BTW, I forgot that another SSD maker also came up with built-in protection against ransomware, but I can't fully visualize how this would work in practice. It does sound interesting though, see link. And I also forgot that the maker of SSD-Insider++ said it himself, hackers can always try to bypass it, because at the end of the day it's still software, the only difference is that it's at the firmware level, so it's baked in, see quote. https://news.softpedia.com/news/new-ssds-provide-ransomware-and-data-theft-security-532979.shtml
Possibly. But I think it was Bill that pointed out and I would have said the same, once this stuff gets on your machine your AV (and anything else you have in place) has already failed. AV is a somewhat useless tool. Kinda like me.
Now you are misrepresenting what I have said. That is NOT cool, Rasheed. Not cool at all. I NEVER said it is a "huge" advantage. I said it offers advantages but then immediately said it NOT a panacea for all security woes. But it is relevant. This is the problem. You keep denying the facts but denying the facts does NOT make you right! Yes, it is an extra layer. So is your firewall. So is your DHCP router. So is the anti-phishing feature of our browsers. Your logic would have us asking why have those "layers" if we have our AV? You say it is not relevant then turn around and say it might indeed be handy if the AV gets bypassed. Are you seriously suggesting AV's cannot be bypassed or otherwise thwarted? And it very much is important that it is able to act more early. That's it main advantage. That's what makes it relevant - regardless if you believe it, understand that, or not! Wow. Come on, Rasheed. You really need to educate yourself a bit here. Ransomware (any malware) does not get "delivered" via an exploit. It gets delivered via email, or by the user clicking on unsolicited links, or some other method of delivery. It does, most often as a matter of fact, get "delivered" (downloaded) via socially engineered methods of distribution - that is by tricking the user to download it. But delivery is NOT the same as execution. Execution involves loading and then "running" the code. The hope of the bad guy then is that the running code then exploits some vulnerability. This "layer" of protection is designed to [hopefully] detect and block the execution of that code, even before your AV is able to be loaded. You can keep claiming that is not relevant. But you are just wrong. Just because it is an "extra" layer of defense, and even though it does not provide a "huge" advantage to most users, that does NOT mean it is not relevant. Let's not forget what this feature does. It does NOT detect ransomware. It detects the encryption process caused by such programs. That's relevant. I see absolutely no reason for anti-keyloggers - in part, for the same reason you mentioned - we all have our anti-malware solutions already installed and they already look for keyloggers. The exception are those keyloggers that require the bad guy already have physical access to the computer. But how many home users does that effect? For that reason, I see no reason for anti-loggers. But does that mean they not relevant. Does it being relevant mean that everyone needs to go out and buy these new devices? Nope. I never said that either.
Seems like you're still misunderstanding. I'm saying that the fact that it's able to provide protection long before other security tools load is not relevant in this particular case. That is what this discussion is about it! And this is because of the simple fact that ransomware can't magically load on systems. It has to first be delivered to the machine via either exploit, which means malware will automatically run, or the user has to be tricked into downloading and running it. By then, security tools like AV and behavior blockers should come into action. The real advantage of SSD-Insider++ is that it might still protect if AV's fail to block it. And I'm guessing it's a lot harder to terminate SSD-Insider++ since it's running as firmware and not on the OS itself. Another advantage is that it's baked-in, so users are protected out of the box, with no need to download anti-ransomware tools. And nowhere does the developer mention that it's an advantage that it loads before any other security tool. And you know why he doesn't? Because it's not relevant! Just because you keep repeating this, doesn't make it true. It would have been relevant if it involved protection against rootkits, because this type of malware starts quite early in the boot-process, but that's why M$ designed ELAM. The biggest disadvantage of SSD-Insider++ is the performance degradation and it might even conflict with tools like AppCheck and HMPA who monitor the exact same stuff. Also, if ransomware is using new techniques, then the SSD firmware needs to be upgraded, I would rather not fool around with this. So I still prefer to use my Win Def + AppCheck + common sense combo to protect myself against ransomware and malware in general.
Having second thoughts, I don't want SSD-Insider++ running on my systems. I agree with @Rasheed187 But I do, or take other measures so I think it could be overkill and have undesirable side effects I don't want to deal with. Would be a great thing if SSD-Insider++ could be disabled by a physical means, a jumper or something. I'd still be willing to try it though.
Plus, if you're on a budget, the 480 GB K2 Secure is 299 USD and goes straight up from there. I would think for Enterprise like small business and offices with decent budgets,it would be something to consider. But for a low-risk home user? Meh. I've gotten so used to fast SSDs, I'm spoiled for anything else. And half the price to boot.
For the record, I think we are all in agreement that, because this feature degrades performance, particularly the 17% impact on latency, most of us would not like this feature - at least not in its current form. Hopefully V2.0 will offer the advantages in security without impacting performance (or adding to the cost). Perhaps, but those users are not the primary targets. While certainly individuals and small businesses can be and have been targets, the most common are colleges, universities, government agencies like City Halls, DMVs, local police and emergency services, healthcare facilities, and utility companies - all organizations that need their networks back up NOW seem more willing to pay the ransom. And paying the ransom is really the problem. "IF" the victimized organizations would stop paying the ransoms, this crime would stop being so profitable and the bad guys would move on to something else. What needs to happen is: More thorough and more frequent education (so users learn to recognize, and stop being "click-happy" on unsolicited links), The "responsible" IT and security personnel need to start doing their jobs to ensure, among other security policies and procedures, patches and updates are applied in a timely manner, and they have a robust backup and recovery plan in place that works, Upper and executive management needs to start taking IT security seriously to ensure/empower the responsible IT and security personnel have the necessary tools, training, guidance AND the "authority" to carry out their responsibilities, and to carry them out with the "sense of urgency" required to ensure the network stays secure, at all times. Those IT, security, and managers and execs responsible for the security of their networks and organizations need to be held accountable and, if applicable, punished (to include prosecution for criminal negligence) when these incidents occur.
I'm not saying it's a bad idea, but at the moment I'm not seeing any huge advantage, if you are already using anti-malware tools. If this guy can get performance drop to 2 to 5% and he can guarantee it offers 99% protection vs let's say 95% protection of anti-malware tools, then I'm all ears again. Also, hopefully you will be able to disable protection via some app running on Windows and not just at boot-time.
Maybe. But you can take this to the bank. If recent history is any indication of industry standards despite having heavy wallets, that's one expense they are more than willing to gamble away. Not just that, but software security experts salesmen will have a better pitch to sell their 'better' 'more cost effective' protection to a business/industry no matter how wealthy to the cheapest bidder.
Anyone would be a fool to "guarantee" any level of protection - whether via SSD firmware or software based antimalware tools. I am not aware of any product now that "guarantees" protection, or even some percentage of protection. The only way to guarantee protection from malware is to power down the computer, unplug power from the wall, then disconnect the Ethernet cable. If the idea is to have foolproof protection, that to me is not a good idea. If the computer and operating system are up and running, that implies a network connection has been established too. And it implies some controlling software is running and that software has deep access with applicable permissions. The booted computer, running operating system, established network connection, and running 3rd party software are all potential areas for bugs and/or vulnerabilities that could potentially be exploited by bad guys. It is important to remember that not all bad guys sit on the other side of the world or access the infected computer remotely. "IF" I am that concerned about security that I install hardware that incorporates hardware-level security features, I only want access to its settings via the hardware level - or in this case, via the BIOS.
Indeed, also to put all your faith in just one security measure. If you're smart, you would have a contingency plan with multiple security measures for your Enterprise setting. And if you have this, you would not really need the "baked-in" ransomware protection. It seems redundant and very expensive. In my opinion, ransomware or just the fear of it is enriching this type of product manufacture. Offhand, I can't think of a really solid security solution which includes this type of hardware. You could make one up but would it be cost-effective? I would welcome a clean, unbiased study that would pit one combination with- and without this hardware against another. .
How do you figure it is "very expensive"? I don't see anywhere in the article or links where the cost is even mentioned at all. I certainly do not see any reason to simply replace current, working SSDs just to add this feature. That would be expensive. But if buying new SSDs anyway, and if the price is competitive, and if the performance hit issue is resolved, I don't see any reason not to get these. Of course, that is 3 significant "ifs" - but they are not unreasonable "ifs" or unlikely either.
The starting cost of 299USD for a 480 GB SSD was actually stated in the Softpedia article in post #26 of @Rasheed187. Not cheap at all. And with other measures, it could be prohibitive for some, I'd imagine. That's why I'd like if a comparative study using this type of hardware would be useful in determining whether the additional cost justifies using struff like this in certain scenarios. It would be interesting. Edit: if these SSDs affect performance, would this also affect the speed at which the malicious activity is detected? You wonder about that, right?
No. You are confusing products. That price is for a totally different product using different methods and technologies. If you read the Tom's article posted in Post #1 in this thread, "Researchers Bake Malware Protection Directly Into SSDs", your and Rasheed's link is in there. And it clearly says,
This creates a situation that would make me quit. A "blame everyone but the criminal" mentality (prosecutors would run wild with this, gives them someone to blame and a solution) sets a bad precedent when most of us can only do what can be done with the budget we are given.
Let me go over and above that and say that once I saw some tangible numbers in the Softpedia article, I forgot about the original Insider++ in post 1 altogether. Since I was obliged to re-read that, though, my original statement to independently test any maarketing claims--here it's "100% detection with 10 second detection latency"--hasn't budged one iota. If it pans out, then it seems to merit a rightful place in an Enterprise scenario (at least sometimes).if budget permits. Edit: False-positive "detections" are the bane of any security setup. Tucked away at the bottom is the caveat already noticed by you and others: firmware can be bypassed. So back to square two.
Whoa! Total nonsense! I never, as in NEVER EVER said the perpetrator of the crime should not be blamed, pursued, hunted down, prosecuted, and taken out back and shot - twice - then hung up on display for other bad guys to see! That absolutely should happen. But you are suggesting if YOU are responsible to secure the bank vault, but you are too lazy to lock it at night, and the bad guys break in and steal everyone's money, that you should not be held accountable at all! That's total nonsense! And if you believe that way you should quit - or rather, should never have been hired in the first place! This is the problem. If you look at almost all the big hacks, almost every single one could have been prevented. But those responsible did not even do what they could have or should have with the budgets and resources they had at their disposal. They failed to do their jobs! Perfect example; The massive Equifax breach where, "...lax security", "...bumbling response" to the breach, "...top executives...corruption". How did it happen? Hackers exploited a widely known vulnerability! How? Because those responsible failed to apply the patch that had been available to them for months!!!!!!!!! Not only that, all that personal information was stored on the Equifax servers in the clear! It was not encrypted. Why? Because those in charge, the IT, security, managers and execs were too damn lazy to do their jobs! And that Equifax is NOT a one-off anecdotal example. Again, if you look into other hacks, you will easily see that most were NOT due to bad buys exploiting zero-day vulnerabilities. No! They exploited known vulnerabilities that had patches already available to those responsible, but never applied.
No doubt, false positives are bad. But worse is false negatives. False positives essentially are just annoying nuisances. But a false negative - where real malicious code or activity is identified as safe - can be catastrophic.
You and others may have a really negative view on this, but it's the "natural" order of things. Predator and prey, it's a symbiotic thing mirrored all over the place. It's not confined to wildlife and the environment. Ransomware operators take advantage of low-hanging fruit. Always have. And there's plenty, since complacency, greed and slack attitudes are still rampant in all the wrong places. Colonial Pipeline, anyone? Don't know if super-SSDs are part of the cure-all andi n this context, it doesn't matter. It's the one holding the reins who can make or break it.
I never claimed you stated that the perpetrator should not be pursued but you did not address it specifically and I guarantee that if a prosecutor could blame "someone" they would not go after others. Easy target, easy win, another notch for them in the "win" column. Then after all of your complaining about others misrepresenting what you have said you state that I am suggesting it is ok to be lazy and and not do your job when I specifically pointed out there are budget issues in many cases with getting the boss to purchase the tools and resources to do the job correctly.
You quoted me, hence my response. Gee whiz! So now you get personal and chastise me for complaining about posters misrepresenting others, but then you do it again! I presented a hypothetical by saying I was not accusing you, or suggesting you, xxJackxx specifically, of anything. I did NOT deny or say you were wrong about budgets. No doubt, budget restraints do factor in, in some cases. But if an organization does not have the necessary resources for the IT personnel to properly secure their network to protect people's very sensitive personal information, that network needs to be taken off-line!! The problem is, "most" of the major hacks happen when the company has the $$$ to properly fund the necessary training and resources for the IT people to do their jobs. But instead they fail to do their jobs! And clearly, management has failed to ensure the IT and security people have done their jobs. That is negligence. And when innocent others are harmed due that negligence, that is criminal negligence. Edit comment: fixed a couple typos.
Thank you for what I perceive as a more reasonable reply. I do not wish to offend, but the "But you are suggesting if YOU are responsible to secure the bank vault" looked like you were attacking me with the "YOU". I pretty much agree with your response this time. I respect your knowledge and experience. Maybe less all caps and next time would make it less likely to misunderstand what was meant.
Fair enough on the all caps comment. Sorry about that. I assure "YOU" it was only meant as a emphasis to suggest hypothetically, "the one in charge" (that is, "if" you), and not "you" personally. No offense meant either! Sorry if it sounded that way. To my point, sadly, when these hacks occur, rarely is anyone held accountable for their actions, or inactions. Or if someone is held accountable, it most likely is some low-level person who becomes the scapegoat. It is rarely ever the person who is responsible to oversee, manage and ensure those under him or her do their jobs (or have the resources to do their job). When no one is ever held accountable, that sends the message to others that the protection of people's very sensitive personal information is not important, or a priority at all.
