[Hidden-tech] Any experience with a Virus that attacksdocuments?

Jan Werner jwerner at jwdp.com
Sat Jan 17 13:59:12 EST 2015

Previous message: [Hidden-tech] Any experience with a Virus that attacksdocuments?
Next message: [Hidden-tech] OS Security (was Re: Any experience with a Virus that attacksdocuments?)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Cryptoprevent works by blocking program execution from certain locations 
on your system that should not be used by executables under Microsoft 
guidelines.  Not all software follows those guidelines, so it can also 
prevent legitimate programs from running.  Other security vendors 
provide similar free utilities to protect against Cryptolocker. None 
have proven that effective, particularly against new variants, of which 
there seem to be quite a few lately.

Anti-malware software is a good thing to have in place but can never be 
relied on to protect data, if only because it is always fighting last 
month’s battles.  Sophisticated malware like Cryptolocker was not 
written for a first trimester test in Hacking 101 at Novosibirsk 
Community College. Much of it comes from seasoned programmers who work 
hard to keep one step ahead of efforts to block them. Just remember that 
they have access to any technical information you and I can find online, 
and probably understand it far better than we do.

The ONLY fool-proof protection against data loss, whether from malware 
or other causes, is to have a good backup strategy.  Data that is not 
backed up in at least one physically disconnected location might as well 
be considered disposable.   Automatic or continuous backups, whether 
local or off-site, are not fool-proof because clever malware can 
actually use the way they work to corrupt the backups too, as 
Cryptolocker demonstrated.  Best to have multiple generations of any 
critical data kept separately.

Also, the idea that Macs are immune to viruses is simply wrong.  The 
only reason there are fewer OS-X viruses than for Windows is that there 
are at least ten Windows PCs in operation for every Mac, so most virus 
writers don’t bother with the latter.  But not all, and there has been 
some particularly nasty Mac malware found in the wild in the past couple 
of years.

Jan Werner
____________

Chris Hart, MyMacTech.com wrote:
>
>
>
>
>
> Yes, Bruce, a good anti-virus, that's up to date, should identify
> Cryptolocker variants and prevent them from becoming resident (and thus
> stopping them from encrypting your files).  But..... There is always a
> window of time in which new virus variants are spreading in the wild,
> before the antivirus makers identify them, and an update their
> definitions.  That's the time when you're at risk.
>
> That's why Cryptoprevent is so valuable -- it's your only protection
> during that window of time.  As you observed, Cryptoprevent is not a
> background process and thus won't drag the system.  However, there is a
> premium edition of Cryptoprevent, that does actively update itself; so,
> that it's aware of how to protect against new variants of Cryptolocker.
>   Even still, I would not expect this to use significant system resources.
>
> /Chris Hart/
>
> ///Computer Support & Technology Consulting/
>
> /        for Connecticut and Western Massachusetts/
>
> /            Tel: 860-291-9393/
>
> /                http://www.MyMacTech.com/
>
>
> From: Bruce Hooke <bghooke at att.net <mailto:bghooke at att.net>>
> Date: Friday, January 16, 2015 at 11:51 AM
> To: Chris Hart <chris at chrishart.net <mailto:chris at chrishart.net>>,
> <Hidden-discuss at lists.hidden-tech.net
> <mailto:Hidden-discuss at lists.hidden-tech.net>>
> Subject: Re: [Hidden-tech] Any experience with a Virus that
> attacksdocuments?
>
> A quick clarification. I just did some more reading and it turns out
> Cryptoprevent is not running all the time. It sets some policy rules in
> Windows that should prevent the Cryptolocker software from running.
> - Bruce
>
> From: Bruce Hooke <bghooke at att.net <mailto:bghooke at att.net>>
> Date: Friday, January 16, 2015 at 11:27 AM
> To: Chris Hart <chris at chrishart.net <mailto:chris at chrishart.net>>,
> <Hidden-discuss at lists.hidden-tech.net
> <mailto:Hidden-discuss at lists.hidden-tech.net>>
> Subject: Re: [Hidden-tech] Any experience with a Virus that
> attacksdocuments?
>
> Thank you, Chris, for this very informative email. While, as you
> said, anti-virus software won't quarrantine the affected files, do you
> know if properly up-to-date anti-virus software should catch the initial
> "virus" (if that's the right name for it) that causes the documents to
> be encrypted? I am considering installing the Cryptoprevent software but
> it is presumably yet another background process that has to be there and
> running all the time, using system resources.
> Thanks,
> Bruce
>
>
>
> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
>
> You are receiving this because you are on the Hidden-Tech Discussion list.
> If you would like to change your list preferences, Go to the Members
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members
>

Previous message: [Hidden-tech] Any experience with a Virus that attacksdocuments?
Next message: [Hidden-tech] OS Security (was Re: Any experience with a Virus that attacksdocuments?)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Hidden-discuss mailing list