App Review WinAntiRansom vs some Nasty Stuff

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

Moose

Level 22
Jun 14, 2011
2,271
Salutations/ Holidays Greetings!:)


Questions::confused:


IMPORT NOTE BEFORE PROCEEDING- DONOT USE WINANTIRANSOM in non registered mode!!!! It will not protect you!!!!

Can you explain about this non registered mode? I just want to make sure that, I understand what you are saying completely?

Hoping that WinAntiRansom Plus will patch/plug this hole very soon. Will you forward, this ransom to Winpatrol support? So they can start working on patching/pluging this hole. Enjoyed you sharing this security video today, deeply appreicate! Looking forward to your next security video, I quess the security video will be on AV's startup protection.

WinAntiRansom Help & Information

Kind regards,;)
 
Last edited:

Hangtooth

Level 5
Verified
Dec 5, 2015
202
Thanks so much, @cruelsister ! Been eager to know if this was any good.. checking your video now!

EDIT: Great video, and surprisingly great performance from Winantiransom. I was let down by Winprivacy but glad to see Ruiware seems to be back on track!

Thanks again for the testing, I am too nervous to do it myself, hehe.
 
Last edited:
  • Like
Reactions: Moose

Online_Sword

Level 12
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
@cruelsister

Thank you for this review.:) I wonder whether we could specify multiple folders as Safezone.

By the way, I guess the non-registered mode of WinAntiRansom is just like the non-registered mode of WinPrivacy, right?

In the non-registered mode, WinPrivacy can only monitor the network traffic, but cannot block it.

So I guess, WinAntiRansom in non-registered mode can only remind the user that unknown process is touching the safezone, but cannot block the unknown process, right?
 
  • Like
Reactions: Hangtooth

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
A few things:

1). Currently if the product is not in Registered (Paid) mode it won't work at all. In a conversation with Bret (the Developer), he intimated that things may change up in the future, but for now don't use it without getting a license.
2). When installed WAR will create both a service as well as the Tray application. RAM use varied from 14-24K for both with little CPU impact.
3). Although it seems that only one SafeZone folder can be created, the user can specify where they want to put it.

The one thing that I really appreciated was the protection afforded versus CryptoFortress. So many of these specific Antiransomware applications will make it seem like the user is fully protected when actually they only mean the Documents folders (It always struck me as being deceptive in the extreme). And the Fortress stopping ability wasn't due to any "dumb" detection, as my encryptor (which includes a similar mechanism) is as Zero Day as one can get yet it also was prevented from doing harm.

I did feel a bit guilty (and thus my choice of the backing song) about searching for something that would bypass WAR, but often a person must call a Spade a Spade.
 
Last edited:

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
@Av Gurus :

SecureAplus and Voodoshield contains multi engine based which is more than 5 so that should detect it as much as possible [considering response time] however both of them can configure through whitelist/blacklist concept.

Meanwhile NVT Exe Radar, is a thorough anti-exe so as an assumption with proper configuration hence it should block based on unknown/pre-configured tweaks.
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
So I can be safe with this free stuff the same as with this WAR?
I'm think of just as anti-exe program, forget about engines.
 
  • Like
Reactions: Moose and Hangtooth

Shran

Level 5
Verified
Well-known
Jan 19, 2015
230
Thanks for the video @cruelsister :D

The one that managed to encrypt the files anyway, was it actually CTB-Locker as the background image suggests or was it some other family of encryptor? I guess it's safe to assume you contacted Bret and told him about the bypass so he can fix it?
 

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Cruelsister,

Thank you for this interesting new video!

Users have different solutions to protect against ramsonware and scripts, it s getting difficult to keep an overview and to choose "the best", the one that offers the best protection.
Emsisoft 11 improved the ransomware as script detection/protection:could you test Emsi AM's ramson/script prevention/disinfection capabilities in one of your next videos? :)
Thank you;)
 

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Tools like WAR and CryptoPrevent are really only needed by those who still rely on an AV as the primary method of defense. Although surely an excellent AV would have stopped all of the known ransomware files used in this test, it wouldn't have done so well against mine (which is unreleased). Thus the need for the best additional tool that could be found.

It is certainly a truism that any security setup could be hacked; but it is also true that some setups are a great deal easier than others to bypass. An Antivirus product which bases protection on malware samples collected and definitions generated against them is an antiquated technology which has been surpassed by virtualization. Even anti-exe's have evolved to a point where they are preferable.

Someone send me a message today asking if he would need WAR with his setup of AppGuard and Shadow Defender. The proper answer is a No; AppGuard will have the prime issue with malware using a liberated certificate and Shadow Defender is there if AG fails in that case. Anything else added would be extraneous.
But my answer would have been totally different if the prime protection was ESET (or some such).

So in short, if your prime defense is good enough (sandboxie, Comoodo, etc) WAR isn't needed. If you rely on an AV, it is.
 

Moose

Level 22
Jun 14, 2011
2,271
Best Method for Protecting Backup Drive from Malware

Hope that Sandboxie or Comodo does fall short! Maybe encryption of your Files/Folders.
Is needed? Like in the video below:

A Back-up Plan is needed for example.

If someone cut your electrial to alarm system. You better have a battery to make
sure that it will work! And additonal security to back it up! Like couple of dogs! Video's
of your house surrounndings. Ect....
I feel the same go for my PC's additional layers of security. But not going over
broad
. With out any conflict's!

 
Last edited:
  • Like
Reactions: Hangtooth

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Tony- it really depends on your current setup. If you are using any sort of virtualization like SBIE or Comodo then WAR is unneeded. This sort of protection is only useful for those who depend on antiquated security methods like AV's.

M
 
  • Like
Reactions: Moose and Tony Cole

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top