phaolo Posted March 26, 2016 Share Posted March 26, 2016 (edited) Hello, I'm trying some solution to secure my system as I'm quite scared by cryptoviruses. I already have external offline backups and drive images, but I'd prefer prevention more than a.. restore. Questions: - are there some permission settings that could block a program trying to encrypt user folders or entire drives? (without limiting normal usage too much!) - on Win7 Pro I'm trying SRP (Software Restriction Policies) whitelisting, but it isn't perfect as various programs and setups still need to execute files in Appdata or Temp folders. Also, this wouldn't block anything disguised as a valid installer. Do you have some tips about this feature? - what are some decent free antiviruses now? (AVG became spyware) - other advices? Edited March 26, 2016 by phaolo Link to comment Share on other sites More sharing options...
Ulaiphur Posted March 27, 2016 Share Posted March 27, 2016 Quote on Win7 Pro I'm trying SRP (Software Restriction Policies) whitelisting, but it isn't perfect as various programs and setups still need to execute files in Appdata or Temp folders. Also, this wouldn't block anything disguised as a valid installer. The Software Restriction policies really mess up your system. Any new install you make will be broken if those policies aren't whitelisted. Not to mention programs that are actually run from APPDATA, like jDownloader, and WUD. You might say, put the executables under whitelist but it will be getting tedious once you will have 10 apps you need to whitelist -- this is not a sollution. Quote are there some permission settings that could block a program trying to encrypt user folders or entire drives? (without limiting normal usage too much!) Short answer: no. This is because whatever access you have on those drives/folders/files, your malware application will also have because it is run under your user account. Thus, there are two options: one way would be to store your files on an HDD with encryption (programs like TrueCrypt). With this no writing or reading can be performed without entering your password for the drive. or make a complete backup of your system using software like Acronis TrueImage and make a weekly backup. Store the backup on an external HDD, and never keep it plugged in to your system. Then IF you get infected, just boot up the CD and restore the image from the backup. It'll format all the partition and re-create your data. Link to comment Share on other sites More sharing options...
phaolo Posted March 28, 2016 Author Share Posted March 28, 2016 (edited) On 26/3/2016 at 1:29 AM, AlexCeed said: The Software Restriction policies really mess up your system. Any new install you make will be broken if those policies aren't whitelisted [..] It's not ideal, but luckly a popup or an entry in the Event Logs warn about RSP errors, so you can just restart an unsuccessful installation. On 26/3/2016 at 1:29 AM, AlexCeed said: whatever access you have on those drives/folders/files, your malware application will also have because it is run under your user account. Thus, there are two options: one way would be to store your files on an HDD with encryption [..] or make a complete backup of your system [..] Well, I'm already creating backups on external drives and encryption is a bit a PITA. Sigh Edited March 28, 2016 by phaolo Link to comment Share on other sites More sharing options...
albator Posted March 28, 2016 Share Posted March 28, 2016 (edited) I saw a cryptovirus that was using vulnerabilties that you can dodge. The first one was Remote Desktop protocol, that an easy one, disabled all the service related to that. The second was with adobe acrobat reader, another easy solution use another pdf (and less popular) option like an old version of foxit pdf reader. Then, I have other ideas but I am not sure it would help. I use a secure firewall that is biderectionnal. Make sure to have an inbound and outbound firewall. I use privatefirewall and also comodo on another laptop. With a windows 7 machine with no antivirus in realtime, I did not get any virus since the last 10 years ( I do a manual scan once every 2 months with kapersky portable). I just follow some basic strategy. But like you, for the first time I am affraid of virus, because cryptovirus are cash earning virus, and it seem some of them are made by russian mafia and the like... So they will have a lot of ressource and motivation to create virus (that may inclue 0days)... PS: If you want to use antivirus, I suggest panda cloud since it won't need to download signatures update all the time. Or you can use comodo options like it's integrated sandbox... Edited March 28, 2016 by albator Link to comment Share on other sites More sharing options...
HarryTri Posted March 31, 2016 Share Posted March 31, 2016 AVG Free is a good solution too, that's what I am using personally on Windows 8 (who said that it is spyware and why)? Link to comment Share on other sites More sharing options...
albator Posted March 31, 2016 Share Posted March 31, 2016 (edited) http://www.ghacks.net/2016/03/30/anti-ransomware-overview/ Edited March 31, 2016 by albator Link to comment Share on other sites More sharing options...
N1K Posted April 1, 2016 Share Posted April 1, 2016 Although not cryptolocker full protection it should help. http://www.wincert.net/security/cryptolocker-virus-protection/ Link to comment Share on other sites More sharing options...
phaolo Posted April 2, 2016 Author Share Posted April 2, 2016 On 31/3/2016 at 9:50 PM, HarryTri said: AVG Free is a good solution too, that's what I am using personally on Windows 8 (who said that it is spyware and why)? I read that it now collects and sells your browser history and your pc info On 1/4/2016 at 2:40 PM, N1K said: Although not cryptolocker full protection it should help. http://www.wincert.net/security/cryptolocker-virus-protection/ Blacklisting to me seems too much limited than whitelisting. Link to comment Share on other sites More sharing options...
HarryTri Posted April 3, 2016 Share Posted April 3, 2016 Quote I read that it now collects and sells your browser history and your pc info Well, I just don't really believe it. Link to comment Share on other sites More sharing options...
phaolo Posted April 3, 2016 Author Share Posted April 3, 2016 1 hour ago, HarryTri said: Well, I just don't really believe it. But.. based on what? Just search "avg selling data" in Google. They said that AVG changed the Eula, so you could check it yourself. I would be glad to use the program again, if someone could reassure me. (unless it has become bloated and with ads) Link to comment Share on other sites More sharing options...
Mcinwwl Posted April 3, 2016 Share Posted April 3, 2016 Take a look at AppGuard or NVT Exe Radar. Also, Defense+ in Comodo package by default blocks any unknown software, might work together with their AV and Firewall. Unfortunately, their EULA might scare away privacy-concerned user. Link to comment Share on other sites More sharing options...
HarryTri Posted April 6, 2016 Share Posted April 6, 2016 On 3/4/2016 at 11:43 PM, phaolo said: But.. based on what? Just search "avg selling data" in Google. They said that AVG changed the Eula, so you could check it yourself. I would be glad to use the program again, if someone could reassure me. (unless it has become bloated and with ads) I did my research and they indeed share non-personal data in order to "make money from their free products", as they say. Well, who can you trust today anyway? Are they the only ones that do it? At least they changed their privacy policy statement to inform their users about what they are doing... I am satisfied by the program and l will go on using it, for the time being at least. Anyway, thanks for the information. Link to comment Share on other sites More sharing options...
vinifera Posted May 4, 2016 Share Posted May 4, 2016 I never trust or trusted AVG, they suck so bad but no antivirus can detect or prevent cryptos, and for above about "unknown programs", who dictates what is known and unknown ? smells to me same as digital signatures which will kill development of non company tools Link to comment Share on other sites More sharing options...
Dibya Posted May 4, 2016 Share Posted May 4, 2016 DO a security setup with follows and forget about cryptologers:- * Hitman Pro alert or Malwarebyte antiexploit along with crytoprotect(Only if you never like to buy hitman pro alert) * Uninstall Java & Flash *Disable Terminal service , REmote REgistry by Opening services.msc with Run *Run A limited Acount also add a strong password to your admin acount. * Install a good antivirus as per your choice *Install Zonealarm free firewall or privacyfirewal free *Use browser SandBox *Reeboot your PC and a have a cup of tea or coffee which ever you like Link to comment Share on other sites More sharing options...
Dibya Posted May 4, 2016 Share Posted May 4, 2016 What about Avira Free antivirus? It is really great . Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now