Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Operating Systems
Windows 11
Worth Upgrading to Win 11 Pro for Security Reasons?
Message
<blockquote data-quote="Victor M" data-source="post: 1076721" data-attributes="member: 96560"><p>Hackers, are by definition, the worst threat there is. It's the intelligent human element that separates this threat from like say malware. They can Get Around your protections when you put up a particular piece of security control. They can adapt.</p><p></p><p>Your BitDefender Total, sad to inform you, is a toy in their eyes. I have tested it with our red team, and they treated it as if nothing is there. Those AV-Comparative tests that many rely on, are only good for that day that they tested. It DID stop a set of hacking attacks, and you can extrapolate based on a few past tests that that vendor has what it takes. But know that hackers learned about the test the very next day and they adapted.</p><p></p><p>The current security control that we use currently is Xcitium OpenEDR. It virtualizes any new exe ( be it malware or hacking tool) and it shouldn't be able to touch the OS. It is better than BitDfender. But our red team is working on it. And I expect they will succeed in bypassing it in the coming months. But until they do, I can still recommend it with an honest face. It costs $8/month/PC postpaid. It has a cloud control panel where you can view and respond to the Alerts it generates. You can thus Monitor you whole network's PCs centrally. There is a PC component which handles all the auto-containment stuff, malware detection stuff, script analysis stuff.</p><p></p><p>The takeaway summary I can offer is this. Monitor those Alerts every day, you won't know what hit you if you are not there to pay attention. Monitoring threats is the current best practice in dealing with hackers. If you need to replace Xcitium, choose a Flexible security control with lots of knobs with customization rules capability. If a security control has some form of rules, then its a good sign. Xcitium has auto-containment rules that lets you specify what files to virtualize, and that virtualization method can be adjusted. It has HIDS rules. ( Host Intrusion Prevention ) You can specify that a particular Windows native exe has to be blocked (like Powershell, hackers love Powershell) until you turn off that block rule temporarily to use it. It can block access to named registry keys, and it offers pre-made groups of keys already set up. And you can add in your own. In short, it's a good flexible tool. And I have used it to deal with our red team hacking attacks.</p><p></p><p>But technical solutions all have a limited life time. And you have to learn to expect that.</p><p></p><p>You have also to complement technical solutions with administrative solutions. ( manual procedures that you follow to a T ) For example, you never plug in someone else's USB; you Always check a downloaded program installer's Properties > Signatures for the correct signature and company name; you Must prepare a golden image drive image backup of your Still-Offline Already-Configured Windows every time configuration changes; you Must do regular backups. These manual procedural things Must be followed unwaveringly.</p><p></p><p>And lastly there are physical security controls like locked office doors, burglar alarms, and so forth.</p><p></p><p>Good security comprises of all 3. You have to do them all as a set or else the entire thing is flawed. Our company, of course, has more items on our to-do list, but they belong to these same 3 categories.This is the home techie version.</p><p></p><p>If Xcitium is too expensive for your budget, their consumer line is called Comodo Internet Security $30. It has most of the same knobs and switches minus the cloud. Have fun playing the hackers game.</p></blockquote><p></p>
[QUOTE="Victor M, post: 1076721, member: 96560"] Hackers, are by definition, the worst threat there is. It's the intelligent human element that separates this threat from like say malware. They can Get Around your protections when you put up a particular piece of security control. They can adapt. Your BitDefender Total, sad to inform you, is a toy in their eyes. I have tested it with our red team, and they treated it as if nothing is there. Those AV-Comparative tests that many rely on, are only good for that day that they tested. It DID stop a set of hacking attacks, and you can extrapolate based on a few past tests that that vendor has what it takes. But know that hackers learned about the test the very next day and they adapted. The current security control that we use currently is Xcitium OpenEDR. It virtualizes any new exe ( be it malware or hacking tool) and it shouldn't be able to touch the OS. It is better than BitDfender. But our red team is working on it. And I expect they will succeed in bypassing it in the coming months. But until they do, I can still recommend it with an honest face. It costs $8/month/PC postpaid. It has a cloud control panel where you can view and respond to the Alerts it generates. You can thus Monitor you whole network's PCs centrally. There is a PC component which handles all the auto-containment stuff, malware detection stuff, script analysis stuff. The takeaway summary I can offer is this. Monitor those Alerts every day, you won't know what hit you if you are not there to pay attention. Monitoring threats is the current best practice in dealing with hackers. If you need to replace Xcitium, choose a Flexible security control with lots of knobs with customization rules capability. If a security control has some form of rules, then its a good sign. Xcitium has auto-containment rules that lets you specify what files to virtualize, and that virtualization method can be adjusted. It has HIDS rules. ( Host Intrusion Prevention ) You can specify that a particular Windows native exe has to be blocked (like Powershell, hackers love Powershell) until you turn off that block rule temporarily to use it. It can block access to named registry keys, and it offers pre-made groups of keys already set up. And you can add in your own. In short, it's a good flexible tool. And I have used it to deal with our red team hacking attacks. But technical solutions all have a limited life time. And you have to learn to expect that. You have also to complement technical solutions with administrative solutions. ( manual procedures that you follow to a T ) For example, you never plug in someone else's USB; you Always check a downloaded program installer's Properties > Signatures for the correct signature and company name; you Must prepare a golden image drive image backup of your Still-Offline Already-Configured Windows every time configuration changes; you Must do regular backups. These manual procedural things Must be followed unwaveringly. And lastly there are physical security controls like locked office doors, burglar alarms, and so forth. Good security comprises of all 3. You have to do them all as a set or else the entire thing is flawed. Our company, of course, has more items on our to-do list, but they belong to these same 3 categories.This is the home techie version. If Xcitium is too expensive for your budget, their consumer line is called Comodo Internet Security $30. It has most of the same knobs and switches minus the cloud. Have fun playing the hackers game. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
