SRP , Really Safe??

SRP and Applocker (Win & Ultimate/Enterprise), two of the very best built-in safeguards MS has come up with.

Absolutely, and Mrkvonic has stated similar repeatedly and never, like so many others in this forum, brings up theoretical scenarios or "this could happen if" scenarios because he knows it's a waste of time when a combination of basic security measures (which does not include piling on 3rd party apps) and common sense is all that's needed to play safe.

 

Correct. but this thread more user limited combine with SRP/Applocker. That become very power! If more understand how it work more will use. Otherwise they missing out big big. Pity. Many still rely on 63% detection. You think Prevx much better?
https://www.wilderssecurity.com/showthread.php?p=1691251#post1691251

 

Yes, you are correct. But what I find creepy is that malware writers are now beginning to pay attention to SRP, more so now that W7 implements it.

 

Why you say Win 7 use it? XP use it since 2001 ok? And Win 7 got Applocker now. Applocker never been bypass. Not even by POC. Ok?

 

Only with Vista & W7 did Microsoft mention Applocker and/or SRP as security features, which means they've got the malware writers' attention far more than SRP in XP ever did.

W7 Professional only comes with SRP. W7 Ultimate comes with SRP and Applocker. Can we assume many enterprises go for Pro version because it's cheaper and they feel they don't need the extras (Applocker) found in Ultimate?

 

Microsoft mentioned SRP back in the day plenty, you can find technet article after technet article about it from 2001, 2002, etc. Mechbgon (http://www.mechbgon.com/build/security2.html) in 2009 tested SRP on a Windows 2000 machine with outdated adobe and itunes versions and deliberately tried to infect the machine and was unable to do so. SRP is very resilient, if your new2security, try setting up an old XP box with SRP and try to infect it w/o any real-time protection. Then install a-squared, mbam, and AV of choice and scan the machine and judge for yourself.

I assume many enterprises buy the pro version because the restriction policy is administered by the server.

 

You right. Short answer to question SRP, really safe? Yes it safest of all since never bypass by malware.

 

It's true that you could find SRP related articles in the technet database. But you really had to look for it, which you didn't have to in case of W7/vista. I never saw a boasting about SRP until Vista /W7.

I'm not saying SRP isn't effective, my 2 cents is that we see that malware producers are trying to find ways to bypass SRP.

 

May be they need to try bypass Applocker now. SRP is 10 year old tech. Only way bypass it is to find exploit. Not easy and Microsoft will patch. Also combine sandboxie and you very nice protect!