Ultimativna antivirus tema - P&O

 

Evo sta radi Comodo    - slika je od forumasa na Malwaretips forumu

 

Dolazi u ojacanoj verziji  .

 

http://www.bleepingcomputer.com/news/security/cryptowall-4-0-released-with-new-features-such-as-encrypted-file-names/

 

CryptoWall 4.0 has been released that displays a redesigned ransom note, new filenames, and now encrypts a file's name along with its data. We were alerted to this new variant by various members who have postedabout being infected by what was being called the help_your_files ransomware.  Once we were able to analyze a sample, though, it was quickly determined that this was in fact a new version of CryptoWall.  For those who may have become infected by this variant, you can visit the dedicated CryptoWall 4.0: Help_Your_Files Ransomware Support Topic to discuss the infection or receive support on it.

The most significant change in CryptoWall 4.0 is that it now also encrypts the filenames of the encrypted files.  Each file will have its name changed to a unique encrypted name like 27p9k967z.x1nep or 9242on6c.6la9. The filenames are probably encrypted to make it more difficult to know what files need to be recovered and to make it more frustrating for the victim.  

 

 

Ma ja sam ti živa paranoja i cjepidlaka , pa moje mišljenje možda baš i nije objektivno i relevantno .

 

Eset Smart 9 mi neradi nikakve probleme na strojevima na kojima je instaliran , i sa njime je os čak i poletniji nego sa defenderom ( win 10 64 bit ) , no ess nije free. Za punu zaštitu je potrebno i malo znanja pri detaljnom postavljanju i kreiranju pravila i zona zaštite, a jednom prilikom je čini mi se kolega total fini tutorijal ovdje napisao o tim detaljnijim podešenjima.

 

Bitdefender IS mi nekako nikad nije bio favorit , iako je taj stav zasnovan na nekakvom subjektivnom dojmu pod utjecajem niza postova na njihovom forumu o spotrganom os-u nakon nekog perioda upotrebe bitdefener internet securitya. Free bitdefender nema nove engine pa nije usporediv.

 

360  nekako izbjegavam bilo kome instalirati jer je riječ o kineskom proizvodu , a kineske tvrtke nisu baš dostupne EU pravosuđu i onda  mogu ugraditi kaj god žele u svoje proizvode

bez opasnosti da bi ih neko mogao tužiti i tražiti odštetu . U poslovnom segmentu se itekako  i taj segment ( pravna uređenost , dostupnost i moguće odštete zbog nepridržavanja ugovora ) uzima u obzir pa zasad nijedna firma iz ovog našeg loalnog okruženja ne pokazuje baš neku želju za 360 TS makar je free i čak ima i dobre kritike korisnika.

 

Na win 10 i ugrađeni defender čist solidno dela, nepostiže baš one postotke bitdefendera i kasperskog, no na testiranjima koje je microsoft traži da se urade u realnim okolnostima koje vladaju na netu se čak pokazao i jako dobrim ( uz uvjet  ažurnog i orginalnog nekrakiranog os-a i prisebnog korisnika )

 

Velim ti, moje mišljenje nije baš najrelevantnije jer ja moram uzeti daleko širi dijapazon faktora  nego kaj bi jedan prosječni kućni korisnik bio zainteresiran za te iste faktore.

 

 

 

Jesi svjestan da je beta ? Svaka greška / problem se prijavljuje na njihov forum.

@XXX ukljucio sam.

kako se rjesiti virusa ili sta je vec, javlja mi se na pretrazivacima kao pocetna stranica sajt www.2345.com kineski neki.

bez obzira sto rucno podesim da mi je google.com pocetna strana stalno mi stoji 2345.com

Nakon instalacije BIS 2016 (giveaway), MBAE više neće da radi 

 

 

Ne možeš dodati folder nego samo ono u folderu (probao sam dodati mbae.exe ali nije pomoglo,ostalo mi se nije dalo dodavati,puno je svačega a ne znam šta bi točno trebalo) ali ipak sam uspio riješiti problem reinstalacijom MBAE-a.

 

Dodao sam u BIS za "Ransom protection" sve glavne foldere i sa jednog i drugog i trećeg diska pa ako nekim slučajem mbae na browseru i propusti kakav ransom, dotični nače moči ništa jer BIS štiti skoro sve foldere na pc-u 

Linux ransom...

Encryption ransomware for Linux written in C using the PolarSSL library.

Once launched with administrator privileges, the Trojan loads into the memory of its process files containing cybercriminals' demands:
./readme.crypto—file with demands,
./index.crypto—HTML file with demands.

As an argument, the Trojan receives the path to the file containing a public RSA key.

Once the files are read, the malicious program starts as a daemon and deletes its original files.

First, the Trojan encrypts files in the following directories:
/home
/root
/var/lib/mysql
/var/www
/etc/nginx
/etc/apache2
/var/log

After that, Linux.Encoder.1 encrypts all files in home directories. Then the Trojan recursively traverses the whole file system starting with the directory from which it is launched; next time, starting with a root directory (“/”). At that, the Trojan encrypts only files from directories whose names start with one of the following strings:
public_html
www
webapp
backup
.git
.svn

At that, the Trojan encrypts only files with the following extensions:

".php", ".html", ".tar", ".gz", ".sql", ".js", ".css", ".txt" ".pdf", ".tgz", ".war", ".jar", ".java", ".class", ".ruby", ".rar" ".zip", ".db", ".7z", ".doc", ".pdf", ".xls", ".properties", ".xml" ".jpg", ".jpeg", ".png", ".gif", ".mov", ".avi", ".wmv", ".mp3" ".mp4", ".wma", ".aac", ".wav", ".pem", ".pub", ".docx", ".apk" ".exe", ".dll", ".tpl", ".psd", ".asp", ".phtml", ".aspx", ".csv"

The Trojan does not encrypt files in the following directories:
/
/root/.ssh
/usr/bin
/bin
/etc/ssh

To encrypt each file, the Trojan generates an AES key. After files are encrypted using AES-CBC-128, they are appended with the .encrypted extension. Into every directory that contains encrypted files, the Trojan plants a README_FOR_DECRYPT.txt file with a ransom demand.

If decryption is initiated, Linux.Encoder.1 will use a private RSA key to retrieve AES keys from encrypted files, traverse directories in the same order as when they were encrypted, and delete README_FOR_DECRYPT.txt files trying to decrypt all files with the .ecnrypted extension.

detux - The Linux Sandbox

 

Linux.Encoder.1

 

http://detux.org/report.php?sha256=18884936d002839833a537921eb7ebdb073fa8a153bfeba587457b07b74fb3b2

New Malwarebytes Anti-Exploit Adds Fingerprinting Detection

 

New Features:

• Dynamic Anti-HeapSpraying mitigation
• Anti-Exploit fingerprinting mitigation
• Finetuned VBScript mitigation for IE
• ROP-RET gadget detection mitigation
• Application Behavior rules
• Protection for Microsoft Edge
• Protection for LibreOffice
• Failover upgrade mechanism
• Auto-recovery for Anti-Exploit service

 

Malwarebytes Anti-Exploit Version 1.08 is available for download today and will gradually be rolled out through automatic updates.

 

 

Inace, ispravljeni su i neki uoceni bugovi kao sto su nekompatibilnost sa drugim AV/IS proizvodima i one greske da nije pokrenut na Win 10 itd.

Interesantan tekst - http://www.whatmobile.net/features/under-attack-an-interview-with-a-hacker/

 

• What is your job?

I’m a penetration tester, I’ve been doing it for over 15 years. I get paid by companies to break into their computer systems to identify security flaws so they can fix them. Most people build things. I take them apart. Because computers are everywhere these days, I end up breaking into all kinds of strange things from banks to missile systems.

I’ll be given a target by a customer, it could be a website, a mobile phone or in one case last week a meeting room. You might think meeting rooms are strange things to attack. But within an hour or so we had full control of the TV screens, climate control and were able to stream audio from every meeting room in the building to us. And this is a system that the US Department of Defense uses it at the Pentagon. I write reports on how to fix problems. Often the most serious vulnerabilities are those that affect the underlying business, and they’re usually the ones that need the most support.

 

• Have you been forced to do something questionable?

No, but we often get asked to do things that are unethical and sometimes downright illegal. A company asked us to uncover the source of the biggest corruption scandal. We politely declined. People who expose corruption scandals in Turkey have a habit of disappearing. We won’t do anything that could endanger lives.

 

• GCHQ use software tools called ‘smurf’ to extract data from phones. Are there any other tools GCHQ are using or can use?

GCHQ and the other five eyes agencies have a large array of tools, as disclosed through the Snowden and other leaks. They also have internally developed tools, with funny names like SWAMP DONKEY and ANGRY PIRATE. We don’t know exactly what GCHQ can and can’t do. But every time there’s a leak, the details are often both impressive and scary from a hacker’s perspective.

 

• What kind of information can the GCHQ (or hacker) extract from mobile devices?

I don’t know for sure. With enough time they can probably get anything they want off anything they want to get it from.

 

• What are your thoughts on the Black Phone 2/Turing Phone and purpose-built smartphones for security.

The original Black Phone was a good effort. But even that had quite a few vulnerabilities that could let hackers in. Just because a phone is built with security in mind doesn’t mean it’s secure.

 

• Are modified OS like Cyaonogen more secure than stock versions?

The problem with Android phones lies with the way updates are managed. Updates are rolled out by carriers and vendors. So you’re not guaranteed to get security fixes. So some phones lag behind. Others are up to date. CyanogenMod is often more secure on these. If you run stock Android your best bet is to use a Google-branded phone like a Nexus.

 

• Which OS is most at risk? Windows, Android or iOS?

All have benefits and drawbacks. Currently Windows Phone seems to be the hardest nut to crack. Blackberry has a long history of being very security-focused. If I have physical access to the device, I find Android’s usually the easiest target. Then comes iPhone, then older versions of BlackBerry. If it’s over a network or I have to attack via email or message, Android’s usually the softest target.

 

• What are your thoughts on smartphone assistants?

All of the assistants (Google Now, Cortana, Siri) are becoming more context-aware. The problem is they have to scan the content and break it into chunks the phone can understand. When this is done on the phone it’s not so bad. But when this data is sent somewhere online and stored, what happens afterwards? The truth is we don’t know. People talk about GCHQ and the NSA reading their emails. Google have been doing this for years publicly and no-one seems to care.

 

• What can people do to keep personal data more secure?

Make sure your phone has the latest updates. Don’t put anything on it you wouldn’t want to see all over the Internet . Don’t jailbreak or root your phone. Never install apps from outside of your phone’s app store.

 

• Are there older smartphones that consumers can use to be more secure?

Older smartphones tend be considered less secure as they’re usually affected by known weaknesses. If you’re using an older phone you’re better off with a classic dumb phone. If you have to have an older smartphone, use an older BB10-based Blackberry, or a Windows Phone running Windows Phone 8 or newer.

 

• Can non-registered pay-as-you-go phones still be accessed?

Absolutely, it makes no difference how the phone’s bought or used.

 

• Are there any apps that are guilty of making your phone insecure?

Lots of apps that do bad things with permissions. The worst offenders are things like Facebook and Facebook Messenger. Most apps need to access certain things like your photos to allow you to share pictures. But some apps just seem to want to hoover up data and send it back to the mothership.

 

• How would you know if you’ve been hacked?

Unless the hacker is dumb enough to make something pop up on your screen you probably won’t know for sure. You’d typically find out when some strange charges start appearing on your bank account, or your Gmail says it’s been accessed from somewhere you’ve never been. As long as you make sure the security settings are properly managed and that your handset is up to date, protected with a decent password and auto-locks you’ll be safer than most.

 

• Is there much difference between white hat and black hat hackers? And do black hat hackers get recruited into the security industry?

A White Hat hacker (like me) works to improve security in an ethical manner. A Black Hat hacker breaks into things without permission for nefarious purposes, like the NSA or the 15-year-old kid in Northern Ireland who allegedly broke into TalkTalk. There are black hats in our industry. But there’s often a stigma attached to a black hat turning white hat.

 

• What is the future of data and device security? Will we be living in a utilitarian society?

There’s a war between the major mobile operators and manufacturers. Look at how long it took for Microsoft Office to appear on the iPad. Or Facebook’s acquisition of What’sApp Messenger. You’re going to see less personal control of your devices. Providers don’t just want to own your data, they want to control how you access it.

I’m a penetration tester, I’ve been doing it for over 15 years. I get paid by companies to break into their computer systems to identify security flaws so they can fix them. Most people build things. I take them apart. Because computers are everywhere these days, I end up breaking into all kinds of strange things from banks to missile systems.

I’ll be given a target by a customer, it could be a website, a mobile phone or in one case last week a meeting room. You might think meeting rooms are strange things to attack. But within an hour or so we had full control of the TV screens, climate control and were able to stream audio from every meeting room in the building to us. And this is a system that the US Department of Defense uses it at the Pentagon. I write reports on how to fix problems. Often the most serious vulnerabilities are those that affect the underlying business, and they’re usually the ones that need the most support.

 

 

objasnio je sve sa ovih par recenica..

 

WordPress je najbolji.