Looks like some people in the Avast forum are pissed that I pointed out that Avast missed a Rogue. Yes, I know Rogues are not technically malicious and are quite hard for an AV to detect, however I personally think that Rogue’s are the MOST malicious applications out there.
Rogue’s are designed to steal someones identity (and a few bucks) and they do it very well. That is malicious…very malicious and very very bad. It is the purpose of (almost all) malware being made today. I get the feeling that the anti-malware company’s are taking the stance of…”ehh….Rogues are not technically harmful to your computer so it’s not are fault…good luck!” 
Again, I know they are hard to detect, but don’t just discount them as no biggy. They are the “biggest of the biggy’s” when you consider what they accomplish.
I wonder why Malwarebytes can detect every rogue out there….hmmmm…
{ 83 comments… read them below or add one }
← Previous Comments
Also, I am still currently using a 32-bit system (Windows XP), and don’t plan to move to 64-bit for a few more years. I can still do everything I need to and lightning fast too.
Also Carlos, what system are you using? 32-bit or 64-bit? Did you report the apparent bypass to the Sandboxie forums? I get excited when there are such bypasses haha, but it doesn’t really concern me, because I also have the powerful layer of LUA + KAfU + SRP + DEP. I doubt any malware can bypass a properly configured Sandboxie + LUA + KAfU + SRP + DEP.
In fact, as far as I know, Sandboxie alone has NEVER been bypassed when start/run/internet access restrictions are in place. Someone feel free to prove me wrong. I’d be very interested!
ssj100 either way you look at it you do not say 100% so stop trying to back track. Your better off saying 99%. I am on Win 7 64 with KIS 2010. Thats all I need. Common sense surfing is the first line in defense. Never been infected in well over 6 years now. Actually 7.
Also ssj100 you are talking about Sandboxie being so great but only after you tweak it. Most users do not do that. Step into the real world for a change. Real world people do not have a clue.
Okay, whatever pleases you most Dieselman. I’ve been saying “100%” for a long time now. The quotation marks have always been in place, in all the forums I’ve posted in.
It’s interesting how people get so uptight and seemingly insulted and angry when I type those numbers. Why 99%? It’s not 99% either. 99% is mis-leading, as it suggests an exactness. What would be more accurate would be writing it as: “99.999%”. Then hopefully people will get the point I am trying to make. I just thought “100%” was clear enough haha.
Wow, Dieselman, I am indeed talking about the real world. The real world needs education.
Also, how many times has Sandboxie been bypassed in the real world with just the default configuration in place? These bypasses have been very quickly patched also.
Also, in the real world, most people do not run as a limited user etc. Does that mean we stop posting about it, and trying to educate peolple?
I am merely trying to post that you can get very very close to “100%” protection if you want, and it requires very few third party security software. For those that can’t be bothered to learn, fine by me. But it doesn’t mean I can’t post my opinions and try to educate the “real world” haha.
By the way Matt, I don’t think you’ve answered my question yet. If you get time, I’d appreciate a reply. Otherwise, no worries.
Basically I was asking if you ever promote Limited/Standard User accounts +/- Software Restrition Policies/AppLocker to your clients? I’m just interested to know.
I am betting that, for the majority of your clients, it would take far too much time and effort on your part to educate them about these sorts of things. Right?
Furthermore, rogues, scareware etc will always succeed in its goal if the computer user is naiive and not experienced/educated enough, no matter what protection you have in place. Therefore, rogue protection/detection is indeed very very important for the “average” user who should understand how to use an Antivirus. Unfortunately, for many people out there, even if their Antivirus alerts of a potential malware, they will simply ignore it and proceed anyway. That is indeed, the REAL world! You can’t win all the time I guess.
ssj100 your missing the point. You need to educate people and thats what Matt and I are about. If you tell people that with a certain set up they are 100% secure then that means they can download and do whatever they want never be infected. THAT IS 100% FALSE. Nothing but nothing is 100% effective. Avira’s detection rate is 99.7% at times. Yes I do tell people to set up there Children under an LUA which I have my Son under.
100%=Perfection. You CANNOT GET PERFECTION when it comes to fighting malware. Any system at any time can be infected.
Real world people are just click happy. Even with the best protection these types of people will just turn things off without even knowing what they are doing. I can fix and clean a pc. A month later they are infected again. I have seen this one guys laptop 6 times in one year. And he is using Avira and Sandboxie.
You can educate people about how to use security and how to safe surf till your blue in the face. Will they listen. Nope. Your pc with your knowlegde maybe 100% secure but in the real world with the average user there is no such thing as 100% secure. People do not know how to use there pc. I ask people “What they were doing last to cause the error or infection?”. They all answer the same way “I dont know.” Its like talking to a 5 year old. Try fixing computers ssj100 and you will see where Matt and I come from.
lol this is now a fight
I agree with Dieselman, antimalware tools are only 50% of the solution to fight malware, the other 50% is the education of the public. Why are these things not taught in schools? Would not hurt to have even 1 school day dedicated to educate people on malware.
I don’t see it as a fight. I completely agree with Dieselman haha. Please read ALL my posts carefully and do it while taking some deep breaths haha. I think he is just trying to pick a fight?
Again, I repeat, when I say “100%” I mean as close as possible to 100% as you can get, all things being equal.
Of course some people will always get infected. If you install an Antivirus for them, they can simply ignore the Antivirus alert and allow everything.
What I’m trying to say is that promoting free measures like working in a LUA/SUA is very important, but I am aware that it’s not going to work for a lot of people, as these people don’t even know what a left mouse click is.
I was just trying to make a point. Education is indeed very important, as I have mentioned in my previous post already! And with my previous posts, I am trying to educate people who take the time and trouble to go through the motions of learning themselves and are interested in computer security.
To be honest, most people who understand what we’re talking about and post here are the ones who don’t actually need much security (as they have good common sense and experience), but perhaps these same people will go about spreading and promoting LUA + SRP + DEP, which are security tools that come freely with your OS!
And good on you for setting up and promoting LUA Dieselman!
How many people’s computers do you have to fix who run as LUA? I’m guessing much less, for various (and obvious) reasons.
Thanks for the information!
@SSJ100: You believe that LUA is the universal drug that cures-it-all…Is that what you mean?….When IT Administrators at workplaces grant access to users and place them in the Restricted User group (Limited User, Standard User or whatever you call it) is not necessarily means that they do that with your theory in mind. They do it because they want to PREVENT users from installing/uninstalling programs at work. Not because the want to apply SSJ100 theory about avoiding virus infections. That’s the point. By the way: I hate Windows XP. As soon as Microsoft released Vista back in January 2007 I dumped XP for Vista even with all its shortcomings. I’m now using Windows 7 Pro 32-bit if that is what you want to know. And, yes…on Win 7, Sandboxie 3.42 FAILED with default configurations. After I downloaded some malware samples from .cn and .ru web sites ( I did NOT execute them) SBIE froze, IE 8 stopped responding and had to shut it down and when I checked the SBIE service was STOPPED. How do you explain that? Is SBIE 3.42 100% safe???….no !!!
Thank you Carlos. Should have upgraded to Win 7 64 bit. I love mine.
Hi Matt, thanks for this great videos. I personally have learn from watching them how to be almost 100% secure when I surf internet. I like to thank you specially for the 3 Sandboxie videos which turned me on to it. I am sure that if you had Avast and Sbxie running together when you ran these tests the infection would not have happen. I am using Avira and most likely it would also fail against most rogues so its a blessing to be running sandboxed despite what Carlos and Dieselmen say of Sandboxie.
Greetings from Central America, hope you and Dieselmen have a fun year working against the bad guys.
Bo
Hi Dieselmen, You are a very experienced internet security man, I am not but just a regular plain dummy user and it was easy for me to learn how to use the box. Dieselmen if I learned , and it was quick, anybody can buddy. As a matter of fact you never stop learning and that’s part of the beauty of the program and it might not be 100% bullet proof but to most of us that use it, its more than 100% because it works despite what you think of it. Since I been using it (11 months) nothing absolutely nothing has come in . So if you just surf like a normal user most likely you will not get infected. It has never happened that I know of. Now I do know that sometimes while playing with samples, like Carlos, infections have happen, but regular users like me don’t play with malware samples. To finish my friend, come on you know that the changes that SSJ100 talks about are very easy to do. There are only 2 or 3 changes that should be done and the box becomes a real beauty. It took me about 2 days after I started using the box to understand them and apply them.To finish you ought to suggest to your customer that has Sandboxie and gets infected to just use Sbxie or ah even better do like Matt in the video , remember he gets rid of all other browser icons on the desktop and tells the user to only use the one that looks like a pizza.
Take care man
Bo
SSJ100 , keep on putting the good word about the box. I am also doing so on my side of the world.
Later brother
Bo
No, I believe that a lot of computer users out there would be much safer when running as LUA with SRP in place. That is the point. Why are you trying to deny it?
Look at Linux. Linux systems have got it right from the start. Running as administrator is NOT safe at all. In fact, I would predict that a significant proportion of malware out there would be stopped dead in its tracks simply by running as a limited user.
Anyway, sounds like you people need some articles and other people’s opinions to be convinced. For some reason, I get that you are not understanding my points at all. Try reading here:
http://www.wilderssecurity.com/showpost.php?p=1608911&postcount=59
http://www.wilderssecurity.com/showpost.php?p=1533486&postcount=5
Hope those links can further educate people here. I am only trying to help. If you can’t be bothered trying to understand why running as a Limited User is so beneficial security-wise, then that’s your problem haha.
And yes, Sandboxie when configured properly (NOT default configuration) and when used in a Limited/Standard User account with SRP enabled gives very close to 100% protection in the right hands. I know many people out there who have run tens of thousands of malware through Sandboxie and it has never been bypassed by their tests. Ask “Peter2150″ at the Wilders forums and “Buster” at the Sandboxie forums.
Oh and by the way, I love Windows XP. Everything works perfectly for me, and lightning fast too.
And Carlos. No, LUA does not “cure it all”. But it certainly reduces the malware attack surface significantly.
And feel free to PM Windchild from the Wilders forums if you have any other questions about LUA – he is the most knowledgeable person on the internet I know of. He was the one that convinced my to move to LUA several months ago. I also wasn’t convinced…until I tried it. Here’s one of his posts:
http://www.wilderssecurity.com/showpost.php?p=1608918&postcount=60
http://blogs.msdn.com/aaron_margosis/archive/2004/06/17/157866.aspx
http://technet.microsoft.com/en-us/library/bb456992.aspx#EGAA
Hope that helps.
Completely agree with ssj100. However, LUA, SRP etc have their own pitfalls and doesn’t work for everyone.
But in saying that, the majority of people out there should be using Limited or Standard accounts. You will never catch a main-stream Linux system defaulting to run as an administrator. In fact in Linux Ubuntu, you can’t even run as administrator. And for good reason too.
OMG. I should have known where I know you from. Wilders is a bunch of security freaks. People over at Wilders change there set up ever day. Stay away from Wilders unless you want to put a padlock on your pc.
HAHA WOW Dieselman!!!!
So what you are saying is,
that people should stay away from Wilders ONLY because SOME of the posters/readers changes their setup everyday?
That’s just a stupid acclaim, for one I don’t change my setup everyday
What about the content/information that is available at Wilders did you forget about that as well?
No I did not forget it. Either way Wilders is a bunch of security freak. Why dont they just not bother turning there pc’s on.
Hey Dieselman, yes I agree with you to an extent regarding Wilders, but it’s quite entertaining reading the forum from time to time!
Not sure what happened to my previous posts, but I was stating again why LUA etc is so beneficial. Here’s what Microsoft themselves say:
http://technet.microsoft.com/en-us/library/bb456992.aspx#EGAA
And here’s an excellent post about it also:
http://www.wilderssecurity.com/showpost.php?p=1533486&postcount=5
Anyway, seems like you’re not allowing this to go through. Clearly I have done something wrong. I would appreciate it if you could tell me what I did wrong. Thanks for your time.
Considering how malware is advancing nowadays, being a “security freak” and having a ton of protection on the computer is better than having little protection.
Too much doesn’t mean your better protected. There is such a thing called overlapping security. All I need is KIS 2010 and common sense.
Rogues are an interesting breed, and to be honest I don’t think they can be detected or stopped consistently in their current form until the inherent problems in the Windows architecture is addressed.
i mean look at how many versions of Vundo is around…that darn thing is still infecting folks and new versions come out every day..it never ends..
I think the only way to prevent these rogues is for Windows to sand box the browser inside of a virtual machine using Intel and AMD virtualization extensions built into modern day processors..even though that may not be the answer either.
I think MalwareBytes does so well because its an app that is dedicated to detecting only rogues and spyware, it doesn’t fare too well against polymorphic worms and viruses, again that’s not what MalwareBytes was designed for though.
Anti-Virus vendor have a tough time with Viruses alone, and i think spyware protection is better served with a 3rd party app,(super AntiSpyware) same with general malware.(MalwareBytes) to supplement your AV application be it Avast, Norton, etc…
bo.elam, just curious as to what malware has escaped the sandbox genuinely? Keep in mind that most of the reported “bypasses” of Sandboxie have been proved WRONG (usually either due to the user not realising what has actually happened, or due to the user not using Sandboxie correctly). And as far as I know, there have been no genuine “bypasses” when Sandboxie’s start/run/internet access restrictions are in place.
Whilst users like us try to take our security more seriously, so many people just don’t and I hate to say this, but these kinds of people tend to be in the majority. I’ve fixed a number Virus infected laptops for my friends. All they want to do is go on facebook or what ever else they do, but they just don’t understand the risks and when I try to explain things to them they go cross eyed at me. I had one almost fool for one of these rogue applications.
← Previous Comments