Browser Security / Financial Malware test by MRG

View previous topic View next topic Go down

Browser Security / Financial Malware test by MRG

Post by ssj100 on 28/4/2010, 11:14

Information on the test:
http://malwareresearchgroup.com/?p=1517

Results of the test:
http://malwareresearchgroup.com/?page_id=2

If you've read my security setup/approach, you'll know that I am a big fan of anti-execution and containment, and of being careful with newly introduced files. Regardless, any simple anti-execution would block this test and pass 100%, given the testing methodology:

The test is conducted by...Downloading the simulator using Internet Explorer to the desktop and executing it.

With my security setup/approach, SRP by itself would be enough to block this.

However, what if this file was not a binary executable etc, and used a specific exploit of eg. Adobe and launched remote code etc and this resulted in a logger monitoring your keystrokes or clipboard etc? Well in that case, I doubt any of the programs tested would be able to block this.

And this is why the security approach is so important. As described in my security setup/approach post, I would simply open this newly introduced file sandboxed (perhaps even enable Shadow Mode with Shadow Defender before downloading it in the first place) with a sandboxed explorer.exe. I'd then be able to open the file as required. Once I'm done, the sandbox containing the malware would be deleted and any malicious logging process would be terminated and discarded.

At the end of the day, all malware that I have ever read or tested requires some form of execution that is always blocked by SRP. So simply having some sort of anti-execution protection will already block all malware out there. I believe that denying initial execution is the key - SRP forces the user (or at least reminds the user) to ask if what he/she wants to execute is really safe or not. If the user recognises the risk, he/she can still follow a safe security approach and execute the file in a contained environment (eg. with Sandboxie or Shadow Defender). Finally, even the extremely paranoid ones can still follow steps 7-9 (under Sandboxie) here: http://ssj100.fullsubject.com/free-for-all-f4/ssj100-s-security-setup-t4.htm#16 and simply ensure all other sandboxes are shut down when they want to carry out sensitive browsing.

I guess perhaps the ultimate point I am trying to make is the following:
There are many "computer paranoid" people out there. They may see a test and note the programs which pass it, without understanding the bigger picture of a good security setup/approach. Then these people may end up buying third party software after software (and layer themselves endlessly) in an attempt to block against the newest and greatest threats that they perceive. They will keep paying annual fees to continue using and updating these programs. But at the end of the day, the strongest security available is in fact free (or involve only a one off payment for life). Regardless, these people have sadly missed the point of computer security - it's the combination of a good security setup and approach that keeps you "100%" secure, and not the reliance on (third party) security programs alone.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Browser Security / Financial Malware test by MRG

Post by Guest on 30/4/2010, 08:43

LOL,And after all of that "layering" wonder why their machine crawls!!

They assume of course it has to be malware related,so they add a few more layers of "non-realtime"
on demands,not Knowing/or thanking, that these also drag on the total system!!

I have been there!!
It is a easy trap to fall into,especially considering how many are willing to
"Pipe and Charm" you along the route!!

noor

Guest
Guest


Back to top Go down

Re: Browser Security / Financial Malware test by MRG

Post by ssj100 on 30/4/2010, 09:09

I must say, I haven't really been there myself haha. But that's because I really hate any slow-down or potential registry corruption etc.

I've accepted that Sandboxie does cause a 1-2 second slow-down on opening Firefox or IE, as this is barely noticeable. For the strength and scope of protection Sandboxie provides, it is completely worth it!

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Browser Security / Financial Malware test by MRG

Post by Guest on 30/4/2010, 09:40

I understand. But as I come from the free version,where there was a 5 second delay screen,the full version is blindingly fast!!
(PS# I also hate slowdown!! Cant stand it!!)

noor

Guest
Guest


Back to top Go down

Re: Browser Security / Financial Malware test by MRG

Post by ssj100 on 27/6/2010, 04:54


_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Browser Security / Financial Malware test by MRG

Post by user09 on 17/8/2010, 11:23

user09 Spam Post deleted by admin

First and last warning
Don't spam the board again!

user09
New Member
New Member

Posts : 1
Join date : 2010-08-17

View user profile

Back to top Go down

Re: Browser Security / Financial Malware test by MRG

Post by aigle on 6/10/2010, 07:37

Seems spam post.






Thanks aigle Admin
avatar
aigle
Member
Member

Posts : 21
Join date : 2010-07-25

View user profile

Back to top Go down

Re: Browser Security / Financial Malware test by MRG

Post by noorismail on 6/10/2010, 08:51

As-Salaamu Alikum!!
I am not sure,why you say that brother.
The link?

I might question the whole concept of Anti-Virus,
I might also question the order the "solutions" are arranged in,but if Ant-Virus is "you cup of tea",this seems the cream of the crop.

and Allah Alim,
noor

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: Browser Security / Financial Malware test by MRG

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum