@JaredBusch said in Ransomware Conversation Derailment Discussion Fork:

Unfortunately, by @scottalanmiller's apparent design, this will never come to be because he does not like it.

How does my opinion influence it?

Here we go:

0_1462539129747_2016-05-06 07_50_53-[MangoLassi] Cerber virus_ransomware making the rounds... - [email protected]

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@Dashrender said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@JaredBusch said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

@Kelly said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

Another cool thing that we're going to be doing, but not as a result of this infection, is evaluating and maybe implementing Cylance in lieu of Trend on our systems.

I'm not sure if it's appropriate to say, but their engine seems revolutionary.

What makes you say that Rob?

Mostly that it's not conventional scanning, but instead it analyzes what the files do rather than just signatures or patterns. The closest comparison I can come up with is the way Android app permissions are broken down in the app store - - it can identify if a file's threat by the characteristics contained therein. Here's an analysis of the FreeConferenceCall.com installer:

I really want to see a good comparison of Webroot and Cylance from someone not related to either company.

My problem with Cylance was that there was no small business pricing. they started at something like 1000 licenses at their SpiceWorld 2015 demo. Only knocking it down to 500 during the show.

Hopefully the testing companies will get there eventually. They're all so geared towards signature detections and it's hard to get them to change. That's why we don't show up in some of them, as they won't come up with a methodology that better reflects what we do.

I liked Cylance's demo - go to totalvirus, download the last 100 uploaded viruii, and run them.

That's a good start, but it's tough to truly get a zero day virus that hasn't been seen yet, for a real world test. If it's on virustotal then it's already been identified as a virus by most of the AV companies.

No way to get around it entirely

Run them side by side in the real world (honeypot kind of thing) and test.

No I mean zero day viruses

Me too.

I don't have faith either would do the job

Isn't the other choice... neither, though? Will "none" do the job?

That's definitely a question

What I mean is... certainly trust nothing for zero days, protect as much as you can. But part of that would be getting the best AV that you can. It's part of the security picture.

Agreed

Yes, I think that RSAT might actually care as if it does the wrong thing it won't see the files.

Good enough lawyer should be able to get it dismissed.

when his daughters told him a drone was flying over the neighborhood.

This here is enough in some cases to have the charges thrown. As @JaredBusch stated,.. shotguns only have an effect range of so far... They could have been using the drone to scope out victims.

I think he was well within his right,.. but then again - I've been thinking of getting my own sail plane.

It'll be a tough case.

Will five dorrar make you hollar? It switch long time!

@PSX_Defector Yep, that's it!

I want to make sure that it just plain works with someone else's setup. You must have remoting enabled on server - an assumption on my part, but I don't even think about it being enabled any more, but considering the intended audience for the script, I should...!

Basically this is to help troubleshoot WSUS issues - wrong port, etc.

Thanks so much!

@scottalanmiller said:

Hard to say but I feel like it is tied to the massive shift from VMWare to HyperV virtualization.

I'd say that's has a lot to do with it. VMWare's offerings are becoming less and less attractive.

@thecreativeone91 said:

@thanksajdotcom said:

Youtube Video

I never liked the Revolution OS. They try to paint MS as the bad guy because they wanted to get the money they were suppose to be paid for BASIC and stop piracy. They should be paid for their software.

There is no doubt the guys in the video are fanatics. However, they are also some incredibly important people in the history of IT. I love learning the history, and I take the dogma with a grain of salt.

Agreed, thanks for the heads up.

That makes sense. For me, I am testing this on my home mac, and I would like to keep the web shield on, but not able to browse when it is on. Opened a ticket on Avast, lets wait for their feedback.

@Rob-Dunn said:

@thanksaj

Yeah, all my experience has been with Windows DHCP, and you're right, configuring the DNS suffix and other options are easy as pie. On the pfSense/Linux side it's a bit...different...!

I don't have much experience with pfsense. I've played with it a little but never actually set it up and used it. YMMV

Congrats on diving into Linux. I bet that you will find that BASH scripting is dramatically easier to get into than PowerShell too. 🙂

I use this plugin on SW too. It is great!

Wow, that's surprising for someone like Barracuda to be offline. That's a major blow to their confidence rating.

You should subscribe to their sale email. Two books minimum daily.

Very cute.

So true. So sadly true.

@Dashrender said:

Agreed, not desperate, but I would like it.

Though once we get it, I don't think the 'inbox' should show all new posts, perhaps only subscribed ones.

THAT is what I'M desperate for!