Secure Folders to protect folders (and use as anti-executable)

Very true. Those have increasingly proliferated as well as the means to slip them in, in-between the cracks of Windows systems and even some various AV products.

 

Even worse is that the data thieves have been spending money and effort in order to steal more effectively. Last month an IRS approved website (E-File.com) was hacked, and those visiting it (to file taxes online as well as those just browsing) were presented with a browser update that was digitally signed with a valid certificate. After a week only Crowdstrike detected that anything was amiss (of course CF protected).

 

Thank you for this info. It's another reason I use the old fashioned way when we file our extortion documents. Not that the US Mail is 100% safe either.

 

I found the "old-fashioned" ways, AND even some long dismissed software, just as equally adequate or in other instances better than the wares that they peddle today demanding subscriptions to keep user's safe. Or so they say.

 

Yes I tried, but I really couldn't figure it out. AFAIK, if a process is trusted it should be allowed to run and/or access files even if protected folders are marked as locked or read-only.

Well, perhaps you can do another test of these infostealers vs Secure Folders, where attacked browsers and Windows Explorer are set as trusted, and protected files should be in locked folders. For example, I locked down my Vivaldi browser profile which should stop untrusted processes from getting access to browser cookies and passwords, at least in theory.

Wow, only after a week did CrowdStrike detect these infostealers? And I assume AV's like MS Defender would also be bypassed? That's why I always say you need extra protection, especially less computer savvy people.

https://www.techspot.com/news/98214...filecom-hacked-malware-spreading-scripts.html

 

Secure Folders would not be of value for things like this.The issue here would be in order to prevent browser data exfiltration one would have to lock down specific folders within C:\Users\"Username"\AppData\Local\ directory(for Chrome, Edge, Vivaldi. etc). This is not an option with Secure Folders- the closest you can get would be to secure the entire C:\Users tree which is a very, very bad idea.

Yes, it would be bypassed by this and oodles of other things.

 

I'm not following you, why do say that this isn't possible? Because I have done exactly what you described, I have locked the Vivaldi browser profile, and of course Vivaldi needs to be set as a trusted process, otherwise it can't function. Basically, I have added around 20 processes as trusted because they need access to my files. Which means that only these processes can be abused to bypass protection. And Downloads and Documents folders are respectively set to read only and locked.

 

Did anyone else know what Cruelsister meant? In fact, I have even tested to see if my browser passwords were visible and Nirsoft's WebBrowserPassView app couldn't access my passwords when Secure Folder's protection was enabled. So it really does seem to work.

 

Apologies for being unclear:

Question- in your SecureFolder setup, can you (or have you) specifically protected the "C:\Users\"Username"\AppData\Local\Google\Chrome" directory?

 

Yes, AFAIK you can protect any folder that you want, but the key is to trust certain processes who need access to your files. Like I said, when Secure Folders is disabled, then WebBrowserPassView can grab all of your browser passwords, but it can't when SF's protection is enabled. So that's why I wondered if it would also help against all of the infostealers that you have been testing lately.

 

Have you tried to protect the SPECIFIC folder that I mentioned above ("\AppData\Local\Google\Chrome")?

The reason I ask is that I must have missed something- although many things can be protected, for me the AppData\Local\Google\Chrome\Default was not among therm.

 

No, I haven't tried it, because I don't use Chrome. Perhaps someone else can check it out? I don't see why you shouldn't be able to protect this specific folder, do you get some error? I simply added Vivaldi's profile folder to the protection list (locked), I suppose you can also do this with for example Edge. Perhaps you can test the infostealers against Edge.

 

Hello @Rasheed187 - Have you tested manually Secure Folders simply by trying to do something with the folder of your favorite browser Vivaldi? I know this has nothing to do with info-stealers per say, but i'm kinda sure that you've performed a few experiments.

@cruelsister can better offer you her findings if she decides to test Vivaldi maybe. Her results uncover ANY sneakies that might even be novel attempts to penetrate things in Windows, especially firewall busters that transmit things.

 

See my last post, you can use a tool like WebBrowserPassView, which in fact acts like a datastealer since it's able to access passwords from all major browsers. If you lock Vivaldi's and Edge's profile folder with Secure Folders, then all non trusted processes, including WebBrowserPassView, can't access it. Obviously, if you don't make Vivaldi and Edge a trusted process, they won't even be able to run.

https://www.nirsoft.net/utils/web_browser_password.html

I suppose the infostealers that she tests, are mostly targeting Chrome, Firefox and Edge. I do know that Firefox asks for a master password, which means that those passwords are better encrypted.

 

Did you or anyone else already check it out? Could you protect the Chrome profile folder (with Secure Folders) without any problems? I don't have Chrome installed so I can't test it.

Did you already check it out with Vivaldi and Edge, could infostealers steal passwords from these browsers? And BTW, I saw your latest video about AV testing, you made a good point. But what about Sandboxie, was it bypassed or something?

 

I did a quick test and I had problems, sorry. I can't tell any else details cause I did it some days back and I can't remember.

 

Same here @Rasheed187 - Soon as i can i will retest this because Secure Folders is been Set n Forget on this end for so long now and nothing i found yet is been capable to punch through it.

Amazing how that some Abandonware continues to offer security long after it first came out like this one.

 

OK thanks, weird because I have no problems protecting Vivaldi's and Edge's profile folder.

 

Please, can anyone link a safe download page for Secure Folders Free ? I found Softonic, but once it was not believed to be reliable. And Google is not helping me on this.

 

https://www.softpedia.com/get/Security/Security-Related/Secure-Folders.shtml

 

Thank you.

 

Glad you found a good link. If you couldn't i was going to throw it on a free file upload service server for you.

This long abandoned app is still so useful & formidable that i made multiple copies just so every new O/S i installed receives it's protection.

 

Thank you, EASTER, you're very kind ! But your link worked fine, and I already download Secure Folders.

 

It is @Pliskin link not mine. But glad you finally have it now. Cheers!!

 

I saw your latest video about the MS Edge infostealer, I suppose that Secure Folders and not to forget a firewall like TinyWall can block it? Or did this infostealer tried to bypass the firewall? And like I said, I can protect the profile folder from MS Edge without any problems.