what program do you use to program to protect themselves from the new ransom ?

hi

i was reading an article about

what do you do to protect themselves from the new ransom ?

do you think keeping update firefox or chrome and flash player and the antivirus update is enough?
thanks

 

Sandboxie for me.

 

Comodo sandbox

 

Flashblock and since it drops payload in Temp and creates an autorun entry to start it afterwards, deleting those will do just fine, at least for me.

Seems like it, since the vulnerability has already been patched.

http://blog.trendmicro.com/trendlab...d-flash-exploit-added-to-nuclear-exploit-kit/

Those hackers are just pure evil.

 

Adguard For Windows to protect system-wide on the network level to filter all advertisements, trackers, etc. But also, Adguard has an option for filtering malicious web sites and traffic based on well established lists of site containing malware. So that is just one level. Other levels would be UAC set to maximum, application whitelisting to control which executables can run and where they can run from, OpenWrt on the router also loaded with lists to filter content, Chromium (with Google Safe Browsing protection, AppContainer sandbox of processes, Win32k Lockdown for PPAPI processes, Flash set as Click to Run), along with a well configured EMET.

Without a doubt, it is uncertain times these days, where our close family and friends who may not be as technically/security-aware as we are, can simply visit legitimate web sites and become infected with ransomware through malicious advertisements. So it goes beyond even common sense these days. And then we've got major legitimate web sites trying to force users to disable their adblockers, potentially opening them up to these dangers. It is interesting times, for sure. Also, it will be interesting to see how security evolves over the next few years as the malware becomes more sophisticated.

A lot of the things that Tavis Ormandy of Google Project Zero has been uncovering lately of the attack surface that AV software is creating is also very interesting and something to follow closely. Tavis expects something of a Slammer worm or some sort of large scale targeted attack on the scale of billions of dollars where criminals would utilize attack major user bases through AV exploits or something along the lines of that. That would certainly make the headlines. It is good, though, that someone is holding AV software accountable and uncovering exploits and attack surface which is leading to more patches being issued, more awareness of code quality with regard to secure coding practices, and in general just shining more light on the topic to keep everyone aware of the possibilities.

 

Block iframes and control Adobe Flash.

 

HMPA + Firefox (uBO with Medium blocking mode) + Flash set to "Click to Run" mode..

 

I always have Flashblock enabled in K-Meleon. I have other flash options with the privacy bar.

 

NoScript and Adblock plus are the ones doing the job for me. I never get to see anything like ramsonware, fake scanners, distracting jumping ads, banners, never. This things are like they dont exist for me. And just in case, Sandboxie as a safety net.

Bo

 

Exactly! You and only a few others seem to understand this.

 

I am totally convinced that's the case. And the best part of it is that all is done quietly. Wat, I never see nothing that looks like malware when browsing. I don't even get to see a Sandboxie message telling me about some strangely named exe attempting to run. Thats probably because malware don't even get the chance to run due to NoScript and Adblock plus doing their thing.

Bo

 

Sandboxie is a terrific safety net, but without question the script and ad blocking is the primary defense here. There is no need for HIPS control as so many seem to think. I'm a proponent of basic anti-executables but not to the point of controlling to the granularity level of a HIPS program.

 

I don't see anything like malware when I'm browsing too, and I don't have NoScript on K-Meleon.

FWIW I do have SpywareBlaster though.

 

I understand that 99% of the time NoScript is essentially superfluous and IMO there are better adblockers than ABP.

 

hi TairikuOkami , thanks , i will add flashblock

hi
noscript could be a nightmare, it needs lots of attention ,i uninstall it because made me crazy
Thanks Bo

hi
yes sandboxie is great , but for normal surfing it's not comfortable , i lost all my data when i empty the sandboxie

about the hips , do you think i could do with eset smart security hips?
thanks

hi WildByDesign
aobut

do you mean Malware Domains subscrition?
ublock origin seems more tough then adguard ,but it updates its list slowly
thanks

 

For the record, I'm not implying you or anyone specific in my comments, only those that seem to completely disregard script/ad-blocking or similar as a very effective means of preventing exploits like the Angler kit. You did mention the use of Flash Block, and that alone wins you well over half the battle, to say the least, against these exploits, which feast upon Adobe and Silverlight, amongst other plugins.

I've no idea about ESET Smart HIPS. I guess if you can configure it to basically whitelist executables and DLL's, then I suppose you might benefit from it. As usual, your mileage may vary.

 

My opinion based on my personal experience using NoScript is the opposite. Maybe one reason why NoScript never bothered me, not even at the beginning is because when I first installed it, I didn't try to make any sense of it. I just went with it. After a while one day all of the sudden, things started clicking.

And something else. I am very wary about addons in general, specially the ones I install. The best way to make sure you install clean addons is to install addons that are very popular. And guess where Adblock plus and NoScript rank in the Mozilla "Most popular" Addons list.



Bo

 

Yes, that is the list that I was referring to. I assume that several products likely make use of the same (or similar) list.

 

Yes, many people don't even count an adblocker as a security measure. Flash blocking just seems a sensible precaution to me. I know Chrome and Opera (Blink) have a click-to-play facility but Firefox seems to have lost this capability. Phil Chee's Flashblock extension doesn't seem to work for me and it won't run with NoScript installed anyway.

https://addons.mozilla.org/en-US/firefox/addon/flashblock/?src=ss

 

I use a program from my brain that doesn't allow Flash and Silverlight to exist on my systems. If an online service or "popular Website" needs either to present their product/content, I don't need that online service or site.

 

I tend to agree about add-ons, they can often be problematical. There's nothing wrong with ABP, it's been going a long time and is the adblocker most people think of first, I just prefer uBlock Origin on Firefox. It is the only adblocker that effectively stops the ad blitzkrieg on PhotoBucket. I also prefer Bluhell Firewall on SeaMonkey as I can watch some TV shows on catch-up without sitting through hours of ads. They detect ABP and refuse to run. For some strange reason they run and Bluhell Firewall blocks the ads in them. I understand the TV channels get their revenue from advertising (except the BBC) but I sit through enough of their ads watching the telly, sometimes I just want to catch up on something I missed without sitting through 20 mins of commercials trying to sell me stuff I don't want before the show even starts lol! Bluhell is also very light.

As for NoScript, I don't need it on K-Meleon.

 

That rules me out ... I've had brain damage lol.

 

Hi Mantra, yes I can see how NoScript can be a nightmare. But it shouldn't be. Read my previous post, in it I tell the approach I took when I first installed NoScript. It works, makes things easier when you don't feel you have to make sense of everything in one day.

Bo

 

@bo
to mention that ublock for firefox is not that old than ABP/NS.
ofc both are reliable but for the masses ublock is 2in1 and uB0 is now same popular as ABP/NS. and much more granular than those.

BTT
to fight ransom and locking trojans in browsers there for free there is no better than malwarebytes anti-exploit or hitman alert. but i never had any issue before using MBAE - firefox is at least not that vulnerable in its present configuration.

flash in firefox is only on demand - flash in opera not present (neither adobe or pepper).
flashblock is pointless, not needed that way.

conclusion - some dont need tons of security software - only few but those should act at the right place.
browser in the box can prevent outbreaking - but not prevent data sending via browser. at least the box has been infected and that should not happen with the named tools here.

HTH

 

You shouldn't lose any data that's inside the sandbox. By default, when you install Sandboxie, nothing is set for recovery to the hard drive.

But there are many things that you can do with settings regarding recovering files. For example, you can set recoveries to be allowed to one folder or many folders, and then set it up to be prompted by Sandboxie either inmediatedly after downloading the file is over or to be prompted when you delete the sandbox. You can even set recoveries to to a particular folder to bypass sandboxing, this way recovering files works just like if you were not using Sandboxie. No prompts or nothing, when the download of the file is over it gets created out of the sandbox. You have the choices to make your sandbox as weak or as strong as you want And as convenient as you want. You have the settings to do what you want, Mantra.

About normal surfing. For me, browsing with Firefox feels exactly the same sandboxed as unsandboxed. There is no difference. The only time I run Firefox out of the sandbox is to update the browser or the addons, for nothing else-

Bo