Windows 10 Apps Hit by Malicious Ads that Blockers Won't Stop

https://www.bleepingcomputer.com/ne...hit-by-malicious-ads-that-blockers-wont-stop/

 

As shown in the bleepingcomputer.com article, Eset's Web Filtering protection that scans web page javacript code will protect you from most of this crap.

 

I believe that free browser add-ons uBlock Origin & Trace will block all connections to known advertising networks and malicious sites. Right? So, also, will free add-on "Emsisoft Browser Security." Right?

 

According to ghacks:

 

@TonyW - neither you nor ghacks dealt with the well-known, powerful add-ons I mentioned. ghacks sometimes plays the part of Chicken Little, IMO.

 

@bellgamin, I personally use uBlock Origin, but I don't know if I can answer your original question.

I was providing another source's take on the subject. I apologise if it was the wrong choice.

 

No problema, Tony. I just hope uBO really IS up to dealing with this sort of stuff.

 

As noted in the article, the ad is shown in a Windows app, so uBO can't help. That's where AdGuard for Windows, AdGuard DNS and BlackFog Privacy may help.

 

UBO is just browser extension, so very limited.

 

@Krusty & @guest & @itman -- 10Q to the nth!!! Reference itman's comment #2 -- are there any other AVs besides ESET that would partly or totally protect from "most of this crap"?

 

Probably any AV that scans internet traffic.

 

Hmmm... K7 scans internet traffic & has scored pretty good on protection. It purports to have a behavior blocker. I wonder why so little is mentioned of K7 at Wilders nowadays? K7 reminds me of The Little Engine That Could because they keep entering the tests against the better know AVs, & they keep climbing up. Daring little upstarts, wot?

 

Probably because the detection rate, although quite good, is not as good as for well known antiviruses. The only reason I can think of to use K7, is because it is exceptionally light.

A lack of customer support doesn't help either.

 

THIS test indicates that, except for FPs, K7 performed as well as (e.g.) Kaspersky, ESET, McAfee. Cheeky little bloke, wot?

But ... back on topic -- This thread has given me second thoughts about whether I should use a real-time AV. (I regularly do not use one now.)

 

If I had to use an AV with traffic scanning, I will go with a business solution like Symantec EP.

 

According to this review, it doesn't perform web filtering: https://www.techradar.com/reviews/k7-antivirus-premium . Also in the last SE Labs Comparative test: https://selabs.uk/download/consumers/epp/2018/oct-dec-2018-consumer.pdf, K7 was the second lowest scorer.

As far as AV protection overall against this type of redirect activity, it is not sufficient that the solution just perform web filtering. It also has to be able to scan Javascript code via it's injected .dll or the like. This could be problematic with sandboxed browsers employing AppContainer such as Edge and possibly Chrome. Eset doesn't seem to have issues in this regard as far as IE11 and Edge goes. I don't use Chrome since I don't know if issues exist with Eset when Chrome is sandboxed. What I do know is that Eset detects malicious .js code in for example, the browser temp directory cache files. In other words, it's scanning anything Javascript-wise that is downloaded.

Finally, don't "expect miracles" in regards to this issue with any AV security solution. I have twice been hit with a screen locker web site in the past using Eset. When encountered with a redirect situation related to this issue, the standard and best procedure is just to immediately terminate the browser or source app using Task Manager or Process Explorer/Hacker.

 

If that happened, I first try to go as quick as I can (...) to go to the other room to disconnect the router from the powerline so there is no internet connection anymore, then do things you described, then do some scans, then put back a backup-image.

 

No need for all that with screen lockers. They fall in the scareware catagory. The one I encountered was a blaring horn sound and big red screen stating "call this number", etc..

 

This is good to know! Now I am wondering if using Linux while surfing the internet might be more secure than surfing with Windows + AV?

 

Why bother, when you can use Shadow Defender etc

 

Yes, but where's the fun in that? I already know how to use SD. With Linux, I have a lot to learn & reduced concern about what Microsoft is going to do next in the direction of forced obsolesence.

 

LOL ! I know from what you've said in the past that you are a Bit over 21 So good for you that you still want to learn more

 

Shadow Defender won't protect against a keylogger in your active shadow session.

 

Obviously ! That's why you should a Good Antkeylogger installed