(Before I begin please excuse any rambling on my part. I just got home from dancing all night and am still a bit worked up)
Let’s first do a comparison between the products tested in the last 2 videos:
1). CryptoMonitor- Comes in 2 flavors, Free and Paid. The essential difference between these versions is also the basis of my contempt for the product. The free version does not protect against as many types of Encryptors as does the Paid version. But if when using the Free and coming up against a malware type that the Paid will work against but the Free does not, the user will get an alert basically stating that “too bad you didn’t pay for the product, because if you weren’t so cheap your files wouldn’t now be toast.” I find this attitude appalling. Even worse is that the Paid version (as evidenced by 3 videos I’ve already done) isn’t all that hot anyway.
2). CryptoPrevent- Also comes as a Free and a Paid version. The difference here is that both versions have the identical level of protection; the major difference is that the Paid version is updated as novel threats emerge.
I actually have a story about this- some members of the Research department in my organization are encouraged to have a presence on the Darkweb, as well as having the ability (and directive) of purchasing malware that act by mechanisms not yet seen. A while back one of the guys in that department supplied me with a sample just purchased and not yet released into the Wild (I think it was the initial version 3 of Cryptowall but may be mistaken); I happened to have CryptoPrevent on one of my test machines and tried the malware. Sadly it failed to protect. I took the malware home and set up a CryptoPrevent system the following evening and found that CP was updated and now stopped the baddie. So sometime within 30 hours (or so) of the release of the new malwarethe author took steps to protect the user from it! I was (and am) impressed.
That being said, who needs CryptoPrevent?
1). If you are using either Comodo with the Sandbox enabled or Sandboxie, you don’t really need CP as both of these products will block the malware at a point before the changes made by CP will be effective (I guess it’s not exactly a secret I prefer Comodo Firewall- if the malware is a few day old the Cloud AV will kill it, and it the malware is just released the Sandbox will isolate and strangle it. For a consumer product it just doesn’t get better than this).
2). If you still are putting faith in an AV and/or HIPS product you definitely will benefit from CryptoPrevent. The same person that informed me about the malware mentioned above (I think he was sweet on me) also followed the spread and morphing of the original Tesla. He found that only the top tier AV’s (the usual suspects) had a definition in place against these FUD variants within 18 hours of release and none within the first 8 hours. This is a time lag that CryptoPrevent nicely fills.
Anyway, this will be the last vid from me for a while as I have to fly back Monday to do what I was doing for the next month or so- that is unless I strangle one of the IT guys responsible for the Breach. In that case I’ll be back in 15-20 years, depending on good behavior.
M