BlackFog Privacy

Discussion in 'other anti-malware software' started by liba, Feb 2, 2018.

  1. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    651
    Location:
    Far East
    Hi Darren

    Can I check something? How does BlackFog Privacy handles legit program which has been compromised and turns into an APT? The recent CCleaner software was a good example. You can read the issue from the net. I'm talking of compromised legit software here.

    This must have taken surprise on many systems which have been 100% locked down as claimed by their users.
     
    Last edited: Feb 5, 2018
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Will PM you tomorrow
     
  3. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    What's up with their website? Does anyone else get this error message when trying to visit the site?
     

    Attached Files:

  4. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,391
    Location:
    Under a bushel ...
    No problem here.
     
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    Strange, I tried to access the website yesterday, and got the same error.
     
  6. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    407
    Location:
    California
    That Web site error can happen when you are either rate limited or coming in from russia, ukraine or china.
     
  7. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    407
    Location:
    California
    Regarding NiteRangers' question. Thats a very difficult problem to handle, especially in the case of CCleaner because the bad actors got into the build process itself and was signed with a legitimate certificate. This is precisely what certificates are suppose to stop...

    The only way you can detect this sort of activity is through behavioral analysis. So if they start mimicking bad actors then they can be stopped. We have not tested exactly what they were actually doing in that instance so cannot tell you if we would have detected it. This is the sort of scenario where Machine Learning will do much better, because we can train it against such scenarios and add it into the mix. Right now difficult.
     
  8. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,391
    Location:
    Under a bushel ...
    'Works seamlessly with existing solutions' ... there are no known incompatibilities? Heimdal PRO?
     
  9. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    407
    Location:
    California
    We haven't seen any problems with Heimdal yet. Sometimes there are options that need to be changed such as with Trend Micro, but others work as is. If there are incompatibilities we will always fix them where possible.
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    See PM. On the side I tried installing it in VM. I think the install failed, based on the log file. Couldn't down load rules. On a side note, I got an alert with it trying to run Powershell which I blocked.
     
  11. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    407
    Location:
    California
    Yes it needs to have Internet access to function. The application downloads the rules routinely (and on first startup) so you have the latest protection. So you will need to allow the installer to do its thing to verify the dependencies are installed.
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I had internet connection but I do not like the idea of Powershell
     
  13. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    407
    Location:
    California
    The Powershell is a script that runs to ensure the built-in firewall allows BlackFog to connect to the Internet to get its rules. This prevents issues with people that have a locked down machine.
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Okay, since I feel comfortable with you I will try it again and allow powershell. I would hope you can find another way to do that, as a lot of people today are leary of powershell, myself included.
     
  15. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    407
    Location:
    California
    Good point Peter, I will send it to dev to see if they can do it a better way within the installer.
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Okay. I had to turn off NVT's OSarmor to stop the block on Powershell. But Emsisoft alerted on the .ps1 file. Darren, EAM updates thru the firewall no problem. So does HMPA and several other progams I have. I have read lots of articles on Powershell attactks and they all describe something similiar to what you are doing, but to a malicious end.

    I simply can't believe you guys can't do better
     
  17. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    407
    Location:
    California
    We will update the installer using a better technique to avoid this Peter. Thanks for your input. Will let you know when its updated with the next minor release later this week.
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Thanks Darren. I look forward to testing it.
     
  19. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    I live in the United States, and I have no rate limit.
     
  20. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    407
    Location:
    California
    If you hit it again an give me the timestamp of when you try we can make sure your domain is unblocked.
     
  21. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    651
    Location:
    Far East
    Hi Darren

    Will there be support for more browsers like Cent, SlimJet, Waterfox, Palemoon, Iridium, Chromium etc?

    How about protecting the privacy of users from browsers like Chrome and Firefox? Even if I disable the settings in Chrome/Firefox I know Google/Mozilla is still collecting my data through their browsers.

    Is the predictive threat protection behavioral-based especially when offline?

    Any timeline for v4?

    Thanks
     
    Last edited: Feb 7, 2018
  22. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,995
    Location:
    Among the gum trees
    How long is the trial for? What happens if we don't buy a sub when the trial finishes?

    Thanks.
     
  23. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,391
    Location:
    Under a bushel ...
    I also have powershell locked down, either with AppGuard or OSA, and I have EAM ...

    I also look forward to trial with next minor release then. Will you let us know here Darren?
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,995
    Location:
    Among the gum trees
    Well, Not a pleasant experience so far. BlackFog just removed all my Firefox bookmarks. :ouch:
     
  25. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,391
    Location:
    Under a bushel ...
    :eek:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.