Page 1 of 2 12 LastLast
Results 1 to 15 of 29
  1. #1
    3 Star Lounger Backspacer's Avatar
    Join Date
    Sep 2002
    Location
    Scappoose
    Posts
    243
    Thanks
    12
    Thanked 5 Times in 5 Posts

    Does MSE detect and remove BlackPOS?

    ... or other POS-targeted malware? I can find no useful information through Google or on the MSE website.

    --Thanks

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Bronze Lounger
    Join Date
    Aug 2012
    Posts
    1,595
    Thanks
    23
    Thanked 224 Times in 219 Posts
    I read a blog that BlackPos had evaded 40 commercial AV programs and as MSE isn't the best of AVs, I'd hazard a guess and say No, but you could contact MS and see if you can get a honest response from them.

  4. #3
    3 Star Lounger Backspacer's Avatar
    Join Date
    Sep 2002
    Location
    Scappoose
    Posts
    243
    Thanks
    12
    Thanked 5 Times in 5 Posts
    You can contact Microsoft? I had no idea. When did that become possible? And they actually answer? Please tell me how to do this.

  5. #4
    Bronze Lounger
    Join Date
    Aug 2012
    Posts
    1,595
    Thanks
    23
    Thanked 224 Times in 219 Posts
    Quote Originally Posted by Backspacer View Post
    You can contact Microsoft? I had no idea. When did that become possible? And they actually answer? Please tell me how to do this.
    http://support.microsoft.com/contactus/

    Some help is free which this query should be but for more technical queries they will charge.

    From the UK I found a non premium phone number which you could also Google for from your location which negates the need to create an account.
    Last edited by Sudo15; 2014-03-18 at 10:30.

  6. #5
    3 Star Lounger Backspacer's Avatar
    Join Date
    Sep 2002
    Location
    Scappoose
    Posts
    243
    Thanks
    12
    Thanked 5 Times in 5 Posts
    So far not so good. I did a chat at that first address. I was #1 and it started right away. The guy was obviously reading from a script and trying his best to calm and reassure me - even though I was already calm and did not need reassurance. But all he could do was refer me to a different chat service. That one (http://answerdesk.microsoftstore.com) is so backlogged that I get bored and wander off before they answer my chat request. When I return I have to restart it. So far I haven't been able to talk to anyone who can answer such a simple question.

    The first chat service allowed me to enter my question before initiating the chat. It also allowed me to email a transcript to myself. But it didn't email the original question. What the heck good is that?

    The second chat service does not allow me to enter my question while I'm waiting. I was planning to just copy/paste my question from the first chat, but since it was not sent along with the transcript I will have to remember and recompose my question all over again.

    I am still not convinced that it is possible to get help from Microsoft.

  7. #6
    Bronze Lounger
    Join Date
    Aug 2012
    Posts
    1,595
    Thanks
    23
    Thanked 224 Times in 219 Posts
    I contacted them once with a problem and the guy suggested something which I didn't think would work, but it did.

    MSE is probably a sensitive subject with MS with its competence questionable and the guy was probably reluctant to commit where security matters are concerned.

    The article that I read which said that it had evaded 40 commercial AV programs didn't mention which they were, but I think it tends to target businesses rather than the home user.

    Probably best to use cash at the checkout http://www.darkreading.com/vulnerabi...re-s/240165683 and get a better AV program.

  8. #7
    3 Star Lounger Backspacer's Avatar
    Join Date
    Sep 2002
    Location
    Scappoose
    Posts
    243
    Thanks
    12
    Thanked 5 Times in 5 Posts
    I'm not a home user. I have two Point of Sale cash register systems in my store and two backups. I don't want to end up like Target. They can lawyer up and they will survive it. I would not. I'd end up living under a bridge if that happened to me.

    My store systems are all running MSE because I read in a Windows Secrets newsletter that it was a competent antivirus program. I am now researching to see whether it really is or if I should get a different one. In the past I have only ever used Norton Internet Security after an incident in 1999 (+/- a year) when McAfee destroyed my system worse than any virus at the time could possibly have done. I still run it on a few systems. Should I switch all of my MSE systems to Norton? Or is there something better I should consider - and is enough better than Norton to be worth the learning curve?
    Last edited by Backspacer; 2014-03-18 at 16:10.

  9. #8
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    6,053
    Thanks
    196
    Thanked 758 Times in 694 Posts
    BackSpacer,

    From what I read here I'd be more worried about the attack vector (in this case a compromised web server) than about detecting the malware. If you can prevent the attack vector they can't get the malware on your POS! HTH
    May the Forces of good computing be with you!

    RG

    VBA Rules!

    My Systems: Desktop Specs
    Laptop Specs


  10. #9
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,172
    Thanks
    129
    Thanked 1,139 Times in 1,050 Posts
    Quote Originally Posted by Backspacer View Post
    I'm not a home user. I have two Point of Sale cash register systems in my store and two backups. I don't want to end up like Target. They can lawyer up and they will survive it. I would not. I'd end up living under a bridge if that happened to me.

    My store systems are all running MSE because I read in a Windows Secrets newsletter that it was a competent antivirus program. I am now researching to see whether it really is or if I should get a different one. In the past I have only ever used Norton Internet Security after an incident in 1999 (+/- a year) when McAfee destroyed my system worse than any virus at the time could possibly have done. I still run it on a few systems. Should I switch all of my MSE systems to Norton? Or is there something better I should consider - and is enough better than Norton to be worth the learning curve?
    Well, I don't really like MSE and comparatives never rank it very well. My personal preference lies with Emsisoft Antimalware and I would recommend BitDefender, as well. These are regularly top rated AVs. If you prefer Norton, it is still better than MSE.

    You should know, however, that no single AV can catch everything, so a multilayered strategy works best.
    Rui
    -------
    R4

  11. #10
    Bronze Lounger
    Join Date
    Aug 2012
    Posts
    1,595
    Thanks
    23
    Thanked 224 Times in 219 Posts
    I wouldn't trust MSE with anything but the second paragraph in that article basically says that it has been reported that it is AV proof.

  12. #11
    3 Star Lounger Backspacer's Avatar
    Join Date
    Sep 2002
    Location
    Scappoose
    Posts
    243
    Thanks
    12
    Thanked 5 Times in 5 Posts
    I do use a multi-layered strategy. I use ZyXel business class firewall routers, software firewalls (Windows Firewall on the systems running MSE), and the virus/malware protection of MSE or NIS. I run a MalwareBytes scan once a week on each system. I scan both my office and store Internet connections monthly at the ShieldsUp website. And there are a couple of other scans that I run manually, though I can't remember what they are right off hand. My computer reminds me to do them. :-) I continually remind my employees to keep their browsing to business or weather related sites as much as possible. Their email clients are setup with aggressive spam filtering. I'm sure I've overlooked something.

    But to make my network and computers completely secure would be to make them unusable. It seems like eventually there will be some combination of exploits/vulnerabilities which will allow something in. If a virus trashes a computer, or even all of them, that's not as bad as if it starts siphoning off my customer's credit/debit card info. If I'm not doing everything I reasonably can to protect against that, I will probably not survive the ensuing lawsuits. So I want to make sure that whatever AV/AM I am using, it keeps up with the latest POS exploits. And preferably keeps ahead of them.

  13. #12
    3 Star Lounger Backspacer's Avatar
    Join Date
    Sep 2002
    Location
    Scappoose
    Posts
    243
    Thanks
    12
    Thanked 5 Times in 5 Posts
    BlackPOS is AV proof? That would be seriously bad news. But nothing is ever totally bulletproof and once known someone will figure out how to detect it. In fact I just heard on the radio yesterday that someone at Target is in trouble because there were "indications" of a problem but they were ignored. I'd sure like to know what those indications were so I could make sure I do not ignore them if they occur at our store.

  14. #13
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,172
    Thanks
    129
    Thanked 1,139 Times in 1,050 Posts
    Quote Originally Posted by Backspacer View Post
    I do use a multi-layered strategy. I use ZyXel business class firewall routers, software firewalls (Windows Firewall on the systems running MSE), and the virus/malware protection of MSE or NIS. I run a MalwareBytes scan once a week on each system. I scan both my office and store Internet connections monthly at the ShieldsUp website. And there are a couple of other scans that I run manually, though I can't remember what they are right off hand. My computer reminds me to do them. :-) I continually remind my employees to keep their browsing to business or weather related sites as much as possible. Their email clients are setup with aggressive spam filtering. I'm sure I've overlooked something.

    But to make my network and computers completely secure would be to make them unusable. It seems like eventually there will be some combination of exploits/vulnerabilities which will allow something in. If a virus trashes a computer, or even all of them, that's not as bad as if it starts siphoning off my customer's credit/debit card info. If I'm not doing everything I reasonably can to protect against that, I will probably not survive the ensuing lawsuits. So I want to make sure that whatever AV/AM I am using, it keeps up with the latest POS exploits. And preferably keeps ahead of them.
    From a malware point of view, the Windows Firewall is almost useless, although int your case it could help if it is configured to block any outgoing, non allowed program. Other than that, it provides basically no additional protection to the one provided by your hardware firewall. Running Malwarebytes on demand is good, but what really matters is detecting malware in real time. If you want to keep your setup I would add Malwarebytes in real time.

    I believe in whitelisting apps. That's why I run a HIPS, which doesn't allow anything that hasn't been authorized, to run, be that a legitimate program or malware. So my setup relies on Online Armor + EAM. With OA whitelisting and EAM behavioral detection I feel I am reasonably protected even against unknown, zero day, threats.
    Rui
    -------
    R4

  15. #14
    Bronze Lounger
    Join Date
    Aug 2012
    Posts
    1,595
    Thanks
    23
    Thanked 224 Times in 219 Posts
    That article is entitled SecureState Releases Black POS Malware Scanning Tool and while may not be a freebie, they must have been able to break it down to produce a scanner.

    If current AV programs are unable to detect it, then it may be worth enquiring about just for peace of mind.
    Last edited by Sudo15; 2014-03-18 at 18:31.

  16. #15
    Bronze Lounger
    Join Date
    Aug 2012
    Posts
    1,595
    Thanks
    23
    Thanked 224 Times in 219 Posts
    Ah, a further Google has produced http://engage.securestate.com/black-...lware-scanning so you may be in luck as not to be facing further costs if there isn't a catch.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •