I have installed this tool today, it seemed decent & was voted on the PC Mag list as well. But I just wanted to know if any one's using it and any pro's or con's to deal with ?
I don't restart my lappy often, usually send into sleep mode, when I'm away from it..
Not used it myself but this review may help you decide - it's one possible addition to a proper backup regimen
RansomFree Is the Latest App That Tries to Stop Ransomware Infections on Windows
Thanks for the feedback Barman58 & samuria :) I do take backups but not as often as recommended. Need to buy few more flash drives for more backups probably, I don't trust online backups at all. I knew someone who lost his entire online backup, after his mail account was hacked.
So far, the only discomfort I'm facing is.. watching obnoxious files & directories created by this software - yeah, they did mention about it as being honeypot prior to installation. Usually I delete most of the files & directories which I don't use.
The article says pretty much the same things the program advertises on its website, it really doesn't adds much more than advertisement. Moreover it makes many claims and assumptions without any technical explanation or reference to back it up.
Let's see the exact problems:
The assumption here is that files are encrypted by malware in ASCII (alphabetical) order and the software relies on changes on those honeypots to detect malware. There is NO justification at all on why malware would attack files in that particular order, or even if some does, there is no reason to think that every malware does the same. Besides, creating honeypots won't detract malware to attacking legitimate files afterwards. All this technique seems to rely on strong assumptions that aren't guaranteed at all and it doesn't explains why.RansomFree works by creating randomly-named folders throughout the filesystem that act as honeypots.
These folder names start with characters like ~ or ! because they are low on the ASCII table and thus will be scanned first by ransomware.
If I were writing a ransomware, it won't certainly sort files at all, but just encrypt in whatever order they come from the OS, maybe prioritizing some presumably sensitive names. And even if I were lured by a honeypot, it won't stop there for sure.
This assumes that the "antiransomware" has permissions to suspend the offending process. Even though Windows promotes the bad practice of running everything under an administrator account and is a frequent security flaw found in home computers, it might not be the case. Moreover, nothing prevents "something else" to simply resume the attacker. A virus running as two processes or as a higher privilege level will easily bypass this "protection".RansomFree monitors these files, and whenever they change, it detects the originating process and pauses it.
What tests? What actually has been tested? How was the test setup and the target computer? What versions of the malware? How can anyone reproduce such tests?In a limited set of tests carried out by Bleeping Computer, RansomFree stopped the latest version of Locky (Osiris), Cerber, and Globe.
This is a claim with zero evidence to back it up. Coincidentally, all those "antivirus tests" incur in the very same flaw.
How does to detect it? Knowing what other processes are really doing is not exactly easy and very subject to false positives. Many programs legitimately do encryption, browsers, compression programs, anything that protected with a password, not to mention software like VeraCrypt whose sole purpose is to encrypt things. I would like to know how the detection takes place.CyberReason says that RansomFree can detect when an abnormal encryption-heavy process starts (specific to ransomware families), on both the local computer and on shared and/or network drives.
That means that it cannot stop it in time. Since it relies on honeypot files and the fact that they "should" be attacked first it doesn't do anything if legitimate files are chosen first. A ransomware encrypting files in inverse alphabetical order simply destroys all files before being detected. It can't even ensure what files are attacked before detection, and they may be some critical files (from the user point of view). Even antiviruses claim that they stop viruses before doing any harm!The downside is that RansomFree needs a short amount of time to detect the start of the encryption operations. This means that a few of your files will be encrypted before RansomFree detects anything wrong.
Another unfounded claim. Sure losing a few is better to lose all, but RansomFree cannot ensure that only "few" files are lost and neither it can control what files. Importance of data is entirely defined by each user.Despite this, many users would happily sacrifice a few files if they can save the rest. However, the best course of staying safe from ransomware is to complement RansomFree with a solid computer backup policy.
On a good note, here they do a good suggestion, to have a solid backup handy. This is actually the only piece of good advice I can find in the whole article.
What I read about it are strong claims with little to justify it, and many flaws with the technique are easy to identify. The article also completely fails in suggesting an alternative approach. For example, it completely ignores the protection given by permissions, by firewalls, by system and software updates, and only superficially mentions backups.
And most important, the sad fact that once a computer becomes infected, there is no way to make it clean other than a clean install and restore from a sane backup. This instead suggest trying to tame a running malware, an technique already proved to fail.
The software neither offers its source code for a security analysis, you must blindly trust it or discard it completely. A license is also missing, apparently.
Bottom line, I would not trust it. There is no indication of it doing anything but rudimentary analysis and lack of description of its techniques doesn't improves it. Of course, it may as well do some useful things, but we have no way of knowing it for sure.
The review is at bleeping computer, the defacto standard for malware prevention and cleaning, which is why I posted it.
Also if you read the full set of comments, that are always an essential part of any review on a specialist website, they cover, and actually agree with some, of your points.
If you wish to gain knowledge of the tests that BC use then if you ask a question on their forum I'm sure someone will give you full information, (obviously except for any proprietary or sensitive information) :)
The article was not intended to give all the exact testing that was done or could be done.
From where I'm sitting the article was intended for the average user to give some basic information.
To a large degree I understand Alejandro85 points, but I don't think the article was intended to address those points. The average user would get lost in all the high tech information. I know I would for sure.
Any anti virus, anti malware, or all the other various anti infection programs are very complicated under the hood and take proper training to understand.
It's also my understanding that much of the 'anti' programs have proprietary or sensitive information that the companies will not release. Obviously for good reasons.
Bleeping Computer was the first forum I joined many years ago. I don't go there often anymore. As far as I know they are still one of the Gold Standard of security forums.
Sign up at Bleeping Computer and give them a good looking over and ask questions.
Just my opinion
Jack
I heard BitDefender is protecting from Ransomware as well for both Free & Premium users through their regular security updates. I have BD free version, now BD is performing quarantine on the files generated by Cybereason tool, found 6 files with in an week. It just says quarantined not an virus though when checked the details. So far, I don't have any performance issues. The only thing I don't like BD Free version is - they don't offer Manual Scan instantly unlike for Premium, other than that. Its the best I have used in a while, consumes very minimal resources, you won't even notice ifs scanning the system unlike Avira & Avast.
Quote