A thread to argue about malware and shiz

Thread Rating: 1 votes, 5.00 average.
(1 vote)
Page 1 of 12 123411 ... Last
Results 1 to 25 of 290

  1. Post
    #1

    A thread to argue about malware and shiz

    Fella wrote:
    A lot of PC's are infected with similar malware
    Maybe in your circles, but not mine.

  2. Post
    #2
    Vulcan wrote:
    Maybe in your circles, but not mine.
    There is malware you know about, predict and prevent.
    There is malware you don't know about, that already exists within your ecosystem.

    Look at the current issues around Windows XP; in that many organisations have deprecated technology that doesn't support a newer version of Windows and due to Microsoft no longer patching holes, there are many known exploits people have been hammering for as many as ten years without it being understood.

    The viewpoint that "My infrastructure including the client PCs that operate within it has no potential malware" is almost as flawed as the approach people have to debating probabilities here.

  3. Post
    #3
    Do businesses using XP still have to pay license fees?

    If so then they should keep releasing patches for it.

  4. Post
    #4
    Fella wrote:
    There is malware you know about, predict and prevent.
    There is malware you don't know about, that already exists within your ecosystem.
    .
    Nope. There are many ways of detecting new/unknown malware, it's not particularly hard. We had signatures for Wannacry more than 2 weeks before it hit the global stage.

  5. Post
    #5
    4wd wrote:
    as i have to keep reminding thunderboy, ive made no statements supporting either side, yet im constantly assumed to be a Clinton supporter.
    If your talking about me I have never ever said that you support clinton over trump or vise versa. I know that you really don't care who won the election and that you only post in this thread to stir shit and bash/troll people who you think are worthy to be labeled as snowflakes.

    Fella wrote:
    There is malware you don't know about, that already exists within your ecosystem.

    Look at the current issues around Windows XP; in that many organisations have deprecated technology that doesn't support a newer version of Windows and due to Microsoft no longer patching holes, there are many known exploits people have been hammering for as many as ten years without it being understood.
    .
    Not on my old XP 32bit set up Fella. As a hobby I used to test malware samples against security software. Even with no microsoft patches I had my 32bit install locked down so tight that basically nothing could penetrate it. Uncommon but effective software like Eqsecure and MD which hooked ring 0 in the kernal prior to 64bit patch guard, and you can lock down 32bit XP and Win7 install very tightly. I admit tho not for the average home user or average work company's as the EQ and MD rules are complex.

  6. Post
    #6
    Hah, and MS still does patch XP, just not for individuals and SME's. Surprised a big time computery wizard guy like Fella didn't know that. Although it's not related to pivot tables so yeah.

  7. Post
    #7
    Thunderstorm wrote:
    Not on my old XP 32bit set up Fella. As a hobby I used to test malware samples against security software. Even with no microsoft patches I had my 32bit install locked down so tight that basically nothing could penetrate it. Uncommon but effective software like Eqsecure and MD which hooked ring 0 in the kernal prior to 64bit patch guard, and you can lock down 32bit XP and Win7 install very tightly. I admit tho not for the average home user or average work company's as the EQ and MD rules are complex.
    64bit Windows is way more secure than 32bit versions.

    https://www.howtogeek.com/165535/why...s-more-secure/

  8. Post
    #8
    bradc wrote:
    Hah, and MS still does patch XP, just not for individuals and SME's.
    Err, no? Windows XP support ended in April 2014 (after it was extended several times) which means they don't patch it at all. There was the exception with the recent WannaCry ransom-ware attack, but that's the exception not the rule.

  9. Post
    #9
    So do you still have to pay for corporate licenses for XP if it's not supported?

  10. Post
    #10
    I don't think so.

  11. Post
    #11
    If you have a big company full of shitty computers that are basically just acting as typewriters and no real security requirements there's something to be said for not having to pay licensing. It's pretty expensive.

  12. Post
    #12
    Lethargic wrote:
    Err, no? Windows XP support ended in April 2014 (after it was extended several times) which means they don't patch it at all. There was the exception with the recent WannaCry ransom-ware attack, but that's the exception not the rule.
    Enterprise can cough up extra $$$ and get custom support from MS to this day.

    https://www.theregister.co.uk/2017/0...ft_blame_game/

    (WannaCry mostly hit unpatched Win7, as the variant of EternalBlue the 1337 hax0rs used fizzled out on XP)...

  13. Post
    #13
    Thunderstorm wrote:
    Not on my old XP 32bit set up Fella. As a hobby I used to test malware samples against security software.
    Oh rubbish you used to rant on about absolute bollocks like sandboxie with layers of proxies - and you don't have access to most security software. Maybe you got some free demos online, but that won't cover the good enterprise stuff.

  14. Post
    #14
    Quasi ELVIS wrote:
    If you have a big company full of shitty computers that are basically just acting as typewriters and no real security requirements there's something to be said for not having to pay licensing. It's pretty expensive.
    Linux distro + Open Office.

  15. Post
    #15
    JC wrote:
    Enterprise can cough up extra $$$ and get custom support from MS to this day.

    https://www.theregister.co.uk/2017/0...ft_blame_game/

    (WannaCry mostly hit unpatched Win7, as the variant of EternalBlue the 1337 hax0rs used fizzled out on XP)...
    Yes, the point BradC doesn't understand is Microsoft don't patch Windows XP. Microsoft are paid (quite heavily) by corporations to write custom software patching that may/may not be released to the wider community. You've gone from a model where your licensing fees alone entitled you to regular updates, to a situation where the only updates you get is when you're willing to stump out for the individual hours a developer needs to solve the issue.

  16. Post
    #16
    Lethargic wrote:
    Err, no? Windows XP support ended in April 2014 (after it was extended several times) which means they don't patch it at all. There was the exception with the recent WannaCry ransom-ware attack, but that's the exception not the rule.
    Large entities are still getting XP support from Microsoft, they just have to pay for it.

  17. Post
    #17
    Vulcan wrote:
    Oh rubbish you used to rant on about absolute bollocks like sandboxie with layers of proxies - and you don't have access to most security software. Maybe you got some free demos online, but that won't cover the good enterprise stuff.
    Rubbish? lol no you don't know anything, such a baseless statement just like your goat porn conspiracy. And a lot of enterprise stuff is actually snakes oil, maybe not always in terms of effectiveness but in terms of cost it is snakes oil.

    Now I'm going to make a NON Baseless NON conspiracy statement, regarding the recent WannaCry which we talking about before I can secure a box from the WannaCry virus with zero security software and zero microsoft patches.

  18. Post
    #18
    Thunderstorm wrote:
    Rubbish? lol no you don't know anything, such a baseless statement just like your goat porn conspiracy. And a lot of enterprise stuff is actually snakes oil, maybe not always in terms of effectiveness but in terms of cost it is snakes oil.
    Yeah see, I don't think you know what snake oil means.

    Your incessant ranting about sandboxie and other home brew crap was shown to be complete nonsense. Have you personally tested any of this enterprise snake oil? Have you been trained on it, certified in it, deployed it? Nah ... of course not.

  19. Post
    #19
    Vulcan wrote:

    Your incessant ranting about sandboxie and other home brew crap was shown to be complete nonsense.
    incessant ranting ? I don't recall mentioning sandboxie for quite a while actually. But now that you have brought up the sandboxie topic, Have you actually honestly installed sandboxie tried it and tested it with some malware samples ? Nah probably not, instead you just continue making Baseless accusations that's it completely useless.
    BTW getting back to the recent WannaCrypt virus I see reputable member on wilders has tested sandboxie and as expected it safely contains WannaCrypt.
    https://www.wilderssecurity.com/thre....393974/page-4


    Vulcan wrote:
    Have you personally tested any of this enterprise snake oil? Have you been trained on it, certified in it, deployed it? Nah ... of course not.
    Honest answer no, I have tested 1 or 2 tho I can't remember which its been a while. But does this change the actual
    prices of enterprise stuff ? No obviously not. But the point I was making before is that you can achieve the same level of antimalware protection or better without spending $$$$

    Quasi ELVIS wrote:
    Thunderstorm wrote:
    Now I'm going to make a NON Baseless NON conspiracy statement, regarding the recent WannaCry which we talking about before I can secure a box from the WannaCry virus with zero security software and zero microsoft patches.
    wat
    You don't actually work or have any qualifications in IT security, do you?
    I never said I do have qualifications in IT security. But you don't need official qualifications in IT to harden an OS from malware attacks, knowledge is all you need. Just like you don't need qualifications in IT to execute your web browser and load gpforums.

  20. Post
    #20
    Thunderstorm wrote:
    BTW getting back to the recent WannaCrypt virus I see reputable member on wilders has tested sandboxie and as expected it safely contains WannaCrypt.
    Now if you can get the virus writer only to spred his malware into your sandbox (insert a facepalm in there somewhere). Good enterprise products had protections in place for wannacrypt since around mid-April - just in case you were not aware.

    Given you've never really used or training in any enterprise security gear don't you think you might not know as much as you think you do?

  21. Post
    #21
    Worth posting again.... sandboxie is incredibly easy for malware to detect (examples here: https://github.com/Fel0ny/Sandbox-Detection ). So most malware writers look for virtual environments and simply do nothing if they are detected.


    Cloaking enabled

    The installation components of CryptoWall 2.0 are cloaked by multiple levels of encryption, with three distinct stages of installation each using a different encryption method to disguise the components installed. And like many modern pieces of malware, CryptoWall 2.0 has a virtual machine check in its code that disables the attack when the malware is installed within a virtual instance—in part to prevent security researchers from isolating and analyzing its behavior.

    The VM checker code, in the first stage of CryptoWall’s dropper sequence, checks the system for running processes, searching for VMware and VirtualBox services or the Sandboxie application partitioning library. If the coast is clear, the code does some best practices-based memory handling to release memory used in the initial drop mode, then launches another dropper disguised as a Windows Explorer process.
    https://arstechnica.com/information-...ional-edition/

    Commercial/enterprise sandbox systems hide, reverse engineer/analyze code, and do all sorts of other goodies far and above this stuff. For example lastline.com would be a damned good example. They also operate 'off PC', more as a cloud service rather than expecting a user on a local PC to figure crap out (disclosure: i sell this stuff for a job).

  22. Post
    #22
    Vulcan wrote:
    (disclosure: i sell this stuff for a job).

    so...you're saying it's in your best interest that malware's constantly developed to be difficult/impossible to detect?

  23. Post
    #23
    4wd wrote:
    so...you're saying it's in your best interest that malware's constantly developed to be difficult/impossible to detect?
    yup. However the ransomware industry alone was worth more than us$1 bill last year. So no we don't need to develop ransomware.

  24. Post
    #24
    Vulcan wrote:
    Now if you can get the virus writer only to spred his malware into your sandbox (insert a facepalm in there somewhere).
    lol only in your dreams, sandboxie is never targeted by virus writers like all the common AV's because its not a common app. Ironically its people like you who make sandboxie more secure by bashing it and making it an uncommon app.

    Vulcan wrote:
    Good enterprise products had protections in place for wannacrypt since around mid-April - just in case you were not aware.
    Only since mid-April? lol Ive had default protection in place for years.

    Vulcan wrote:
    Given you've never really used or training in any enterprise security gear don't you think you might not know as much as you think you do?
    This doesn't make sense, why would I need to use ceratin enterprise gear to be able to know how malware infects computers?

    Quasi ELVIS wrote:
    Loading GP forums displays a similar level of technical expertise to what you've been doing with your crappy XP computer and $20 anti-virus software.
    crappy XP? nah it was really good back in the day, it was lightweight snappy and secure. and I don't rely on and use piss poor signature antivirus software, If I had that then I would also have been vulnerable to the wannacry virus wouldn't I.

    Quasi ELVIS wrote:
    If you've never worked in IT security and don't have any IT qualifications and most of what you say is wrong then it's a fair bet that you don't have as much knowledge as you think you do.
    Again like vulcans comment, why would I need to work in IT and have IT qualifications to obtain the knowledge as to how malware infects computers? I was serious when I said before that you can secure a pc from the wannacry virus without using an AV or downloading any Microsoft patches.

    I will elaborate to prove some of my knowledge. In order for wannacry to successfully encrypt your files/disk it needs administrative privileges so if the computer is running in Limited User Account it won't work. It also needs to be able to use cmd so if cmd is disabled on the computer it won't work, It also needs to be able to use WinRAR, so if explorer.exe is the only process which can execute WinRAR then it won't work. It also requires a service which I forget the name of it now to be running on the computer, so if that service is disabled it won't work. It also needs writing access to C:\WINDOWS, if it doesn't have that then is won't work. It would also probably need low level disk access. These are just some of the obstacles that wannacry ransomware needs to bypass in order to encrypt, not just 1 obstacle but all obstacles which it needs to miraculously get around which in reality is impossible. On top of all these obstacles it first needs to be able to execute and run so if a computer has applocker configured it can't even run. The reason why wannacry pawned so many computers is because they are running on default settings. You won't hear any of this from a qualified IT sales man tho, instead they will tell you, oh you need to spend $$$$ and install our superior enterprise software. So while vulcan says that his enterprise gear has had protection from WannaCry since april I've already had Free protection for years.

    Vulcan wrote:
    Worth posting again.... sandboxie is incredibly easy for malware to detect (examples here: https://github.com/Fel0ny/Sandbox-Detection ). So most malware writers look for virtual environments and simply do nothing if they are detected.
    .
    You can't stop bashing sandboxie can you its like an obsession. detecting and bypassing are 2 separate things. Incase you don't know which is unlikely since you have never tried sandboxie it has an anti executable component which if configured it wouldn't even be able to run in the first place to even find out if its sitting in a sandbox environment let alone the slim chance of bypassing the sandbox.

    Vulcan wrote:
    CryptoWall 2.0 has a virtual machine check in its code that disables the attack when the malware is installed within a virtual instance—in part to prevent security researchers from isolating and analyzing its behavior.
    That's actually just a inconvenient piss poor attempt to stop security researchers from analyzing its behaviour.

  25. Post
    #25
    Thunderstorm wrote:
    I don't rely on and use piss poor signature antivirus software
    I don't use any anti-virus software, I just run the latest version of Windows with automatic updates and I don't run FREEMONEY.exe from emails. Has worked fine so far.

    Thunderstorm wrote:
    I was serious when I said before that you can secure a pc from the wannacry virus without using an AV or downloading any Microsoft patches.
    Yeah... or you could just not use an ancient OS and leave Windows Update on the default settings.

    Thunderstorm wrote:
    I will elaborate to prove some of my knowledge. In order for wannacry to successfully encrypt your files/disk it needs administrative privileges so if the computer is running in Limited User Account it won't work. It also needs to be able to use cmd so if cmd is disabled on the computer it won't work, It also needs to be able to use WinRAR, so if explorer.exe is the only process which can execute WinRAR then it won't work. It also requires a service which I forget the name of it now to be running on the computer, so if that service is disabled it won't work. It also needs writing access to C:\WINDOWS, if it doesn't have that then is won't work. It would also probably need low level disk access.
    I'm not going to make my local account non-administrator because that would be a pain in the ass. Windows 10 runs apps in user mode by default anyway.
    I'm not going to disable cmd because I use it frequently. Either way it runs in user mode by default.
    I can't find any mention of WannaCry requiring Winrar and it seems extremely unlikely that it would rely on having a 3rd party program like that installed to work.
    etc

    I'm especially not going to do all these things to protect against one particular piece of malware that I'm not vulnerable to anyway because I'm running Windows 10. Going to a lot of effort with an OS that's so old it isn't even supported anymore to achieve the same result as running Windows 10 and doing nothing is a waste of time.