Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

Cryptovirus defenses?


phaolo
 Share

Recommended Posts

Hello,
I'm trying some solution to secure my system as I'm quite scared by cryptoviruses.
I already have external offline backups and drive images, but I'd prefer prevention more than a.. restore.

Questions:

- are there some permission settings that could block a program trying to encrypt user folders or entire drives?
(without limiting normal usage too much!)

- on Win7 Pro I'm trying SRP (Software Restriction Policies) whitelisting, but it isn't perfect as various programs and setups still need to execute files in Appdata or Temp folders. Also, this wouldn't block anything disguised as a valid installer.
Do you have some tips about this feature?

- what are some decent free antiviruses now? (AVG became spyware)

- other advices?

Edited by phaolo
Link to comment
Share on other sites


Quote

on Win7 Pro I'm trying SRP (Software Restriction Policies) whitelisting, but it isn't perfect as various programs and setups still need to execute files in Appdata or Temp folders. Also, this wouldn't block anything disguised as a valid installer.

The Software Restriction policies really mess up your system. Any new install you make will be broken if those policies aren't whitelisted. Not to mention programs that are actually run from APPDATA, like jDownloader, and WUD. You might say, put the executables under whitelist but it will be getting tedious once you will have 10 apps you need to whitelist -- this is not a sollution.

Quote

are there some permission settings that could block a program trying to encrypt user folders or entire drives?
(without limiting normal usage too much!)

Short answer: no.

This is because whatever access you have on those drives/folders/files, your malware application will also have because it is run under your user account. Thus, there are two options:

  • one way would be to store your files on an HDD with encryption (programs like TrueCrypt). With this no writing or reading can be performed without entering your password for the drive.
  • or make a complete backup of your system using software like Acronis TrueImage and make a weekly backup. Store the backup on an external HDD, and never keep it plugged in to your system. Then IF you get infected, just boot up the CD and restore the image from the backup. It'll format all the partition and re-create your data.
Link to comment
Share on other sites

On 26/3/2016 at 1:29 AM, AlexCeed said:

The Software Restriction policies really mess up your system. Any new install you make will be broken if those policies aren't whitelisted [..]

It's not ideal, but luckly a popup or an entry in the Event Logs warn about RSP errors, so you can just restart an unsuccessful installation.
 

On 26/3/2016 at 1:29 AM, AlexCeed said:

whatever access you have on those drives/folders/files, your malware application will also have because it is run under your user account. Thus, there are two options:

  • one way would be to store your files on an HDD with encryption [..]
  • or make a complete backup of your system [..]

Well, I'm already creating backups on external drives and encryption is a bit a PITA.


Sigh :(

Edited by phaolo
Link to comment
Share on other sites

I saw a cryptovirus that was using vulnerabilties that you can dodge.

The first one was Remote Desktop protocol, that an easy one, disabled all the service related to that.

The second was with adobe acrobat reader, another easy solution use another pdf (and less popular) option like an old version of foxit pdf reader.

Then, I have other ideas but I am not sure it would help. I use a secure firewall that is biderectionnal. Make sure to have an inbound and outbound firewall.

I use privatefirewall and also comodo on another laptop.

With a windows 7 machine with no antivirus in realtime, I did not get any virus since the last 10 years ( I do a manual scan once every 2 months with kapersky portable). I just follow some basic strategy.

But like you, for the first time I am affraid of virus, because cryptovirus are cash earning virus, and it seem some of them are made by russian mafia and the like... So they will have a lot of ressource and motivation to create virus (that may inclue 0days)...

PS: If you want to use antivirus, I suggest panda cloud since it won't need to download signatures update all the time. Or you can use comodo options like it's integrated sandbox...

Edited by albator
Link to comment
Share on other sites

On 31/3/2016 at 9:50 PM, HarryTri said:

AVG Free is a good solution too, that's what I am using personally on Windows 8  (who said that it is spyware and why)?

I read that it now collects and sells your browser history and your pc info :(

On 1/4/2016 at 2:40 PM, N1K said:

Although not cryptolocker full protection it should help.

http://www.wincert.net/security/cryptolocker-virus-protection/

Blacklisting to me seems too much limited than whitelisting.

Link to comment
Share on other sites

1 hour ago, HarryTri said:

Well, I just don't really believe it.

But.. based on what? Just search "avg selling data" in Google.
They said that AVG changed the Eula, so you could check it yourself.

I would be glad to use the program again, if someone could reassure me.
(unless it has become bloated and with ads)
 

Link to comment
Share on other sites

Take a look at AppGuard or NVT Exe Radar.

Also, Defense+ in Comodo package by default blocks any unknown software, might work together with their AV and Firewall. Unfortunately, their EULA might scare away privacy-concerned user.

Link to comment
Share on other sites

On 3/4/2016 at 11:43 PM, phaolo said:

But.. based on what? Just search "avg selling data" in Google.
They said that AVG changed the Eula, so you could check it yourself.

I would be glad to use the program again, if someone could reassure me.
(unless it has become bloated and with ads)
 

I did my research and they indeed share non-personal data in order to "make money from their free products", as they say. Well, who can you trust today anyway? Are they the only ones that do it? At least they changed their privacy policy statement to inform their users about what they are doing... I am satisfied by the program and l will go on using it, for the time being at least. Anyway, thanks for the information.

Link to comment
Share on other sites

  • 4 weeks later...

I never trust or trusted AVG, they suck so bad
but no antivirus can detect or prevent cryptos, and for above about "unknown programs", who dictates what is known and unknown ?
smells to me same as digital signatures which will kill development of non company tools

Link to comment
Share on other sites

DO a security setup with follows and forget about cryptologers:-

* Hitman Pro alert or Malwarebyte antiexploit along with crytoprotect(Only if you never like to buy hitman pro alert)

* Uninstall Java & Flash

*Disable Terminal service , REmote REgistry by Opening  services.msc with Run

*Run A limited Acount also add a strong password to your admin acount.

* Install a good antivirus as per your choice

*Install Zonealarm free firewall or privacyfirewal free

*Use browser SandBox

*Reeboot  your PC and a have a cup of tea or coffee which ever you like

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...