Here is a batch file for anyone who wants to do this "lazily"
REM Vaccince for NotPetya/Petya/Petna/SortaPetya.
echo Administrative permissions required. Detecting permissions...
net session >nul 2>&1
if %errorLevel% == 0 (
if exist C:\Windows\perfc (
echo Computer already vaccinated for NotPetya/Petya/Petna/SortaPetya.
) else (
echo This is a NotPetya/Petya/Petna/SortaPetya Vaccination file. Do not remove as it protects you from being encrypted by Petya. > C:\Windows\perfc
echo This is a NotPetya/Petya/Petna/SortaPetya Vaccination file. Do not remove as it protects you from being encrypted by Petya. > C:\Windows\perfc.dll
echo This is a NotPetya/Petya/Petna/SortaPetya Vaccination file. Do not remove as it protects you from being encrypted by Petya. > C:\Windows\perfc.dat
attrib +R C:\Windows\perfc
attrib +R C:\Windows\perfc.dll
attrib +R C:\Windows\perfc.dat
echo Computer vaccinated for current version of NotPetya/Petya/Petna/SortaPetya.
) else (
echo Failure: You must run this batch file as Administrator.
I mean I know it all sucks and it would be awesome if all the right people got all the right info and took all the right actions. but they don't and won't. So we need to push everyone that we can to do what they can. It's just what we have to work with.
I guess the reason the government cares about this is all FUD then?
Why else did you think that HIPAA has no real value. It doesn't require that things be even remotely secure and doesn't create any security practices that good IT and management would have been worlds beyond already. So given that its purpose clearly wasn't to secure data but to pretend to secure data, what else could it be for?
I heard a lot people say that they gave it up to relieve some legal pressure. But you can't commit crimes then just apologize and wash your hands. You can't save face by admitting guilt in this case. You'd get in trouble by admitting you were at fault and release the keys.
I agree that this is just to make the old code completely useless. Want to keep using software? You're gonna be buying all new software. Bold move!
It often does receive legal pressure because the total loss to a company is not so large. Because civil suits require there to be a damages number, making the damages smaller greatly reduces the value of a lawsuit which in turn reduces the likelihood of someone pursuing one.
Another cool thing that we're going to be doing, but not as a result of this infection, is evaluating and maybe implementing Cylance in lieu of Trend on our systems.
I'm not sure if it's appropriate to say, but their engine seems revolutionary.
What makes you say that Rob?
Mostly that it's not conventional scanning, but instead it analyzes what the files do rather than just signatures or patterns. The closest comparison I can come up with is the way Android app permissions are broken down in the app store - - it can identify if a file's threat by the characteristics contained therein. Here's an analysis of the FreeConferenceCall.com installer:
I really want to see a good comparison of Webroot and Cylance from someone not related to either company.
My problem with Cylance was that there was no small business pricing. they started at something like 1000 licenses at their SpiceWorld 2015 demo. Only knocking it down to 500 during the show.
Hopefully the testing companies will get there eventually. They're all so geared towards signature detections and it's hard to get them to change. That's why we don't show up in some of them, as they won't come up with a methodology that better reflects what we do.
I liked Cylance's demo - go to totalvirus, download the last 100 uploaded viruii, and run them.
That's a good start, but it's tough to truly get a zero day virus that hasn't been seen yet, for a real world test. If it's on virustotal then it's already been identified as a virus by most of the AV companies.
No way to get around it entirely
Run them side by side in the real world (honeypot kind of thing) and test.
No I mean zero day viruses
I don't have faith either would do the job
Isn't the other choice... neither, though? Will "none" do the job?
That's definitely a question
What I mean is... certainly trust nothing for zero days, protect as much as you can. But part of that would be getting the best AV that you can. It's part of the security picture.