[情報] BitDefender Anti-Ransome

看板AntiVirus作者 (Swat-未來模式)時間9年前 (2016/04/11 09:18), 編輯推噓8(8047)
留言55則, 11人參與, 最新討論串1/1
軟體名稱:BitDefender Anti-Ransome 版本號:1.0.11.26 官方網站: https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released/ https://goo.gl/XWQvRz 官方下載連結:http://download.bitdefender.com/am/cw/BDAntiRansomwareSetup.exe 官方說明: Combination Crypto-Ransomware Vaccine Released Bitdefender anti-malware researchers have released a new vaccine tool which can protect against known and possible future versions of the CTB-Locker, Locky and TeslaCrypt crypto ransomware families by exploiting flaws in their spreading methods. “The new tool is an outgrowth of the Cryptowall vaccine program, in a way.” Chief Security Strategist Catalin Cosoi explained. “We had been looking at ways to prevent this ransomware from encrypting files even on computers that were not protected by Bitdefender antivirus and we realized we could extend the idea.” The new tool is available for download on the . A conducted by Bitdefender in November 2015 on 3,009 Internet users from the US, France, Germany, Denmark, the UK and Romania offers a victim’s perspective on data loss through crypto-ransomware: 50% of users can’t accurately identify ransomware as a type of threat that prevents or limits access to computer data. Half of victims are willing to pay up to $500 to recover encrypted data. Personal documents rank first among user priorities. UK consumers would pay most to retrieve files US users are the main target for ransomware. 效果:阻擋除了常見的Crypt系列以外,還有Ransomware系列勒索軟體。 教學: 1. 下載下來以後安裝 2. 安裝完畢以後長這樣 http://i.imgur.com/T0worxM.png
3. 在設定裡面三個都打勾 分別是 開機自動運行,自動運行最小化到系統列,按XX會最小化到系統列 http://i.imgur.com/d9gWob3.png
-- CPU: Intel core i7-4790K @4.5Ghz 1.25V →Swat-PC002http://i.imgur.com/sHaQPB2 RAM: Kingston hyperX Fury DDR3- OC2133 8GB*2 MB : MSI Z97S-SLI PLUS VGA: NVIDIA GTX980 SSD: Curcial MX200 250G HDD : Seagate 2TB 7200rpm APU: Asus Xonar DX PSU: Antec EDGE 650W CASE: Corsair Graphite 230T OS : Windows 10 Pro 64Bit 鍵盤 Corsiar K70 RGB 滑鼠: Razer DA Chroma 耳機 Logitech G633 鼠墊 Logitech G940 搖桿: Nvidia Shield -- ※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 114.35.164.154 ※ 文章網址: https://www.ptt.cc/bbs/AntiVirus/M.1460337529.A.73B.html
04/11 11:19, , 1F
謝謝分享 有了這個就比較放心點了
04/11 11:19, 1F
04/11 14:02, , 2F
跟MBAE會相衝嗎?
04/11 14:02, 2F
04/11 14:17, , 3F
想知道跟KIS會衝嗎?
04/11 14:17, 3F
04/11 14:46, , 4F
我個人用過 確定跟comodo HIPS不會衝突
04/11 14:46, 4F
04/11 14:49, , 5F
我自己跟防毒軟體不衝突
04/11 14:49, 5F
04/11 15:32, , 6F
感謝分享~
04/11 15:32, 6F
04/11 15:53, , 7F
沒衝突+1 謝謝分享
04/11 15:53, 7F
04/11 20:39, , 8F
推 感謝分享
04/11 20:39, 8F
04/11 22:41, , 9F
cruelsister1有做測試 BitDefender Anti-Ransome
04/11 22:41, 9F
04/11 22:41, , 10F
無法擋住TeslaCrypt v3(已經出現幾個月,不是新變種
04/11 22:41, 10F
04/11 22:41, , 11F
而且BitDefender Anti-Ransome宣稱可以對抗這種病毒)
04/11 22:41, 11F
04/11 22:41, , 12F
所以這個軟體只能防護有限的勒索病毒種類
04/11 22:41, 12F
04/11 22:42, , 13F
甚至對它專門對付的種類的防護都不完全
04/11 22:42, 13F
04/11 22:42, , 14F
所以cruelsister1建議選擇其他軟體
04/11 22:42, 14F
04/11 22:42, , 15F
04/11 22:42, 15F
04/11 23:08, , 16F
那麼請問一下樓上有更好的推薦嗎?
04/11 23:08, 16F
04/12 01:36, , 17F
cruelsister1的影片有測其他軟體
04/12 01:36, 17F
04/12 01:36, , 18F
據他測試的結果WinAntiRansom防勒索目前還沒有失手過
04/12 01:36, 18F
04/12 01:36, , 19F
例如像Petya這種MBR加密的病毒 當時HitmanPro.Alert
04/12 01:36, 19F
04/12 01:36, , 20F
和MalwareBytes Anti-Ransomware都無法阻擋Petya
04/12 01:36, 20F
04/12 01:37, , 21F
04/12 01:37, 21F
04/12 01:37, , 22F
而WinAntiRansom有成功擋住 他還有測ESET的HIPS很強
04/12 01:37, 22F
04/12 01:37, , 23F
可是我覺得勒索軟體日新月異 方法推陳出新
04/12 01:37, 23F
04/12 01:37, , 24F
遲早有人又找出新漏洞或新方法 擋得了一時擋不了永久
04/12 01:37, 24F
04/12 01:37, , 25F
所以可能還是虛擬機或沙盒、影子系統比較保險
04/12 01:37, 25F
04/12 01:38, , 26F
像是Shadow Defender的測試
04/12 01:38, 26F
04/12 01:38, , 27F
04/12 01:38, 27F
04/12 01:38, , 28F
不管怎麼亂搞系統 重開機就恢復原狀
04/12 01:38, 28F
04/12 01:38, , 29F
只是沙盒或影子系統會擔心被keylogger盜取密碼
04/12 01:38, 29F
04/12 01:38, , 30F
然後連上網路傳出去 像影片中最後的測試。
04/12 01:38, 30F
04/12 01:39, , 31F
Sandboxie可以限制在沙盒內能夠啟動的程式
04/12 01:39, 31F
04/12 01:40, , 32F
(除了瀏覽器和其他必須的程式以外都不允許啟動
04/12 01:40, 32F
04/12 01:41, , 33F
不要使用IE就好 因為你總不能限制iexplore.exe不能上網xD)
04/12 01:41, 33F
04/12 01:41, , 34F
限制可以連網的程式
04/12 01:41, 34F
04/12 01:41, , 35F
(除了瀏覽器和其他必須的程式以外都不允許連網)
04/12 01:41, 35F
04/12 01:41, , 36F
限制可以存取的資源(資料夾、登錄庫)
04/12 01:41, 36F
04/12 01:42, , 37F
同時降低沙盒內程式的權限 再另外搭配防火牆和防毒
04/12 01:42, 37F
04/12 01:42, , 38F
就可以避免影片中被記錄鍵盤輸入盜取密碼的機會
04/12 01:42, 38F
04/12 01:42, , 39F
一些病毒在啟動時都會檢測自己是否在沙盒內
04/12 01:42, 39F
04/12 01:42, , 40F
如果發現是在沙盒內為了避免被分析和追蹤就會自己自殺
04/12 01:42, 40F
04/12 01:42, , 41F
所以有一些病毒即使你允許讓他執行他也不會有動作。
04/12 01:42, 41F
04/12 01:42, , 42F
因為HIPS對於一些注入行為還是沒有防禦
04/12 01:42, 42F
04/12 01:42, , 43F
然後利用瀏覽器漏洞、Flash漏洞、作業系統漏洞
04/12 01:42, 43F
04/12 01:43, , 44F
讓你一開啟網頁就注入系統程式連網 開始下載病毒
04/12 01:43, 44F
04/12 01:43, , 45F
我覺得防不勝防 防毒軟體要很全面很強 光靠雲端還不夠
04/12 01:43, 45F
04/12 01:43, , 46F
啟發模式要很強 也能夠阻擋利用漏洞入侵的攻擊
04/12 01:43, 46F
04/12 01:43, , 47F
要做到這樣可能一套防毒還不夠
04/12 01:43, 47F
04/12 01:43, , 48F
所以還是用虛擬化加上限制啟動和存取、
04/12 01:43, 48F
04/12 01:43, , 49F
降低權限的方式保護系統檔案不被破壞應該是最安全的方法
04/12 01:43, 49F
04/12 01:44, , 50F
現在測病毒很多都是用虛擬機來隔離測試
04/12 01:44, 50F
04/12 01:44, , 51F
可以拿來測病毒就知道是目前比較安全的方法
04/12 01:44, 51F
04/12 01:44, , 52F
應該是共識 cruelsister1本身也是建議用沙盒或虛擬機
04/12 01:44, 52F
04/12 16:29, , 53F
他一次買五台授權,等等開團購好了
04/12 16:29, 53F
04/13 22:55, , 54F
WinAnti 始終會顯示 error,只好移除。
04/13 22:55, 54F
06/03 08:28, , 55F
他是使用特徵庫去攔的 本來就會漏
06/03 08:28, 55F
更多 swattw 的文章
文章代碼(AID): #1N2ljvSx (AntiVirus)