I still wonder how to protect against data stealing malware. The only way is probably with file/folder protection, but would be cool if HIPS could do this out of the box, instead of having to make the rules yourself. From the article: "This Dyre variant uses a feature called ‘browsersnapshot' to collect cookies, client-side certificates, and private keys stored in browsers, Epstein said. Even if the malware does not intercept an active session, it may have enough information to allow an attacker to impersonate the browser identity and authenticate as the user, he explained."