BTW, I forget about this article, some crypto trader posted on Reddit how he lost $25.000 via some infostealer which was installed when he downloaded some game, and apparantly Win Defender was bypassed. Of course WD fanboys will say it's clickbait, but when I look at the thread on Reddit, I don't think this was all staged just to make WD look bad LOL. Apparantly, SafetyDetectives tested the malware (not sure how trustworthy this test is) but they claimed that WD failed, while Bitdefender and Malwarebytes were able to protect against this infostealer. Of course as you know, tools like HitmanPro.Alert, OSArmor and TinyWall all offer protection against infostealers, so who knows, perhaps they could have helped preventing this attack. https://www.pcmag.com/news/microsoft-defender-not-enough-this-malware-gets-around-it https://www.reddit.com/r/CryptoCurr...w_i_lost_2438951_and_much_more_due_to_a_hack/
Basically, any outbound firewall should be able to block infostealers from connecting out. It was actually tested on The PC Security Channel, a couple of popular infostealers simply couldn't send the collected data. Of course, this is in the last stage of the attack, it's even better if infostealers are completely blocked from collecting data. Also, some infostealers might be able to bypass the firewall. Where TinyWall stands out, is that it's a default-deny firewall, so only apps/processes that you have specifically allowed will be able to make outbound connections, all others are automatically blocked, so no more annoying alerts, like with ZoneAlarm in the past.
BTW, I see that ThreatLocker claims it was able to block the SolarWinds attack, which was the biggest supply chain attack ever seen, and bypassed just about all security tools. I wonder if they can provide more info about this, because I highly doubt it was as simple as blocking SolarWinds from connecting out? Because the thing is, SolarWinds Orion most likely needs to be making all kinds of network connections in order for it to work. I think ThreatLocker is probably a credible company, but they shouldn't make claims like this, without providing more information. I didn't see any other cybersecurity company making such claims. https://www.threatlocker.com/why-threatlocker/use-cases/solarwinds-orion
