App Review SecureMyBit Deny VS 6 JavaScript malware + EXE analysis

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
askmark said:
Thanks for the video.
Is SecureMyBit Deny able to detect if the JavaScript is malicious or is it just blocking all JavaScript from running?
Click to expand...
From what I know SMB D blocks all scripts by default by disabling Windows Script Host, however if you want to run a trusted script you can easily disable Anti-Script protection from the GUI.
 
  • Like
Reactions: illumination, Der.Reisende, JM Safe and 3 others
I really don't want to be rude but did you really do a test of executing 5 js files while the tool clearly states it blocks every js file upon execution?
 
Thanks for the great video @tim one ! A really good job :)
mekelek said:
I really don't want to be rude but did you really do a test of executing 5 js files while the tool clearly states it blocks every js file upon execution?
Click to expand...
A test is done to verify if a product really works as expected. In the video @tim one tested if the Anti-Script protection really works. So I don't see the sense of your question. Also Default-Deny of EXE files are tested.
 
  • Like
Reactions: illumination, Der.Reisende, harlan4096 and 2 others
As we have already had the opportunity to see, tons of malware are using scripting techniques. The same techniques usually used to take advantage of the ability of Windows to automatically run the script. A script is a sequence of instructions that usually are used to automate a series of operations at operating system level. For those who know MS-DOS, the use of the script brings in a Windows environment, what in DOS you could do by using batch file (.BAT) by introducing a series of innovations, closely linked to the components of the operating system itself.

Windows Scripting Host is a sort of "interpreter" of the scripts that Microsoft has integrated within the system starting from Windows 98. Windows Scripting Host (WSH) allows you to boot directly from the Windows file VBS (Visual Basic Script) and JS (J-Script) by performing two important functions: first, WSH interprets the instructions contained in the script and allows you to handle any programming errors; in the second place, it offers the possibility, without having to install a real programming language, to interact with all the elements of Windows. Simple instructions allow, for example, engage with applications such as Word, Excel, Access, intervene on the registry, connecting to printers, creating network connections, and so on: all the operations, usually done manually, can be automated.

It is clear, then, what is the power of the script and how, inevitably, these could be used by malware.

IMO SMB Deny is a simple app that in its simplicity has its power to prevent a good part of the malware scripts just by using Windows settings.
 
Last edited:
  • Like
Reactions: JM Safe, askmark, illumination and 3 others
Tim- bat files are still used today (actually someone just sent me a fresh one for an opinion); and for these SMB would be oblivious.

So one really should differentiate between scriptors that use cscript/wscript and those that do not.
 
  • Like
Reactions: JM Safe, simmerskool, illumination and 4 others
cruelsister said:
Tim- bat files are still used today (actually someone just sent me a fresh one for an opinion); and for these SMB would be oblivious.

So one really should differentiate between scriptors that use cscript/wscript and those that do not.
Click to expand...
Hi cruelsister, when you open SMB D in the UI, if you move the mouse on "Anti-Script" button, you can see it blocks JS, VBS, JSE, etc. But not wscript or cscript. This depends on @JM Security development.
Thanks for the clarification.
 
  • Like
Reactions: JM Safe, illumination, Der.Reisende and 2 others
Hi Tim! Disabling Windows Script Host on systems that rely on traditional methods of protection (such as an AV and/or BB) is a good thing. As those few who view my videos may have noticed (my last video as well as the forthcoming one), many products have issues with Scriptors.

The majority of scriptors currently in the Wild are vb and JScript based. SMB would be a nice compliment as it will stop these things cold; however with bat scripts, some self contained python malware and JAR (not Jscript) malware SMB will not really help.

Don't get me wrong! I compliment you for bringing up the need for basic Scriptor protection! However SMB over all is sub-optimal when compared to the Bliss of virtualization.
 
  • Like
Reactions: Der.Reisende, Deletedmessiah, JM Safe and 4 others
cruelsister said:
Hi Tim! Disabling Windows Script Host on systems that rely on traditional methods of protection (such as an AV and/or BB) is a good thing. As those few who view my videos may have noticed (my last video as well as the forthcoming one), many products have issues with Scriptors.

The majority of scriptors currently in the Wild are vb and JScript based. SMB would be a nice compliment as it will stop these things cold; however with bat scripts, some self contained python malware and JAR (not Jscript) malware SMB will not really help.

Don't get me wrong! I compliment you for bringing up the need for basic Scriptor protection! However SMB over all is sub-optimal when compared to the Bliss of virtualization.
Click to expand...
Yes, I also think SecureMyBit Deny can be a good addition to a security setup, but surely the developers could improve the product to improve protection scenarios.
 
  • Like
Reactions: askmark, Deletedmessiah, JM Safe and 2 others

You may also like...