Author Topic: Does Avast protect me from Wannacry?  (Read 32151 times)

0 Members and 1 Guest are viewing this topic.

Offline stibi

  • Sr. Member
  • ****
  • Posts: 384
Re: Does Avast protect me from Wannacry?
« Reply #15 on: May 17, 2017, 10:51:24 AM »
To you, encrypting seems a normal behavior?
Sometimes YES.
Who decides wheather encrypting is wanted or not?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76115
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Does Avast protect me from Wannacry?
« Reply #16 on: May 17, 2017, 10:55:32 AM »
Who decides wheather encrypting is wanted or not?
Best case scenario, the user. ;)
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

REDACTED

  • Guest
Re: Does Avast protect me from Wannacry?
« Reply #17 on: May 17, 2017, 11:03:45 AM »
John, what you clearly don't understand is that it is not possible to create a detection if the method the malware is using is not known.
If it was, diseases like aids, cholera etc would not be able to infect people.

It seems it is possible , for others:

https://www.bitdefender.com/media/html/business/wannacry/?icid=footer_ransomware_attack

"Bitdefender Machine Learning models, available in all editions of Bitdefender GravityZone, are designed specifically to catch never before seen attacks at pre-execution stage."

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76115
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Does Avast protect me from Wannacry?
« Reply #18 on: May 17, 2017, 11:06:01 AM »
So did Avast, see Reply #9.
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31196
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Does Avast protect me from Wannacry?
« Reply #19 on: May 17, 2017, 11:35:06 AM »
Quote
are designed specifically to catch never before seen attacks at pre-execution stage
There is a very good reason why they don't say "catch ALL never before...".
It is simply not possible to do so.

On a note :
Bitdefender added detection for WannaCry AFTER it was discovered and so did all other anti-malware I have checked.

Avast says :
Quote
Behavior Shield comes standard in all versions of Avast 2017, protecting you from zero-second threats, ransomware and other malicious programs
All other major av developers/vendors say something similar, but non is saying "ALL".

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37161
  • Not a avast user
Re: Does Avast protect me from Wannacry?
« Reply #20 on: May 17, 2017, 12:17:02 PM »
John, what you clearly don't understand is that it is not possible to create a detection if the method the malware is using is not known.
If it was, diseases like aids, cholera etc would not be able to infect people.

It seems it is possible , for others:

https://www.bitdefender.com/media/html/business/wannacry/?icid=footer_ransomware_attack

"Bitdefender Machine Learning models, available in all editions of Bitdefender GravityZone, are designed specifically to catch never before seen attacks at pre-execution stage."
They blocked the exploit attempt, not detecting the actual malicious file, this was added later when they got samples

so several layerers of protection
1. Your AV vendor have added detection for the exploit
2. You have installed the patch from MS and closed the security hole
3. Your AV vendor add detection for the malicious file(s) as they are found

Quote
What is more important, Bitdefender Hypervisor Introspection was able to prevent the exploit of the vulnerability long before it was disclosed and patched by Microsoft.


Symantec also (and others)
Quote
Symantec customers have been protected from WannaCry prior to its emergence. Symantec Secure Endpoint Protection (SEP) and Norton have blocked any attempt to exploit the vulnerability used by WannaCry since April 24, before WannaCry first appeared.
https://www.symantec.com/outbreak/?id=wannacry
https://www.symantec.com/security_response/writeup.jsp?docid=2017-051310-3522-99

What protection all those infected machines had, i dont think that info is posted anywhere ... or?



« Last Edit: May 17, 2017, 08:35:58 PM by Pondus »

Offline RedFan

  • Full Member
  • ***
  • Posts: 139
Re: Does Avast protect me from Wannacry?
« Reply #21 on: May 17, 2017, 05:24:03 PM »
I think people with Windows XP are the most vulnerable, because they don't have the latest patch from MS update.
Now MS wil patch xp to protect more xp users.
« Last Edit: May 17, 2017, 05:25:38 PM by RedFan »
Intel® i3 Dual-Core @3,5 GHZ. RAM: 16GB ddr3 || SSD 500 GB || Windows 10 Home x64 || Edge-Chromium user.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87086
  • No support PMs thanks
Re: Does Avast protect me from Wannacry?
« Reply #22 on: May 17, 2017, 06:31:40 PM »
I think people with Windows XP are the most vulnerable, because they don't have the latest patch from MS update.
Now MS wil patch xp to protect more xp users.

MS have already release a patch of OSes which are no longer supported, this includes XP, Vista and Win 8.0.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.10.6038 (build 22.10.7633.734) UI 1.0.733/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76115
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Does Avast protect me from Wannacry?
« Reply #23 on: May 18, 2017, 06:35:03 AM »
Any antivirus company can add detection "after", when the threat is known.
Behavior shield did in fact detect it before that. Cheers.
-> http://weblog.av-comparatives.org/proactive-protection-wannacry-ransomware/
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline chris..

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2763
Re: Does Avast protect me from Wannacry?
« Reply #24 on: May 18, 2017, 09:04:23 PM »
Where XP users can see if the MS patch instaled .... since - I think - their browser (IE8) is out-of-date (Path history down)?  ? KB number ?

Was a patch already been released before for Posready xp users?

Also , I read that a new large-scale cyber attack was under way : "Adylkuzz"
I did not find it in avast VPS history until now. Any news ?

REDACTED

  • Guest
Re: Does Avast protect me from Wannacry?
« Reply #25 on: May 18, 2017, 09:30:19 PM »
Funny thing, on each and every antivirus forum we ask this question the answer is the same "Yeas, our antivirus will protect you against Wannacry", yet 100000 pc were infected...

John,
Your question is based on an assumption that the PC's were infected inspite of having AV software installed & also that without having seen the 'attack vector' before that AV software could catch it.
All AV software works on the basis of 'Known Attack vectors' which can be coded for or known methods that can be caught via any Heuristic based methods.
All the AV vendors will by now be able to detect and catch 'Wannacry' because samples have been caught and examined.
NO AV software will protect you 100% from all possible attacks.
The point of using AV & Anti-malware is to cover as many as you can (get as close to 100% as you can) but you still need to use common sense (that is not so common !!!).
This means you ensure you have good backups of your data that you verify work on a regular basis. (This is the final fallback if your AV & Anti-malware should fail.)
You do not open e-mails or documents or run software from sources that you cannot have confidence in.
If you know that you are going to open/run unknown docs/software, you do it on a machine that is isolated from the network/internet, so that it cannot 'run amok' via your network connection.

Ideally, if you are knowingly running suspect software or accessing suspect files you would do this in a VM (Virtual machine) that is isolated from everything and running on a controlled 'virtual / internal' network that is NOT connected to anything you cannot 'wipe and rebuild' if need be. [remember that VM's are not 100% safe as there are exploits that can 'break out' of VM's.] 

Everyone should learn from the 'Wannacry' events that regular backups and regular testing of those backups is essential.
Do not assume that your backups are working ....... check the backups that you create, are accessible, complete and you can get ALL your files back when you try to restore.
Follow a proper backup schedule with multiple copies of your backups kept and make sure that they are kept in multiple safe locations.
(Remember that Viruses etc are not the only risk, if there is a fire or flood would you lose your backups as well. !!!)

 

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5415
  • Spartan Warrior
Re: Does Avast protect me from Wannacry?
« Reply #26 on: May 18, 2017, 10:44:25 PM »
Thank you Ruby-Tuesday,

It should also be pointed out that significant number of systems affected were non-Microsoft systems, or otherwise known as cracked or illegal Windows systems.  Not talking about obsolete or out-of-support systems here.

So there was never the possibility of getting and applying the Windows security patch which is key to preventing the SMB exploit used by the worm module in WannaCry.  Hence the number of infected systems was higher than it otherwise might have been had all systems attacked been legal; the onus then would've been on the operators for not applying the Microsoft patch deployed March 2017...  As it was, some legal systems never were patched in March as they should have been.

Thought that should be pointed out.

As always patch patch patch.  If you can't get a patch in time, find a workaround.
Windows 10 Home 64-bit 21H2 Avast Premier Security version 22.8.6030 (build 22.8.7500.734) UI version 1.0.723.

Offline alicia.rose

  • Full Member
  • ***
  • Posts: 150
Re: Does Avast protect me from Wannacry?
« Reply #27 on: May 20, 2017, 12:06:51 PM »
Some years ago an Avast Überevangelist :) Malware Removal Expert advised me to install CryptoPrevent as well.

This I did and I've had it ever since on my computer.

It was good to see: "The best thing about (the new Avast Behavior Shield) is that it has proven to be especially powerful against ransomware. Although ransomware samples evolve and morph rapidly, they still exhibit specific behaviors that can be identified. Behavior Shield is capable of detecting and stopping new ransomware variants that haven’t been seen before – something that’s been inherently difficult using other protection mechanisms."

https://blog.avast.com/behavior-shield-our-newest-behavioral-analysis-technology

Do I still need to use CryptoPrevent as well?

"Over 98% of All WannaCry Victims Were Using Windows 7"

https://www.bleepingcomputer.com/news/security/over-98-percent-of-all-wannacry-victims-were-using-windows-7/

?

chris05 - The recently released Microsoft custom patch for XP SP3 x86 is KB4012598

Can be seen after installation in Control Panel / Add or Remove Programs / Check 'Show updates'.
« Last Edit: May 20, 2017, 12:24:17 PM by alicia.rose »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87086
  • No support PMs thanks
Re: Does Avast protect me from Wannacry?
« Reply #28 on: May 20, 2017, 02:55:06 PM »
Some years ago an Avast Überevangelist :) Malware Removal Expert advised me to install CryptoPrevent as well.

This I did and I've had it ever since on my computer.
<snip>

That sounds like essexboy, though it gould also be Andrey,pro, but like all security software it has to be up to date to get the full benefit/protection. Whilst I don't use CryptoPrevent, the latest version is 8.0.3.7 I believe dated  05/16/2017.

Depending on how long ago this advice was given, it could precede when the additional protection against ransomeware was included in avast.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.10.6038 (build 22.10.7633.734) UI 1.0.733/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31196
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Does Avast protect me from Wannacry?
« Reply #29 on: May 20, 2017, 03:04:38 PM »
Bleeping computer is wrong.
15% of the infected systems was/is using Windows 10.