Malware hides behind the mouse

[PJC]

Malware hides behind the mouse

Eww, that's obnoxious. I'd like to know what actual ITW malware does this though, and how it installs itself on end user machines in the first place...

[Mrkvonic]

It all begins with the initial infection, afterwards what happens is meaningless.
And you can't trust security companies to tell you about security.
So Symantec blah blah is useless.
Mrk

[noone_particular]

Several classic HIPS, even the old ones like SSM free, will intercept that hook and alert the user to the attempt.

[Noob]

Quote:

Originally Posted by noone_particular

Several classic HIPS, even the old ones like SSM free, will intercept that hook and alert the user to the attempt.

Yeah but not many people use HIPS.

[noone_particular]

Quote:

Yeah but not many people use HIPS.

True. That said, conventional detection based security is becoming impossible. This subject was originally in this thread. If you can trust the way Symantec counts malware (extremely hyped quantities), they're claiming a million new variants per day, which makes detection by identification a total joke. IMO, we're approaching the point where default-permit based security on PCs with average users playing administrator is not viable. I don't see a viable answer that works for the average user that still allows them to safely have administrator access. I don't believe that sandboxing will prove that durable in the long run. I wonder how long it will be before windows won't allow a user to install anything that doesn't come through their store. IMO, it's going in that direction faster than most want to admit.

[jo3blac1]

Quote:

Originally Posted by noone_particular

True. That said, conventional detection based security is becoming impossible. This subject was originally in this thread. If you can trust the way Symantec counts malware (extremely hyped quantities), they're claiming a million new variants per day, which makes detection by identification a total joke. IMO, we're approaching the point where default-permit based security on PCs with average users playing administrator is not viable. I don't see a viable answer that works for the average user that still allows them to safely have administrator access. I don't believe that sandboxing will prove that durable in the long run. I wonder how long it will be before windows won't allow a user to install anything that doesn't come through their store. IMO, it's going in that direction faster than most want to admit.

You forget about a couple of other alternative security apps:
1) SD -> has never been overcome by malware
2) App guard -> another one never bypassed by malware
3) SBIE --> also never heard of anyone getting infected through it either

I don't think that Windows can go 100% like iOS. There will always have to be a way for large companies to side load custom made apps.

[noone_particular]

I haven't used SD and app guard and am not familiar with their abilities/limitations. With Sandboxie, the developer has said that it is not as effective on 64 bit because of restrictions the OS places on legit apps.