CyberSight RansomStopper

Discussion in 'other anti-malware software' started by sbwhiteman, Dec 5, 2017.

  1. sbwhiteman

    sbwhiteman Registered Member

    Joined:
    Jul 20, 2009
    Posts:
    70
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,314
    I stopped at Honeypots. Not interested
     
  3. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,834
    Location:
    Nebraska, USA
    What's wrong with honeypots? They certainly are not the perfect solution for luring and capturing malware, but they are effective when used as one layer out of several - sort of like one stage of a 5 stage water filter.

    As to this particular program, do I think users need it? No. Most of the popular anti-malware solutions in use today already block ransomware.
     
  4. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    423
    Location:
    Italy
    129Mb of downloado_O
     
  5. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,834
    Location:
    Nebraska, USA
    Are you suggesting that is too big? Or too small? I note Emsisoft Anti-malware download is 282MB while Malwarebytes download is just 74.7MB.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,890
    Location:
    The Netherlands
    Wow, this stuff looks pretty cool, website seems to be professional looks-wise. Except for the fact that I can't find a download link and the demo also doesn't work. But pure from a features point of view it does look exciting. Now let's wait for some testing, perhaps done by Cruelsister.
     
  7. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    423
    Location:
    Italy
    In my opinion is too big to be an anti-ransomware only. I think appcheck is just few tens of Mb
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,563
    Location:
    Slovenia
    Did you try this?

    upload_2017-12-5_19-2-45.png
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,890
    Location:
    The Netherlands
    There is something weird going on, I don't get to see that in both Vivaldi and FF 57, so perhaps it's one of my extensions that is blocking stuff. Or perhaps I blocked some domain-name or IP address, don't know.

    I agree, perhaps it's because of the honeypot, but RansomFree is a small download and does the same. Another option is because it uses machine learning, but I don't know if it's cloud-based, I hope it's not.
     
  10. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,834
    Location:
    Nebraska, USA
    Well, without downloading it (which I have no intention of doing) and installing it, there is no way to tell what is going on. I would be more concerned if it was several GB in size. My guess is the UI is pretty graphical and thus takes up a lot of space.
     
  11. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    423
    Location:
    Italy
    Maybe I'm too much used to CCAV, a fully-featured AV which is less than 10Mb :p
     
  12. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,834
    Location:
    Nebraska, USA
    I hear you but that is not a valid comparison.

    CCAV is Comodo "Cloud" AV. By its very nature (and product description) is "light on system resources" "cloud-based" scanning which means much of its code is in "the cloud".

    And it should be noted that many product downloads are just installers - not the full package. Also many downloads include 32-bit and 64-bit versions but only install one or the other. The size of the download really does not mean much unless extremely abnormal, and this isn't.
     
  13. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,102
    If someone wants to know why the installer is so big, the installer can be opened with 7-zip.
    This gives a clue about the sizes of files and directorys inside the installer.

    Btw.: The free version of RansomStopper doesn't protect against tampering of the MBR.
     
  14. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    428
    Location:
    Far East
    You tested against MBR-based ransomware? How about protection of UEFI?

    Thanks
     
  15. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,102
    It is shown on the Features page:
    "Protection of Critical Disk Regions"
    Only the Business version is able to protect the MBR ("such as the MBR"). What exactly it else protects (except the MBR) isn't explicitely mentioned.
     
  16. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    428
    Location:
    Far East
    OK, thanks
     
  17. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,217
    Location:
    Paris
    Rasheed- A quickie on this one on my channel. A sub-optimal result.

    Mood- the personal version will protect against MBR/MFT ransomware, but as no one really codes for this anymore, nemo curat...
     
  18. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,238
    Location:
    USA
    I saw that one on your channel yesterday. Did you report the holes in their security? Ransomstopper may become a really good product if they fix the weaknesses that's allowing the bypasses. For one they need to monitor for new startup items being added so malicious code can't run at boot before their product has a chance to block it. They still need to start monitoring earlier during boot process if possible so if malicious code does manage to run during boot they have a chance of analyzing, and blocking it.
     
  19. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,217
    Location:
    Paris
    CE- The issues that were highlighted in the video (samples 2, 3,and 4) are so glaring that it is inconceivable that the developers were unaware of this when the product was released. The reliance on Group Policy and Honeypots, if continued, will never allow the product to rise to an optimal level.
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,890
    Location:
    The Netherlands
    Thanks for the test, it was a bit disappointing, especially when you look at all the claims they made. Seems they got some work to do.

    Seems like they fixed their website, I now do get a download link.
     
  21. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,834
    Location:
    Nebraska, USA
    That's hardly a fair statement.

    Group Policy and Honeypots are just two of several levels the product uses. If it relied on just those two, then I would agree. But it also uses 2 levels of behavioral analysis, machine learning (whatever that iso_O), and more.

    That said, the Group Policy feature is only available on the "Business" version of the product. And I am certainly not saying this product is a worthwhile addition to our arsenals. As I said in my first post above, it is not needed.

    And while this may be nitpicky, I am kinda old school and feel correct dotting of the T's and crossing of the I's :confused: in documentation reflects on the actual product itself. A resume full of spelling errors, for example, would make me quickly move on to the next job applicant.

    On the Product Comparison page, they misspelled in one place "Behavior" (behavorial). On the Product Comparison page, there are numerous grammatical errors and inconsistencies. Considering this company has a California address and US educated executives, ensuring good documentation should be a no-brainer.

    And for the record, MBR is a legacy feature. While still around, most newer systems use GPT. Yet I don't see protection from disk corruption on GPT disks listed anywhere.