Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Need feedback on Cybereason Ransomfree tool

2 Weeks Ago   #1
goodlad

windows 7 ultimate x32
 
 
Need feedback on Cybereason Ransomfree tool

I have installed this tool today, it seemed decent & was voted on the PC Mag list as well. But I just wanted to know if any one's using it and any pro's or con's to deal with ?

I don't restart my lappy often, usually send into sleep mode, when I'm away from it..


My System SpecsSystem Spec
.
2 Weeks Ago   #2
Barman58

Windows 10 Pro x64 x2 Windows 10 Enterprise x64, Ubuntu
 
 

Not used it myself but this review may help you decide - it's one possible addition to a proper backup regimen

RansomFree Is the Latest App That Tries to Stop Ransomware Infections on Windows
My System SpecsSystem Spec
2 Weeks Ago   #3
samuria

win 8 32 bit
 
 

Several YouTube videos show it works well
My System SpecsSystem Spec
.

2 Weeks Ago   #4
goodlad

windows 7 ultimate x32
 
 

Thanks for the feedback Barman58 & samuria I do take backups but not as often as recommended. Need to buy few more flash drives for more backups probably, I don't trust online backups at all. I knew someone who lost his entire online backup, after his mail account was hacked.

So far, the only discomfort I'm facing is.. watching obnoxious files & directories created by this software - yeah, they did mention about it as being honeypot prior to installation. Usually I delete most of the files & directories which I don't use.
My System SpecsSystem Spec
1 Week Ago   #5
Alejandro85

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Barman58 View Post
Not used it myself but this review may help you decide - it's one possible addition to a proper backup regimen

RansomFree Is the Latest App That Tries to Stop Ransomware Infections on Windows
The article says pretty much the same things the program advertises on its website, it really doesn't adds much more than advertisement. Moreover it makes many claims and assumptions without any technical explanation or reference to back it up.
Let's see the exact problems:

Quote:
RansomFree works by creating randomly-named folders throughout the filesystem that act as honeypots.

These folder names start with characters like ~ or ! because they are low on the ASCII table and thus will be scanned first by ransomware.
The assumption here is that files are encrypted by malware in ASCII (alphabetical) order and the software relies on changes on those honeypots to detect malware. There is NO justification at all on why malware would attack files in that particular order, or even if some does, there is no reason to think that every malware does the same. Besides, creating honeypots won't detract malware to attacking legitimate files afterwards. All this technique seems to rely on strong assumptions that aren't guaranteed at all and it doesn't explains why.
If I were writing a ransomware, it won't certainly sort files at all, but just encrypt in whatever order they come from the OS, maybe prioritizing some presumably sensitive names. And even if I were lured by a honeypot, it won't stop there for sure.


Quote:
RansomFree monitors these files, and whenever they change, it detects the originating process and pauses it.
This assumes that the "antiransomware" has permissions to suspend the offending process. Even though Windows promotes the bad practice of running everything under an administrator account and is a frequent security flaw found in home computers, it might not be the case. Moreover, nothing prevents "something else" to simply resume the attacker. A virus running as two processes or as a higher privilege level will easily bypass this "protection".


Quote:
In a limited set of tests carried out by Bleeping Computer, RansomFree stopped the latest version of Locky (Osiris), Cerber, and Globe.
What tests? What actually has been tested? How was the test setup and the target computer? What versions of the malware? How can anyone reproduce such tests?
This is a claim with zero evidence to back it up. Coincidentally, all those "antivirus tests" incur in the very same flaw.


Quote:
CyberReason says that RansomFree can detect when an abnormal encryption-heavy process starts (specific to ransomware families), on both the local computer and on shared and/or network drives.
How does to detect it? Knowing what other processes are really doing is not exactly easy and very subject to false positives. Many programs legitimately do encryption, browsers, compression programs, anything that protected with a password, not to mention software like VeraCrypt whose sole purpose is to encrypt things. I would like to know how the detection takes place.

Quote:
The downside is that RansomFree needs a short amount of time to detect the start of the encryption operations. This means that a few of your files will be encrypted before RansomFree detects anything wrong.
That means that it cannot stop it in time. Since it relies on honeypot files and the fact that they "should" be attacked first it doesn't do anything if legitimate files are chosen first. A ransomware encrypting files in inverse alphabetical order simply destroys all files before being detected. It can't even ensure what files are attacked before detection, and they may be some critical files (from the user point of view). Even antiviruses claim that they stop viruses before doing any harm!


Quote:
Despite this, many users would happily sacrifice a few files if they can save the rest. However, the best course of staying safe from ransomware is to complement RansomFree with a solid computer backup policy.
Another unfounded claim. Sure losing a few is better to lose all, but RansomFree cannot ensure that only "few" files are lost and neither it can control what files. Importance of data is entirely defined by each user.
On a good note, here they do a good suggestion, to have a solid backup handy. This is actually the only piece of good advice I can find in the whole article.

What I read about it are strong claims with little to justify it, and many flaws with the technique are easy to identify. The article also completely fails in suggesting an alternative approach. For example, it completely ignores the protection given by permissions, by firewalls, by system and software updates, and only superficially mentions backups.
And most important, the sad fact that once a computer becomes infected, there is no way to make it clean other than a clean install and restore from a sane backup. This instead suggest trying to tame a running malware, an technique already proved to fail.
The software neither offers its source code for a security analysis, you must blindly trust it or discard it completely. A license is also missing, apparently.

Bottom line, I would not trust it. There is no indication of it doing anything but rudimentary analysis and lack of description of its techniques doesn't improves it. Of course, it may as well do some useful things, but we have no way of knowing it for sure.
My System SpecsSystem Spec
1 Week Ago   #6
Barman58

Windows 10 Pro x64 x2 Windows 10 Enterprise x64, Ubuntu
 
 

The review is at bleeping computer, the defacto standard for malware prevention and cleaning, which is why I posted it.

Also if you read the full set of comments, that are always an essential part of any review on a specialist website , they cover, and actually agree with some, of your points.

If you wish to gain knowledge of the tests that BC use then if you ask a question on their forum I'm sure someone will give you full information, (obviously except for any proprietary or sensitive information)
My System SpecsSystem Spec
1 Week Ago   #7
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

The article was not intended to give all the exact testing that was done or could be done.
From where I'm sitting the article was intended for the average user to give some basic information.

To a large degree I understand Alejandro85 points, but I don't think the article was intended to address those points. The average user would get lost in all the high tech information. I know I would for sure.

Any anti virus, anti malware, or all the other various anti infection programs are very complicated under the hood and take proper training to understand.
It's also my understanding that much of the 'anti' programs have proprietary or sensitive information that the companies will not release. Obviously for good reasons.

Bleeping Computer was the first forum I joined many years ago. I don't go there often anymore. As far as I know they are still one of the Gold Standard of security forums.

Sign up at Bleeping Computer and give them a good looking over and ask questions.

Just my opinion

Jack
My System SpecsSystem Spec
6 Days Ago   #8
goodlad

windows 7 ultimate x32
 
 

I heard BitDefender is protecting from Ransomware as well for both Free & Premium users through their regular security updates. I have BD free version, now BD is performing quarantine on the files generated by Cybereason tool, found 6 files with in an week. It just says quarantined not an virus though when checked the details. So far, I don't have any performance issues. The only thing I don't like BD Free version is - they don't offer Manual Scan instantly unlike for Premium, other than that. Its the best I have used in a while, consumes very minimal resources, you won't even notice ifs scanning the system unlike Avira & Avast.
My System SpecsSystem Spec
Reply

 Need feedback on Cybereason Ransomfree tool




Thread Tools




Similar help and support threads
Thread Forum
2 feedback tool
Hi i install like 7 day internet explorer 9 beta and on my program show feedback tool install , today my windows update show available update for internet explorer 9 and today install me another feedback tool why , i can delete the version old ? or i can delete both and i need stay on both
Browsers & Mail
Feedback Please
Please look at attached reports and help me figure out what is causing my issues. x64 - Home Premium - the original installed OS on the system? Windows 7 - an OEM or full retail version? Retail - System builder - What is the age of system (hardware)? - 4 weeks - What is the age of OS...
BSOD Help and Support
No feedback
On screen when I touch my sound control or wireless touch buttons. I have a Hp dv7 laptop running windows 7 64-bit.
Drivers
Feedback
Can I give feedback to Microsoft about Windows 7? And what kind of information send Windows 7 to Microsoft? Can I see them.
General Discussion
Feedback
I don't know if this was discussed somewhere already but I noticed that there is no longer a option to give feedback on every single window you open. btw: I just installed W7 an hour ago:p.
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:47.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App