App Review Total Security 360 vs Wanna Cry Ransomware

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
stefanos said:
I have been using it for many years and I have never been infected. Αlways combo. And always unknow files i run it first at sandbox. Is the only antivirus to install to my pc and i have not any delay. For this i love it.
Click to expand...

This is true. I think it's maybe the best for this.

Well, a couple of things come to mind here, since I have been working with 360 since 2012. It really hasn't changed much in that time, except that the ransomeware plagues sort of pushed a-v companies very hard for solutions and so changes have come to 360 to answer this phenomenon.

I like 360 too, and the File Protection application is not useless. It works and will protect files, even if not very sophisticated and with some shortcomings. For example, it doesn't populate the backup folder with files when it is installed. Only files that are created new or changed and saved are added to the backup folder. Second thing is a somewhat complicated context in that the companies that have done the best job against, for example, WannaCry, have used default deny at the drop of a hat to kick the user into a safer mode (cloud analysis or sandbox as with Comodo) or they have used like Kaspersky roll back. 360 doesn't have this level of sophistication. Personally, I would like to see a full stop of any process like WannaCry, even if it has already encrypted some files and then on the alert maybe make the default option to sandbox the process and send the file to Qihoo. Maybe they could also create a HIPS rule for encryption/alteration/deletion of files in user designated areas, also. User can restore damaged/maliciouly altered files any number of ways. Also, a simple concept such as the one in the program Easy File Locker could be very useful in 360. Assign allowed processes to directories.

I wonder what 360 will be like in 5 years. My guess is the company will feel confident enough to further "westernize" their approach to security enough, so that they can find a way onto endpoints and other PCs in, say, Europe or the middle east, Easter Europe etc. The program seems to have a way to go before it's at a competitive level in this way. How does any a-v compete with Kaspersky Security Cloud? Kaspersky seem to have outdone themselves for a free a-v.

The "Always combo" phrase is classically true with 360. It's a piece of a layered approach. I find especially the BB and System Protection alerts helpful. Also, the tools are helpful, such as the sandbox. Hope at some point I can use the context menu to sandbox. Actually, to use the GUI and configure the sandbox in SUA, I had to set the sandbox processes to "Run As Administrator" in the 360 folder. Hope I didn't lower its security, but I don't think so.

cruelsister said:
Those using more Advanced Security solutions, needless to say, need not be concerned with FUD ransomware.
Click to expand...

Comodo Firewall is good, yes, but if you would like some file detection on the side 360 runs light (especially TSE), so it's a good companion imo, even if not necessary for some...

Almost forgot. This was passed onto me by @Sunshine-boy. Haven't tried this myself, but he says he likes the program:

360 Virtual Vault - 360 Total Security

If anyone tries the program, please post back your impressions...
 
Last edited:
  • Like
Reactions: amico81 and stefanos
stefanos

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
AtlBo said:
This is true. I think it's maybe the best for this.

Well, a couple of things come to mind here, since I have been working with 360 since 2012. It really hasn't changed much in that time, except that the ransomeware plagues sort of pushed a-v companies very hard for solutions and so changes have come to 360 to answer this phenomenon.

I like 360 too, and the File Protection application is not useless. It works and will protect files, even if not very sophisticated and with some shortcomings. For example, it doesn't populate the backup folder with files when it is installed. Only files that are created new or changed and saved are added to the backup folder. Second thing is a somewhat complicated context in that the companies that have done the best job against, for example, WannaCry, have used default deny at the drop of a hat to kick the user into a safer mode (cloud analysis or sandbox as with Comodo) or they have used like Kaspersky roll back. 360 doesn't have this level of sophistication. Personally, I would like to see a full stop of any process like WannaCry, even if it has already encrypted some files and then on the alert maybe make the default option to sandbox the process and send the file to Qihoo. Maybe they could also create a HIPS rule for encryption/alteration/deletion of files in user designated areas, also. User can restore damaged/maliciouly altered files any number of ways. Also, a simple concept such as the one in the program Easy File Locker could be very useful in 360. Assign allowed processes to directories.

I wonder what 360 will be like in 5 years. My guess is the company will feel confident enough to further "westernize" their approach to security enough, so that they can find a way onto endpoints and other PCs in, say, Europe or the middle east, Easter Europe etc. The program seems to have a way to go before it's at a competitive level in this way. How does any a-v compete with Kaspersky Security Cloud? Kaspersky seem to have outdone themselves for a free a-v.

The "Always combo" phrase is classically true with 360. It's a piece of a layered approach. I find especially the BB and System Protection alerts helpful. Also, the tools are helpful, such as the sandbox. Hope at some point I can use the context menu to sandbox. Actually, to use the GUI and configure the sandbox in SUA, I had to set the sandbox processes to "Run As Administrator" in the 360 folder. Hope I didn't lower its security, but I don't think so.



Comodo Firewall is good, yes, but if you would like some file detection on the side 360 runs light (especially TSE), so it's a good companion imo, even if not necessary for some...

Almost forgot. This was passed onto me by @Sunshine-boy. Haven't tried this myself, but he says he likes the program:

360 Virtual Vault - 360 Total Security

If anyone tries the program, please post back your impressions...
Click to expand...
Χωρίς τίτλο.jpg
 
  • Like
Reactions: AtlBo
AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
Hmm. Thanks @stefanos. I will try it on a computer here. I am still intimidated installing security software even after 20 years, so I resisted looking at this one when @Sunshine-boy mentioned it to me. I believe it's partly cloud backup, but I might be wrong. He says that it actually hides folders and files from view, even from applications like Process Hacker, etc. Anyway, I will post back more if it is working for me in the U.S...
 
  • Like
Reactions: Sunshine-boy and stefanos
Moonhorse

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
Any idea of their firewall? 10 bucks for year of 360 total security premium is very cheap

Is there application control? Can you pull default deny to block untrusted files ?
 
  • Like
Reactions: AtlBo and stefanos
AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
OK, I got an error message that the disk was not accessible in admin account. It wanted to install to the normal path on the main root in Program Files, so I tried again, and it worked.

This app is really simple. Use the application to encrypt single files, and the file cannot be accessed by any application. The encrypt/decrypt key is sent by Qihoo via e-mail. When a file is selected from the GUI, file disappears from its location and appears in the "Encryped files" list in the GUI. You use the code to decrypt any time you want to work on the file or edit etc. Inconvenient and a little bit sketchy since the file is unencrypted and returned to its location when user/operator wants to look at it or edit such. As a result, the file is o/c exposed during that time.

For files in long term storage this would be nice if it would encrypt entire directories, but the focus is only on single files as far as I can tell. I couldn't find a way to add a directory. All in all the 360 File Protection program is better, but also AppCheck free is a good solid layer of anti-rw to run with Qihoo, further making 360 Vault less interesting to me. This is especially true since I can use Easy File Locker to add protection for directories and I get the configurability to choose what apps can access the directory and in which ways. I think @Sunshine-boy said it best about EFL, however. It's not 100% clear that EFL cannot be stopped by malware, so it's definitely not perfect. I guess for my uses this would be a nevermind on this app, anyway. Too impractical for me (n)...
 
  • Like
Reactions: Sunshine-boy, Moonhorse and stefanos
medo32

medo32

Level 1
Aug 8, 2013
2
Well first of all nothing will change if we activated all engines
as the ransomware is encrypted from all AV engines (It's so easy to do this )
plus Black doesn't change the configurations after he installs the AV to make the test as real as possible
because most users don't change it at all
so you can think of it as a proactive defense test not AV Engines

well ,
for Qihoo , It did detect a ransomware (Although it's theoretically impossible to detect Ransomwares as they have no special Behavior , only read/write , not like other types of threats , ex , most RATS add a startup Entry , No Special API Functions )

the only way to protect yourself from ransomwares it to use sort of file protection , like that one in Trend micro ,or an automatic sandbox like Comodo that isolates any non-digitally signed file , Although It's not the best option for a normal user ,
back to qihoo , It has lots of false positives , Specifically the Behavior blocker , sometime it detects a game or a simple c# program as a Ransomware !!
so I guess it's just a coincidence that It detected a ransomware
and yeah , it didn't block it up until the user clicked Block, and we still got our files encrypted , at least it should have suspended the process and stopped It's threads temporarily until the user decides what to do , like all other AVs , so that's a downside of Qihoo , I guess what happened is that this Ransomware had some shady behaviors beside Encrypting all your files that qihoo caught , some kind of registry modification . startup entry ...etc , and then qihoo was like hey , let's block this file as a Ransomware

and as I said before you can't really create an anti-Ransomware Behavior blocker , I mean there are no any behaviors to block no 'potentially dangerous ' API's to hook , It's just a simple read/write operation , and if you're up to block them , well , basically you've just block the entire OS ,



as you can see in this video , black easily bypassed kaspersky special Business anti- Ransomware arsenal , Just a simple Ransomware ,with little obfuscation to bypass the engine , Encrypts all the files , Displays that evil note on your desktop ,and It ended up to be some shiny commercial gleaming crab that basically does nothing , I mean you just can't do it it's impossible ,a Ransomware has no behavior to block , the only way to avoid it is to use some sort of file protection that protect certain files you value, or to isolate all non-digitally files like comodo does.
you may check his channel he got all our darlings there , norton , kaspersky , comodo ...

It's all microsoft fault , if you look at all other operating systems , eg , Android ,Mac , all of them blocks applications installation from any unknowing sources , (microsoft is up to this with their new 's mode " which i'm sure will basically be a crab ")
 
  • Like
Reactions: tiktoshi, stefanos and AtlBo
stefanos

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
I check now
Malware Samples 23/08/2018 #20 how many samples detect 360 cloud signatures
1 detected 2 detected 3 only 360 detected 4 failed 5 detected 6 failed 7 detected 8 detected 9 detected 10 detected 11 detected 12 failed 13 detected 14 failed 15 detected 16 detected 17 failed 18 detected 19 detected 20 detected. Not bud results from New Malware Samples (less than 10 days old
 
  • Like
Reactions: vtqhtr413, AtlBo and Moonhorse
AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
medo32 said:
as you can see in this video , black easily bypassed kaspersky special Business anti- Ransomware arsenal
Click to expand...

Anyone done this same type of test against AppCheck? I run Comodo FW, but I'd like to know for knowledge sake. I haven't done much research on AppCheck, but I vaguely recall that it doesn't use signatures. Can't remember if this is true or where I picked up the suggestion, from AppCheck or someplace else etc...
 
  • Like
Reactions: Moonhorse and stefanos
Moonhorse

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
AtlBo said:
Anyone done this same type of test against AppCheck? I run Comodo FW, but I'd like to know for knowledge sake. I haven't done much research on AppCheck, but I vaguely recall that it doesn't use signatures. Can't remember if this is true or where I picked up the suggestion, from AppCheck or someplace else etc...
Click to expand...
Arent most of these signatureless anyways, anti exe, & anti-exploits. The only video of youtube gives appcheck 6/10 against ransomware on that test. But when comparing how efficient is its when it comes on system resources i cant see any problem to run it with any possible config

I think ransomoff is best real lockdown & hips is powerful

Something like Syshardener + conf defender + ransomoff is probably nice
 
  • Like
Reactions: AtlBo, vtqhtr413 and stefanos
stefanos

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
For me the best protection for ransomware if you use 360TS is or you run all the unknown files in 360 sandbox or combo with COMODO fw or combo with voodooshield. Personally i use 360TS with voodooshield and osarmor. Is light combo and very efective
 
  • Like
Reactions: oldschool, vtqhtr413 and Moonhorse
AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
Moonhorse said:
Something like Syshardener + conf defender + ransomoff is probably nice
Click to expand...

OSArmor is the one for me for now. I'm familiar with the processes and understand the protections fairly well. Also, the whitelisting is not a problem for me. I guess it's a little bit like EXERadarPro but with the focus on vulnerabilities and vulnerable areas of Windows. I can make use of almost all the protections in OSA. SysHardener I need to look at again. I prefer W7, and I don't know if Syshardener on 7 has a meaningful impact as compared to running it on W10.

I run it OSA as a fail safe I guess is my thinking...
 
  • Like
Reactions: Sunshine-boy, stefanos, Moonhorse and 1 other person
AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
stefanos said:
For me the best protection for ransomware if you use 360TS is or you run all the unknown files in 360 sandbox or combo with COMODO fw or combo with voodooshield. Personally i use 360TS with voodooshield and osarmor. Is light combo and very efective
Click to expand...

This is good. Comodo with auto-sandbox is nice, an advantage when working on the fly or multi-tasking. Voodoo Shield is plenty good for getting solidly trustworthy alerts and is also comprenensive coverage. Good options. As for sandboxing, I have the 360 sandbox set to run all MS Office apps inside. The performance for me is smoother than I have experienced with Comodo's sandbox, and the protection seems very solid to me. If I could get the right click function to work in SUA, I would do exactly as you say here and run unknowns in the Qihoo sandbox...
 
Last edited:
  • Like
Reactions: vtqhtr413 and stefanos
stefanos

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
AtlBo said:
This is good. Comodo with auto-sandbox is nice, an advantage when working on the fly or multi-tasking. Voodoo Shield is plenty good for getting solidly trustworthy alerts and is also comprenensive coverage. Good options. As for sandboxing, I have the 360 sandbox set to run all MS Office apps inside. The performance for me is smoother than I have experienced with Comodo's sandbox, and the protection seems very solid to me. If I could get the right click function to work in SUA, I would do exactly as you say here and run unknowns in the Qihoo sandbox...
Click to expand...
personally i know the comodo firewall is one of the best protection. But I am tired with Comodo. Block many safe things And it makes me nervous. I prefer voodooshield because I activate it when I play with cracks unsafe downloads and etc. If i am to MalwareTips or facebook at safe sites i deactivate voodooshield and i keep only 360TS with osarmor
 
  • Like
Reactions: AtlBo, oldschool and vtqhtr413
AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
BryanB said:
What is the issue you are having here @AtlBo , maybe a member can help with it.
Click to expand...

It's notthing. Qihoo blocks the right click context usage when authorizstion is required or at least for qihoo. Comodo sandbox works this way, so I think it's a qihoo thing. Actually, even the settings in Qihoo can't be changed in SUA without tweaking the Qihoo GUI processes to "Run As Administrator" in the Qihoo program folder.

I slao have the 360 sandbox application set to "Run as Administrator" in the program folder, so I can work with the qihoo sandbox settings in SUA (after entering a password). I can add a program to the list of apps that run by default sandboxed, and this works fine. However, right click on a file to sandbox doesn't work unfortunately in user account. Can see the option, btw, just gives a qihoo error like everything else qihoo without RAA adjustments being made. I will go back and take a look at the processes. Maybe I can find one that I need to set to RAA to make it work. Error pic:

1 Qihoo.png


2 Qihoo.png


Yes, a little off topic I guess (?), but it seems related since the sandbox for 360 is so valuable for blocking malware...
 
  • Like
Reactions: Sunshine-boy, oldschool, stefanos and 1 other person
stefanos

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
AtlBo said:
It's notthing. Qihoo blocks the right click context usage when authorizstion is required or at least for qihoo. Comodo sandbox works this way, so I think it's a qihoo thing. Actually, even the settings in Qihoo can't be changed in SUA without tweaking the Qihoo GUI processes to "Run As Administrator" in the Qihoo program folder.

I slao have the 360 sandbox application set to "Run as Administrator" in the program folder, so I can work with the qihoo sandbox settings in SUA (after entering a password). I can add a program to the list of apps that run by default sandboxed, and this works fine. However, right click on a file to sandbox doesn't work unfortunately in user account. Can see the option, btw, just gives a qihoo error like everything else qihoo without RAA adjustments being made. I will go back and take a look at the processes. Maybe I can find one that I need to set to RAA to make it work. Error pic:

View attachment 196569

View attachment 196570

Yes, a little off topic I guess (?), but it seems related since the sandbox for 360 is so valuable for blocking malware...
Click to expand...
to my pc working the right click . Is sure the problem is because you are at usa??
 
  • Like
Reactions: oldschool, AtlBo and vtqhtr413

Similar threads

NB InfoTech
    • Like
App Review Want to try? | Comodo Antivirus Test & Review | Comodo Internet Security vs Ransomware | 2024
Replies
4
Views
407
Video Reviews - Security and Privacy
bazang
bazang
L
    • Like
App Review Windows Defender Controlled Folders bypassed by ransomware
Replies
1
Views
366
Video Reviews - Security and Privacy
oldschool
oldschool
NB InfoTech
    • Like
App Review Trend Micro Maximum Security Antivirus Review | Trend Micro vs Ransomware Test | [TESTED]
Replies
1
Views
735
Video Reviews - Security and Privacy
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top