Oh it seemed to good to be true. So if TM does not recognise it as suspicious , it does not block it.
Or it blocks everything except the whitelisted app?
I am going to look for a test.
Yeah I already do backups .
Which AV Company has best Ransomware protection and why?
- Thread starter Captain Awesome
- Start date
Or it blocks everything except the whitelisted app?
I am going to look for a test.
Yeah I already do backups .
- Aug 16, 2016
- 126
its
backup files encrypted or modified by suspicious programs:
its in the product settings:
backup files encrypted or modified by suspicious programs:
- Oct 17, 2016
- 95
Why Avast?
- Consistently rated “excellent” by industry experts
- Trusted by 400 million people worldwide
- It’s the "Antivirus with the lowest impact on PC performance” (AV comparatives)
- Best features - unbreakable password security, home network protection, browser cleaning and much more
- All for FREE
- This was taken from their website xD #toolazy
Has anyone actually tested every single one of the security softs in the list against various types of ransomware ?
If no, then it is all conjecture, speculation and wishful thinking.
The best anyone can do in that case is to locate some AV lab reports of tests for strictly antivirus against ransomware; I looked and I didn't find any - but I didn't look very hard.
Online videos might be a good source of infos - but you have to know how the softs work in the first place so you can identify any video tester mistakes.
* * * * *
Knowing how Emsisoft tests their behavior blocker I would choose EAM\EIS.
If no, then it is all conjecture, speculation and wishful thinking.
The best anyone can do in that case is to locate some AV lab reports of tests for strictly antivirus against ransomware; I looked and I didn't find any - but I didn't look very hard.
Online videos might be a good source of infos - but you have to know how the softs work in the first place so you can identify any video tester mistakes.
* * * * *
Knowing how Emsisoft tests their behavior blocker I would choose EAM\EIS.
In Kaspersky too, you can protect folders, etc...
- Oct 23, 2012
- 12,527
Without quoting the entire post,which mind you is an excellent reply to the OP's question,I quoted the part I thought made the most important statement based on the question at hand.
Hence why in security configs we are always harping about Smartscreen.
I use Kaspersky so for the poll that was my vote
- May 11, 2013
- 1,687
On top of this incredible well put reasoning and explanation i would like to add that while most AV programs use smart technologies that automate the program for a very large part, people them-self often negate the security layers by running admin accounts or open programs, files and other crap before their AV can effectively react, since for example cloud based reputation takes in some cases a bit of time before a file is considered safe, suspicious or outright malware and most people do not like to wait so they often have opened (activated) a file multiple times already (knowingly or unknowingly) specially if its hidden in legit looking programs or other files.
In many infection cases it turns out that a AV program did adequately report a issue but because a computer user did get that particular file from a friend or family they then overwrite the suggested action given by their AV program because they consider the file safe.
After-all your best friend or your dad & mom) would not purposefully infect you right?
In today's world Malware does have the ability to utterly render a AV program (And most similar protection apps) completely useless before the actual infection itself. Since Malware today in some cases has far reaching techniques to counter detection by popular AV brands and tools and these techniques come into play before the AV program ever did have a real chance of detecting the file itself.
I wrote a longtime ago a guide (Your mouse click matters) and explained exactly what and how far users themselves are directly responsible for their AV Program doing a bad job protecting them, and how much of a danger your mouse-click can be specially in the hands of mister numnuts and lets face it there are ALOT of such self proclaimed computer geniuses out here that do every day just that.. clicking away the whole day without ever thinking do i really want to click this link and download a file that i did not even request.
Ill bet that if you put a link on a website: Click here to blow up your house by a specially delivered fresh out of ISIS territory home made bomb then people will click on it. Now with that in mind and the way how malware can infect you as so nicely explained by @LabZero then it does not take a genius to understand that voting in this topic just makes another A vs B topic but for the sake of the topic i like to reply to the question which AV program has the best Ransomware protection? One needs to realize first that they are all VB100, AV-Comparatives, AV-Test, ISCA Labs and so on certified which means that ALL of them tested positive in stopping the current malware.
Which leaves "unknown" files as the real danger. And as i said most programs are very much automated in their responses and while some are pretty good non of them are perfect. So combine that with all the factors described in this topic en all of them have down the line on paper the same protection level. So then we are narrowing it down to the programs that have additional protection which actually confirms if a certain user action was a good action then the list goes VERY small to:
1: Kaspersky
2: Norton
3: ESET
4: Sophos (Not on the list)
And a runner up AVAST.
Kind Regards,
Nico
@LabZero i know some malicious sw recognise virtualisation , but if you download a pdf that actually it is not , and you open it , maybe it does not start to encrypt but you recognise it is not a real pdf. Or not ? Thank you
Honestly I cannot stress enough how much I agree with this statement, the amount of people I see who disable UAC because they don't believe it "works properly" or because they find it "annoying", or just ignore SmartScreen warnings, is simply unbelievable! Then they complain about how Windows security isn't good enough because they ended up becoming infected due to them not using the features properly and keeping their eyes open!
If you keep trying to run the same program it won't just allow it to bypass the AV scanning mechanisms. Any good and decent AV product will make sure the program is scanned properly before allowing it to execute code properly... Usually the processes are put into a suspended state at execution and after scanning if the results show good signs then it is resumed, and some other times it's made differently so the programs will automatically be denied execution (in the background) and then after scanning if the results are good it'll re-start the program without the auto-deny (because then it'd end up in a loop of course).
The cloud based reputation scanning shouldn't occur after the program has started running and is allowed to execute it's own code. It'll happen beforehand. After the Windows Loader starts the load the program into memory, it will pass through a bunch of functions which can trigger any callbacks/any hooked functions relating to the process start-up, allowing the AV product to intercept and suspend/auto-block and then scan and depending on the results it can resume/re-start the program or just terminate/quarantine if it was resumed temporarily at first for scanning purposes.
If attempting to open up programs multiple times automatically bypassed the AV scanning mechanisms like you say then it would be seriously flawed. Which is why that doesn't happen.
If I misunderstood what you said then I apologise, correct me if I did misunderstand what you were trying to say...
Kaspersky - Its Application Control, System Watcher And KSN are effective features. Kaspersky is one of the few suites whose all the protection modules are effective. Its default settings are well balanced & has low FPs. Good suite for average users...just enable "other threats" for PUP detection.
Note - Kaspersky Antivirus dont have "Application Control". AC is only in higher versions KIS, KTS, etc...
Avast - Hardened Mode Aggressive - Its a kinda lite anti-executable And does works good. In real world scenario, it works good & effective protection with low FPs And suitable for average users. It has a free version with same core protection as its paid version.
Note - Kaspersky Antivirus dont have "Application Control". AC is only in higher versions KIS, KTS, etc...
Avast - Hardened Mode Aggressive - Its a kinda lite anti-executable And does works good. In real world scenario, it works good & effective protection with low FPs And suitable for average users. It has a free version with same core protection as its paid version.
- May 11, 2013
- 1,687
You did understood me correctly m8 and your reply is sound, but here is a little text written in 2013 on the askleo site:
The harsh reality
All malware is not created equal, which is why there are so many different terms to describe the variations. Some exist merely to propagate. Others exist to do damage. Some exist to silently send spam. Still others start to blur the line between virus and spyware as they install monitoring or additional vulnerabilities on your system. Some travel by email. Others travel by downloaded applications. As we just saw, others can travel from unprotected computer to unprotected computer directly through the internet.
No anti-malware tool can protect you from yourself. For example, if you open an email attachment that you don’t recognize and run it, you may install a virus before your anti-virus software has a chance to act. When downloading a file, if you choose to ignore a warning that your anti-virus package or firewall displays, you’re telling the software that you know better than it does what is or is not safe.
If you choose to connect without a firewall or choose not to use automatic updating tools to keep your system as up-to-date as possible … it’s on you to know what you’re doing.
Let’s hope you do.
I hope this explains.
Cheers
- Apr 24, 2016
- 6,590
After seeing the 2 latest test of @cruelsister my vote goes to Qihoo 360 Total Security
Qihoo is ok...you will get same alerts for safe programs And this is a headache for average users. Users who understand alerts, there are better free products out there.
- Aug 31, 2016
- 578
I have to choose none of them.
I use Hit man Pro.Alert and Voodooshield together with Smartscreen as IMHO no single AV vendor has anything as effective as a multi-vendor, multi-layer defense against Ransomware. Default-deny rules
PS. I know it's not 100% guaranteed but I'm sure it's not that far off.
I use Hit man Pro.Alert and Voodooshield together with Smartscreen as IMHO no single AV vendor has anything as effective as a multi-vendor, multi-layer defense against Ransomware. Default-deny rules
PS. I know it's not 100% guaranteed but I'm sure it's not that far off.
- Mar 15, 2011
- 13,070
Well let's put on a right comparison, which AV gathers the fastest response.
Since there are so many AV's bypass those zero day including those fresh ransomware samples.We should admit that Kaspersky, Avast, ESET and few others manage to come up the quick detections.
Since there are so many AV's bypass those zero day including those fresh ransomware samples.We should admit that Kaspersky, Avast, ESET and few others manage to come up the quick detections.
Usually there are two situations.
1) Malicious code is inserted in the PDF document, such as a shell script, or a simple Javascript code, the purpose of which is to download and execute malware hosted on a remote server.
Through an exploit, the PDF reader is running a legitimate request to a resource that does not actually exist, and in which, in its place, the malicious code is executed.
Frequent are the flaws of Adobe Reader and in this case it is necessary to disable Javascript.
If you open a PDF document with the infected file, you actually see the contents of the PDF file, but at the same time you run the malicious code.
2) The malware has the icon of a PDF document, but the actual extension is .exe then it is a fake PDF.
Windows by default does not show file extensions, so in our case, a user may just see:
(document.pdf) ...
instead of
(document.pdf).exe if we enable the visualisation of file extensions (as it should be).
In this case, obviously the file is not .PDF but a executable and if you run the malware, it infects the system.
I know , I enabled the full visualisation of the types of files
But maybe it is written with some grammatical errors ( or something like that ) like the fake bill emails used to send it
You're referring to the first case as above, the PDF document may contain grammatical errors or not, at this point it is irrelevant because you realize this, just after you open the PDF by running also the malcode inside it, that is the goal.
Usually the file is relative to the content of the mail, so if it says: "here is your invoice", it is likely that the document is an invoice (obviously false) because the purpose of the malcoder is to stay hidden by avoiding suspicions as possible.
The .js code dropper, or other scripts, injected in the PDF, usually are few code lines that are not easily detected by AVs.
Since, as mentioned above, this .js code usually exploits vulnerabilities in Adobe Reader so I suggest other PDF readers, like Sumatra PDF, Foxit, etc.always updated.
Similar threads
