Hi guys, I'm sure a lot of you know Juan Diaz' YouTube channel https://www.youtube.com/channel/UCbjRDDLzQ6jLYBrU0BPGbrA/feed. He tested several of the most prominent anti malware programs but they all failed to protect against ChineseRarypt (at least at default settings). Is there a program that stops ChineseRarypt? Thanks!
Hi @guest ! Changing subject, please allow me a question: Do you know if CF+CS' settings can mitigate SPECTRE/MELTDOWN attacks? If not, how to do that without using patches? (they terrible slowdown my computer). Thank you in advance!
Strongly suspect most of the Chinese AV vendors like Tencent, Qihoo 360, etc. detect it. There's a reason for this. A lot of mainland Chinese malware is directed to in-country users. Most of the major AV vendors won't even know of its existence until it hits the major malware feed sources. The likelihood of that is low since most Chinese users are using Chinese AV solutions.
1- no. CS settings are for beginners, it focuses only on the sandboxing capacities of CIS, and we all know now it is not so ''impermeable" , you want use Comodo seriously, use the HIPS at paranoid mode, if you cant , use another soft. 2- Spectre/meltdown are hardware vulnerabilities that cant be fixed effectively via software, you will just have patches trying to mitigate it but at the cost of potential slowdown.
@guest thanks. I am using CF+CS' settings along with SysHardener and Cylance (for zero-day attacks). Forgetting Spectre/Meltdown, what will be your software recommendation for the "less negative computer performance" with "the best protection"? My priority is computer performance (that's the reason I use CF/CS + SysHardener + Cylance).
1- seems ok, never tried cylance but i guess CF will do all the job, Syshardener isnt really a security soft, just a tool to automatize OS tweaks. 2- this: a- gain mote knowledge and safe habits, more of them you gain , less tools/soft are required. if you love testing security apps, it is another story tough b- then 3 mechanisms (other than a an AV and firewalls) are needed to cover all angles: an anti-exploit (win10 has one, so now not a priority to purchase a 3rd party one), an anti-exe or SRP to block unwanted execution of LOLbins/executables (most important to me), and a sandbox to contain threats from internet-facing apps like emails and browsers (not mandatory but it helps). now if you combine point 1 and 2, your chances to get infected are very very low, unless via a kernel exploit which no soft can protect.
Thank you @guest for your answer. Most appreciated! If I keep my combo (CF/CS + SysHardener + Cylance), which anti-exploit do you recommend me (considering that computer performance is my priority)? OK, you said that CF/CS is for beginners, but CF/CS itself is not already a kind of anti-exe? My CF/CS' settings don't allow automatic sanboxing (containment), CF/CS always asks me first, before running in sandboxing any unknown file. In fact, unknown files are quarantined automatically. Is it not enough? Or do you recommend me a better anti-exe/SRP? (without killing computer performance). I have the same question for a sandbox. Thank you again!
~VT results removed per Policy.~ Btw here is the corresponding topic in the Comodo forums: https://forums.comodo.com/news-anno...s/comodo-against-chineserarypt-t124728.0.html
Just keep win10 builtin one, eventually learn to use it. That what differentiate with anti-exe, your setting auto-allow known files, anti-exe don't. CIS/CFW can be transformed into a pure anti-exe, you have a guide somewhere in the Comodo forum. Its sandbox is decent enough, just learn how tighten it, normally its vulnerabilities should have been fixed. The most important for you is to learn about how malware penetrate systems (attack vectors) and how to recognize them (symptoms, behaviors), because without this knowledge, you can have the strongest protection, one day it will fail you and you will still be a noob. "useless to have the best bullet-proof vest if you run blindly into a mine field"
you are welcome. P.S: when i say CS settings are for beginners, i meant Comodo beginner users, computer beginners wont even grasp what is Comodo.
FYI - http://id-ransomware.blogspot.com/search?q=ChineseRarypt . Switch to language of your choice. As of 7/1/2019, three AV's detected it; one Russian based (not Kaspersky) and two Chinese based. It can also perform like GlobeImposter ransomware and encrypt all files or copy files to a password protected archive.
Hi guest, gaining more knowledge is a good idea but I don't know where to start. I know there is lots of information on this forum but spread over hundreds of posts. Can you recommend a website, book, online course etc. for beginners?
Eset had a sig. detection for this bugger which appears to be a variant on 7/11. The original detection sig. is dated 5/21. So I would say Eset would have detected the variant in the wild via DNA/behavior sig..