Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Total Security 360 vs Wanna Cry Ransomware
Message
<blockquote data-quote="medo32" data-source="post: 759451" data-attributes="member: 11093"><p>Well first of all nothing will change if we activated all engines</p><p>as the ransomware is encrypted from all AV engines (It's so easy to do this )</p><p>plus Black doesn't change the configurations after he installs the AV to make the test as real as possible</p><p>because most users don't change it at all</p><p>so you can think of it as a proactive defense test not AV Engines</p><p></p><p>well ,</p><p> for Qihoo , It did detect a ransomware (Although it's theoretically impossible to detect Ransomwares as they have no special Behavior , only read/write , not like other types of threats , ex , most RATS add a startup Entry , No Special API Functions )</p><p></p><p>the only way to protect yourself from ransomwares it to use sort of file protection , like that one in Trend micro ,or an automatic sandbox like Comodo that isolates any non-digitally signed file , Although It's not the best option for a normal user ,</p><p>back to qihoo , It has lots of false positives , Specifically the Behavior blocker , sometime it detects a game or a simple c# program as a Ransomware !!</p><p>so I guess it's just a coincidence that It detected a ransomware</p><p>and yeah , it didn't block it up until the user clicked Block, and we still got our files encrypted , at least it should have suspended the process and stopped It's threads temporarily until the user decides what to do , like all other AVs , so that's a downside of Qihoo , I guess what happened is that this Ransomware had some shady behaviors beside Encrypting all your files that qihoo caught , some kind of registry modification . startup entry ...etc , and then qihoo was like hey , let's block this file as a Ransomware</p><p></p><p>and as I said before you can't really create an anti-Ransomware Behavior blocker , I mean there are no any behaviors to block no 'potentially dangerous ' API's to hook , It's just a simple read/write operation , and if you're up to block them , well , basically you've just block the entire OS ,</p><p></p><p>[MEDIA=youtube]e3r-QLHcg44[/MEDIA]</p><p></p><p>as you can see in this video , black easily bypassed kaspersky special Business anti- Ransomware arsenal , Just a simple Ransomware ,with little obfuscation to bypass the engine , Encrypts all the files , Displays that evil note on your desktop ,and It ended up to be some shiny commercial gleaming crab that basically does nothing , I mean you just can't do it it's impossible ,a Ransomware has no behavior to block , the only way to avoid it is to use some sort of file protection that protect certain files you value, or to isolate all non-digitally files like comodo does.</p><p>you may check his channel he got all our darlings there , norton , kaspersky , comodo ...</p><p></p><p>It's all microsoft fault , if you look at all other operating systems , eg , Android ,Mac , all of them blocks applications installation from any unknowing sources , (microsoft is up to this with their new 's mode " which i'm sure will basically be a crab ")</p></blockquote><p></p>
[QUOTE="medo32, post: 759451, member: 11093"] Well first of all nothing will change if we activated all engines as the ransomware is encrypted from all AV engines (It's so easy to do this ) plus Black doesn't change the configurations after he installs the AV to make the test as real as possible because most users don't change it at all so you can think of it as a proactive defense test not AV Engines well , for Qihoo , It did detect a ransomware (Although it's theoretically impossible to detect Ransomwares as they have no special Behavior , only read/write , not like other types of threats , ex , most RATS add a startup Entry , No Special API Functions ) the only way to protect yourself from ransomwares it to use sort of file protection , like that one in Trend micro ,or an automatic sandbox like Comodo that isolates any non-digitally signed file , Although It's not the best option for a normal user , back to qihoo , It has lots of false positives , Specifically the Behavior blocker , sometime it detects a game or a simple c# program as a Ransomware !! so I guess it's just a coincidence that It detected a ransomware and yeah , it didn't block it up until the user clicked Block, and we still got our files encrypted , at least it should have suspended the process and stopped It's threads temporarily until the user decides what to do , like all other AVs , so that's a downside of Qihoo , I guess what happened is that this Ransomware had some shady behaviors beside Encrypting all your files that qihoo caught , some kind of registry modification . startup entry ...etc , and then qihoo was like hey , let's block this file as a Ransomware and as I said before you can't really create an anti-Ransomware Behavior blocker , I mean there are no any behaviors to block no 'potentially dangerous ' API's to hook , It's just a simple read/write operation , and if you're up to block them , well , basically you've just block the entire OS , [MEDIA=youtube]e3r-QLHcg44[/MEDIA] as you can see in this video , black easily bypassed kaspersky special Business anti- Ransomware arsenal , Just a simple Ransomware ,with little obfuscation to bypass the engine , Encrypts all the files , Displays that evil note on your desktop ,and It ended up to be some shiny commercial gleaming crab that basically does nothing , I mean you just can't do it it's impossible ,a Ransomware has no behavior to block , the only way to avoid it is to use some sort of file protection that protect certain files you value, or to isolate all non-digitally files like comodo does. you may check his channel he got all our darlings there , norton , kaspersky , comodo ... It's all microsoft fault , if you look at all other operating systems , eg , Android ,Mac , all of them blocks applications installation from any unknowing sources , (microsoft is up to this with their new 's mode " which i'm sure will basically be a crab ") [/QUOTE]
Insert quotes…
Verification
Post reply
Top