Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by Amaroq_Starwind

  1. Amaroq_Starwind

    Hypothetical Chameleon extension: Protecting against fire with fire

    Well, hypothetical scenario; if Malware specifically targeting MBAM prevented an MBAM process from entering memory... that's where some of these "sleeper agent" type processes would activate... because they'd be unrecognizable to anything except eachother and to Malwarebytes itself (since they'd have multiple channels of secure communication amongst themselves and with the parent MBAM processes), and they'd go on high alert when Malwarebytes suddenly stopped responding to their semi-irregular status queries and whatnot. And these processes would also be unrecognizable to the Malware because they'd be heavily obfuscated in all the same ways as the Malware itself. Sure, there would be false positives from other Anti-Malware solutions that detect them, but I'm certain that there would eventually even be ways around that as well. Simply put, the term I used at the beginning of this post, "sleeper agent", is quite accurate here. As far as other Malware is concerned, it's essentially fellow Malware modified to fight for the good guys, and would thus be hiding in plain sight, completely undetectable to the Malware that wasn't designed to look for it... and like the Malware it's fighting, this stuff would keep changing form to avoid detection, while still securely announcing its presence and identity to legitimate Malwarebytes processes and fellow sleeper agent processes.
  2. Amaroq_Starwind

    malwarebytes Rescue Disk

    As a newcomer to this topic, most linux distributions are free nowadays, so you could build a pretty lightweight offline (and bootable) linux distribution on a CD, DVD or flash-drive. Wine is also free, and can be added to most linux distrbutions (and even to macOS). I am not very familiar with different Linux distributions to recommend any specific ones, but if Malwarebytes wished to build an offline Rescue Disc, they could do that without much hassle using a free and reconfigurable Linux distribution alongside Wine. It is worth noting that some Rescue Discs also have Internet Browsers bundled with them, such as Firefox and Google Chrome. Now, any specific features I'd want to see on a rescue? Yeah, quite a few actually. But it would be a little difficult to narrow them all down...
  3. Amaroq_Starwind

    Thought: Student Edition

    I only suggested 64-bit Java in the event that the 32-bit version might already be installed (that is, assuming he's running 64-bit Windows). If it were possible to force Java and Adobe Flash to run exclusively within a sandbox, I'd try to do that. Otherwise, I'd put on MCShield, VoodooShield, and Windows Defender ATP all as supplementary layers of protection on top of Malwarebytes Premium. Unfortunately, while MCShield and VoodooShield would be free, Windows Defender ATP can get pretty expensive AFAIK, so you're probably welcome to skip that. You can also try giving GlassWire a try so that you can make doubly sure that no suspicious processes start trying to exfiltrate data from the computer. Now if three years later, you still want a modified version of Malwarebytes aimed at protecting students and children, do not be afraid to try coming up with some more ideas and sharing them with the staff. Maybe you'll come up with something truly awesome that'll resonate with the dev team!
  4. Amaroq_Starwind

    April Fools' Anti-Malware Product Ideas

    Malwarebytes 365 Professional Plus: - Owned by Microsoft, and tied to your Microsoft account. - Only available through the Windows Store. - Keeps resetting your default search engine to Bing, and your default web browser to Edge. - Full of its own security vulnerabilities. - Advertisements everywhere. The kind that spies on you. - Cumbersome, user-hostile graphical interface designed to wow you with stunning visuals, except it is somehow still an eyesore. - Bloated with features that nobody wants. - Crashes very frequently, and is slow to start up. - Forced to update once every six months, whether you want it or not. - Always in beta, whether you agreed to it or not. Updates are never stable, and even the update process will often fail. - Every update to a single component requires updating the entire application, and every update requires restarting your computer. - Integrated social networking, except it doesn't work correctly. - Licenses sometimes fail to activate completely at random, without explanation. - Extremely slow installer that requires an internet connection at all times, and installs everything at once even if you don't need it. - Takes up all of your CPU and memory resources, and uses fifty different executables that collectively take up hundreds of megabytes of disk space. - You have to read the EULA every single time you launch it! - Deliberately designed to work incorrectly in Virtual Machines and on Wine. - Requires multiple additional runtimes, but does not come bundled with any of them. - It's technically free! And also extremely susceptible to phishing. - Only available for purchase/download between 2019-03-31 23:59 and 2019-04-01 23:59. Don't wait, pre-order now!
  5. Said Firefox I bet in some alternate timeline, your favorite browser is Firefox, but your username is Internet Explorer. And generations from now, your descendant will be named Chromium, and their favorite browser the by-then antiquated Microsoft Edge. 🦊 I do hope that Microsoft's own Chromium-based browser will still boast most of the security features from Internet Explorer and Edge, and I also hope that it has native optimizations and the like. And perhaps maybe some Electron compatibility, albeit with a lot more security to avoid things like clickjackers and NewTab programs.
  6. If malicious Batch Files and/or Power Shell scripts haven't already been addressed globally, I think a quick and dirty solution would be to try actively sanitizing such scripts if they contain suspicious commands, like for example, rd c:\*\. This is just one of many instances where Data Sanitation would be very important...
  7. I encountered something similar when trying to get my grandmother's Malwarebytes license reactivated. She used to work in a government agency, so making sure the security on her computer is up to the task is paramount. However, she too is visually impaired, and as such she turns up the DPI scaling on her display... and Malwarebytes doesn't really like DPI scaling all that much. A lot of buttons become unreachable as a result.
  8. Amaroq_Starwind

    Windows 10, version 1809 released

    Even Apple is a lot better about this. Should we go about with starting a petition?
  9. Amaroq_Starwind

    Thought: Student Edition

    Bumping is probably something I'm gonna get in trouble for, but the fact almost nobody has looked at this thread yet despite it being over three years old does irk me a little. Greetings, @Kent Campbell and @peteyt! Hopefully, my advice did not come too late :c If your kids are still young and still giving you issues, I'd suggest looking into 64-bit versions of Flash, Java, and your favorite web browsers, and I'd also recommend downloading Voodoo Shield, and setting up Adobe Flash and the like to run in a Sandbox if possible. I also have a friend, @ToxicBlitzX3, who knows all about the issue with keeping younger folks from screwing up their computers... and he has to deal with highschoolers! If you want your kids to grow up with a larger interest in taking computers more seriously (and thus less likely to get into trouble), I'd recommend exposing them to computer games from the late 1990's and early 2000's, as well as movies actually about cyberspace and whatnot (that's how I grew up, but I also had a father who worked in Information Technology at the time). TL-DR version: Give 'em the TRON movies, and give 'em games that come from CD-ROMs. In particularly, look for ones with the older white-letter ESRB logos, and you should be in the right era. Maybe a Malwarebytes developer will come by here to look at your suggestions. Better late than never!
  10. Amaroq_Starwind

    Hypothetical Chameleon extension: Protecting against fire with fire

    By a counterpart to Windows Resource Protection, I just meant for Malwarebytes components, not for Windows Components. I probably should have been more clear.
  11. Amaroq_Starwind

    Wireless Network Utilities

    Hmm... well, if I have any epiphanies, you'll be the first to know then. Also feel free to send me a private message if you need my own feedback on an idea being passed around.
  12. Amaroq_Starwind

    OpenACC; GPU Compute for Malwarebytes?

    Just an update to my idea; GPU acceleration might also be helpful with Multi-Engine scanning (such as what OPSWAT does), not just Multi-Volume scanning, and could probably also help with other more-aggressive protection measures that would otherwise hog CPU resources. Nvidia's Turing GPUs in particular could be handy with their Tensor cores, as it would provide a considerably boost to machine learning, and there's also the idea of using GPU memory for operations. I especially think that the Titan RTX (and any Tesla/Quadro cards with NVLink) could be especially useful for resource-hungry operations.
  13. So, I found out about some neat technologies in OPSWAT, but while they all seem interesting, the thing that actually draws my attention the most right now is the Data Sanitation tech, aka Content Disarm and Reconstruction (CDR). https://www.opswat.com/technologies/data-sanitization What are the chances that something similar could find its way into the Malwarebytes lineup, such as a standalone program that runs in the background?
  14. Amaroq_Starwind

    File Sanitizer?

    Well, if only certain file types are supported for sanitation, for example a PNG image, a Word document, or a Windows MetaFile, then you wouldn't have to worry about breaking files that are in unknown formats. Exploit Prevention can easily protect you, but can't protect other computers in your network if compromised files are going through your system. File Sanitation can actively render outgoing files harmless if you don't know where they might be going, or whether the person on the receiving end is as well protected as yourself. Furthermore, machine learning and sophisticated heuristics can be a further aid to ensuring that reconstructed files are still usable, as anything that's corrupted can still be repaired with sufficiently advanced guesswork and context clues. Using this same logic, it might even be possible to reconstruct files that were damaged through other means, like file system corruption or a bug in the encoding program. Of course, a file repaired through guesswork will never be a perfect replica of the original, but depending on how severe the damage actually is, it can be a lot better than having no file at all.
  15. Amaroq_Starwind

    Go straight to action. (Suggestion)

    So basically, you want an "Aggressive Mode."
  16. Amaroq_Starwind

    April Fools' Anti-Malware Product Ideas

    Oh no. Are we back to Serial Ports, Coaxial Modems and PS/2 Input Devices...?
  17. Amaroq_Starwind

    Death to reCAPTCHA

    CAPTCHA drives me insane. Especially when it malfunctions, and doesn't remember my input.
  18. Amaroq_Starwind

    Recommended ideas for School's Computer Lab

    Don't forget to consult that tasklist I sent you, Tox.
  19. I've given my phone number to a lot of companies over the years, but strangely enough, I can count the number of times I've received a spam SMS on one hand.
  20. I'm sure that one day, somebody will port all of Internet Explorer's security features into Google Chrome. Like I said, we already have SmartScreen! It's only a matter of time.
  21. Amaroq_Starwind

    Virtualization Spoofing

    I've lately been hearing of a lot of malware that is able to detect if it is running inside of a VM and lay dormant as a result. This makes me wonder... would it be possible to spoof certain processes to trick the host computer into thinking it's running inside of a VM, as another layer of pre-execution defense? And if so, can anyone think of problems that might occur with this?
  22. Amaroq_Starwind

    Virtualization Spoofing

    Oh. Well, derp... >.< Well, anyways... would you mind sending me a REG file of your various Virtualization-spoofing/Sandbox-spoofing tweaks so I can apply them myself?
  23. Amaroq_Starwind

    Ransomware soft firewall

    Hello, @oblivionisinevitable, and belated welcome to the Malwarebytes community! What you're suggesting here sounds a whole lot like a variant of a Host Intrusion Prevention System. From a pure security standpoint, this is very much something I would want to see especially seeing as I've suggested similar stuff before, myself), but HIPS-based security in any form (even VoodooShield) tends to require a lot of micromanagement and is probably not something that the Malwarebytes developers would likely want to try implementing. However, I can probably get @exile360 or @KDawg to check in on your idea; this is for Business product line after all, so maybe a HIPS would be acceptable in this instance. Unfortunately, not all random number generation is based in hardware. In fact, the grand majority of Random Number Generation is only pseudo-random, and is performed in software. Even if most Ransomware out in the wild is lazy and uses existing system calls for generating random numbers, once what you are proposing gets put into effect, they'd probably all switch to Cryptographically-secure Pseudo-RNG, built directly into the Ransomware itself. So this trick could really only be used once before Ransomware developers start to catch on. However, it would at the very least slow them down~
  24. Oh, here's a twitter thread you may be interested in; Who here would like to participate in the Microsoft Edge/IE funeral?
  25. Yeah, given that Google Chrome is now in development for Windows 10 on ARM, and that the SmartScreen system (in the form of the Windows Defender Browser Extension) is now available for Google Chrome, I am honestly not surprised. I don't even use Microsoft Edge, but I am actually somewhat saddened by this news. The absence of competition is something that can cause innovation to grind to a halt. And the fact that Microsoft, of all people, is giving up?! Google Chrome has had a long time to mature, but Edge has just barely entered the race in comparison. They may have a slow start, but they're certainly not going to win the race if they ragequit!

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.