RansomOff

Discussion in 'other anti-malware software' started by co22, Mar 28, 2017.

  1. guest

    guest Guest

    Yes, creating a top-most windows which is always in front of all windows is not really possible.
    RansomOff wants to be "super-topmost", but Ransomware want it too and now they "fight each other" to be on top.
     
  2. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Right, that's why RansomOff freezes the process so that RansomOff wins the fight and can show the notification without the ransomware getting back on top. The unblock and minimize features are just one time shots that can easily be overridden by ransomware or any process that wants to reset their flags.
     
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Seems a lot of protections have been very nicely packed into Ransom0ff even at this stage and I must admit some bias because I unloaded quite an array in some of my local testing's and from the welcome observations it can't be all that easy to program for some of the unexpected that those foulware's might code into them next series.

    Good job HeiDef and team on this one. How close is it to going officially stable?
     
  4. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    There are a few bugs we still need to fix. Nothing seemingly too major but important for good compatibility. So definitely close.
     
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Sounds good!

    Don't know about others but i already envision and am working up a production scenario for Windows 10 anyway, where with the added mitigations now integrated and those yet to be added to RedStone3, where HeiDef Defense Ransom0ff will basically oversee for potential (new as well as already dated) ransomware.

    This coupled along with a few Excubit drivers, one for granular memory protection and the other (haven't decided yet).

    Still up in the air on how to select app lockdown but it has shown to be right on target and solid and so along with ERP should seal the deal IMO.

    Of course this is only a single scenario (and only on this end) but Ransom0ff's protection is a magnificent work and I find it delightfully stable to date.

    It is incredibly lightweight from my observations with no impact of any interest on the systems tested running modestly a Dual-Core Intel Celeron 1800Mhz 4Gb Ram even under heavy load.
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Been really quiet on here.

    Anyway it begs to question if there might be a Ransom0ff 5 in the works for another series at some point.

    Apparently most of the ransomwares attacks and potential additional vectors have big & small server admins of businesses as well as local users already well into making (or have made by now) provision against any type of problems related again. Similar with the AV's and Anti-Malware vendors repositioning their products to stand up even more forcefully.

    Microsoft patching up those systems that were vulnerable should help tighten things up too I suppose.

    I'll add just a brief for what it's worth on Ransom0ff 4 as it pertains locally on this end. The application with subsequent updates and bug fixes courtesy HeiDef's almost continuous response in addressing issues is been a breath of fresh air.

    The latest released version is been running non-stop on one my Windows 10 rigs and while some might find it cumbersome at first, like any other security software it takes getting familiar with it, it's settings and workings, and then everything else appears absolutely seamless to me.

    And yes, after testing the dickens out of the MBR protections in Legacy Mode, I'm happy to say all systems have returned to UEFI GPT disk in Secure Boot-mode :)
     
  7. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    I know it's been quiet on this thread but we've been working on a few things with RO.

    Mainly, we've just been collecting feedback to ensure the stability of the current release. Based on what we've been getting, that gives us confidence that we can soon drop the beta designation. There are a few outstanding bugs we'd like to fix and we are working with some members to get more information to understand more about these situations. Secondly, as some of you may have been aware, we've been working on a server side component to RansomOff. This will provide management, control and insight across a RansomOff deployment and is something we are pretty excited about. We hope to drop the server for wider release shortly.

    Either way, definitely appreciate the continued feedback from everyone. As we've said before, RO wouldn't be where it is without it.
     
  8. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    651
    Location:
    Far East
    Hi @HeiDef

    Do you think you can put up a features list of RansomOff on your website? Best to have it tabulated against the competitors

    Thanks
     
  9. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Great suggestion. We have some changes in store for the site once we release our first non-beta and will definitely include a listing of features. Thanks.
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Not had a chance to test against a latest strain making all the waves this week but I assume it too is handled and protected against as well with even this version of Ransom0ff is it not?
     
  11. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    While we haven't gotten a sample ourselves yet, from everything we've read, the latest ransomware attack is using Petya which, as many know, is a MBR infector. RO easily handles those threats. More interesting about this latest attack though is how the ransomware is probably just cover for a different attack.
     
  12. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    651
    Location:
    Far East
    HI @HeiDef

    Frankly, I have not spin your software. I'm waiting for it to be stable released.

    I'm checking whether some of the features in your software can be enable/disable e.g. MBR protection.

    The reason is having this option allows your software to be more compatible with other software. Hitmanpro Alert also has MBR protection which can be enable/disable. Will there be a clash here if both MBR protection are turned on?
     
  13. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Hi @NiteRanger

    RansomOff's MBR protection can be enabled/disabled although it requires a reboot if you change the setting.

    We've tested the MBR protection with Hitmanpro and didn't have any issues.
     
  14. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    651
    Location:
    Far East
    Thanks

    You mean with both the MBR enabled or disabling either one?

    Also, is there any issue between RansomOff and Avast's Anti-Ransomware feature because anti-ransomware are very finicky?

    Thanks again
     
    Last edited: Jun 29, 2017
  15. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,360
    How is it compared to Cybereason RansomFree? :eek:
     
  16. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    700
    Location:
    North America
    Win 7 64 bit. Tried to install Ransomoff but it would not install; message stated needed to install KB3033929 update. I downloaded the KB3033929 stand alone installer from microsoft but it wouldn't install with an alert stating that KB3033929 was already installed. I checked intalled updates and I couldn't find KB3033929.?? Wondering if that upate was included in a Rollup Package? Anyway that is the problem I ran into and any feedback would be appreciated.
     
  17. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Any particular comparison points you are interested in?

    Obviously we are a biased source but RansomOff is better than RansomFree. We'll leave it to other members who may have tested both to make their opinions known.
     
  18. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Is your Windows 7 version Home or Starter? We are aware of the issue you describe with those versions of Win 7. We don't have a fix yet at this time.
     
  19. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    700
    Location:
    North America
    Windows Home Premium. Thanks for the response; will keep an eye out if and when there is a fix in the future then.
     
  20. ufakai75

    ufakai75 Registered Member

    Joined:
    Dec 28, 2014
    Posts:
    183
    I down loaded RansomOff. 20 new non functioning apps appeared on my desktop and W10 wouldn't function, browsers wouldn't open. Had to do a full recovery... NOT FUN. This may work for some but was a mistake for me... never again.
     
  21. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    It might help to share exactly what O/S it is exactly that you installed it to first off. As well as share your other security solutions and if you also added those to Ransom0ff's list EXEMPTIONS Box for starters.

    Most of us have been running it without serious issues at all for weeks now nonstop in fact and except for occasional minor matters that might crop up this developer addresses for us those where they find needed updated to resolve.

    Sorry you happened to run into an issue that turned you so quickly.
     
  22. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,360
    That's a perfect ransomware protection if apps, browsers and W10 don't work. :argh:
     
  23. cloggy49

    cloggy49 Registered Member

    Joined:
    Oct 6, 2015
    Posts:
    93
    Location:
    The Netherlands
    I once had seen the same. I exited RansomOff and the 'ghost' files were gone. After a subsequent reboot, I didn't see them again....there was no need to restore anything.
     
  24. Izettso

    Izettso Registered Member

    Joined:
    Oct 1, 2007
    Posts:
    91
    I read most of this thread and I was quite impressed by RansomOff as described here.

    Currently I have BitDefender and VoodooShield installed. Would there be a conflict in also installing RansomOff? Would it be an overkill?

    Finally, should I resist the temptation to install it as it is still in beta?

    Thanks for any comments about the above.
     
  25. ufakai75

    ufakai75 Registered Member

    Joined:
    Dec 28, 2014
    Posts:
    183
    Tried that before the full restore, didn't help. RansomOff isn't for my machine. Bitdefender and MBAM premium will do for me as both have anti-ransom. Thanks for your input.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.