What To Do When All Malware Is Zero-Day
- Thread starter vemn
- Start date
- Feb 11, 2017
- 264
Ah. Ty boss. Just saw it's usage at malware sample section. Thanks!
to beginners: you are doomed...
to Advanced users: just use SRP apps...
There already is a ton of 0 day malware. It is simlpe, do what I do. For example: Anti-executable, HIPS, Anti-Exploit, Risk Reduction, A very good firewall, Behaviour blocking, and use the best signatures. For me I use VoodooShield as Anti-exe. Comodo and HMPA for HIPS, HMPA for Anti-exploit and risk reduction, Comodo for firewall, Emsisoft for Behaviour blocking, and the following signatures: Emsisoft, Zemana, Hitmanpro, Comodo. Signature protection is only good for low scale malware that bypasses firewalls, hips, etc. The only other thing protecting you from low scale is anti-exe.
It's just a rumor, but I hear that bat wings, mouse droppings, and cyanide in a honey potion is guaranteed to make any default-allow behavioral detection\file reputation\virtualization\Next-Gen Ai solutions work 100 % of the time against 100 % of true zero-days. In fact, it works 100 % against any IT security threat that ever was and ever will be for all time...
How does one catch a bat ? I'll have to talk to the Batman...
How does one catch a bat ? I'll have to talk to the Batman...
Last edited by a moderator:
- Jan 9, 2013
- 1,457
- Jul 22, 2014
- 2,525
What do you mean with SRP app?
Any one you would recommend? Thanks
Sofware Restriction Policy : Appguard , MS Applocker, etc...
basically an application that automatically block everything not whitelisted by the user, without generating a prompt.
Last edited by a moderator:
@Umbra means SRP does not generate an Allow\Block alert where you, the user, has to make a decision. SRP always blocks based upon policy. Using SRP you already made a decision - which is you want to block anything that is not allowed according to the policy. So you don't need to react to any alerts; it is blocked.
1. Clean install your OS
2. Install desired softs using known safe installers
3. Install SRP
4. Lock down system
5. Only change system with known safe installers\programs
This is not difficult.
In my experience, what people have a problem with is Step 1 - not because they don't know what to do, but instead due to an unwillingness to do it. I won't get into the specifics of the unwillingness part.
Last edited by a moderator:
- Nov 17, 2016
- 1,242
People can't even comprehend the most basic yet the most fundamental parts of virtually anything. I've already given up and accepted on their understanding though still complain about unnecessary hardships in life. This makes them easy pickings for fraud and is actually probably the only reason fraud works and is a viable strategy. Don't even have to meddle with free speech or abuse imperfect information, they'll just do it on their own.
I am talking about users here on the security forums - and not a complete novice. Most everybody here knows how to clean install their OS or can easily find out if they don't.
People that know how to do it, but don't want to clean install their OS is because of "stuff" that ranges from laziness to pirated Windows\softs and everything in-between.
Knowing how to clean install the OS is probably the most valuable IT skill any user can have, but it isn't taught. Instead security soft publishers are expected to create softs that "compensate" for users' lack of knowledge - and protect them from everything - the most prominent threat of which is themselves.
Those that are capable need to learn - and not be so completely helpless and dependent upon a software that tells them what to do. That extra effort required to be an informed, aware user pays big dividends.
Last edited by a moderator:
Similar threads
- Rob Lefferts
- Microsoft Defender
