Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
VoodooShield
VoodooShield Review by PCMag India
Message
<blockquote data-quote="BVLon" data-source="post: 867793"><p>It should be based on something such as Norton File Insight, or Kaspersky Secure Network. </p><p>Microsoft already has their SmartSreen filter, so it should display information when was the file first seen, how many people have used it, who signed it and whether it was downloaded from a trustworthy website.</p><p>Even geographical data maybe. I will not launch invoice_for_your_blender.exe if I see that 100 users in China already launched the file... I mean how did my invoice end up there? Also, file released 30 days ago is more likely to be trusted. If it's malware, in 30 days my anti-malware solution will detect it. Trusted programs get modified much less frequently than malware and in general have much bigger user base. </p><p>This will put pressure on attackers. If they mutate the malware too frequently, users will not give it admin rights. But if they don't mutate it frequently, AVs will detect it.</p><p>Additional contextual intelligence can be added for double-extension files and files that spoof known Windows executables. Also, files such as invoice.exe, document.exe...</p><p>It should also prompt the users to "Delay execution till more is known". That would be the best approach. Now that Windows 10 Pro has a sandbox as well, they can add "Run in Sandbox" as an option for all non-MS-signed executables. They can add "Submit to Microsoft for analysis"... There are endless possibilities for improvement...</p><p></p><p>I agree that GateKeeper is just another failure. They require password, just in case you are now away from your Mac, haven't logged out and someone is trying to make changes at this time. There is similar feature in Linux as well...</p></blockquote><p></p>
[QUOTE="BVLon, post: 867793"] It should be based on something such as Norton File Insight, or Kaspersky Secure Network. Microsoft already has their SmartSreen filter, so it should display information when was the file first seen, how many people have used it, who signed it and whether it was downloaded from a trustworthy website. Even geographical data maybe. I will not launch invoice_for_your_blender.exe if I see that 100 users in China already launched the file... I mean how did my invoice end up there? Also, file released 30 days ago is more likely to be trusted. If it's malware, in 30 days my anti-malware solution will detect it. Trusted programs get modified much less frequently than malware and in general have much bigger user base. This will put pressure on attackers. If they mutate the malware too frequently, users will not give it admin rights. But if they don't mutate it frequently, AVs will detect it. Additional contextual intelligence can be added for double-extension files and files that spoof known Windows executables. Also, files such as invoice.exe, document.exe... It should also prompt the users to "Delay execution till more is known". That would be the best approach. Now that Windows 10 Pro has a sandbox as well, they can add "Run in Sandbox" as an option for all non-MS-signed executables. They can add "Submit to Microsoft for analysis"... There are endless possibilities for improvement... I agree that GateKeeper is just another failure. They require password, just in case you are now away from your Mac, haven't logged out and someone is trying to make changes at this time. There is similar feature in Linux as well... [/QUOTE]
Insert quotes…
Verification
Post reply
Top
