what program do you use to program to protect themselves from the new ransom ?

Discussion in 'other anti-malware software' started by mantra, Mar 16, 2016.

  1. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,122
    hi

    i was reading an article about
    what do you do to protect themselves from the new ransom ?

    do you think keeping update firefox or chrome and flash player and the antivirus update is enough?
    thanks
     
  2. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    665
    Sandboxie for me.
     
  3. Magic_The

    Magic_The Registered Member

    Joined:
    Jun 24, 2015
    Posts:
    31
    Comodo sandbox
     
  4. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,508
    Location:
    Slovakia
    Flashblock and since it drops payload in Temp and creates an autorun entry to start it afterwards, deleting those will do just fine, at least for me. :cool:

    Seems like it, since the vulnerability has already been patched.

    http://blog.trendmicro.com/trendlab...d-flash-exploit-added-to-nuclear-exploit-kit/

    Those hackers are just pure evil. :cautious:
     
  5. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    1,627
    Location:
    Toronto, Canada
    Adguard For Windows to protect system-wide on the network level to filter all advertisements, trackers, etc. But also, Adguard has an option for filtering malicious web sites and traffic based on well established lists of site containing malware. So that is just one level. Other levels would be UAC set to maximum, application whitelisting to control which executables can run and where they can run from, OpenWrt on the router also loaded with lists to filter content, Chromium (with Google Safe Browsing protection, AppContainer sandbox of processes, Win32k Lockdown for PPAPI processes, Flash set as Click to Run), along with a well configured EMET.

    Without a doubt, it is uncertain times these days, where our close family and friends who may not be as technically/security-aware as we are, can simply visit legitimate web sites and become infected with ransomware through malicious advertisements. So it goes beyond even common sense these days. And then we've got major legitimate web sites trying to force users to disable their adblockers, potentially opening them up to these dangers. It is interesting times, for sure. Also, it will be interesting to see how security evolves over the next few years as the malware becomes more sophisticated.

    A lot of the things that Tavis Ormandy of Google Project Zero has been uncovering lately of the attack surface that AV software is creating is also very interesting and something to follow closely. Tavis expects something of a Slammer worm or some sort of large scale targeted attack on the scale of billions of dollars where criminals would utilize attack major user bases through AV exploits or something along the lines of that. That would certainly make the headlines. It is good, though, that someone is holding AV software accountable and uncovering exploits and attack surface which is leading to more patches being issued, more awareness of code quality with regard to secure coding practices, and in general just shining more light on the topic to keep everyone aware of the possibilities.
     
    Last edited: Mar 16, 2016
  6. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,983
    Location:
    Canada
    Block iframes and control Adobe Flash.
     
  7. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    791
    Location:
    India
    HMPA + Firefox (uBO with Medium blocking mode) + Flash set to "Click to Run" mode..
     
  8. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    I always have Flashblock enabled in K-Meleon. I have other flash options with the privacy bar.

    kmflash1.jpg
     
  9. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    NoScript and Adblock plus are the ones doing the job for me. I never get to see anything like ramsonware, fake scanners, distracting jumping ads, banners, never. This things are like they dont exist for me. And just in case, Sandboxie as a safety net.

    Bo
     
  10. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,983
    Location:
    Canada
    Exactly! You and only a few others seem to understand this.
     
  11. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    I am totally convinced that's the case. And the best part of it is that all is done quietly. Wat, I never see nothing that looks like malware when browsing. I don't even get to see a Sandboxie message telling me about some strangely named exe attempting to run. Thats probably because malware don't even get the chance to run due to NoScript and Adblock plus doing their thing.

    Bo
     
  12. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,983
    Location:
    Canada
    Sandboxie is a terrific safety net, but without question the script and ad blocking is the primary defense here. There is no need for HIPS control as so many seem to think. I'm a proponent of basic anti-executables but not to the point of controlling to the granularity level of a HIPS program.
     
  13. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    I don't see anything like malware when I'm browsing too, and I don't have NoScript on K-Meleon.

    FWIW I do have SpywareBlaster though.

    kmsb1.jpg
     
  14. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    I understand that 99% of the time NoScript is essentially superfluous and IMO there are better adblockers than ABP.
     
  15. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,122
    hi TairikuOkami , thanks , i will add flashblock
    hi
    noscript could be a nightmare, it needs lots of attention ,i uninstall it because made me crazy
    Thanks Bo

    hi
    yes sandboxie is great , but for normal surfing it's not comfortable , i lost all my data when i empty the sandboxie

    about the hips , do you think i could do with eset smart security hips?
    thanks

    hi WildByDesign
    aobut
    do you mean Malware Domains subscrition?
    ublock origin seems more tough then adguard ,but it updates its list slowly
    thanks
     
  16. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,983
    Location:
    Canada
    For the record, I'm not implying you or anyone specific in my comments, only those that seem to completely disregard script/ad-blocking or similar as a very effective means of preventing exploits like the Angler kit. You did mention the use of Flash Block, and that alone wins you well over half the battle, to say the least, against these exploits, which feast upon Adobe and Silverlight, amongst other plugins.

    I've no idea about ESET Smart HIPS. I guess if you can configure it to basically whitelist executables and DLL's, then I suppose you might benefit from it. As usual, your mileage may vary.
     
  17. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    My opinion based on my personal experience using NoScript is the opposite. Maybe one reason why NoScript never bothered me, not even at the beginning is because when I first installed it, I didn't try to make any sense of it. I just went with it. After a while one day all of the sudden, things started clicking.

    And something else. I am very wary about addons in general, specially the ones I install. The best way to make sure you install clean addons is to install addons that are very popular. And guess where Adblock plus and NoScript rank in the Mozilla "Most popular" Addons list.

    Sin título.jpg

    Bo
     
  18. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    1,627
    Location:
    Toronto, Canada
    Yes, that is the list that I was referring to. I assume that several products likely make use of the same (or similar) list.
     
  19. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    Yes, many people don't even count an adblocker as a security measure. Flash blocking just seems a sensible precaution to me. I know Chrome and Opera (Blink) have a click-to-play facility but Firefox seems to have lost this capability. Phil Chee's Flashblock extension doesn't seem to work for me and it won't run with NoScript installed anyway.

    https://addons.mozilla.org/en-US/firefox/addon/flashblock/?src=ss
     
  20. haakon

    haakon Registered Member

    Joined:
    May 25, 2015
    Posts:
    751
    Location:
    SW USA
    I use a program from my brain that doesn't allow Flash and Silverlight to exist on my systems. If an online service or "popular Website" needs either to present their product/content, I don't need that online service or site.
     
  21. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    I tend to agree about add-ons, they can often be problematical. There's nothing wrong with ABP, it's been going a long time and is the adblocker most people think of first, I just prefer uBlock Origin on Firefox. It is the only adblocker that effectively stops the ad blitzkrieg on PhotoBucket. I also prefer Bluhell Firewall on SeaMonkey as I can watch some TV shows on catch-up without sitting through hours of ads. They detect ABP and refuse to run. For some strange reason they run and Bluhell Firewall blocks the ads in them. I understand the TV channels get their revenue from advertising (except the BBC) but I sit through enough of their ads watching the telly, sometimes I just want to catch up on something I missed without sitting through 20 mins of commercials trying to sell me stuff I don't want before the show even starts lol! Bluhell is also very light.

    As for NoScript, I don't need it on K-Meleon.
     
  22. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    That rules me out ... I've had brain damage lol.
     
  23. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    Hi Mantra, yes I can see how NoScript can be a nightmare. But it shouldn't be. Read my previous post, in it I tell the approach I took when I first installed NoScript. It works, makes things easier when you don't feel you have to make sense of everything in one day.

    Bo
     
  24. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    @bo
    to mention that ublock for firefox is not that old than ABP/NS.
    ofc both are reliable but for the masses ublock is 2in1 and uB0 is now same popular as ABP/NS. and much more granular than those.

    BTT
    to fight ransom and locking trojans in browsers there for free there is no better than malwarebytes anti-exploit or hitman alert. but i never had any issue before using MBAE - firefox is at least not that vulnerable in its present configuration.

    flash in firefox is only on demand - flash in opera not present (neither adobe or pepper).
    flashblock is pointless, not needed that way.

    conclusion - some dont need tons of security software - only few but those should act at the right place.
    browser in the box can prevent outbreaking - but not prevent data sending via browser. at least the box has been infected and that should not happen with the named tools here.

    HTH
     
  25. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    You shouldn't lose any data that's inside the sandbox. By default, when you install Sandboxie, nothing is set for recovery to the hard drive.

    But there are many things that you can do with settings regarding recovering files. For example, you can set recoveries to be allowed to one folder or many folders, and then set it up to be prompted by Sandboxie either inmediatedly after downloading the file is over or to be prompted when you delete the sandbox. You can even set recoveries to to a particular folder to bypass sandboxing, this way recovering files works just like if you were not using Sandboxie. No prompts or nothing, when the download of the file is over it gets created out of the sandbox. You have the choices to make your sandbox as weak or as strong as you want And as convenient as you want. You have the settings to do what you want, Mantra.

    About normal surfing. For me, browsing with Firefox feels exactly the same sandboxed as unsandboxed. There is no difference. The only time I run Firefox out of the sandbox is to update the browser or the addons, for nothing else-

    Bo
     
Loading...