Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Protection against Ransomware Encryption---like this???


  • Please log in to reply
10 replies to this topic

#1 iladelf

iladelf

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 25 September 2013 - 01:36 PM

I am in NO way endorsing this product whatsoever (I am new here, so what the heck do I know?), but I am guessing from the video below this style will be the new way to "prevent" these types of infections from installing in the first place.  What does everyone else think?

 

http://blog.cloudantivirus.com/2013/07/26/panda-cloud-antivirus-2-2-and-new-data-shield-protection/


Edited by iladelf, 25 September 2013 - 01:37 PM.


BC AdBot (Login to Remove)

 


#2 hbyton

hbyton

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:05:28 PM

Posted 25 September 2013 - 02:14 PM

At the moment the best thing you can do is keep regular backups, in my experience it only seems to be detected by your antivirus after it has encrypted your files.



Using a sandboxed browser will also help



#3 iladelf

iladelf
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 26 September 2013 - 12:21 AM

Thanks for the info, hbyton.  Even though I am new here, I have been in IT for 13 years, so I have some experience dealing with malware, obviously.  One of the main reasons I posted this was in an effort to find out what technicians are doing to harden their customer's computers.  Obviously, from the Cryptolocker topic, you can set up GPOs to protect computers on a network, but what about the average home (or small business) user?

 

What I am running into are antivirus/antimalware programs that bog machines down so much that they in and of themselves are about as bad as the infections!  Nothing, and I do mean nothing, seems to work on a computer that is Vista or XP vintage, without seriously compromising bootup and shutdown speeds and/or general operation of said computer.  I've tried Avast, Antivir, Panda Cloud, AVG, and Immunet Protect on various machines of various age (new to 5+ years old) and they all virtually double to TRIPLE boot times and shutdowns.  Panda Cloud raised a Vista boot time to THREE MINUTES when I tested it recently!  Yikes.  The only program I've seen that doesn't bog machines terribly (although some older PCs it will) is MSE, and the protection it offers really isn't that great, IMO.

 

I would recommend Sandboxie or something similar to my customers, but it's been my experience they won't use it, even if you show them how.  Sandboxie is ok for us techs, not so much for the average user.  How would they know, if they're experiencing problems (not just malware-related) to "dump" the sandbox and start new?  Further, they're likely not to know that software updates to any online programs should be done OUTSIDE of the sandbox, not in it, so that they "stick" if they empty the sandbox. 

 

My thoughts currently are to install Chrome, install Adblock Plus (the new 1.5.5), disable all ads in ABP, and add the malware protection filters as well.  Won't protect you from a bad email, but is better than nothing.  I've also installed SpywareBlaster on several of my customer's computers; whether it helps or not, I don't know.  I suspect it does, because as I think about it, I don't see those customers as often!

 

Look forward to everyone's thoughts.



#4 Netghost56

Netghost56

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:28 AM

Posted 26 September 2013 - 03:21 PM

I HATE Norton, Avast, and Panda. Never recommend any of those.

 

For my customers I either install AVG free or MSE. (Depending upon customer's ability and the usage of the system). I also install Malwarebytes on every system that crosses my bench.

 

For myself, I run MSE and actually let it do a weekly scan (unlike most folks), and Malwarebytes.  I run Firefox with Adblock Plus and NoScript. I'm also familiarizing myself with Konqueror for Windows.

 

EDIT: I'm an IT tech for a small firm in a small city. I handle about 10 work orders a week at the moment.


Edited by Netghost56, 26 September 2013 - 03:22 PM.


#5 hbyton

hbyton

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:05:28 PM

Posted 26 September 2013 - 03:44 PM

Whats wrong with avast?



#6 Netghost56

Netghost56

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:28 AM

Posted 26 September 2013 - 03:56 PM

Same thing as the other two- too much bloatware.

 

And you have to register it.

 

I've been told it comes with Strongvault Online Backup.


Edited by Netghost56, 26 September 2013 - 03:57 PM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:28 PM

Posted 27 September 2013 - 09:50 AM

StrongVault is a video converting application that is typically bundled with other software you install but avast is not one of them. avast does include Google Chrome pre-checked by default during Express installation so you have to uncheck it. If you already have Google Chrome or perform a program update, Google Drive may be offered pre-checked by default...again you have to uncheck it.

In fact, many Anti-virus and security vendors bundle toolbars and other software with their products as a cost recoup measure. So when a vendor includes an add-on such as a toolbar, they do so as a way to "pay per install" and recoup associated business costs. This practice is now the most common revenue generator for free downloads and is typically the reason for the pre-checked option.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,070 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:28 PM

Posted 27 September 2013 - 10:49 AM

Same thing as the other two- too much bloatware.

 

And you have to register it.

 

I've been told it comes with Strongvault Online Backup.

For what it's worth, AVG comes with "bloatware" too: AVG Security Toolbar and AVG Secure Search. The toolbar is considered questionable and is removed by both Junkware Removal Tool and AdwCleaner. AVG also has a "PC TuneUp" program which contains a registry cleaner. Registry cleaners are just bad news, and BleepingComputer does not support these programs.

 

I think apart from BitDefender free and MSE, all other free anti-viruses come with add-ons. Most of the time you can opt-out apart from Avira Free with Ask Toolbar (I may be wrong, but I've tried installing most of them at one point or another).

 

 

To the main question, I think a good behaviour blocker should be able to block these ransomware attacks. I know Emsisoft has one that works against these threats, even before they are in the database of the main anti-virus product. I'm not sure about other programs though. A sandbox would also work as long as you know how to use it properly.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 Netghost56

Netghost56

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:28 AM

Posted 27 September 2013 - 03:35 PM

Yes, when installing AVG I always uncheck "Security Toolbar" and "Secure Search" and also the "Widget". The registry cleaner is an option after the fact- I have seen systems brought in where the customer did opt for the cleaner and then messed up his computer- but it was his choice to do so...

 

As I said, I run MSE and scan with MBAM on my personal computer (work and home). I opt for installing AVG (without add-ons) in customer's systems on a case by case basis- generally whether they will need the real-time scanning or not. If they are OK with allowing MSE to be set up for weekly scans I'll install MSE- but if they just want to "install and forget about it" I go with AVG. I trust that they will allow it to run updates- but it's like that with any application.


Edited by Netghost56, 27 September 2013 - 03:36 PM.


#10 iladelf

iladelf
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 27 September 2013 - 11:50 PM

I'm currently testing Bitdefender Free on my old XP machine.  Now, this machine WAS a beast back in it's day (Intel Quad Core Q6600 2.4 GHz), and I used to have 4GB mem in it (2 were causing errors, which was dumped).  So, with 2GB of mem, it's a good test machine to see what will and won't work on your average home user's old rig.  And so far, not really affecting bootup or shutdown noticeably.  Whereas original, no AV bootups were just short of a minute, I'd say they're now around 1:10, and shutdowns are up to around 15 seconds from the original 10.  Not bad.  It false positives, though (Nirsoft PW crack tools---flagged!) and it's a little of a pain to deal with to restore (took 2x to get it and the exception to "stick"), but overall, may become my defacto AV for customers. 

 

BTW, the idea of MSE with paid MBAM riding along as malware protection seems to be what a lot of techs are using these days for customer protection.  I'd like to hear folks chime in on how well that has worked (aka any customers still getting infected?). 

PS  I had forgotten about this oldie but goodie (the MVPS Hosts file).  Have no idea how well it works (never tried).  How about you?

 

http://winhelp2002.mvps.org/hosts.htm


Edited by iladelf, 27 September 2013 - 11:51 PM.


#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,070 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:28 PM

Posted 28 September 2013 - 05:42 AM

Yes, when installing AVG I always uncheck "Security Toolbar" and "Secure Search" and also the "Widget". The registry cleaner is an option after the fact- I have seen systems brought in where the customer did opt for the cleaner and then messed up his computer- but it was his choice to do so...

I was more making the point of that AVG does come with Bloatware, and said bloatware is considered worse than those that come with say Avast! free or Norton (then again Norton is only a trial and then you have to pay, so can't really be considered the same as free-anti viruses which include bloatware to pay for the program being free).

AVG play on the fact most computer users that use their products may not be literate enough to realise that PC optimisers do nothing or make the computer worse. I've used AVG before, and they have sent emails about buying their PC optimiser and it's on a tab on the main program called fix performance. Each of their own on what programs they recommend, but AVG is not one I would recommend as you can probably see. I am not disrespecting your opinion on what you use in any way. I'm just making a point that AVG does come with bloatware, as from your comment about why you dislike Avast! it makes it seem like AVG does not contain bloatware. You may have not meant that, but I'm just making it clear to anybody who is reading.

 

BTW, the idea of MSE with paid MBAM riding along as malware protection seems to be what a lot of techs are using these days for customer protection.  I'd like to hear folks chime in on how well that has worked (aka any customers still getting infected?). 

PS  I had forgotten about this oldie but goodie (the MVPS Hosts file).  Have no idea how well it works (never tried).  How about you?

 

http://winhelp2002.mvps.org/hosts.htm

If you want a free anti-virus which doesn't take a lot resources then MSE is pretty good at that, ESET is a good paid anti-virus which also does not take up a lot of resources. Paid MBAM is excellent along with almost all anti-viruses. You can get infected using any anti-virus, so good, safe browsing habits help a lot.

I've never used the program, but it certainly doesn't hurt to have it around and could even be effective if you visit those websites. SpywareBlaster goes even further than using a custom host does, but is along the same sort of lines. If you want to check it out, then here is the link: http://www.brightfort.com/spywareblaster.html

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users