Are there any Windows Firewall Interface apps that can intercept and temporarily block an unsigned program from gaining outgoing internet access, with real-time notification requiring acceptance or denial?
Simplewall runs on the windows filtering platform and has the option to "check for digital signatures". The details of what occurs when you check that option is unclear to me but here is the link... https://www.henrypp.org/product/simplewall and Wilders Simplewall thread... https://www.wilderssecurity.com/threads/simplewall-firewall.389491/
Windows Firewall Control on Notifications: Learning Mode Sounds like what you want https://www.binisoft.org/wfc.php
digital signing is nor mandatory if a program is trustfully or not. even signed ms programs do not need web accces. if you want to block a program then just block it.
your question was very clear - how to block unsigned programs. i only wrote to you that signed programs are not more trustworthy than unsigned. so you left more questions behind from my view. edit i forgot to say that if you want to block unsigned malware then it could be disappointing that malware nowadays is signed and will find more than one way out.
It is true. Here is an old article published by Bruce Schneier in 2018 who points out that "digitally signed malware is much more common than previously believed". https://www.schneier.com/blog/archives/2018/02/signed_malware.html
A simple way to block any unsigned malwares is to use the registry key "validate admin code signatures" + UAC always notify (to greatly decrease any bypasses) + HTTP javascript blocking in the browser. HTTP is now always predominant for distribution of unsigned malware: https://urlhaus.abuse.ch/browse.php?search=url_status%3Aonline
this IS true https://www.google.com/search?q=digitally signed malware eg https://www.trendmicro.com/en_us/re...-code-signing-abuse-in-malware-campaigns.html look at the table Code: Type Number of software Signed (overall downloads) Trojan 22,413 59.9% Dropper 43,423 85.6% what you try to achive is possible but as i wrote in another thread here today - an infected system is infected, a break out is a matter of time. goal is not to get infected.
Of course, but since no antimalware system is perfect I was just trying to add another security layer to prevent data-theft.
I use OSArmor, which monitors and blocks suspicious process behaviour, as an additional layer of security: https://www.osarmor.com/
It's good to try & exercise tighter control on apps that try to connect out. If a person images to external storage at least 3X/week (doesn't everyone?), then an infection is a relatively minor inconvenience. However, a malware that gets into a computer's knickers & then calls home sensitive info, BEFORE a clean image is restored, is a huge PITN! Ergo, in addition to OSA & my AV's built-in FW, I use Spyshelter for its anti-keylogger & HIPS (Host-based Intrusion Protection System) components. Those components provide added detections/filters/preventions for apps trying to call home. I also use my firewall's "block everything" button -- for those lengthy periods when I'm doing computer stuff (work or play) that needs no internet connection.
@imdb -- Yes, "Prevention" is often the "P" in HIPS. However, I consider "Prevention" is too optimistic a word for any security app, so I use "Protection"for the "P" in HIPS.
Signed malware is a thing, and thanks to Let Encrypt so are https malware sites at no extra expense. This is why I never felt the push for SSL was worth all of the hype. Every time someone raises the bar, the bad guys get a taller ladder.
thats not the point, any AV is only one gear in the box. goal is to prevent to get infected. antivirus, firewall and/or router (routers prevent most intrusions), limited user account, some other light proactive or defensive mechanisms to catch unwanted executions (sandboxie can do this), virtual boxes like shadow defender or Deep Freeze. a hips or behavior blocker is nice as long it do not bother and might be to complicated (like Malware Defender was). keep system and used software uptodate. and create backups (not system restore). if you are aware of your own actions you can reduce the amount of security programs. if you share the computer with your family different accounts are mandatory with a different setup. and dont let unknown people use your computer. even "good" friends never know if their usb stick is clean (happend for real). SSL got not recommend because of malware, it just raises security to known pages and for logins. and in cases where microsoft lost a lot of data theses including several ssl certs (which were revoked meanwhile), in that short period anything can happen. fake windows updates, fake ccleaner with malware inside (happend now again). thats why safe-lists in browser are important, or an adblocker which exceed this. cat and mice, but who is the cat? same as: "If you make something idiot-proof, someone will just make a better idiot." (Murphy's law) blackhat, p-zero, def con, pwn2own... https://www.geeksforgeeks.org/top-10-cyber-hacking-competitions-capture-the-flag-ctf/ in special mozilla and google have benefit from pwn2own and project-zero for their browsers. if a system is not uptodate it is vulnerable for theses attacks: https://googleprojectzero.github.io/0days-in-the-wild/rca.html example from list: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21882 list of current exloits for windows https://packetstormsecurity.com/files/os/windows/ but: Things are never as bad as they seem to get malware without user interaction (payload less) onto the system it must be bundled with other software, or it need a combined attack on several api, googles p-zero showed in 2021 such scenario for chrome and it was fixed within days. i get repeating myself. sorry.
