Interesting AntiRansomware freeware

You do realize that by mentioning uniqueness you just plussed what I posted https://www.wilderssecurity.com/threads/interesting-antiransomware-freeware.391031/#post-2642276

 

Then folks should hire IT pros to deal with that, shouldn't they?

 

The main point is that all a lab test indicates is the probability of you being infected using a tested security solution. It does not mean that the security solution will protect against every malware in existence or, one of the new 390,000 malware created that day. This is why in my opinion continuously lab malware monitoring is superior to stand-alone testing.

 

Well you said it: user ignorance, naive(ness) and stupidity are the cause of 99.995% of the infections.

 

Okay, point made. Assuming your friends and relatives know you have expertise in the field of IT, they for sure would have contacted you when they were infected.

How many stories have you heard of friends being infected?

 

I defer to Peter's statement. However, I don't believe its user laziness but rather user ignorance.

I personally believe that user computer behavior is the primary factor in determining the likelihood of malware infection. Gaming, social media site use, etc. all up the ante. So do the lack of basic security smarts such as ensuring all system and application software is up to date; all system and application software are running at recommended security settings; and most importantly a security solution is being used and that it is up to date and running at recommended settings.

Hence, the overall problem of actually determining security software effectiveness and the likelihood of being nailed by malware. The comparison being of a teenager that believes he can do whatever he wants on his device with total ignorance and/or disregard to the consequences versus the average Wilders member that configures his system to be malware bullet-proof. The "kid" will whine to high heaven that his security solution is a piece of crap since it didn't protect him from his own totally negligent computer behavior. Worse, are the cases when a somewhat knowledgeable person disables one or more security product features/settings because it is impeding his computer use in some minor way.

 

I have kubuntu installed on my sisters computer and about a month ago or two she was getting hit by fake ransomware on facebook. but it still gave the choice of downloading crap. it also froze her browser. she was at least smart enough to call me so I could look at it. so all you Linux fans are not protected by any means.

 

I agree. It has been my opinion for a long time, that if you keep your system updated, and are careful about what exe files you run, then chance of getting infected is extremely low. In recent years, the only times I've got infected are when I was careless and opened an infected file. In my many hours surfing the web, and even visiting unsafe sites (e.g. sites that Google said I shouldn't visit them because they are infected), I've got only infected when I've manually opened an infected file. I did get infected once or twice just by visiting web sites on a work computer that was not kept updated. But, on my own computers, which I always keep updated, this hasen't happended.

 

I have to disagree with shifting all of the burden onto the user. In the past this may indeed have been the case but with the advent of maladvertising is no longer so. Legitimate websites will get advertising from 3rd party ad consolidators and unless these ads are vetted constantly a number will get through containing exploit kits that will spew God knows What malware. Very legit websites such as the NY Times, BBC, AOL, Forbes (etc ad nauseum) have served up malware last year- websites that a user browsing to these sites should have no reasonable expectation of becoming infected.

A typical response to this issue would be "that's why you must use adblockers!); but this again is shifting blame on to the user while leaving those actually responsible blameless.

But please don't think that I am holding all users blameless when it comes to getting infected by malware- just the other day (on this site!) someone criticized a certain security product because it alerted that an unsigned application (Steam Game) by an Unknown publisher was being run. I suppose that the person felt that since it was a game it must be legitimate.

 

The problem with malvertising is that traditional paper publishers wanted to defend their advertising revenues when moving to online media. Therefore they use media specific advertising services (so they still get the bulk of the ad revenue generated). This is the reason the websites of media and publising companies (like NY Times, BBC, AOL, Forbes, etc) were easy targets for malvertising.

Malvertising is a threat to the foundation of the internet ad sponsored business model, so it is a priority for Google to fight it. I know that Doubleclick (Google's ad serving platform) is taking measures to check redirects (with Google's crawler and safe browsing infrastructure) to prevent malvertsing being served over their infrastructure. In the same time Google is upgrading their (free) tag services to make life harder for competing ad and tracking services.

I can't disclose to much, but end Q2 beginning Q3 Google will probably announce more info on the "war against malvertising". This will force the competition (specifically the lacking adservices of publisher and online media market) to improve their checks and balances on the URL's they are redirecting to.

So as they did with Chrome, the dark force/big evil Google is actually forcing the competition to improve security and making the world wide web a safer place for us all

 

In regards to mal-advertising and the like, below are two security features often disabled by users because of annoyance or perceived privacy issues:

SmartScreen

Original protections given here: https://technet.microsoft.com/en-us/library/jj618329(v=ws.11).aspx .

Enhanced end of 2015 to include exploit, drive-by download, mal-advertising, etc. protection as noted here: http://www.zdnet.com/article/micros...internet-explorer-can-block-zero-day-attacks/ . Also these new protections added for Chrome and Firefox browsers last fall. Functionality test for these new protections here: http://demo.smartscreen.msft.net/ .

SSL Protocol Scanning

Disabling this feature in your security solution's web filtering feature or lack thereof in your security solution neuters the ability to scan encrypted traffic for malware, mal-advertising, etc..

 

Hi Peter- I totally appreciate what you are saying, but there is a further issue. An example would be a very legitimate website like Forbes.com (financial). In order to provide free content Forbes will check for the presence of an adblocker, and if detected will refuse to serve up whatever article (and an increasing number of websites are going in this direction). OK- so I note that there is an interesting article on Forbes about the forthcoming (I hope) AMD Radeon- Intel contract. I try to access the article and note that I have to disable the adblocker (their articles are REALLY good, and Forbes has been around for years)- so I do so. Sadly either a banner ad has been recoded or I click on a Tiffany Emerald bracelet and and ZAP! the report I've been working on for 2 weeks (as if...) has been trashed.

In this case who should shoulder the bulk of the blame? An inquiring mind like myself, the incompetence of the ad consolidator, or the trustfulness (laziness) of the website guys at Forbes?

WS- Google (nor anyone else) often can have no idea of what is going on. Some of these maladvertising malware exploits will only trigger for those in certain geographical areas, or else only for every 6th-10th viewer. This makes the initial malware vector extremely difficult to track down.

 

I used sandboxie years ago but for some reason just prefer shadow defender. the problem with that is still user knowing to keep it enabled while browsing.
interesting thread.

 

Peter- Once again, I totally agree with you! But a user must have a reasonable expectation that they won't get hit by ransomware whenever they click for a Google search. So the "99.5%" of the burden of malware infection is specious. Sometimes the bulk of the blame lies elsewhere.

Putting the protection burden solely on the user is like saying that it's the customers fault for getting blown away by a cashier with a shotgun (they should have been carrying a revolver to defend themselves). No, it's actually the retailers fault (through laziness and/or incompetence) for not noticing that their employee is a psychotic murderer.

 

Let's put it 50-50: Attacker is 50% guilty and User is 50% responsible for malware success.

 

Sold!

 

NSS Labs recently completed testing Edge, FireFox, and Chrome against socially engineered malware attacks.

Overall, all three browsers scores were decent using their built-in protections with the highest scoring product being Edge. Edge scored highest because of its use of SmartScreen and although not specifically referenced, because of its running in AppContainer by default and it also running as a service. I would say the same would be true for IE11 as long as SmartScreen was employed and it was also configured to run in AppContainer. Tip - you can also force IE11 to run as a service in Win 10 by running it in private mode.

When it comes to SEM protection, Microsoft Edge came up on top by blocking 99.0% of the samples, followed by Google Chrome with 85.8% and Mozilla Firefox with 78.3%. While Edge uses SmartScreen URL filtering and Application Reputation (App Rep) for user protection, Chrome and Firefox use URL filtering and an application reputation system called Download Protection.

The test also revealed that Microsoft Edge could deliver a 98.7% zero-hour protection rate for malware, followed by Chrome with 92.8%, and Firefox with 78.3%. After 7 days of testing, Edge was in the lead with a 99.3% block rate, 3.6% higher than Chrome and 17.4% higher than Firefox. On average, Edge needed less than 10 minutes to block malware, Chrome needed 2 hours and 39 minutes, while Firefox needed over 3 hours and 45 minutes.

When it comes to phishing protection, Microsoft Edge had a phishing catch rate of 91.4% over the 12-day test period, followed by Chrome with 82.4% and Firefox with 81.4%. An average of 145,581 unique email phishing campaigns were reported each month this year, making a browser’s ability to block such attacks highly important. However, SEM protection is as important when assessing a browser’s security capabilities, NSS Labs notes.

Ref.: http://www.securityweek.com/microsoft-edge-tops-browser-protection-tests
​

-EDIT- You can download the test report from NSS Labs for free here if you wish further details on the test specifics: https://www.nsslabs.com/web-browser-security/

​

 

Good info on Edge. I just wish they had the extensions that I like to use.

 

uBlockOrigin is available now also on Edge.

 

I use that, but also things like Camelizer which do not appear to be on Edge yet.

 

100%

I must also add my complete disgust of sites just like Forbes (and as pointed out more are playing follow the leader on that) and others who demand to disable AdBlockers etc. but my answer to that (if I don't feel like putting it in Sandboxie ) they can kiss my royal behind because THEY are the one's that are turning to LAME enticements just to read the rest of their articles?

Nope ain't happening but it's just plain lousy coming from well funded origins for them to have to resort to "trickery" IMHO.

I'm old fashioned about this going all the way back to Windows 98 and the adJackers from that era too.

 

But some of the Forbes articles are really, really good...