Page 6 of 6 FirstFirst ... 456
Results 76 to 89 of 89
  1. #76
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    I did some more digging around. It seems the Crypto Prevent tool injects software restrictions directly into the registry and does not use local policies at all. I guess that makes sense, since it is designed for pro and home versions of the OS so can't rely on group policy editor being present.

    I then searched the registry, for various entries and did find a couple of keys related to Foolish IT (the developer), but didn't have time to locate any kind of table that might indicate which applications are being blocked and which are whitelisted. If I had time I could take a clean install of Crypto Prevent and one with a single app added to the whitelist and run a file compare on the saved registries to find out where and how.

    But I din't have time and for the purposes of this discussion I think it is a mute point because of the following reasons:

    In a limited deployment of similar blocking techniques, some genuine software was tripped up. Thus, to address the question from Bobprimak earlier, in my opinion that means MS would have a pretty hard time developing and updating a blocking algorithm that is anywhere near responsive enough for all the apps that at some point in time might want to execute from there.

    Foolish IT can do it because they are a small shop offering a standalone patch with caveats and are open about the hazards. MS couldn't do it because countless hundreds of millions of users would pick up the patch and goodness knows how many apps would break.

    I think this goes back to closing the door after the horse has bolted. The problem does not appear in hardened OS's, but does in Windows because of historical design choices that were made well over a decade ago.

    In some cases (for example my work environment) it makes sense to deploy software restriction policies, but that is not necessarily proven to be the best solution for home situations where a behavioural firewall (i.e. a HIPS) could provide a better option.

    HIPS costs money, Crytpo Prevent is free. Perhaps that's the differentiation?
    Last edited by Tinto Tech; 2013-12-03 at 13:38.
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

  2. The Following 2 Users Say Thank You to Tinto Tech For This Useful Post:

    brino (2014-01-30),ruirib (2013-12-03)

  3. #77
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,352
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Quote Originally Posted by Tinto Tech View Post
    I did some more digging around. It seems the Crypto Prevent tool injects software restrictions directly into the registry and does not use local policies at all. I guess that makes sense, since it is designed for pro and home versions of the OS so can't rely on group policy editor being present.

    I then searched the registry, for various entries and did find a couple of keys related to Foolish IT (the developer), but didn't have time to locate any kind of table that might indicate which applications are being blocked and which are whitelisted. If I had time I could take a clean install of Crypto Prevent and one with a single app added to the whitelist and run a file compare on the saved registries to find out where and how.

    But I din't have time and for the purposes of this discussion I think it is a mute point because of the following reasons:

    In a limited deployment of similar blocking techniques, some genuine software was tripped up. Thus, to address the question from Bobprimak earlier, in my opinion that means MS would have a pretty hard time developing and updating a blocking algorithm that is anywhere near responsive enough for all the apps that at some point in time might want to execute from there.

    Foolish IT can do it because they are a small shop offering a standalone patch with caveats and are open about the hazards. MS couldn't do it because countless hundreds of millions of users would pick up the patch and goodness knows how many apps would break.

    I think this goes back to closing the door after the horse has bolted. The problem does not appear in hardened OS's, but does in Windows because of historical design choices that were made well over a decade ago.

    In some cases (for example my work environment) it makes sense to deploy software restriction policies, but that is not necessarily proven to be the best solution for home situations where a behavioural firewall (i.e. a HIPS) could provide a better option.

    HIPS costs money, Crytpo Prevent is free. Perhaps that's the differentiation?
    Thanks for all the work checking this . Nice job.

    As to the money, well, a decent HIPS can cost $25-$30 and protects against a lot more than just against Crypto. I suppose that can be expensive... until you get one single infection. That alone will make up for the cost, IMVHO.
    Rui
    -------
    R4

  4. #78
    Star Lounger
    Join Date
    Dec 2009
    Location
    New York, USA
    Posts
    62
    Thanks
    35
    Thanked 4 Times in 4 Posts
    Quote Originally Posted by Medico View Post
    Fortunately, many of the larger PC manufacturers do include an AV/AM app by default. If the manufacturer does not, then MS does in the form of Windows Defender in Win 8 and Win 8.1. Even though many here believe this app is less than effective to the 3rd party apps, for these "average users" it very well might be all they have available.
    Speaking of free anti-virus and anti-malware applications, just yesterday I had a drive-by infection of the PC Antivirus 2009 type, and both my up-to-date Windows Defender and my up-to-date, running-in-the-background anti-virus program allowed it to do its dirty work.

    The thing that saved me was -- as soon as I saw the nasty screen pop up with its spurious demands -- to turn off my PC using the Power button (i.e., holding it in for 5 seconds) and reboot into Safe Mode (Win7 64-bit) with networking. From there I downloaded and immediately updated Malwarebytes AntiMalware (free) and SuperAntiSpyware (free) and went to the website of the free Trend online anti-virus scanner. I ran all three simultaneously (in Quick Scan mode), and after about 15 minutes ONLY ONE of them picked up 10 assorted Trojans/PUPs, etc. That was Malwarebytes. The other two ran longer but found nothing but tracking cookies. Malwarebytes then quarantined and deleted all of them. When I rebooted my PC all was well again! So much for relying on the anti-virus capabilities of the "usual suspects."
    Last edited by frankd14612; 2013-12-04 at 15:59. Reason: Changed second anti-virus to anti-malware.

  5. #79
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,352
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Quote Originally Posted by frankd14612 View Post
    Speaking of free anti-virus and anti-virus applications, just yesterday I had a drive-by infection of the PC Antivirus 2009 type, and both my up-to-date Windows Defender and my up-to-date, running-in-the-background anti-virus program allowed it to do its dirty work.

    The thing that saved me was -- as soon as I saw the nasty screen pop up with its spurious demands -- to turn off my PC using the Power button (i.e., holding it in for 5 seconds) and reboot into Safe Mode (Win7 64-bit) with networking. From there I downloaded and immediately updated Malwarebytes AntiMalware (free) and SuperAntiSpyware (free) and went to the website of the free Trend online anti-virus scanner. I ran all three simultaneously (in Quick Scan mode), and after about 15 minutes ONLY ONE of them picked up 10 assorted Trojans/PUPs, etc. That was Malwarebytes. The other two ran longer but found nothing but tracking cookies. Malwarebytes then quarantined and deleted all of them. When I rebooted my PC all was well again! So much for relying on the anti-virus capabilities of the "usual suspects."
    Not all AVs are alike. No AV will protect against everything, but there are those that are better than others... and I think having two live apps to detect malware get you a better chance of remaining free of malware.
    Rui
    -------
    R4

  6. The Following 2 Users Say Thank You to ruirib For This Useful Post:

    cmptrgy (2014-03-23),frankd14612 (2013-12-04)

  7. #80
    Silver Lounger mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    2,177
    Thanks
    207
    Thanked 213 Times in 205 Posts
    Trend Micro has some very good info about ransomware on their website:

    http://blog.trendmicro.com/trendlabs...-cryptolocker/

    http://blog.trendmicro.com/trendlabs...ot-connection/
    Last edited by mrjimphelps; 2013-12-04 at 15:03.

  8. #81
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,327
    Thanks
    139
    Thanked 117 Times in 100 Posts
    So I guess the answer to my query about Microsoft implementing something like CryptoPrevent in the form of a patch is:

    While this might be a good idea in principle, in practice there are indeed some products, including Microsoft's own offerings, which would break badly. End users would not tolerate this amount of breakage.

    So unless MS rewrites installers and Apps, we are doomed to repeat the insecurities of the past and the present.

    *Sigh*
    -- Bob Primak --

  9. #82
    New Lounger
    Join Date
    Dec 2009
    Location
    Palo Alto, California USA
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts
    ... I think we should ask our representatives in Congress to use the NSA to identify and block all the purveyors of viruses/malware/ID theft/ransomware/etc. And for our representatives to task the FBI and CIA to putting an end to their nefarious activities by whatever means necessary. I already have asked my representatives (Feinstein, Boxer and Eshoo) to do just that:
    "First, Congress should pass legislation making illegal and subject to prosecution, fines, punitive damages, and prison, practices such as identity theft, using the Internet and/or phone system to foist malware, viruses, adware, ransomeware and other digital abuses to phone and computer users.
    You should add to the NSA's mandate, to identify, locate and track these cybercriminals, whether domestic or foreign; and if possible, shut them down.
    Then mandate the FBI to vigorously investigate, and prosecute the perpetrators with stiff fines and lengthy prison sentences.
    Cybercrime is a growing source of revenue to criminals, and Congress must pass legislation to make it unprofitable and risky.
    Best regards,"
    I encourage everyone to copy/paste my message, or create your own, so Congress gets the message that cybercrime is out of control and needs to be harshly dealt with.

  10. #83
    3 Star Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    216
    Thanks
    26
    Thanked 10 Times in 9 Posts
    I didn't see if the following has already been mentioned:
    The replacement harddrive can be larger. If you're restoring Windows 7 and older boot legacy in the BIOS.
    If you're restoring Windows 8 -- boot U[something] has to be in the BIOS.
    I think it's best if the harddrive is in the same manufacture-specs family.
    I'm not sure if you can safely mix IDE with SATA with SSD -- ask around
    Roland
    Last edited by RolandJS; 2013-12-15 at 19:18. Reason: left out something

  11. #84
    3 Star Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    216
    Thanks
    26
    Thanked 10 Times in 9 Posts
    "Going back way too many years, my own favorite saying has always been "the only bad backup is the one you decided NOT to make".

    Well said! The second bad backup is the one done carelessly and there is no restore possible, discovered too late.

    Roland

  12. The Following 2 Users Say Thank You to RolandJS For This Useful Post:

    bigbadsteve (2014-08-09),cmptrgy (2013-12-16)

  13. #85
    Star Lounger
    Join Date
    Feb 2004
    Posts
    81
    Thanks
    2
    Thanked 5 Times in 5 Posts
    I will just add my own ditto to the image chorus. Most all of us here live by the simple rule; image after any Change or patch, security with regularly updated AV/AM apps, and regular data backups. Those of us with the paranoia gene unplug the USB drive when not creating the image and do regular file backups too. Granted you probably can't expect said "average user" to follow this plan, BUT, everyone should have at least one "clean" image of the OS in good working order. I always create one after bailing out friend, co-worker, or family member from some dire "my computer won't work! Can you help?"
    It's been said enough here and for a LONG time, but new members or whatever, it bears repeating so:

    BACKUP, BACKUP, BACKUP, CREATE AN IMAGE!
    Joela

  14. The Following User Says Thank You to joela44 For This Useful Post:

    Philip B (2013-12-22)

  15. #86
    New Lounger
    Join Date
    May 2010
    Location
    Montreal
    Posts
    22
    Thanks
    0
    Thanked 3 Times in 2 Posts
    The good news is that CryptoLocker can only arrive on your computer by email with an attachment , usually a bogus service message with a pdf attachment where the .exe hides so education can stop this threat . The simplest thing to do is have data copy and paste full size to an external drive. Keep it simple. The rest of what you said about reinstalling windows applies. The data is what matters teach this to your users and you will be ok I know its not easy as I also do what you do in Montreal Good luck and thanks for your article

  16. #87
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 208 Times in 181 Posts
    Quote Originally Posted by BobFo View Post
    ... CryptoLocker can only arrive on your computer by email with an attachment ...
    That may have been true last week, who knows how it will be mutated?

  17. #88
    Lounger
    Join Date
    Oct 2010
    Location
    Raleigh, NC, USA
    Posts
    44
    Thanks
    36
    Thanked 4 Times in 4 Posts
    thanks again, ruirib

    I agree the danger is having it stolen. However, as I said, I don't keep serious secret data on my system. It's just lots of photos of family, my mango tree or black Lab dog or a fish I caught and MD3 files of old CDs, so I don't have much fear.

    Since my nearest relative (or good friend even) is over 100 miles, I would have to buy 3 or 4 drives and UPS them back and forth. I know I am just being silly, but, for me, some of the heavy user solutions are not really feasible. My safe deposit box is only $50 a year and it's close by.
    Paulbyr in NC

  18. #89
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,352
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Quote Originally Posted by paulbyr View Post
    My safe deposit box is only $50 a year and it's close by.
    That's a great solution, as well .
    Rui
    -------
    R4

Page 6 of 6 FirstFirst ... 456

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •