cruelsister
Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
I'd normally wait for a bit with this one but I'm on the road.
Sophos Home Beta against some Scriptors
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
@cruelsister
Just one question, I thought I saw you have java installed. Does the worm needs JAVA engine to be succesfull?
Regards Kees
Just one question, I thought I saw you have java installed. Does the worm needs JAVA engine to be succesfull?
Regards Kees
Well this sucks... maybe the "wurm" catchers are on vacation? 
Now serious... we need more protection here i would rather get my files encrypted (i got backups) then have a
slimy little bastard wurming around in my system.
Now serious... we need more protection here i would rather get my files encrypted (i got backups) then have a
slimy little bastard wurming around in my system.
Thanks for another great video, cruelsister! 
It's definitely disappointing to see a worm get past Sophos, especially considering they supposedly have implemented HMP and HMP.A into their products' protections. Hopefully it gets better in the near future.
It's definitely disappointing to see a worm get past Sophos, especially considering they supposedly have implemented HMP and HMP.A into their products' protections. Hopefully it gets better in the near future.
cruelsister
Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
WS- This particular worm was a VB script, so independent of java.
Cohen- I hope so. I've done a number of wormy videos featuring HMP in the past (including a recent one from March 11), but so far nothing has changed (sigh).
Cohen- I hope so. I've done a number of wormy videos featuring HMP in the past (including a recent one from March 11), but so far nothing has changed (sigh).
Well, nothing is bulletproof and every av solution have bad parts. Some are better in this and some are better in that. Have u tested it with more worms? Is it a weak point for sophos?
A little off topic but I was watching this latest vid and Carol Ann walked in and wanted to know what music I was listening to,
I told her it was a Security review.
CS who is that so I can tell her, she liked it who ever it is.
PS: Thanks for the test CS.
I told her it was a Security review.
CS who is that so I can tell her, she liked it who ever it is.
PS: Thanks for the test CS.
Sleepingdog - He Loved to See the World Through His Camera
What is it about worms that they can evade detection by AV or exploit protection?
Knew it wouldn`t take long for you CS to lash Sophos beta with your brood of baddies.
Winpatrol would have alerted to the new startup entry, maybe an addition for peoples to consider ?
Good job well done.
Regards Eck
Winpatrol would have alerted to the new startup entry, maybe an addition for peoples to consider ?
Good job well done.
Regards Eck
Nice job. I like this new version of sophos
cruelsister
Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
I'm glad you guys liked the video! And a few things:
1). Is MT rendering different today or is it because I'm on a different laptop?
2). Janl and Askmark- I've done this topic to death in the past, but the simple fact is that some Security products with a large presence in the Enterprise space (like Sophos and Symantec) tend to ignore scriptors like worms. The reason for this is simple- a vbs worm (like the one used here) in coding may be almost indistinguishable from a legitimate script written by an Enterprise for High and Noble purposes (like automating processes across the network, or the macros used in Excel for financial analysis). When I was still doing trivia like Breach Analysis for Corporations, it was shown that a vast majority of the causative malware were simple scripts that were running on the system for months. Frequently they were only caught as someone noticed pulse transmissions to somewhere on the Steppes of Central Asia. But other than the Firewall logs the main product was just fine with their running.
Point being that some products (like Sophos) are so concerned about having false positives for unknown scripts that they just ignore them. The worm used in this video was in no way especially nasty nor unique. My only issue was which one I felt like using- they all would have given the same result). But it seems no one really cares but me; certainly the product developers don't give a flying (add curse word here), and instead count on the apathy of the user.
3). Cyber- As Erreale has correctly pointed out, this songs was on a CD by SleepingDog. The composer (and singer) is Chantal Acda (the songs were written with her dog sleeping at her feet). I heard her perform in some cathedral in Northern France a number of years ago; with the echoes and resonance from that space the music was so surreal that I almost melted in my chair (and extend my compliments to Carol Ann- Great Minds Think Alike!).
4). Behold Eck- Perfect Comment!!!! WinPatrol is the first thing I install after the OS. Although I normally will use it to accept/deny legitimate applications from autostarting, it would have also alerted to a malicious script autostarting and thus it could have been excluded from continually screwing you.
Aaddendum- I was a bit too harsh in Point #2. Not all worms would get by Sophos. But it is a trivial matter to write one that will. Remember that Blackhats (and BlackSkirts) also beta test...
1). Is MT rendering different today or is it because I'm on a different laptop?
2). Janl and Askmark- I've done this topic to death in the past, but the simple fact is that some Security products with a large presence in the Enterprise space (like Sophos and Symantec) tend to ignore scriptors like worms. The reason for this is simple- a vbs worm (like the one used here) in coding may be almost indistinguishable from a legitimate script written by an Enterprise for High and Noble purposes (like automating processes across the network, or the macros used in Excel for financial analysis). When I was still doing trivia like Breach Analysis for Corporations, it was shown that a vast majority of the causative malware were simple scripts that were running on the system for months. Frequently they were only caught as someone noticed pulse transmissions to somewhere on the Steppes of Central Asia. But other than the Firewall logs the main product was just fine with their running.
Point being that some products (like Sophos) are so concerned about having false positives for unknown scripts that they just ignore them. The worm used in this video was in no way especially nasty nor unique. My only issue was which one I felt like using- they all would have given the same result). But it seems no one really cares but me; certainly the product developers don't give a flying (add curse word here), and instead count on the apathy of the user.
3). Cyber- As Erreale has correctly pointed out, this songs was on a CD by SleepingDog. The composer (and singer) is Chantal Acda (the songs were written with her dog sleeping at her feet). I heard her perform in some cathedral in Northern France a number of years ago; with the echoes and resonance from that space the music was so surreal that I almost melted in my chair (and extend my compliments to Carol Ann- Great Minds Think Alike!).
4). Behold Eck- Perfect Comment!!!! WinPatrol is the first thing I install after the OS. Although I normally will use it to accept/deny legitimate applications from autostarting, it would have also alerted to a malicious script autostarting and thus it could have been excluded from continually screwing you.
Aaddendum- I was a bit too harsh in Point #2. Not all worms would get by Sophos. But it is a trivial matter to write one that will. Remember that Blackhats (and BlackSkirts) also beta test...
Well ... this point would be interesting to know after winpatrol which other software installs ...
Thanks sis, I will earn a few points and pick up some of her music for Carol and surprise her with it.
Married for 10, dated for 6 before that, best 16yrs of my life. I am well trained
lol
@Behold Eck @cruelsister Did you notice that Scotty just got an update?
What's new in V35.5.2017.8 (May 7, 2017)
What's new in V35.5.2017.8 (May 7, 2017)
- Fixed addition of Startup programs to be compatible with recent changes to Windows 10.
- Fixed removal of Startup programs to be compatible with recent changes to Windows 10.
- Disabled and removed checkbox for “Allow PLUS info data collection” because recent changes in allowed URL length resulting in no data being returned for customers.
*
+1 for Scotty
Last edited:
You may also like...
-
-
Malwarebytes Anti-Malware Premium BETA
- Started by Shadowra
- Replies: 44
-
-
Emsisoft Anti-Malware Home 2025
- Started by Shadowra
- Replies: 52