Easy way to protect against crypto ransomware

Discussion in 'other anti-malware software' started by Windows_Security, Feb 1, 2015.

  1. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,079
    Location:
    Netherlands
    Secure folders by promosoft (freeware)

    Now for download available at http://www.softpedia.com/get/Security/Security-Related/Secure-Folders.shtml (Norton DNS does warn when surfing to developer's site).

    1. Whitelist trusted applications (allow to access your files)
    Typically you would include Windows Explorer, your office, media player and mail applications.

    2. Protect your files with read only
    Simply set a read only on your documents, pictures, movies, music subfolders (and any additional data partitions you have created). Don't set it for all your user files, this would also include some protected folders (AppData) and folders your browser uses.

    Note. You can use Secure Folders also as SRP (actually an ACL)
    I have Applocker only allowing Administrators updates of signed applications from Microsoft and Google from my Temp folder. With secure folders I close down this "update" hole in AppLocker (only have to stop protection of Secure folders from tray when I want to update). Also I have a quick data backup on an old (laptop) hard disk for documents only (so I can do on-demand backups without fuzzing with security and at the same time secure my backup folder).

    Untitled.png
     
    Last edited: Feb 1, 2015
  2. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    1,631
    Location:
    Toronto, Canada
    If I remember correctly, this is the same Secure Folders discussed previously: https://www.wilderssecurity.com/thre...ct-folders-and-use-as-anti-executable.369503/

    Has anything changed with regards to ownership/development of this Secure Folders program?

    You're right, Norton ConnectSafe does still provide a pretty significant warning for the developers' site, so that concerns me. I remember in the previous thread there were problems with quota when downloading the program and also some questions regarding who or what company is behind this program and also what country it may originate from.

    I trust you, Kees. Do you have any concerns regarding Secure Folders currently?
     
  3. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,079
    Location:
    Netherlands
    Well what is changed:
    - last time I explained it to use as anti-executable, website of the author was down and some AV's reported it as malware site
    - now it is available as download from softpedia and usage explained as ransomware protection.

    I am using it again and VT says it is clean (0/57)
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
    I have one question. Is it possible to prevent only certain app from accessing certain folders without putting all other applications on trusted applications list?
     
  5. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    The page of SF is avaiable and downloaded installer is clean on VT (0/57)...few minutes ago
    -http://securefoldersfree.com/-
    Good idea WS :thumb: I think mentioned feature of SF is similar to some advanced rules that we can make in ThreatFire :)...we can point in it folder/disk that can't be (whitout our decision) modified except defined trusted apps. Hmmmm...it's good reason to try TF one more time :)
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I think the problem is that these tools don't monitor child processes. So let's say your "word processor" gets exploited, and it's a trusted app. Then ransomware will still have full access to your files, am I correct?
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
  8. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    446
    Location:
    U.S. Citizen
    Salutations,

    What about if you sandbox, after too make sure that things do not change?
    With Sandboxie!

    Moose's World

    Kind regards,
     
  9. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    446
    Location:
    U.S. Citizen
    Salutations,

    From anybody?

    What are specific folders that you are using/suggest to synchronize. To SyncBackFree
    that is where,I am confuse?

    Could you possible show how to setup the above with pictures and steps needed. So,that average joe can do the same setup. And so, that I will have the same protection again crypto ransomware?

    It would be truly appreicate!


    Moose's World

    Kind regards,
     
    Last edited: Feb 3, 2015
  10. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    Probably an interesting YT movies about abilities of some apps against CTB-locker...link on the top connects to others results
    -https://safegroup.pl/testy/ctb-locker-vs-antiexe-video-t12069.html#p238090-

    Short info (because of Polish language on page)
    SpyShelter Premium/FW - failed/passed (it depends of system?...machine?...settings?)
    Zemana AL - failed
    HitmanPro Alert 3 RC build 143 - passed
    HitmanPro Alert v2.6.5.77 - failed
    Webroot (WSA) - passed
    NVT ERP - passed
    AppGuard - passed
    VoodooShield - passed
    ThreatFire - passed
    AVG Identity Protection - passed
    Comodo HIPS (sandbox, cloud - disabled) - failed
     
    Last edited: Feb 12, 2015
  11. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Seriously, do people still use WOT? I personally hate these baby sitting tools. I'm pretty sure these tools are both safe to use. Both sites are also not flagged on Virus Total.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I wonder why SpyShelter failed, probably because it can't stop "process hollowing", same goes for Zemana and Comodo. And ERP and VS only pass when you don't execute the malware, otherwise they will also fail of course.
     
  14. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    The two latest version of SS (9.6.2 and 9.6.3) are still puzzle for me...I will ask Tommy/Tony (it's the same guy on SG and Malwaretips) to test v. 9.6.1 that was for more "sensitive".
    ERP and VS...it's not bad to successfully block danger action of malware...if you will block such action and next you will get an infection - that would be not good :) I think TF reached very good score...his heuristic even on default 3 level is very efficient.
     
  15. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    I didn't say the tools were not safe. Maybe it has more to do with their business practices. You rarely ever see an Antivirus site with a bad rating. Someone did not have a good experience with them. WOT says misleading claims, or unethical. Also says malware or viruses. Someone probably flagged both after not having a good experience with them.

    Edit: they do have a support forum though. That's good. The best way to get to know their company would be to go through the forum to see what others have been posting about them.
     
  16. kerykeion

    kerykeion Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    267
    Location:
    Philippines
    What's interesting is that ThreatFire passed.
     
  17. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    Good heuristic engine?
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Well, I wonder what type of behavior SS should block in order to stop this attack. And I'm not sure what you mean about ERP and VS, but I'm saying that they can only block execution, not the malicious behavior from the ransomware. For example, AppGuard does restrict this type of malware from modifying files.
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    You should always be cautious, but I would rather rely on other things than WOT.
     
Loading...