Zero Trust (Solution Vote)

[danb]

I don’t want to get involved in this. But please don’t do this.

Regardless of the reasons or situation, I don’t want anyone to be negatively affected.

Fair enough... how about he redact all last names and address before posting?

BTW, I am guessing that JT is trying to bait me into accidentally releasing his last name so he can say that I doxxed him, so he can sue me, since all of his other attempts have failed.

 

[wasi00]

"we do not give out free licenses"... hehehe, thank you for confirming you are indeed Jeff T.

I would be MORE than happy to post the ridiculous letter that your attorney, who did not do his due diligence, because otherwise he would have discovered that you are the one who has been stalking me for several years, not the other way around.

Let me check with my legal team and MT staff, and if they approve, I will be more than happy to post the letter from your attorney, so everyone can see just how ridiculous it truly is. As you are aware, I have literally several hundreds of pieces of evidence of you stalking me, as the entire MT user base is aware.

When I post the letter, I assume I need to post it in its entirety, which includes your full name. Do I have your permission to post the letter with your full name? Thank you!

So finally you caught your JT red handed i guess.

Fair enough... how about he redact all last names and address before posting?

BTW, I am guessing that JT is trying to bait me into accidentally releasing his last name so he can say that I doxxed him, so he can sue me, since all of his other attempts have failed.

Wel you can post his first name jeFF but cannot say his last name coz he can sue u on it.. well congratulations to you for living in such first world country.. laws are tight i guess.

 

[Zero Knowledge]

What the hell.... This is a security forum not a high school drama . If you're going to bring the drama, at least make the trolling amusing .

Both of you need to sit down and have a stiff drink and make peace , all this crap on a public forum is no good for everyone!!!

 

[danb]

So finally you caught your JT red handed i guess.

Wel you can post his first name jeFF but cannot say his last name coz he can sue u on it.. well congratulations to you for living in such first world country.. laws are tight i guess.

He has been caught red handed several times, with absolute and irrefutable proof. He has been trying to bait me for 5 years so I would slip and say one thing untrue. Thankfully I have been very careful. He has not been careful.

 

[danb]

What the hell.... This is a security forum not a high school drama . If you're going to bring the drama, at least make the trolling amusing .

Both of you need to sit down and have a stiff drink and make peace , all this crap on a public forum is no good for everyone!!!

You think 3 days of this nonsense is bad, try doing it for 5+ years . I have tried to end the conversation and wish him well, then blocked him, then he just opens another account or two . Thankfully it is cold outside and I have time to defend VS from his lies and misinformation.

 

[Zero Knowledge]

You think 3 days of this nonsense is bad, try doing it for 5+ years . I have tried to end the conversation and wish him well, then blocked him, then he just opens another account or two . Thankfully it is cold outside and I have time to defend VS from his lies and misinformation.

You just feeding the troll then . You should know by now what they hate and can't stand is being ignored. You keep engaging with him, so he continues .

Psychology 101

 

[wasi00]

Either all who are blaming @danb show some proof of his wrong doing if any or they should keep quiet and don`t just accuse him for nothing..
VS got is very popular u got some enemies along the way..

 

[simmerskool]

Either all who are blaming @danb show some proof of his wrong doing if any or they should keep quiet and don`t just accuse him for nothing..
VS got is very popular u got some enemies along the way..

?? by "liking" @Zero Knowledge comment re feeding the troll, I am not saying @danb did anything wrong, but I also think he was feeding the troll. How does MT community prevent this trolling??

 

[tipo]

I voted for @danb 's voodoo shield. I used the free version on the work PC untill the company provided me another laptop with built in deny everything policy and windows defender as the default security software, and I really don't know a software better than this. It just simply works.

 

[Bumblebee Uncle]

Who is JT I am not new here on the forum but do not follow all discussions. Would be nice to know Good sunday reading.

 

[ForgottenSeer 69673]

Don't worry i am genuine new user not some old JT disguise

don't worry, I don't worry

 

[Digmor Crusher]

This thread has reminded me of how much I used to like Appguard several years ago, so for giggles I installed version 4 which I have a lifetime license for, so far no issues. If you don't hear from me for days then you know my computer was borked.

Nope, not my cup of tea, back to VS.

 

[simmerskool]

Nope, not my cup of tea, back to VS.

on my rig I haven't figured out what is unlikeable about AG v6.7 (other than the Activity Log is "scary" or "daunting" but mostly ignorable), no slowdown. At moment I guess I'm in modified paranoid node running both AG & VS. What I read from wilders they work differently, and you can run them together, so far that advice is holding true here. I guess I like them both, not sure why this is a black or white thing for some folks. fwiw I like H_C too.

 

[Digmor Crusher]

My activity log had around 120 blocks in 2 hours, I would prefer a program that doesn't constantly block processes, especially if they are harmless. And a program that I actually know what it is doing.
In any case I don't see a need to run both AG and VS so I chose VS.

 

[ForgottenSeer 97327]

Only two votes for WDAC?

 

[ichito]

VS is true Zero-Trust when it is in Always On Mode, and it is true Zero-Trust when it needs to be when it is in Smart Mode. VS is highly flexible and the user can choose which mode fits their needs best.

Zero trust is based on rule that everything should act with the less privileges as possible so it means not every behavior of process should be allowed. VS doesn't assure this because as anti-exe doesn't' control another actions of process except lunching it. VS in lock-system mode "freezes" system with all unneeded and dangerous actions/behaviors of allowed processes so actually makes system open to malware that could exploit in some way "trusted" apps.

 

[danb]

Zero trust is based on rule that everything should act with the less privileges as possible so it means not every behavior of process should be allowed. VS doesn't assure this because as anti-exe doesn't' control another actions of process except lunching it. VS in lock-system mode "freezes" system with all unneeded and dangerous actions/behaviors of allowed processes so actually makes system open to malware that could exploit in some way "trusted" apps.

You are confusing Privileged Access Management with Zero-Trust

Privileged access management

"Privileged access management (PAM) consists of the cybersecurity strategies and technologies for exerting control over the elevated (“privileged”) access and permissions for users, accounts, processes, and systems across an IT environment."

What is Privileged Access Management (PAM)? | BeyondTrust

PAM consists of cybersecurity strategies & technologies for exerting control over the privileged access and permissions for users, accounts, and systems.

www.beyondtrust.com

Zero-Trust

Zero trust security model - Wikipedia

en.wikipedia.org

"The zero trust security model, also known as zero trust architecture (ZTA), zero trust network architecture or zero trust network access (ZTNA), and sometimes known as perimeterless security, describes an approach to the design and implementation of IT systems. The main concept behind the zero trust security model is "never trust, always verify,” which means that devices should not be trusted by default, even if they are connected to a permissioned network such as a corporate LAN and even if they were previously verified."

VS evaluates the entire attach chain / process execution flow, so it is not "open to malware that could exploit in some way "trusted" apps.", as you described. All without 60 unnecessary unwanted blocks per hour.

UAC follows the Privileged Access Management model, which is why it is not nearly as robust or user-friendly as VS. I do not need to be reminded each time that I want to personally launch an elevated command prompt (and that is just one of MANY examples) .

 

[simmerskool]

My activity log had around 120 blocks in 2 hours, I would prefer a program that doesn't constantly block processes, especially if they are harmless. And a program that I actually know what it is doing.
In any case I don't see a need to run both AG and VS so I chose VS.

I do see one thing running both (I don't need to run both, I just am, humor me). I see no conflicts, but I do see increased "suspicious events" in AG Activity Log since re-installing VS but none directly related to VS. AG reports a lot, but if you don't look at the log, and don't notice any effect or side-effect on your computer, AG would argue, I think, that the apps that are doing these "suspicious events" should not really be doing them, so it blocks them. I don't know! Could be "no harm no foul." AG seems to have fallen out of favor when it went more Enterprise? But Blue Ridge Network is offering AGSolo at a more consumer price. I echoed your concern about blocks in AG log for the first few days running AG, but after a week or so and more reading (mostly at wilders), I feel ok about it. I even feel safer, but perhaps an illusion...?? And agree as somewhat informed we do want to know what an app is doing, but I am feeling AG is giving me that feedback in its logs. VS has logs too. I just reset my VS whitelist to better see what VS is allowing and blocking. Dan suggested to reset VS whitelist every so often.

 

[danb]

I forgot to mention… behavior blockers are actually allow-by-default by design. The reason we know this is because they work by allowing everything, except certain suspicious behaviors (they block specific behaviors). They obviously cannot block, and do not want to block every single behavior, which is further proof they are allow-by-default by design, and simply bear no resemblance to the zero-trust model. So behavior blockers must determine what to block and what not to block. That is great when they are correct, but not so great when they are not correct.

BTW, a global block of cmd, for example, is not a behavior block. This is a global block, and there is a huge difference. In a global block, behaviors are not evaluated in determining if cmd should be blocked, it is just simply blocked.

Most modern AV products include a behavior blocker component that the company has focused on and refined over the years, and it would be difficult or impossible to build a behavior blocker that is even close to the efficacy or usability of the AV products that already offer a behavior blocker, especially when behavior blocking is their company’s specialty.

For these reasons, I strongly believe behavior blocking is best implemented into an allow-by-default product like a traditional or next-gen AV. Some of this is opinion and some of this is fact, you can decide what is what .

 

[ichito]

You are confusing Privileged Access Management with Zero-Trust

No...I'm not wrong. The matter of privileges is core subject of Zero Trust conception. Here's from Citrix article

The core logic of a zero trust security is essentially “never trust, always verify.” In a world of complex cybersecurity threats and hybrid workforces equipped with numerous applications and devices, zero trust aims to provide comprehensive protection by never assuming an access request comes from a trustworthy source—even if it originates from within the corporate firewall. Everything is treated as if it comes from an unsecured open network and trust itself is viewed as a liability within the zero trust framework.

Zero trust may also be called perimeterless security. This term shows how it is the polar opposite of traditional security models, which follow the principle of “trust, but verify” and regard already-authenticated users and endpoints within the company network perimeter, or those connected via virtual private network (VPN), as safe. But such implicit trust increases the risk of data loss caused by insider threats, since it allows for extensive, unchecked lateral movement across the network.

A zero trust security architecture instead is built upon:

• Explicit verification and continuous validation: Network users must be authenticated, authorized, and validated on an ongoing basis to ensure they always have the proper permissions. Numerous data points such as user identity, geolocation, and device posture may be leveraged for this purpose. One-time validation of a user identity is no longer enough.
• Least-privileged access: Zero trust reduces a company’s attack surface by enforcing the principle of least privilege, so that identities only get the lowest level of access to the network by default. In tandem with other cybersecurity practices such as network microsegmentation and adaptive access, least-privileged access sharply limits lateral movement within a zero trust model.

What is Zero Trust Security? - Citrix

Zero trust is a security model that continuously verifies users and devices, rather than trusting by default, to protect against data breaches. Explore the zero trust model and zero trust security.

www.citrix.com

Here are other sources of useful info

What Is the Zero Trust Security Model? How Does it Work? | Fortinet

Zero trust architecture secures the network from the inside out. Learn how to shrink the attack surface and implement a zero trust security model for your network.

www.fortinet.com

Never trust, always verify: The Zero Trust security model

What is Zero Trust, and why is it attractive for modern business?

www.kaspersky.com