Jump to content

Amaroq_Starwind

Members
  • Content Count

    275
  • Joined

  • Last visited

Everything posted by Amaroq_Starwind

  1. Amaroq_Starwind

    Enterprise version?

    Apparently it is possible, be it through sideloading without the user's knowledge, the misuse of enterprise certificates, and so on, to get iOS Malware on non-jailbroken devices. So, very difficult, but not impossible... However, could these same techniques be used to get a real Anti-Malware program onto an iDevice, and would it even be worth making something like this, knowing that: The average user would not benefit from it? It still probably could not do very much? Apple may not be very happy, even if it is only available to volunteers and only using existing methods? It is just now starting to dawn on me just how much of a lost cause iOS might be as far as security solutions go, unless you were to somehow win a class action lawsuit against Apple for not providing any Anti-Malware solution themselves, knowing that it is only getting easier and easier to target their devices.
  2. So, I was using the Intel Detection and Mitigation Tool on my Latitude E6510 (running Windows 10 Pro, 1809 32-Bit), and I got the following results: Any suggestions for dealing with this? Alternatively, anyone got their own results to share? The tool can be downloaded here: https://downloadcenter.intel.com/download/26755
  3. This is something I just thought about regarding licenses: If none of the devices currently connected to an account are running (as in, specifically turned off), and that happens to be the case for longer than a certain amount of time, should the license automatically pause until one of those devices comes back online? There are probably a lot of checks that could be done to prevent abuse.
  4. Amaroq_Starwind

    License Auto-Pause

    Since we’re spitting errors at eachother, how’s this one? 16 16 16 16 - ATLAS CONNECTION FORBIDDEN. TRAVELER ENTITY NOT RECOGNIZED.
  5. Amaroq_Starwind

    Enterprise version?

    Wait, forgot the most important part of this post: https://www.theiphonewiki.com/wiki/Malware_for_iOS
  6. Amaroq_Starwind

    Intel Processor Detection and Mitigation Results

    I am going to have to flash the Firmware/BIOS using USB, huh? GDI.
  7. Amaroq_Starwind

    Jailbreak Detection?

    Apparently it is possible to jailbreak phones without the owner's knowledge, which is a very real concern if you're buying used. Apparently it is also allegedly possible to check for an iOS app (that can be installed on a non-jailbroken phone) to check for signs that a phone is jailbroken (though the absence of a detection does not mean the absence of a jailbreak), and it is also allegedly possible to un-jailbreak a phone using by restoring from a backup. Would this actually be a useful feature, or just another "feel good" function that wouldn't actually help the customer? πŸ˜•
  8. Amaroq_Starwind

    License Auto-Pause

    An unrelated idea that could also curb piracy would be License Communism; It'd be like a crowd-funded system where you could effectively pay to extend the existing licenses of other Malwarebytes users, even if you don't know who they are. If everyone contributes, everyone benefits, and you could pay however much or however little you wanted; suppose you don't want to pay extra and already bought a license for yourself, that's perfectly fine. And really, Malwarebytes wouldn't lose that much money from License Communism either, since it would only even have an effect as long as people voluntarily participated, so Malwarebytes would still be getting the money. It probably wouldn't work that well in practice however, and while it hopefully wouldn't require any extra money to run, it would still require money to set up and would effectively be no different from donations... And with the sheer number of existing licensed users, and the fact not all of them are super good-natured, there's a chance that anyone who did pay would probably not be doing a lot good unless the math was intentionally skewed in some fashion, and may as well be trying to pay for everyone's licenses through cryptomining.
  9. Amaroq_Starwind

    License Auto-Pause

    Ideally speaking... just not having internet access would not be good enough here. Your computer would have to actually be turned off, and if you didn't have internet access it would still have to count the remaining time on your license client-side and whatnot (preferably in a way that couldn't be tampered with). Determining whether a computer was legitimately turned off during that time is probably tricky to do, but managing whether or not to "pause" or "resume" the license would have to be done entirely on the server's end. (More likely, it would probably be more like turning back the clock on a license, rather than pausing it outright, but what do I know.)
  10. I got a whole bunch of different suggestions today, but the majority of them individually they should not take too much time to implement if done so one-by-one. Some of them will understandably take a lot more time to develop. [Quality of Life] On installation and/or first run, execute the PowerShell command that enables the Windows Defender PUA Protection (only applicable on Windows 10.) [Quality of Life] Block the various Anti-AdBlocker things on websites. You can check uBlock Extra and Nano Defender on the Chrome Web Store for more information. Credit the authors of these Chrome extensions in a Special Thanks tab. [Quality of Life] Partner up with STANDS to reroute navigation to/from advertising sites (via proxy edits to the HOSTS file, or something) through the same service which powers their Fair AdBlocker. Can also help with Windows 10 and Skype advertisements outside of browsers. Be sure to credit them in the Special Thanks tab. [Prevention] Hire the guy who made Unchecky, and incorporate it into AdwCleaner to reduce the risk of accidental installation of Adware (extra checkboxes in installers will be unchecked by default, and rechecking them will display a warning notification.) Credit him and link to his website as well, on the Special Thanks tab. [Optimization] Get in touch with the guy who made CleanMem and incorporate it into AdwCleaner, since Adware can use up considerable memory at times. CleanMem also improves system memory usage in general by effectively acting as garbage collection. As before, credit the author and link to his website on the Special Thanks tab. [Cleanup] Automatically audit any registry changes made by installers when they run (as well as taking before/after snapshots), as this can significantly help in cleaning up any Registry Debris when removing Adware. (My own special thanks to Bitsum for introducing me to the term Registry Debris; the term 'garbage data' is just lame in comparison.) [User Guides] Link to the Dark Patterns website and Twitter in the Special Thanks section: By educating users so they can recognize the shady tactics frequently used by many Adware developers, you can further reduce the risk of getting infected and help to slow the proliferation of Adware. An ounce of prevention is worth a pound of cure. [Optimization] Use Large Memory Pages, and make the program and driver fully PAE-aware (along with other optimizations for large address spaces). This has the potential to significantly optimize the CPU usage of the application as page writes can be significantly reduced, and even in 32-bit mode the program will be able to access additional physical memory that it otherwise couldn't due to being integrated so tightly with the driver. This also helps to improve stability by making it less difficult to avoid bad RAM sectors through smart allocation (Memtest86+ can output a config file identifying these bad sectors). [Detection] Embed de-obfuscation routines into Registry and Filesystem searching to help decode things such as XOR/ROT loops, Base64 (with or without modified alphabets), manual linguistics encoding (Smoldering Tongue for example, which I'll explain elsewhere), uncommon ASCII codepages, and so on [Compatibility] Compile the program using the portable .NET Core Runtime to minimize its dependence on external libraries, especially on earlier versions of Windows. This would also have the side benefit of making the program easier to port over to other platforms in the future (and it is worth noting that the Malwarebytes Support Tool would also benefit from this). Who knows, it may even allow archaic operating systems like Windows 2000 to benefit from a small sampling of the latest .NET runtime features. [Aesthetic] Display a splashscreen while opening the program, so that it doesn't feel like it is just doing nothing when the user is waiting for the GUI to appear... Which admittedly should not take very long anyway. [Prevention] Automatically scan freshly downloaded installers and self-extracting archives with VirusTotal and the online OPSWAT API, and notify the user of the results. If Adware or signs of a trojan are detected within a packed installer, then attempt to sanitize the installer if at all possible. [Prevention] Sandbox installers when they run and virtualize any changes they make to the registry, scrubbing them to remove malicious registry alterations before committing the changes [Remediation] When an installer runs, cache all of the changes that it makes to the Filesystem in order to aid in future cleanup (a feature roughly based on the Ransomware Rollback feature in the MBAM Business line). Also use Sandboxing to Audit and Redirect any attempts by an installer to alter a protected file or folder. [Accessibility] Use GDIPP in the GUI, or better yet, get in touch with Daniel Georgiev at IrisTech for his FontFocus renderer. On top of significantly improving the appearance and readability of rendered text, this also allows linking multiple fonts together to provide enhanced support for displaying multilingual text [Accessibility] Implement the Dyslexie typeface, to make everything easier to read for dyslexic individuals.This one might actually be a bit tricky because of licensing costs. [Accessibility] Make the GUI more colorblindness-friendly and DPI aware. [Accessibility] Make the GUI easier to interact with when only using a Keyboard [Accessibility] Show O and I labels on the toggle switches [Accessibility] Provide audio feedback when hovering over or clicking on certain buttons, completing certain operations, receiving alerts, etc. [Optimization] For the .ICO file used by the program, use a Progressive PNG graphic (optimized with pngquant followed by pnggauntlet) instead of a raw bitmap (as Windows supported PNG-based ICO files since Vista). This can potentially make the file significantly smaller, and allow a low resolution preview to display immediately while the full icon is still loading, instead of just seeing a blank placeholder. Also use the driver to force NTFS compression on the .ICO file [Forensics] Use an XML-derived file format (XML + HTML5 + SVG) for storing scan logs; the logs are still primarily XML, but can be viewed as offline webpages. Each detected item is marked by two SVG-based Identicons, one Blocky and one Abstract, for easy identification. All relevant data is organized relationally, and also color-coded to indicate various aspects. [User Guides] A binary-compiled version of this same XML/HTML5/SVG hybrid format would allow for an Offline version of the Help Resources to be built-in to the program, along with extra features such as providing limited interactivity to help demonstrate things to the user, and the ability to update the documentation automatically to keep up with new information [Optimization] Automatically pack the scan logs into a ZIP archive, and also automatically perform NTFS compression on the AdwCleaner folder itself [Forensics] If using Windows 10, include an option to automatically transfer the logs to to the system's OneDrive Folder, with Symbolic Links left in the former location of the original file. Logs could also be automatically uploaded to the Malwarebytes servers for analysis, especially helpful if they contain Debug information as well [Optimization] Pack the executable using PECompact, provided by Bitsum. Not only can it significantly reduce the size of the executable for portability, it can also protect it from reverse-engineering without the program being marked as suspicious by other Anti-Virus vendors (as PECompact is specifically designed to work with Anti-Malware providers). If necessary, you could modify the built-in unpacker to only unpack portions of the program as needed as a means to conserve working memory. It also lets you customize different codecs for compression. [Optimization] Compile native x86, x64, IA-64 and ARM64 versions of the program, with a single installer that detects your current hardware and installs the correct version, and utilize a compiler with OpenMP/OpenACC support to squeeze every last ounce of additional performance out of the program. [Quality of Life] Use an Online-enabled, Offline-capable installer, giving you the benefits of Offline Installation while also having the ability to receive the most recent updates before you even begin the installation process. The installer executable could itself also function as a portable version of the program, no installation required. [Quality of Life] Securely connect to the Malwarebytes servers via HTTP/3 (HTTP-over-QUIC), Proxies (circumventing firewalls), Dynamic Compression (saving bandwidth wherever possible), and Smart Encryption (encrypting any sensitive data, but also leaving non-sensitive data as is). [Quality of Life] Update packages should be able to download in the background and later be installed at a moment's notice, even when offline. There can also be the ability to share update packages over a Peer-to-Peer LAN. [Quality of Life] Abuse the Task Scheduler to prevent annoying UAC prompts every time the user tries to launch the program, including automatic tweaks to the various shortcuts on the Taskbar, in the Start Menu and Quick Launch, and on the desktop. (You can abuse the task scheduler to do other useful things too, but nothing comes to mind at the moment.) [Optimization] Scan files and folders on NTFS partitions in the order in which they would appear in the filesystem, to speed up scans on mechanical drives by minimizing head seeking. [Availability] Make AdwCleaner available on the Windows Store and the Software section of the Steam store, to make the program accessible to as many people as possible. Maybe include a donation link in the program itself, along with links to the main Malwarebytes website, the blog, the forums, and other such stuff. [Remediation] Create an AdwCleaner version of the Chameleon self-protection driver. [Detection] Enable scanning of DOS-based and JAR-based installers/archives. [Optimization] Enable scanning of multiple physical drives simultaneously, performing different types of heuristics in parallel, and even optimizing some drives or checking them for errors while others are still being scanned. [Compatibility] Use legacy instructions such as MMX, 3DNow! and the original SSE on older systems where SSE2 instructions are not available. Performance and accuracy will understandably suffer, but it is better than not having the program at all. [Optimization] Utilize Hardware-based Context Switching when possible, instead of relying on software. [Quality of Life] Include a tab where you can see the current program version, third-party licensing information, the currently running executable's hash and file location, whether you're running portable or Installed, which architecture you are running it on, and lastly a detailed overview of your hardware and OS installation, providing the same information that you would get out of CPU-Z and GPU-Z. [Optimization] If the execution threads for the application begin to hang or stall, such as if they are waiting on something, temporarily lower their Thread Priority and change their Core Affinity (also disable Core Parking when this occurs). Credit once again goes to Bitsum for this, look into Process Lasso for more information. [Quality of Life] Automatically amend HOSTS file with blacklisted domains retrieved from hphosts. -=-=-=- I've been trying to write this for a while now. Think I'm gonna finally submit it, I'll link the various stuff I mentioned next post.
  11. Oh, as for the "Scan files and folders in order to make things faster" thing, that's a feature I actually saw in the free version of AVG. The explanation it gave for how it worked is also something that only applies to mechanical hard-disks, and it also mentioned that it would only work on NTFS-formatted volumes because the program doesn't natively understand any others. The option to scan DOS-based executables and archives is also something that was in AVG, and even though the computer that AVG was installed on was using 64-bit Windows 10, the option was still available for some reason. It's worth noting that I did not put AVG on there, it was a relative's computer and I already set her up with Malwarebytes Premium, but I was given standing orders by her to continue to check on her computer's settings for performance and stability purposes. All of my stuff regarding third-party links/licenses and different special thanks stuff would go in its own tab or drop-down menu, that way users would not be required to see it if they didn't want to. I'm also surprised that companies don't provide the option to provide donations for folks who want to support them but don't have interest in any particular products.
  12. 37. Was something I forgot to remove. I was working on this list for hours in between other things, but some older computers don't have SSE2 capability despite running operating systems where Malwarebytes would be applicable. Sue me >.< I did my best to try to distill the rest of the list to things that would actually be applicable. Accessibility stuff is important (and the I/O labels on toggle switches is something I see on Apple products, great for colorblind users), and I'm aware that AdwCleaner will eventually become part of Malwarebytes itself. As for the PUA Protection in Windows Defender, it is an obscure setting most people don't know about, and any Anti-Virus solutions which would conflict with Windows Defender would already automatically disable its real-time protection anyway.
  13. Is it possible to use the current Anti-Rootkit Beta alongside the Premium version of Malwarebytes 3? And if so, would there actually be any benefit or complications to doing this? Same question applies with the current Anti-Exploit Beta. Thanks in advance!
  14. Hey everyone, it's Ammy again! That kitsune who says things~ Is there any chance that an API could be developed for Malwarebytes products so that users can develop their own add-ons, and submit them to the Malwarebytes team for review, pending approval for distribution? Seeing as you guys are a security vendor, you probably know all about the numerous vulnerabilities that exist in a lot of different APIs, and therefor how to avoid them when developing your own, and the creation of an API for Malwarebytes products could potentially offload a lot of the development work for more experimental software solutions. Heck, you could probably even host a contest of some kind. 🦊
  15. Amaroq_Starwind

    Malwarebytes Extension API

    Baby steps, perhaps. Public API could start out as just a platform for read-only detection (for example, to help detect threats for other operating systems before they stowaway on outgoing traffic), with a private API documented only for security vendors for integration with existing security programs. In the event that an API does enter development, do let me know about it~
  16. Some features I would like to see for more advanced configuration of the Advanced Web Protection VPN hook: - Configuring multiple secondary VPN profiles within the app using importing VPN profiles on your phone. One example use would be combining the web protection of other apps with the already existing Advanced Web Protection, if said apps also rely on VPN hooks. I have attached two examples: Images: https://drive.google.com/file/d/1w4Woy5PDINcgOsU63o5YPs6SJ46Tcsab/view?usp=drivesdk https://drive.google.com/file/d/1HXT9FjxCWZ9hc4y71IdLzl5g0JkwXmKe/view?usp=drivesdk - Configuring the Advanced Web Protection to disengage automatically in apps where it is not required, such as in Safari where regular Web Protection will suffice, or in apps such as Netflix, KAMI 2, Telegram Messenger, etc. These apps do not need to be routed through the Malwarebytes VPN, and if the user can add their own apps to the list, then more power to them! - Being able to configure the AdBlocker and/or VirusTotal scanning for Advanced Web Protection. Thanks! 🦊
  17. Amaroq_Starwind

    More configurationoptions for Advanced Web Protection

    Peer-to-Peer VPNs don't exist yet, but hypothetically speaking; A Peer-to-Peer VPN is basically a network of VPNs between devices. The origin point of a packet is encrypted with the destination's public key, and then passed from client to client using additional RSA encryption between devices until it reaches its final destination. That final destination then acts like a traditional VPN server normally would, sending your data to the website on your behalf.
  18. Amaroq_Starwind

    More configurationoptions for Advanced Web Protection

    Thing is... A VPN could apply to other programs. WhatsApp is just a chat program.
  19. Amaroq_Starwind

    Taking a look at 7-Max

    The program is open-source, so a Windows 10 version could probably be made. It could probably take the form of a system driver, and only patch programs that aren't protected by DEP, don't already natively support large memory pages, and haven't previously crashed when attempting to force large memory pages on them.
  20. Amaroq_Starwind

    Taking a look at 7-Max

    So, I recently learned of an ancient open-source utility called 7-Max, which aims to reduce Disk I/O and wasted CPU cycles on Windows by switching from Small Pages (4 KB each) to Large Pages (2 to 4 MB each), as Windows doesn't natively support them (or at least it didn't at the time, I don't know if that's changed). However, it can cause some instabilities, and it also doesn't really get along with User Account Control (or Data Execution Prevention for that matter). http://sevenmax.sourceforge.net/ Any thoughts on this? 🦊
  21. Amaroq_Starwind

    Real time threat map

    If you're super worried about system resource use, bundle it with CleanMem to automatically handle any memory leaks (system-wide, even), and set all the CPU thread priorities for the Screensaver to Idle. You can also write it in raw x86-64, i486 or ARM64 assembly, make the program PAE-aware (on a system driver level), and use Large Memory Pages.
  22. Amaroq_Starwind

    Anti-Theft Measures

    A lot of other security suites available for iOS include a variety of Anti-Theft measures, such as locating your device with GPS (including sending a signal flare right before the device runs out of battery), and providing a Thief Cam. I think having a Thief Cam would be really helpful, because not only would it show you who tried to get into your phone and kept getting the password wrong, but if it were to automatically upload the photos at the first opportunity, then it could also tie into facial recognition in some form. I also have a few ideas to expand on the Thief Cam concept; GPS/Bluetooth Signal Flare during photo burst(s). Recording a Delta-compressed photo burst, instead of just a single photograph, in case the perpetrator looks away... with a second photoburst on a short delay, triggered to fire as soon as the camera detects a face. A smart crook would likely try to look away during the first photo burst, but they probably wouldn't expect a second one. Taking a photo burst from the phone's rear camera, in order to get a good look at the phone's surroundings. Could also include camera flash, partly to disorient the perp. Ambient sound recording, to help identify the location based on ambient sound and/or identify the perpetrator by voice. Audible alarm, to draw attention. Perpetrator Fingerprint Capture. Thoughts? 🦊
  23. Amaroq_Starwind

    Intel Processor Detection and Mitigation Results

    I don't remember, and I'm not sure how to check off the top of my head... nor am I even at my laptop right now πŸ˜•
  24. Amaroq_Starwind

    Miscellaneous Windows Registry Talk

    To start off this thread, I would like to ask a question. https://en.wikipedia.org/wiki/Windows_Registry How come nobody ever uses QWORDs in the registry?
  25. Amaroq_Starwind

    Wireless Network Utilities

    Given Apple's policies, would it still be possible to implement any of the following features as a general-purpose network utility? If not, please explain why in detail, and/or if there might be any feasible workarounds. Network Scanning, a la Fing or WiFi Guard (requires location data) Network I/O visualization and history, (a la GlassWire) WiFi password sharing with contacts and other Malwarebytes users, using transparent Public Key encryption WiFi hotspot mapping (a la the popular WiFi Map and Airport Utility apps, but requires location data) Detection and database of unsafe wireless networks (may require location data) Auto-Connection to Open Hotspots (but only when a VPN is in use) Sharing of network connectivity with other Malwarebytes users (even on other platforms) via Bluetooth Sharing (hotspot) and a combination of RSA and Public Key encryption Duplicate SSID detection, aka "Evil Twin" detection Device Name masking (hiding your device name from wireless networks) Speedtest.net / pingtest.net integration If any of these are viable, I'd love to hear it.
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.