Discussion in 'other anti-malware software' started by sbwhiteman, Dec 5, 2017.
CyberSight RansomStopper, a new anti-ransomware, is profiled on ghacks. Has anyone tested it?
I stopped at Honeypots. Not interested
What's wrong with honeypots? They certainly are not the perfect solution for luring and capturing malware, but they are effective when used as one layer out of several - sort of like one stage of a 5 stage water filter.
As to this particular program, do I think users need it? No. Most of the popular anti-malware solutions in use today already block ransomware.
129Mb of download
Are you suggesting that is too big? Or too small? I note Emsisoft Anti-malware download is 282MB while Malwarebytes download is just 74.7MB.
Wow, this stuff looks pretty cool, website seems to be professional looks-wise. Except for the fact that I can't find a download link and the demo also doesn't work. But pure from a features point of view it does look exciting. Now let's wait for some testing, perhaps done by Cruelsister.
In my opinion is too big to be an anti-ransomware only. I think appcheck is just few tens of Mb
Did you try this?
There is something weird going on, I don't get to see that in both Vivaldi and FF 57, so perhaps it's one of my extensions that is blocking stuff. Or perhaps I blocked some domain-name or IP address, don't know.
I agree, perhaps it's because of the honeypot, but RansomFree is a small download and does the same. Another option is because it uses machine learning, but I don't know if it's cloud-based, I hope it's not.
Well, without downloading it (which I have no intention of doing) and installing it, there is no way to tell what is going on. I would be more concerned if it was several GB in size. My guess is the UI is pretty graphical and thus takes up a lot of space.
Maybe I'm too much used to CCAV, a fully-featured AV which is less than 10Mb
I hear you but that is not a valid comparison.
CCAV is Comodo "Cloud" AV. By its very nature (and product description) is "light on system resources" "cloud-based" scanning which means much of its code is in "the cloud".
And it should be noted that many product downloads are just installers - not the full package. Also many downloads include 32-bit and 64-bit versions but only install one or the other. The size of the download really does not mean much unless extremely abnormal, and this isn't.
If someone wants to know why the installer is so big, the installer can be opened with 7-zip.
This gives a clue about the sizes of files and directorys inside the installer.
Btw.: The free version of RansomStopper doesn't protect against tampering of the MBR.
You tested against MBR-based ransomware? How about protection of UEFI?
It is shown on the Features page:
"Protection of Critical Disk Regions"
Only the Business version is able to protect the MBR ("such as the MBR"). What exactly it else protects (except the MBR) isn't explicitely mentioned.
Rasheed- A quickie on this one on my channel. A sub-optimal result.
Mood- the personal version will protect against MBR/MFT ransomware, but as no one really codes for this anymore, nemo curat...
I saw that one on your channel yesterday. Did you report the holes in their security? Ransomstopper may become a really good product if they fix the weaknesses that's allowing the bypasses. For one they need to monitor for new startup items being added so malicious code can't run at boot before their product has a chance to block it. They still need to start monitoring earlier during boot process if possible so if malicious code does manage to run during boot they have a chance of analyzing, and blocking it.
CE- The issues that were highlighted in the video (samples 2, 3,and 4) are so glaring that it is inconceivable that the developers were unaware of this when the product was released. The reliance on Group Policy and Honeypots, if continued, will never allow the product to rise to an optimal level.
Thanks for the test, it was a bit disappointing, especially when you look at all the claims they made. Seems they got some work to do.
Seems like they fixed their website, I now do get a download link.
That's hardly a fair statement.
Group Policy and Honeypots are just two of several levels the product uses. If it relied on just those two, then I would agree. But it also uses 2 levels of behavioral analysis, machine learning (whatever that is), and more.
That said, the Group Policy feature is only available on the "Business" version of the product. And I am certainly not saying this product is a worthwhile addition to our arsenals. As I said in my first post above, it is not needed.
And while this may be nitpicky, I am kinda old school and feel correct dotting of the T's and crossing of the I's in documentation reflects on the actual product itself. A resume full of spelling errors, for example, would make me quickly move on to the next job applicant.
On the Product Comparison page, they misspelled in one place "Behavior" (behavorial). On the Product Comparison page, there are numerous grammatical errors and inconsistencies. Considering this company has a California address and US educated executives, ensuring good documentation should be a no-brainer.
And for the record, MBR is a legacy feature. While still around, most newer systems use GPT. Yet I don't see protection from disk corruption on GPT disks listed anywhere.
A newer build is available (Digital timestamp: December 16, 2017)
CyberSight RansomStopper v1.3.1
CyberSight RansomStopper v1.5.0 Released (March 23, 2018)
Separate names with a comma.