Author Topic: [Wish] Anti-Ransomware Protection feature (idea)  (Read 10793 times)

0 Members and 1 Guest are viewing this topic.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9412
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: [Wish] Anti-Ransomware Protection feature (idea)
« Reply #15 on: October 18, 2016, 09:28:41 PM »
Why? What's the purpose of avast! then? And backups are slow, clumsy and they'll refuse to work just when you'll need it the most. And you can't have a backup of the backup for the backup just to be sure. It' stupid. My approach would block basically 100% of malware. I've seen how reliable Hardened mode whitelist is. With that, even if ransomware blocks access to desktop, you could be assured the data is intact. Meaning I can still stick the drive into USB case and pull data in unencrypted form from it. Or just stick it in another PC and do the same. That would be the worst case scenario. Compare that to cost of having an extra drive for backup and spending day after day backing up stupid crap. No thanks. Home users shouldn't be relying on enterprise measures to protect their data. AV's are capable enough to do that, some just don't do that for reasons unknown.
Visit my webpage Angry Sheep Blog

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48819
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: [Wish] Anti-Ransomware Protection feature (idea)
« Reply #16 on: October 18, 2016, 09:44:02 PM »
@ RejZoR,
When you deal with enough novice computer users, you'll find out they can handle a simple backup routine.
They can't correctly handle dealing with blocks if they use hardened mode.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89641
  • No support PMs thanks
Re: [Wish] Anti-Ransomware Protection feature (idea)
« Reply #17 on: October 18, 2016, 10:19:54 PM »
@ RejZoR,
You only have to browse the viruses and worms forum to see 100% detection isn't there. As most say 100% is a target that is hard to achieve and maintain.

I don't spend day after day "backing up stupid crap" I run a full disk image backup once a week, which doesn't take that long and I'm not sitting waiting on it to complete. There are drive imaging applications that also do incremental backups, my backup software only does full backups, so for me it isn't much of a hassle.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free  24.8.6127 (build 24.8.9372.870) UI 1.0.818/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Re: [Wish] Anti-Ransomware Protection feature (idea)
« Reply #18 on: October 19, 2016, 04:41:27 AM »
Look at the Emsisoft like company it is too small compare to avast but it effectively block RANSOMEWARE!!! I know backups are important but it(Ransomware protection) is long time due.Now days Ransomware is a headache to AV company and avast bit late on that list truely. :(
« Last Edit: October 19, 2016, 04:47:41 AM by Be Secure »
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9412
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: [Wish] Anti-Ransomware Protection feature (idea)
« Reply #19 on: October 19, 2016, 08:23:47 AM »
@ RejZoR,
You only have to browse the viruses and worms forum to see 100% detection isn't there. As most say 100% is a target that is hard to achieve and maintain.

I don't spend day after day "backing up stupid crap" I run a full disk image backup once a week, which doesn't take that long and I'm not sitting waiting on it to complete. There are drive imaging applications that also do incremental backups, my backup software only does full backups, so for me it isn't much of a hassle.

You don't understand the priorities here. Yes, I do believe that by employing this whitelist system avast! could have a 100% protection against ransomware because I've seen how strong Hardened Mode (Aggressive) is. If it only targeted modification of media files that ransomware usually targets, you make it 99% less annoying to the user compared to any Hardened mode we have now. And ransomware, unlike other malware needs 120% attention from the company. No one cares if some regular malware infects the system. If it doesn't steal user data like passwords, it's just an annoyance that needs to be removed at some point. Ransomware doesn't give you that luxury as it's irreparable in most cases due to strong encryption. So, prevention is crucial. And we have none. We can only rely on traditional detection methods which we know aren't 100% like you've said. Whitelist system would be unless ransomware specifically targeted avast! protection method and found a way around it. In which case avast! could simply adapt it to protect for that. But now we have neither of that.

Would be nice if anyone from avast! team dropped by and commented on this. Either if they have any plans to implement this or they already are working on something similar, just so we know where we are at.
Visit my webpage Angry Sheep Blog


Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48819
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: [Wish] Anti-Ransomware Protection feature (idea)
« Reply #21 on: October 19, 2016, 03:15:32 PM »
@ RejZoR,
You only have to browse the viruses and worms forum to see 100% detection isn't there. As most say 100% is a target that is hard to achieve and maintain.

I don't spend day after day "backing up stupid crap" I run a full disk image backup once a week, which doesn't take that long and I'm not sitting waiting on it to complete. There are drive imaging applications that also do incremental backups, my backup software only does full backups, so for me it isn't much of a hassle.

You don't understand the priorities here. Yes, I do believe that by employing this whitelist system avast! could have a 100% protection against ransomware because I've seen how strong Hardened Mode (Aggressive) is. If it only targeted modification of media files that ransomware usually targets, you make it 99% less annoying to the user compared to any Hardened mode we have now. And ransomware, unlike other malware needs 120% attention from the company. No one cares if some regular malware infects the system. If it doesn't steal user data like passwords, it's just an annoyance that needs to be removed at some point. Ransomware doesn't give you that luxury as it's irreparable in most cases due to strong encryption. So, prevention is crucial. And we have none. We can only rely on traditional detection methods which we know aren't 100% like you've said. Whitelist system would be unless ransomware specifically targeted avast! protection method and found a way around it. In which case avast! could simply adapt it to protect for that. But now we have neither of that.

Would be nice if anyone from avast! team dropped by and commented on this. Either if they have any plans to implement this or they already are working on something similar, just so we know where we are at.
White listing is what's currently used by PC Matic and they are advertising heavily. :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet



Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48819
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37698
Re: [Wish] Anti-Ransomware Protection feature (idea)
« Reply #25 on: October 19, 2016, 03:36:47 PM »

REDACTED

  • Guest

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89641
  • No support PMs thanks
Re: [Wish] Anti-Ransomware Protection feature (idea)
« Reply #27 on: October 19, 2016, 06:28:49 PM »
Ransomware Shade.

https://www.virustotal.com/ru/file/98091b40a51832a39de0ca7c667ef4f3b2652f364286b616ef80897daa4d598b/analysis/
https://www.virustotal.com/ru/file/693e1a6056b6efb4cff6e0d8b380d297646e79231e4df7a9aad8661b714758a8/analysis/
https://www.virustotal.com/ru/file/0e4643de78d2725b8d14657de485e121418d6a5671432ddf4a2fbe5145fd2522/analysis/1476868784/
Hello,
they are detected by avast, but not on VT, because avast scanner on VT does not use all detection engines.

Milos
Hello. On default settings, why not a detected? Why the user must change the settings? This encoder quietly bypasses the antivirus Avast.

I believe it isn't so much that the user needs to change anything, more the fact that VT is using the on-demand scanning.

On a users system the file if present and active would be scanned by the on-access scanning functions. These functions aren't available to the on-demand scan used by VT. One such function not available is the could be the on-line checking of the file hash against the avast cloud database, if it has never been seen it would trigger other responses. Also if the user has Hardened mode enabled and set to Aggressive (or if Reputation services is enabled) it isn't checked against the cloud database.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free  24.8.6127 (build 24.8.9372.870) UI 1.0.818/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

REDACTED

  • Guest
Re: [Wish] Anti-Ransomware Protection feature (idea)
« Reply #28 on: October 19, 2016, 10:02:24 PM »
Ransomware Shade.

https://www.virustotal.com/ru/file/98091b40a51832a39de0ca7c667ef4f3b2652f364286b616ef80897daa4d598b/analysis/
https://www.virustotal.com/ru/file/693e1a6056b6efb4cff6e0d8b380d297646e79231e4df7a9aad8661b714758a8/analysis/
https://www.virustotal.com/ru/file/0e4643de78d2725b8d14657de485e121418d6a5671432ddf4a2fbe5145fd2522/analysis/1476868784/
Hello,
they are detected by avast, but not on VT, because avast scanner on VT does not use all detection engines.

Milos
Hello. On default settings, why not a detected? Why the user must change the settings? This encoder quietly bypasses the antivirus Avast.

I believe it isn't so much that the user needs to change anything, more the fact that VT is using the on-demand scanning.

On a users system the file if present and active would be scanned by the on-access scanning functions. These functions aren't available to the on-demand scan used by VT. One such function not available is the could be the on-line checking of the file hash against the avast cloud database, if it has never been seen it would trigger other responses. Also if the user has Hardened mode enabled and set to Aggressive (or if Reputation services is enabled) it isn't checked against the cloud database.
Most people use the default setting in the antivirus. A housewife not will to change the settings in the antivirus - it is a dark forest for her.


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89641
  • No support PMs thanks
Re: [Wish] Anti-Ransomware Protection feature (idea)
« Reply #29 on: October 19, 2016, 11:26:59 PM »
@ mike 1
Quote from: mike 1
Most people use the default setting in the antivirus. A housewife not will to change the settings in the antivirus - it is a dark forest for her.

As I mentioned, this has nothing to do with the users settings. We are talking about why avast didn't detect it on the VirusTotal scan.

Avast's on-demand scans have functions that aren't replicated by the on-demand scan run by VirusTotal.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free  24.8.6127 (build 24.8.9372.870) UI 1.0.818/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security