- Apr 13, 2013
- 3,224
WinAntiRansom vs some Nasty Stuff
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Salutations/ Holidays Greetings!
Questions:
IMPORT NOTE BEFORE PROCEEDING- DONOT USE WINANTIRANSOM in non registered mode!!!! It will not protect you!!!!
Can you explain about this non registered mode? I just want to make sure that, I understand what you are saying completely?
Hoping that WinAntiRansom Plus will patch/plug this hole very soon. Will you forward, this ransom to Winpatrol support? So they can start working on patching/pluging this hole. Enjoyed you sharing this security video today, deeply appreicate! Looking forward to your next security video, I quess the security video will be on AV's startup protection.
WinAntiRansom Help & Information
Kind regards,
Questions:
IMPORT NOTE BEFORE PROCEEDING- DONOT USE WINANTIRANSOM in non registered mode!!!! It will not protect you!!!!
Can you explain about this non registered mode? I just want to make sure that, I understand what you are saying completely?
Hoping that WinAntiRansom Plus will patch/plug this hole very soon. Will you forward, this ransom to Winpatrol support? So they can start working on patching/pluging this hole. Enjoyed you sharing this security video today, deeply appreicate! Looking forward to your next security video, I quess the security video will be on AV's startup protection.
WinAntiRansom Help & Information
Kind regards,
Last edited:
- Dec 5, 2015
- 202
Thanks so much, @cruelsister ! Been eager to know if this was any good.. checking your video now!
EDIT: Great video, and surprisingly great performance from Winantiransom. I was let down by Winprivacy but glad to see Ruiware seems to be back on track!
Thanks again for the testing, I am too nervous to do it myself, hehe.
EDIT: Great video, and surprisingly great performance from Winantiransom. I was let down by Winprivacy but glad to see Ruiware seems to be back on track!
Thanks again for the testing, I am too nervous to do it myself, hehe.
Last edited:
- Mar 23, 2015
- 555
@cruelsister
Thank you for this review. I wonder whether we could specify multiple folders as Safezone.
By the way, I guess the non-registered mode of WinAntiRansom is just like the non-registered mode of WinPrivacy, right?
In the non-registered mode, WinPrivacy can only monitor the network traffic, but cannot block it.
So I guess, WinAntiRansom in non-registered mode can only remind the user that unknown process is touching the safezone, but cannot block the unknown process, right?
Thank you for this review.
I wonder whether we could specify multiple folders as Safezone.By the way, I guess the non-registered mode of WinAntiRansom is just like the non-registered mode of WinPrivacy, right?
In the non-registered mode, WinPrivacy can only monitor the network traffic, but cannot block it.
So I guess, WinAntiRansom in non-registered mode can only remind the user that unknown process is touching the safezone, but cannot block the unknown process, right?
- Apr 13, 2013
- 3,224
A few things:
1). Currently if the product is not in Registered (Paid) mode it won't work at all. In a conversation with Bret (the Developer), he intimated that things may change up in the future, but for now don't use it without getting a license.
2). When installed WAR will create both a service as well as the Tray application. RAM use varied from 14-24K for both with little CPU impact.
3). Although it seems that only one SafeZone folder can be created, the user can specify where they want to put it.
The one thing that I really appreciated was the protection afforded versus CryptoFortress. So many of these specific Antiransomware applications will make it seem like the user is fully protected when actually they only mean the Documents folders (It always struck me as being deceptive in the extreme). And the Fortress stopping ability wasn't due to any "dumb" detection, as my encryptor (which includes a similar mechanism) is as Zero Day as one can get yet it also was prevented from doing harm.
I did feel a bit guilty (and thus my choice of the backing song) about searching for something that would bypass WAR, but often a person must call a Spade a Spade.
1). Currently if the product is not in Registered (Paid) mode it won't work at all. In a conversation with Bret (the Developer), he intimated that things may change up in the future, but for now don't use it without getting a license.
2). When installed WAR will create both a service as well as the Tray application. RAM use varied from 14-24K for both with little CPU impact.
3). Although it seems that only one SafeZone folder can be created, the user can specify where they want to put it.
The one thing that I really appreciated was the protection afforded versus CryptoFortress. So many of these specific Antiransomware applications will make it seem like the user is fully protected when actually they only mean the Documents folders (It always struck me as being deceptive in the extreme). And the Fortress stopping ability wasn't due to any "dumb" detection, as my encryptor (which includes a similar mechanism) is as Zero Day as one can get yet it also was prevented from doing harm.
I did feel a bit guilty (and thus my choice of the backing song) about searching for something that would bypass WAR, but often a person must call a Spade a Spade.
Last edited:
- Sep 22, 2014
- 1,767
How is this compare to NVT Exe Radar, SecureAPlus or VoodooShield?
This is all free stuff, are WAR worth buying?
This is all free stuff, are WAR worth buying?
- Mar 15, 2011
- 13,070
@Av Gurus :
SecureAplus and Voodoshield contains multi engine based which is more than 5 so that should detect it as much as possible [considering response time] however both of them can configure through whitelist/blacklist concept.
Meanwhile NVT Exe Radar, is a thorough anti-exe so as an assumption with proper configuration hence it should block based on unknown/pre-configured tweaks.
SecureAplus and Voodoshield contains multi engine based which is more than 5 so that should detect it as much as possible [considering response time] however both of them can configure through whitelist/blacklist concept.
Meanwhile NVT Exe Radar, is a thorough anti-exe so as an assumption with proper configuration hence it should block based on unknown/pre-configured tweaks.
- Sep 22, 2014
- 1,767
So I can be safe with this free stuff the same as with this WAR?
I'm think of just as anti-exe program, forget about engines.
I'm think of just as anti-exe program, forget about engines.
- Jan 19, 2015
- 230
Thanks for the video @cruelsister
The one that managed to encrypt the files anyway, was it actually CTB-Locker as the background image suggests or was it some other family of encryptor? I guess it's safe to assume you contacted Bret and told him about the bypass so he can fix it?
The one that managed to encrypt the files anyway, was it actually CTB-Locker as the background image suggests or was it some other family of encryptor? I guess it's safe to assume you contacted Bret and told him about the bypass so he can fix it?
- Apr 13, 2013
- 3,224
Yes, it was a CTb locker variant and I sent it to B prior to posting the video. Taking care of it should be a breeze, but again I'm not the one doing the coding.
- Jul 22, 2014
- 2,525
Cruelsister,
Thank you for this interesting new video!
Users have different solutions to protect against ramsonware and scripts, it s getting difficult to keep an overview and to choose "the best", the one that offers the best protection.
Emsisoft 11 improved the ransomware as script detection/protection:could you test Emsi AM's ramson/script prevention/disinfection capabilities in one of your next videos?
Thank you
Thank you for this interesting new video!
Users have different solutions to protect against ramsonware and scripts, it s getting difficult to keep an overview and to choose "the best", the one that offers the best protection.
Emsisoft 11 improved the ransomware as script detection/protection:could you test Emsi AM's ramson/script prevention/disinfection capabilities in one of your next videos?
Thank you
- Apr 13, 2013
- 3,224
Tools like WAR and CryptoPrevent are really only needed by those who still rely on an AV as the primary method of defense. Although surely an excellent AV would have stopped all of the known ransomware files used in this test, it wouldn't have done so well against mine (which is unreleased). Thus the need for the best additional tool that could be found.
It is certainly a truism that any security setup could be hacked; but it is also true that some setups are a great deal easier than others to bypass. An Antivirus product which bases protection on malware samples collected and definitions generated against them is an antiquated technology which has been surpassed by virtualization. Even anti-exe's have evolved to a point where they are preferable.
Someone send me a message today asking if he would need WAR with his setup of AppGuard and Shadow Defender. The proper answer is a No; AppGuard will have the prime issue with malware using a liberated certificate and Shadow Defender is there if AG fails in that case. Anything else added would be extraneous.
But my answer would have been totally different if the prime protection was ESET (or some such).
So in short, if your prime defense is good enough (sandboxie, Comoodo, etc) WAR isn't needed. If you rely on an AV, it is.
It is certainly a truism that any security setup could be hacked; but it is also true that some setups are a great deal easier than others to bypass. An Antivirus product which bases protection on malware samples collected and definitions generated against them is an antiquated technology which has been surpassed by virtualization. Even anti-exe's have evolved to a point where they are preferable.
Someone send me a message today asking if he would need WAR with his setup of AppGuard and Shadow Defender. The proper answer is a No; AppGuard will have the prime issue with malware using a liberated certificate and Shadow Defender is there if AG fails in that case. Anything else added would be extraneous.
But my answer would have been totally different if the prime protection was ESET (or some such).
So in short, if your prime defense is good enough (sandboxie, Comoodo, etc) WAR isn't needed. If you rely on an AV, it is.
Best Method for Protecting Backup Drive from Malware
Hope that Sandboxie or Comodo does fall short! Maybe encryption of your Files/Folders.
Is needed? Like in the video below:
A Back-up Plan is needed for example.
If someone cut your electrial to alarm system. You better have a battery to make
sure that it will work! And additonal security to back it up! Like couple of dogs! Video's
of your house surrounndings. Ect....
I feel the same go for my PC's additional layers of security. But not going over
broad. With out any conflict's!
Hope that Sandboxie or Comodo does fall short! Maybe encryption of your Files/Folders.
Is needed? Like in the video below:
A Back-up Plan is needed for example.
If someone cut your electrial to alarm system. You better have a battery to make
sure that it will work! And additonal security to back it up! Like couple of dogs! Video's
of your house surrounndings. Ect....
I feel the same go for my PC's additional layers of security. But not going over
broad. With out any conflict's!
Last edited:
- Mar 15, 2011
- 13,070
In such specific case then why not, but if possible you can steer away on those ransomware thus to reduce a lot of security component.
- Apr 13, 2013
- 3,224
Tony- it really depends on your current setup. If you are using any sort of virtualization like SBIE or Comodo then WAR is unneeded. This sort of protection is only useful for those who depend on antiquated security methods like AV's.
M
M
- Apr 13, 2013
- 3,224
Tony- you just plop stuff in it and it will be (kinda) protected form manipulation by outside programs. It's not fully mature yet.
When I just went to their website I found this:
https://www.winpatrol.com/winantiransom/
Oh my...
When I just went to their website I found this:
https://www.winpatrol.com/winantiransom/
Oh my...
Similar threads
