Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Those Nasty RATS Part 4
Message
<blockquote data-quote="509322" data-source="post: 579323"><p>Does anyone understand the point that [USER=7463]@cruelsister[/USER] makes in this video ?</p><p></p><p>The point is that valid digital certificates as a trust mechanism suck.</p><p></p><p>The point is that this trust mechanism can be craftily abused to wreak worldwide havoc. (It's not specifically stated in the video, but it is apparent if you extrapolate what is shown to its furthest possibilities.)</p><p></p><p>The point is that a user should not blindly trust any and all digitally signed files.</p><p></p><p>The point is that if your security soft "whitelists" digitally signed files - which just about every single one does in one way or another - you really should pay attention.</p><p></p><p>* * * * *</p><p></p><p>We are aware that use of the Trusted Publisher List is an inherent risk, but the risk score - in the current environment - is very low. The likelihood that a user would come across malware with a proper, valid digital certificate from one of the default publishers on the Trusted Publisher List is quite small. For those of you that like numbers, it is < 1 % - statistically, less than a fraction of a percent.</p><p></p><p>Whitelisting of digitally signed files is widely used for increased usability and to prevent performance issues by excluding certain digitally signed files from monitoring. We don't have to worry about performance issues with AppGuard because it doesn't do the typical, system-impacting AV type process checks.</p><p></p><p>In short, the Trusted Publisher List is there for usability while providing a high level of protection.</p><p></p><p>The typical AppGuard user has developed an understanding of Win internals and knows what is installed on their system. They also tend to be way more security conscious than the average Joe.</p><p></p><p>The user can significantly increase Protected mode by customizing the Trusted Publisher List.</p><p></p><p>The user can run AppGuard in Locked Down mode.</p><p></p><p>Used properly, there is no problem.</p><p></p><p>If I can teach my 92 year old grandmother - who never made it past the 6th grade - to use AppGuard, then anyone can use it.</p></blockquote><p></p>
[QUOTE="509322, post: 579323"] Does anyone understand the point that [USER=7463]@cruelsister[/USER] makes in this video ? The point is that valid digital certificates as a trust mechanism suck. The point is that this trust mechanism can be craftily abused to wreak worldwide havoc. (It's not specifically stated in the video, but it is apparent if you extrapolate what is shown to its furthest possibilities.) The point is that a user should not blindly trust any and all digitally signed files. The point is that if your security soft "whitelists" digitally signed files - which just about every single one does in one way or another - you really should pay attention. * * * * * We are aware that use of the Trusted Publisher List is an inherent risk, but the risk score - in the current environment - is very low. The likelihood that a user would come across malware with a proper, valid digital certificate from one of the default publishers on the Trusted Publisher List is quite small. For those of you that like numbers, it is < 1 % - statistically, less than a fraction of a percent. Whitelisting of digitally signed files is widely used for increased usability and to prevent performance issues by excluding certain digitally signed files from monitoring. We don't have to worry about performance issues with AppGuard because it doesn't do the typical, system-impacting AV type process checks. In short, the Trusted Publisher List is there for usability while providing a high level of protection. The typical AppGuard user has developed an understanding of Win internals and knows what is installed on their system. They also tend to be way more security conscious than the average Joe. The user can significantly increase Protected mode by customizing the Trusted Publisher List. The user can run AppGuard in Locked Down mode. Used properly, there is no problem. If I can teach my 92 year old grandmother - who never made it past the 6th grade - to use AppGuard, then anyone can use it. [/QUOTE]
Insert quotes…
Verification
Post reply
Top