Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
WMI Attacks
Message
<blockquote data-quote="509322" data-source="post: 760528"><p>WMI is abused. It isn't the only actor in a "WMI attack." There isn't "WMI-only" malware, at least not that I am aware of.</p><p></p><p>WMI should not be disabled. However, all the stuff that calls it in an attack should be disabled and\or not used outright.</p><p></p><p>The answer is the same as the basic answer to all the other attacks out there ad infinitum... and that is to disable the commonly abused Windows processes (PowerShell, PowerShell_ISE, PowerShell .dll loading, wscript, cscript, etc, etc) and only allow stuff temporarily when you need it, don't use macros, use something other than Microsoft Office programs, etc.</p><p></p><p>It's the same thing. Over-and-over. It's a formula that works. Testing has proven it across decades over-and-over. It's a formula that will never go out of style because it will always work. Sort of like $500 wing-tip shoes. Understated. Reliable. Always work.</p><p></p><p>If you want convenience and usability, then you will have to sacrifice some security. You are not going to get the protections you want without some work and sacrifice. You cannot install a program and say to yourself "OK... now I'm protected." No matter how much they want you to believe that, it just ain't true... at least not in the sense that "I'm protected" means to you in your mind. What they mean is that figuratively... "You are decently protected - and not perfectly - with our soft installed." If you want very high protection, meaning security soft geek protection, then everyone who knows better knows that involves some form of default-deny where the user has had to make tweakings and configurations, reduced attack surface, and has accepted accepted some level of, what others incorrectly perceive and rate as, "unacceptable" inconvenience or annoyances.</p></blockquote><p></p>
[QUOTE="509322, post: 760528"] WMI is abused. It isn't the only actor in a "WMI attack." There isn't "WMI-only" malware, at least not that I am aware of. WMI should not be disabled. However, all the stuff that calls it in an attack should be disabled and\or not used outright. The answer is the same as the basic answer to all the other attacks out there ad infinitum... and that is to disable the commonly abused Windows processes (PowerShell, PowerShell_ISE, PowerShell .dll loading, wscript, cscript, etc, etc) and only allow stuff temporarily when you need it, don't use macros, use something other than Microsoft Office programs, etc. It's the same thing. Over-and-over. It's a formula that works. Testing has proven it across decades over-and-over. It's a formula that will never go out of style because it will always work. Sort of like $500 wing-tip shoes. Understated. Reliable. Always work. If you want convenience and usability, then you will have to sacrifice some security. You are not going to get the protections you want without some work and sacrifice. You cannot install a program and say to yourself "OK... now I'm protected." No matter how much they want you to believe that, it just ain't true... at least not in the sense that "I'm protected" means to you in your mind. What they mean is that figuratively... "You are decently protected - and not perfectly - with our soft installed." If you want very high protection, meaning security soft geek protection, then everyone who knows better knows that involves some form of default-deny where the user has had to make tweakings and configurations, reduced attack surface, and has accepted accepted some level of, what others incorrectly perceive and rate as, "unacceptable" inconvenience or annoyances. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
