Andy Ful

Level 62
Verified
Trusted
Content Creator
Smartscreen Filter has some holes. It cannot block files copied to the FAT32 flash drives or files extracted from archives. But anyway, it is very useful.
 

Andy Ful

Level 62
Verified
Trusted
Content Creator
cruelsister - thanks for all of Your very informative videos.

FleischmannTV - You often get to the point in Your posts.

To be more precise: Smartscreen (App Reputation on RUN) checks Zone.Identifier file stream.
For a file downloaded from the Internet the content is typically:
[ZoneTransfer]
ZoneId=3

Files without Zone.Identifier file streams cannot be blocked by Smartscreen Filter (App Reputation on RUN).
Archives (zip, arj, etc., no executables) downloaded from the Internet are not blocked by Smartscreen Filter (App Reputation).

Files copied to Fat32 flash drive lose their Zone.Identifier file streams.
The bad guy can download malicious 0-day file, delete Zone.Identifier file stream, pack the file, and upload to the web. You can download the packed file, decompress, run, and get infected.

The Zone.Identifier file stream can be added to file.exe by executing from command prompt:
more Zone.Identifier.dat > file.exe:Zone.Identifier

where Zone.Identifier.dat is a text file with two lines below:
[ZoneTransfer]
ZoneId=3

Some more info:
http://www.sandersonforensics.com/Files/ZoneIdentifier.pdf
 

cruelsister

Level 37
Verified
Trusted
Content Creator
F TV- Good question and one that is deserving of its own topic. Remember that when discussing any anti-malware defense in Windows 10 it really should be contrasted with the stuff seen in previous Windows builds; and if this is done Win 10 is natively superior totally and completely. Why?:

1). Win 10 has the Antimalware Scan Interface which will work with Windows Defender to yield better detection results, especially against scriptors.

2). The UAC of Win 10 will protect system files (including System Restore points) even if the user turns UAC off.

3). Smart Screen filter will protect from web based exploits whereas previous Windows builds will not.

So- is Windows 10 proof against all malware? No.
But, is Windows 10 much better natively against malware than any previous build? Absolutely Yes.

Considering that Microsoft also gives away Windows 10 for free (Gratis), it amazes me that some refuse to install it because some Whack-Job keeps posting that Microsoft is looting personal information.

The Blackhats must be rolling around in Glee to see how many are falling for this type of trash.

Finally, will Window 10 stop my malware?

Of course not!
 

done

Level 5
Verified
Considering that Microsoft also gives away Windows 10 for free (Gratis), it amazes me that some refuse to install it because some Whack-Job keeps posting that Microsoft is looting personal information.
first of all thank you for sharing your knowledge
It is not quite that simple. windows 10 has compatibility problem with computers that came with windows 7. if the computer manufactur does not have bios update for at least windows 8 you will have a lot of problems that can not be solved. It is very important to check if the manufactur has bios update to upgrage from windows 7 to 8.
I have panasonic with I5 came with windows 7 and there is no support for windows 8, the computer is slower even on clean install

I have toshiba laptop came with with win 7 when I install windows 10 I had this problem: when turning on the computer It stay forever on black screen until I put it to sleep pressing the shutdown then turn it back on. No disply driver change helped, it worked fine without disply driver but...
A simple bios update did solve the problem in this case but in case of the panasonic nothing could help. well one thing did help but not solved all the problem. so yes win 10 is a good OS but not for everyone and not for every computer.

Kind regards
 
Top