GT500
-
Posts
6,304 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by GT500
-
-
Especially since, the Crypto Locker (a major type of cryptovirology) is NOT a virus, it is a trojan !
Well, we call that type of malware 'ransomware', if you want to get technical.
As for the issue at hand, what corporation does not have on-site backups made to external hard drives or tapes? Online backup services are great, but why on Earth you would rely solely on such mechanisms is beyond me. Data like what they had is too important to risk losing to forgotten passwords and such.
-
Sheer stupidty? Um no... not unless you raise them right. If a dog destroys stuff inside your house its always the owners that are to blame for not giving them enough exercise or rules and boundaries. Not once did my dog ever "ruin" something.
I don't keep dogs inside. With indoor pets, there are always potential allergen issues (if not for myself then for other people).
As for dogs breaking things out of stupidity, it can depend on the breed. German Shepards tend to be very intelligent. I've seen dogs that are so stupid that they would do something that was causing themselves physical pain (even causing them to bleed all over the place) and they would just keep doing it.
-
I prefer no pets, but if I had to choose then it would be a dog. I've been around dogs my entire life (parents always had them), and compared to cats they are a lot nicer. When a dog ruins something, it's usually an accident or just sheer stupidity, but a cat will do it out of spite.
-
Maybe you didn't have PUP detection enabled?
Open Malwarebytes Anti-Malware, go to the Settings tab, go to Scanner Settings, and make sure that the setting for PUP is at least to show it in the list of results.
-
Unfortunately for the users, the RSA public key created for their system is only known to the attackers, as it’s stored on the C&C server the malware uploaded it to
I just want to point out an error in the article.
The public key is stored in a registry entry on the infected computer. The private key is stored on the server, and is never transmitted to the infected computer. The public key is used to encrypt the files, and only the private key can be used to decrypt them. This is why CryptoLocker is a huge pain in the neck, and the reason why people without proper data backups are pretty much out of luck (unless something had enabled the Volume Shadow Copy Service to make backups, which does not run automatically).
-
Back in the early 80 in one of my classes on lasers we built and tested passing a laser beam onto the window of another building and hooking it up to a tape recording device and we could hear conversation in the room. Lot of technology to determine what's going on.
Yes, the technology is certainly possible to build, however in the case of an infection doing this from the BIOS... How would it interface with different audio chipsets from different vendors? Not every BIOS is capable of emitting sound through the speaker system, so they would have to implement their own audio drivers for each audio chipset that they would likely encounter.
Just another reason why I expect that the story is just a story...
-
Who cares what Leo Laporte says. How is he an authoritative source and or grounds or basis does he for a conclusion ?
He's hosted technology-related TV shows for many years, and so many people trust his judgment and believe he knows what he is talking about. What many people may not know is that he also has a crew backstage that feeds him information through a wireless communication system that he keeps concealed while he is in front of the camera, so he sounds like he knows what he is saying.
I used to watch a couple of his shows on TechTV back before G4 ruined them. Over the years, as I have gained technical knowledge (especially about computer security), I have realized that Leo really didn't know what he was talking about, and that he was nothing more than a TV show host.
The rebuff to Leo is simple. It is possible to make any security software appear ineffective. It just depends on where you pull your test samples from. If I want to make Malwarebytes Anti-Malware look useless, I can do so. If I want to make the anti-virus software made by the company I work for look useless, I can do so. It's far too easy, especially for someone in this industry, to do that. The reason Malwarebytes Anti-Malware is so popular is because of the support of UNITE/ASAP experts who rely on it for supporting users on forums such as BleepingComputer.com and GeeksToGo.com, and if those malware removal experts have an issue with its effectiveness they can and do discuss it with Malwarebytes. These experts also have the ability to submit samples to Malwarebytes, so if they find things that are undetected, then they can easily pass that information on to the research team for analysis.
-
My first reaction is simply that is is a load of BS, and that he's just telling a story to get attention. This was reinforced when it got to the audio part of the story.
It's not that I don't believe that BIOS/firmware infections are possible (or even that I believe that they don't exist), it's just that in nearly 4 years of working for security companies I have never heard or seen a real-life malware researcher mention finding such an infection in the wild. It seems like the only people discussing them are people who claim one or more of their computers has these seemingly magical infections.
Basically, I believe this to be a fraud, and I have a feeling that no one will ever be able to verify his story with anything other than stories of their own.
-
Thank you Steve, that is a very interesting article.
-
Because you haven't been promoted to the "Malware Hunter" group yet. Only certain people can download the files. Please see this topic for the requirements for the Malware Hunter group.
-
Google also keeps trying to force me to use Google+ with my YouTube Account. They can't seem to get it through their thick skulls that I don't want Google+, and just want to keep my YouTube channel the way it was...
-
Avira AntiVir. As far as I am concerned, and in my humble opinion, it is better than Avast, AVG and MSE.
My opinion of Avira's software slumped considerably when I was doing some testing with several editions of it in early 2012. The software seemed as detrimental to computer performance as Norton once was.
Obviously Avira has made considerable changes to their software since then, so it may be better now than it was then.
-
Are you referring to this?
If so, then with recent revelations I'm not sure that I would want to use a government-approved security setup...
-
I find it a little bit odd that anyone would stalk or harass a woman who knows how to write computer viruses... I guess a psychopath will stalk anyone though...
I do find it a little bit odd that she hasn't simply blocked the guy's e-mail address. At least, most mail services allow for that. I guess if she's running her own server then it might not be as simple, depending on what SMTP server she is using.
-
A bit interesting if you read some of those blogs by people in the industry that actually code pages. Seems no matter what HTML5 will not fully replace Flash and according to some takes about 3 times the amount of code to control video as well as Flash can. Both have pros and cons.
Well, I don't expect people to be making games using HTML5's video playback feature, however some people have made games using canvas in the past. Still not as functional as Flash is, but since most people use Flash primarily for watching videos, I don't see a big issue. Those who want Flash and those who don't know to get rid of it will keep it, and those who don't want it will remove it.
-
No web standard is ever immediately supported. We're still waiting for some browsers to correctly implement CSS2...
That being said, YouTube already hase an HTML5 video player. The technology is there, if browser vendors decide to support it. The issue for browser vendors is that, if the technology changes once the final standard is drafted, then they have to redo the portions of their browser layout engines that support those standards. Adaptation of web technologies is slow enough once something becomes a finalized standard, so we're probably going to see this drag on for a long time.
That being said, my initial understanding is that every major browser vendor except for Apple was OK with the open technology approach to HTML5 video, and Apple was the one that insisted on their proprietary codecs being part of the standard.
-
Google already has this sort of technology in Chrome... It hasn't put Flash Player in its grave yet, however HTML5 video playback might be able to, if every major browser adopts it.
-
Raid 1 is a good setup for a HDD real-time replacement tool but it won't help if a virus/malware intrusion gets past the AV/MBAM protection as both HDD's will be affected by the attack.
This is very true, and I see it almost daily with things such as ransomwares.
The safest course of action is to back up your files frequently (daily if you save documents/pictures/etc on a daily basis) to some sort of external storage media, which you disconnect from the computer when the backup is done. Most ransomwares do decide what data to encrypt based on file type, so it is possible that backup formats used by backup software would be left alone, however if ransomware creators start to see a decrease in income due to people making use of backup software then I imagine it would not be beyond the realm of possibility for them to redesign their ransomwares to also encrypt or delete these types of backups if the backup media is connected to the computer.
-
lol
in General Chat
To do that, Malwarebytes opens the File Handle of the file and minimally reads the the first several bytes and that is when the fully install anti virus "On Access" scanner will intercept that call and scan the file if the AV software "On Demand" (aka; realtime) scanning is enabled.
However, I don't think you understand how anti-virus software intercepts the call to open the file. Obviously every anti-virus software can work differently, however in my experience they will intercept the call to open a file by monitoring a process, and therefore excluding that process would prevent the AV from intercepting the call to open the file. This is why I recommended exclusions.
-
lol
in General Chat
Exclusions between anti malware products are to decrease adverse interactions between products, not for the act of scanning files.
That's not always true.
Any On Demand scanner can be told what is to be scanned and how. Either through a GUI, registry tweaks, INI file, .CONF file or via command line switches. Attached are two help files for Anti Virus Command Line Scanner related command line switches for Sophos and Avira.
I already know this, however not every scanner has the ability to define what types of files are to be scanned (unless the Malwarebytes team has added that to MBAM in the past couple of years and I didn't notice).
-
lol
in General Chat
Most anti virus application do not scan every single file by default. They actually have default file types, smart file types and other constructs which limits their scanning based upon file context, file headers, file type and file extension. They may also have an archival format list and email database list. With archives they may also limit recursion depth, number of files and the maximum size. All these are usually found under the more advanced settings for "On access" or "realtime" scanning.
This is true, however you still take a performance hit from the AV monitoring what mbam.exe is doing. You should also take into account that the on-demand scan does not scan every file either (depending on scan settings of course), and the ones that are scanned may be more likely to be scanned by your AV than if it was scanning every file.
However, whitelisting MBAM is not the answer. The anti virus application can not and should not care what application, utility or process is opening File Handles, only that internal rules based system sees a File Handle is be opened for read or being opened for write and act according to said rules.
If what you describe is true, then exclusions would always be useless. Simply because an API is called does not mean that an AV springs into action. Behavior is monitored based on what process accessed what API, and thus excluding the process would prevent an anti-virus software from monitoring the usage of an API such as one used to open a file. If there is an anti-virus that works in a different way, then I am not aware of it (and it does not make sense as suddenly exclusions would no longer work properly).
If you don't believe me, then do a test where you compare the scan times and disk usage of each process when running a MBAM scan with and without mbam.exe excluded in your AV. Obviously every AV works a bit differently, and you will most likely see differences in the scan times based on which AV is running real-time protection.
If one has already performed a full scan with AV application X, there is no need to have "On Access" or "Realtime" enabled when scanning with Malwarebytes because of the redundancy so one can thus temporarily disable the "On Access" or "Realtime" scanning when perform an On Demand scan with Malwarebytes.
Actually, in a case such as running a scan with MBAM, exclusions are always preferred over disabling the anti-virus protection completely during the scan. Disabling the AV protection should be reserved for tools that are difficult to create exclusions for, when running a tool that you don't intend on running again or keeping installed, or when troubleshooting issues.
-
lol
in General Chat
I have explained why. Malwarebytes is opening each file's File Handle and thus will cause the anti virus application to scan that file.
Not every anti-virus scans files when they are read. Some will, by default, only scan when an application is executed or when a file is created/modified. Your system can take a huge performance hit when your anti-virus scans every file that is read.
I don't think "excluding MBAM in your anti-virus software" is possible nor the way to go.
It is actually a very good idea if you don't want the scan to take forever due to the extra disk activity of having your anti-virus software's real-time protection loading every file that MBAM is loading from the disk when it is scanning. You're basically doubling the amount of data read from the hard drive, which means that the scan will take twice as long.
Exclusions are possible in most anti-virus softwares, and if you can at least exclude a process then you can exclude mbam.exe (which is what I was talking about), and thus the files loaded by mbam.exe while it is running the scan will be ignored by the anti-virus.
I do not believe there is any good reason to allow your anti-virus software to check every file scanned by MBAM. While it should be safe, it is a waste of time and a performance killer.
-
lol
in General Chat
If I remember right, I have been told that MBAM's scan process does something that will trigger some anti-virus software to scan each file that MBAM scans (there is apparently a way to design a scanner without causing this behavior, depending on your anti-virus software's settings of course). You can prevent this by excluding MBAM in your anti-virus software, thus preventing your anti-virus from monitoring it (which would be the best option for performance during the scan).
-
Grandma's advice was good because of the vitamins, nutrients and natural fiber in apples. However, don't eat the seeds as Apples tend to concentrate Cyanide in their seeds.
An apple also has enough fructose in each serving to cause malabsorption, so be sure to take a glucose tablet or two if you do eat one.
As for moldy apples, you can keep those. I'm allergic to mold.
Accounting firm gets Cryptolocker Virus
in General Chat
Posted
Didn't you just say the same thing I did?
You know what's really tasty? Some nice hot coffee with some Bailey's Original Irish Cream in it.
I also like to put some spiced rum in hot chocolate, and my favorite is Captain Morgan Black (although there are some good rums that I haven't tried yet).
So, basically, he's a typical reddit user?