Webroot Secure anywhere..vs Cryptolocker?

Status
Not open for further replies.

ttomm46

New Member
Thread author
Verified
Aug 16, 2013
24
Hi
Have WSA complete installed but since it doesn't
monitor email was wondering how it prevents Trojans like Cryptolocker that come in email attachments..?

I also own Bitdefender 2014 total, should I use it instead?
 

kjdemuth

Level 9
Verified
Jan 17, 2013
410
Would if I could. WSA doesn't play nice with sandboxie. Might have to ditch WSA for a little while if that's that case.
 

Moose

Level 22
Jun 14, 2011
2,271
Also, does not play well with BitDefender! And will Sandboxie work on Windows 8.1 Pro? Ram usage?
 

kjdemuth

Level 9
Verified
Jan 17, 2013
410
One of the reasons I have WSA installed is because I have family members that use it a lot. I like the web console and are able to keep an eye on their systems.
 

kjdemuth

Level 9
Verified
Jan 17, 2013
410
Might go back to sandboxie. Feel kind of naked without it. HMP alert is a pretty good browser protection. makes up for taking off WSA.
 

Littlebits

Retired Staff
May 3, 2011
3,893
Cryptolocker is only successful if you get fooled into manually downloading the infected executable file.

It doesn't not automatically download itself or automatically execute itself.

Watching what you download can be the best effective way to avoid it.

For users who don't pay attention and click on doggy downloads, Sandboxie might be the best method to block it if they understand how to use Sandboxie correctly.

Thanks. :D
 

SilverLee92

New Member
Nov 22, 2013
10
I agree what littlebits said, If you watch what you download and learn to use/read UAC without ignoring it you shouldn't have to worry about Cryptolocker regardless how much you "bulletproof" your system.

However, I have tried using samples of cryptolocker yet so I'm not sure how much protection you can get from either program but Sandboxie might be able to.
 

jelson

Level 2
Jun 14, 2011
54
ttomm46 said:
Hi
Have WSA complete installed but since it doesn't monitor email was wondering how it prevents Trojans like Cryptolocker that come in email attachments..?

I also own Bitdefender 2014 total, should I use it instead?

That's a really good question.

A good defense against Cryptolocker is to do some policy restriction; that's what CryptoPrevent does. (you have to be vigilant about manually updating with the free version: I'm using it myself.) Excellent article about Cryptlocker & CryptoPrevent here.

Top notch ==> CryptoLocker Ransomware Information Guide and FAQ from BleepingComputer. Even explains how to implement a Software Restriction Policy using the Local Security Policy Editor.

An excellent defense is AppGuard; threads on WildersSecurity Forums: ver.3 (rather in-depth and long thread) , ver.4 (just released)

Interestingly, the Hitman folks have come out with "HitmanPro.Alert, now with CryptoGuard" Right now, you can download the beta.

BUT.... you were asking about Webroot. I just got an email from Webroot today which addresses this issue and explains how Webroot SecureAnywhere uniquely protects its users from Cryptolockers on this page:

Webroot's Threat Brief on CryptoLocker

Can Webroot Protect Customers Against It?

Not only will Webroot will be able to stop CryptoLocker before it infects your machine and if it manages to get through, our technology will be able to rollback the damage done using advanced journaling, but we're also the ONLY company that can offer this kind of help. We will not be able to decrypt files hijacked by CryptoLocker on a system that was infected before Webroot was on the machine and the remediation will not be possible on a network drive that does not have Webroot SecureAnywhere installed on it.

P.S. The absolute best defense against ransomware (and other malware as well) is a good system imaging and data backup system.

It's the lack of a data backup system that ransomware preys upon. And of course, less than 1% of users (probably more like 0.1%) regularly back their data up off their machines.
 

kjdemuth

Level 9
Verified
Jan 17, 2013
410
I've been using WSA and I believe someone over at wilder had asked the same question. I know that it does detect it and it also protects against system change. With that being said I encrypt all my personal files with axcrypt anyway. Last I checked you can't over encrypt an encrypted file. All my pictures are backed up in BOX. I've ran into things like this before cryptolocker came around. It's always best to have you files back up and then you don't have to worry about it as much.
 

MalwareVirus

Level 1
Oct 6, 2012
770
The Best thing and tip i found on the MalwareTips by our senior members is Backup.Just do a regular and carefully scanned backup on your external Hard Drive or use cloud service four your important Data.Because no antivirus or tool gives you 100% assurity but backup can.
 

kjdemuth

Level 9
Verified
Jan 17, 2013
410
Thankfully I have a 50gb Box account that I got for free. Along with my 10GB Google account I'm pretty good for personal documents.
 

Littlebits

Retired Staff
May 3, 2011
3,893
Many members have gave very useful info concerning Cryptolocker.
This also applies to most other malware infections as well.

As Cryptolocker advances into many other variants, it will be much difficult for security product to be able to block it once it has started. You can add all types of security products to your system to increase the chances to block it but there is no guarantee they will be able to block all of the latest variants. Adding more security products will just cause too many issues and they most likely will still fail to protect you.

Do the following and you will be safe:

1. Never download or run suspicious files from unknown sources.
2. Always utilize UAC prompts, if you are not completely sure then "Deny".
3. Always keep a backup of your important files at least weekly backups- they are a ton of freeware products that will allow you to backup your files to external hard drive or cloud backup. Even Window own backup component or SkyDrive will be sufficient. Also keep complete images (snapshots) of your complete system.
4. If you know to use Sandboxie correctly, it can provide excellent protection without causing other problems, but if you don't then then don't bother until someone shows you the correct way to use it. It is very easy to recover a malicious file from the sandbox which still will infect your system.

Cryptolocker is distributed mostly from fake alert websites which get taken down and then come back as another website. Microsoft working with many other security software vendors has taken down many of these fake alert websites but as soon as one is taken down several more appear to take their place. It is a never ending battle which will probably go on for some time. It is impossible for browser extensions like WOT, McAfee Site Adviser, Google Safe Browsing, SmartScreen, AVG LinkScanner, etc. to detect them all.

Pay attention to what you download is the most effective to avoid this type of malware.

Thanks. :D
 

ttomm46

New Member
Thread author
Verified
Aug 16, 2013
24
what I haven't understood is the mediochre reviews but I understand that WSA blocks only Executibles that try and launch...PC Mag is the only one to give great reviews
Tom
 

Moose

Level 22
Jun 14, 2011
2,271
Hope this help! Read over!

https://community.webroot.com/t5/Webroot-Education/CryptoLocker-Malware-What-you-still-need-to-know/ta-p/69057#.Uo6Q4tKmhDY
 

nsm0220

Level 21
Verified
Sep 9, 2013
1,054
i bet if i test it on malware like it will most like be crunched by the malware and btw i will be testing webroot when i get the time and assured that the vm i install does not leak out
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top