came with windows 7. if the computer manufactur does not have bios update for at least windows 8 you will have a lot of problems that can not be solved. It is very important to check if the manufactur has bios update to upgrage from windows 7 to 8.
I have panasonic with I5 came with windows 7 and there is no support for windows 8, the computer is slower even on clean install

I have toshiba laptop came with with win 7 when I install windows 10 I had this problem: when turning on the computer It stay forever on black screen until I put it to sleep pressing the shutdown then turn it back on. No disply driver change helped, it worked fine without disply driver but...
A simple bios update did solve the problem in this case but in case of the panasonic nothing could help. well one thing did help but not solved all the problem. so yes win 10 is a good OS but not for everyone and not for every computer.

Kind regards
 
  • Like
Reactions: Davidov and DardiM

Similar threads

Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus + Windows 11 Smart App Control (SAC)
Replies
44
Views
3,310
Video Reviews - Security and Privacy
tofargone
tofargone
Shadowra
    • Like
    • +Reputation
    • Wow
App Review MeyeProtect Antivirus 2024
Replies
2
Views
662
Video Reviews - Security and Privacy
Seandc33
S
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review ZoneAlarm NextGen Extreme Security 2024
Replies
118
Views
10,464
Video Reviews - Security and Privacy
TuxTalk
TuxTalk

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top