Zero Trust (Solution Vote)

Preference of Zero Trust solution


  • Total voters
    92

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
I don’t want to get involved in this. But please don’t do this.

Regardless of the reasons or situation, I don’t want anyone to be negatively affected.
Fair enough... how about he redact all last names and address before posting?

BTW, I am guessing that JT is trying to bait me into accidentally releasing his last name so he can say that I doxxed him, so he can sue me, since all of his other attempts have failed.
 
  • Like
Reactions: Nevi and kC77

wasi00

Level 1
Dec 18, 2022
24
"we do not give out free licenses"... hehehe, thank you for confirming you are indeed Jeff T.

I would be MORE than happy to post the ridiculous letter that your attorney, who did not do his due diligence, because otherwise he would have discovered that you are the one who has been stalking me for several years, not the other way around.

Let me check with my legal team and MT staff, and if they approve, I will be more than happy to post the letter from your attorney, so everyone can see just how ridiculous it truly is. As you are aware, I have literally several hundreds of pieces of evidence of you stalking me, as the entire MT user base is aware.

When I post the letter, I assume I need to post it in its entirety, which includes your full name. Do I have your permission to post the letter with your full name? Thank you!
So finally you caught your JT red handed i guess.
Fair enough... how about he redact all last names and address before posting?

BTW, I am guessing that JT is trying to bait me into accidentally releasing his last name so he can say that I doxxed him, so he can sue me, since all of his other attempts have failed.
Wel you can post his first name jeFF but cannot say his last name coz he can sue u on it.. well congratulations to you for living in such first world country.. laws are tight i guess.
 
  • Like
Reactions: danb

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
868
What the hell.... This is a security forum not a high school drama (n). If you're going to bring the drama, at least make the trolling amusing 🥶.

Both of you need to sit down and have a stiff drink 🍷 and make peace ☮️, all this crap on a public forum is no good for everyone!!!
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
So finally you caught your JT red handed i guess.

Wel you can post his first name jeFF but cannot say his last name coz he can sue u on it.. well congratulations to you for living in such first world country.. laws are tight i guess.
He has been caught red handed several times, with absolute and irrefutable proof. He has been trying to bait me for 5 years so I would slip and say one thing untrue. Thankfully I have been very careful. He has not been careful.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
What the hell.... This is a security forum not a high school drama (n). If you're going to bring the drama, at least make the trolling amusing 🥶.

Both of you need to sit down and have a stiff drink 🍷 and make peace ☮️, all this crap on a public forum is no good for everyone!!!
You think 3 days of this nonsense is bad, try doing it for 5+ years ;). I have tried to end the conversation and wish him well, then blocked him, then he just opens another account or two ;). Thankfully it is cold outside and I have time to defend VS from his lies and misinformation.
 

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
868
You think 3 days of this nonsense is bad, try doing it for 5+ years ;). I have tried to end the conversation and wish him well, then blocked him, then he just opens another account or two ;). Thankfully it is cold outside and I have time to defend VS from his lies and misinformation.
You just feeding the troll then 🐓. You should know by now what they hate and can't stand is being ignored. You keep engaging with him, so he continues ⚡.

Psychology 101 ⚖️
 

wasi00

Level 1
Dec 18, 2022
24
Either all who are blaming @danb show some proof of his wrong doing if any or they should keep quiet and don`t just accuse him for nothing..
VS got is very popular u got some enemies along the way..
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,779
Either all who are blaming @danb show some proof of his wrong doing if any or they should keep quiet and don`t just accuse him for nothing..
VS got is very popular u got some enemies along the way..
?? by "liking" @Zero Knowledge comment re feeding the troll, I am not saying @danb did anything wrong, but I also think he was feeding the troll. How does MT community prevent this trolling??
 
  • Like
Reactions: Nevi and vtqhtr413

tipo

Level 8
Well-known
Jul 26, 2012
353
I voted for @danb 's voodoo shield. I used the free version on the work PC untill the company provided me another laptop with built in deny everything policy and windows defender as the default security software, and I really don't know a software better than this. It just simply works.
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,779
Nope, not my cup of tea, back to VS.
on my rig I haven't figured out what is unlikeable about AG v6.7 (other than the Activity Log is "scary" or "daunting" but mostly ignorable), no slowdown. At moment I guess I'm in modified paranoid node running both AG & VS. What I read from wilders they work differently, and you can run them together, so far that advice is holding true here. I guess I like them both, not sure why this is a black or white thing for some folks. fwiw I like H_C too. :alien:
 

Digmor Crusher

Level 25
Verified
Top Poster
Well-known
Jan 27, 2018
1,430
My activity log had around 120 blocks in 2 hours, I would prefer a program that doesn't constantly block processes, especially if they are harmless. And a program that I actually know what it is doing.o_O
In any case I don't see a need to run both AG and VS so I chose VS.
 

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
542
VS is true Zero-Trust when it is in Always On Mode, and it is true Zero-Trust when it needs to be when it is in Smart Mode. VS is highly flexible and the user can choose which mode fits their needs best.
Zero trust is based on rule that everything should act with the less privileges as possible so it means not every behavior of process should be allowed. VS doesn't assure this because as anti-exe doesn't' control another actions of process except lunching it. VS in lock-system mode "freezes" system with all unneeded and dangerous actions/behaviors of allowed processes so actually makes system open to malware that could exploit in some way "trusted" apps.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Zero trust is based on rule that everything should act with the less privileges as possible so it means not every behavior of process should be allowed. VS doesn't assure this because as anti-exe doesn't' control another actions of process except lunching it. VS in lock-system mode "freezes" system with all unneeded and dangerous actions/behaviors of allowed processes so actually makes system open to malware that could exploit in some way "trusted" apps.
You are confusing Privileged Access Management with Zero-Trust

Privileged access management
"Privileged access management (PAM) consists of the cybersecurity strategies and technologies for exerting control over the elevated (“privileged”) access and permissions for users, accounts, processes, and systems across an IT environment."


Zero-Trust

"The zero trust security model, also known as zero trust architecture (ZTA), zero trust network architecture or zero trust network access (ZTNA), and sometimes known as perimeterless security, describes an approach to the design and implementation of IT systems. The main concept behind the zero trust security model is "never trust, always verify,” which means that devices should not be trusted by default, even if they are connected to a permissioned network such as a corporate LAN and even if they were previously verified."

VS evaluates the entire attach chain / process execution flow, so it is not "open to malware that could exploit in some way "trusted" apps.", as you described. All without 60 unnecessary unwanted blocks per hour.

UAC follows the Privileged Access Management model, which is why it is not nearly as robust or user-friendly as VS. I do not need to be reminded each time that I want to personally launch an elevated command prompt (and that is just one of MANY examples) ;).
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,779
My activity log had around 120 blocks in 2 hours, I would prefer a program that doesn't constantly block processes, especially if they are harmless. And a program that I actually know what it is doing.o_O
In any case I don't see a need to run both AG and VS so I chose VS.
I do see one thing running both (I don't need to run both, I just am, humor me). I see no conflicts, but I do see increased "suspicious events" in AG Activity Log since re-installing VS but none directly related to VS. AG reports a lot, but if you don't look at the log, and don't notice any effect or side-effect on your computer, AG would argue, I think, that the apps that are doing these "suspicious events" should not really be doing them, so it blocks them. I don't know! Could be "no harm no foul." AG seems to have fallen out of favor when it went more Enterprise? But Blue Ridge Network is offering AGSolo at a more consumer price. I echoed your concern about blocks in AG log for the first few days running AG, but after a week or so and more reading (mostly at wilders), I feel ok about it. I even feel safer, but perhaps an illusion...?? And agree as somewhat informed we do want to know what an app is doing, but I am feeling AG is giving me that feedback in its logs. VS has logs too. I just reset my VS whitelist to better see what VS is allowing and blocking. Dan suggested to reset VS whitelist every so often.
 
  • Like
Reactions: vtqhtr413

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
I forgot to mention… behavior blockers are actually allow-by-default by design. The reason we know this is because they work by allowing everything, except certain suspicious behaviors (they block specific behaviors). They obviously cannot block, and do not want to block every single behavior, which is further proof they are allow-by-default by design, and simply bear no resemblance to the zero-trust model. So behavior blockers must determine what to block and what not to block. That is great when they are correct, but not so great when they are not correct.

BTW, a global block of cmd, for example, is not a behavior block. This is a global block, and there is a huge difference. In a global block, behaviors are not evaluated in determining if cmd should be blocked, it is just simply blocked.

Most modern AV products include a behavior blocker component that the company has focused on and refined over the years, and it would be difficult or impossible to build a behavior blocker that is even close to the efficacy or usability of the AV products that already offer a behavior blocker, especially when behavior blocking is their company’s specialty.

For these reasons, I strongly believe behavior blocking is best implemented into an allow-by-default product like a traditional or next-gen AV. Some of this is opinion and some of this is fact, you can decide what is what 😉.
 

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
542
You are confusing Privileged Access Management with Zero-Trust
No...I'm not wrong. The matter of privileges is core subject of Zero Trust conception. Here's from Citrix article
The core logic of a zero trust security is essentially “never trust, always verify.” In a world of complex cybersecurity threats and hybrid workforces equipped with numerous applications and devices, zero trust aims to provide comprehensive protection by never assuming an access request comes from a trustworthy source—even if it originates from within the corporate firewall. Everything is treated as if it comes from an unsecured open network and trust itself is viewed as a liability within the zero trust framework.

Zero trust may also be called perimeterless security. This term shows how it is the polar opposite of traditional security models, which follow the principle of “trust, but verify” and regard already-authenticated users and endpoints within the company network perimeter, or those connected via virtual private network (VPN), as safe. But such implicit trust increases the risk of data loss caused by insider threats, since it allows for extensive, unchecked lateral movement across the network.

A zero trust security architecture instead is built upon:
  • Explicit verification and continuous validation: Network users must be authenticated, authorized, and validated on an ongoing basis to ensure they always have the proper permissions. Numerous data points such as user identity, geolocation, and device posture may be leveraged for this purpose. One-time validation of a user identity is no longer enough.
  • Least-privileged access: Zero trust reduces a company’s attack surface by enforcing the principle of least privilege, so that identities only get the lowest level of access to the network by default. In tandem with other cybersecurity practices such as network microsegmentation and adaptive access, least-privileged access sharply limits lateral movement within a zero trust model.

Here are other sources of useful info
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top