[情報] BitDefender Anti-Ransome

作者swattw (Swat-未來模式)

看板AntiVirus

標題[情報] BitDefender Anti-Ransome

時間Mon Apr 11 09:18:45 2016

軟體名稱：BitDefender Anti-Ransome 版本號：1.0.11.26 官方網站： https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released/ https://goo.gl/XWQvRz 官方下載連結：http://download.bitdefender.com/am/cw/BDAntiRansomwareSetup.exe 官方說明： Combination Crypto-Ransomware Vaccine Released Bitdefender anti-malware researchers have released a new vaccine tool which can protect against known and possible future versions of the CTB-Locker, Locky and TeslaCrypt crypto ransomware families by exploiting flaws in their spreading methods. “The new tool is an outgrowth of the Cryptowall vaccine program, in a way.” Chief Security Strategist Catalin Cosoi explained. “We had been looking at ways to prevent this ransomware from encrypting files even on computers that were not protected by Bitdefender antivirus and we realized we could extend the idea.” The new tool is available for download on the . A conducted by Bitdefender in November 2015 on 3,009 Internet users from the US, France, Germany, Denmark, the UK and Romania offers a victim’s perspective on data loss through crypto-ransomware: 50% of users can’t accurately identify ransomware as a type of threat that prevents or limits access to computer data. Half of victims are willing to pay up to $500 to recover encrypted data. Personal documents rank first among user priorities. UK consumers would pay most to retrieve files US users are the main target for ransomware. 效果：阻擋除了常見的Crypt系列以外，還有Ransomware系列勒索軟體。教學： 1. 下載下來以後安裝 2. 安裝完畢以後長這樣 http://i.imgur.com/T0worxM.png

3. 在設定裡面三個都打勾分別是開機自動運行，自動運行最小化到系統列，按XX會最小化到系統列 http://i.imgur.com/d9gWob3.png

-- CPU: Intel core i7-4790K @4.5Ghz 1.25V →Swat-PC002：http://i.imgur.com/sHaQPB2 RAM: Kingston hyperX Fury DDR3- OC2133 8GB*2 MB : MSI Z97S-SLI PLUS VGA: NVIDIA GTX980 SSD: Curcial MX200 250G HDD : Seagate 2TB 7200rpm APU: Asus Xonar DX PSU: Antec EDGE 650W CASE: Corsair Graphite 230T OS : Windows 10 Pro 64Bit 鍵盤 Corsiar K70 RGB 滑鼠: Razer DA Chroma 耳機 Logitech G633 鼠墊 Logitech G940 搖桿: Nvidia Shield -- ※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 114.35.164.154 ※ 文章網址: https://www.ptt.cc/bbs/AntiVirus/M.1460337529.A.73B.html

→ abram: 謝謝分享有了這個就比較放心點了 04/11 11:19

→ noname123: 跟MBAE會相衝嗎？ 04/11 14:02

推 tennyleaz: 想知道跟KIS會衝嗎？ 04/11 14:17

推 qxxrbull: 我個人用過確定跟comodo HIPS不會衝突 04/11 14:46

→ swattw: 我自己跟防毒軟體不衝突 04/11 14:49

推 Kreen: 感謝分享～ 04/11 15:32

推 silentazure: 沒衝突+1 謝謝分享 04/11 15:53

推 howard098112: 推感謝分享 04/11 20:39

→ mayuyu: cruelsister1有做測試 BitDefender Anti-Ransome 04/11 22:41

→ mayuyu: 無法擋住TeslaCrypt v3(已經出現幾個月，不是新變種 04/11 22:41

→ mayuyu: 而且BitDefender Anti-Ransome宣稱可以對抗這種病毒) 04/11 22:41

→ mayuyu: 所以這個軟體只能防護有限的勒索病毒種類 04/11 22:41

→ mayuyu: 甚至對它專門對付的種類的防護都不完全 04/11 22:42

→ mayuyu: 所以cruelsister1建議選擇其他軟體 04/11 22:42

→ mayuyu: https://www.youtube.com/watch?v=EBi0HfLb5Yk 04/11 22:42

推 x52013: 那麼請問一下樓上有更好的推薦嗎？ 04/11 23:08

推 mayuyu: cruelsister1的影片有測其他軟體 04/12 01:36

→ mayuyu: 據他測試的結果WinAntiRansom防勒索目前還沒有失手過 04/12 01:36

→ mayuyu: 例如像Petya這種MBR加密的病毒當時HitmanPro.Alert 04/12 01:36

→ mayuyu: 和MalwareBytes Anti-Ransomware都無法阻擋Petya 04/12 01:36

→ mayuyu: https://www.youtube.com/watch?v=3YXYnAiSYrY 04/12 01:37

→ mayuyu: 而WinAntiRansom有成功擋住他還有測ESET的HIPS很強 04/12 01:37

→ mayuyu: 可是我覺得勒索軟體日新月異方法推陳出新 04/12 01:37

→ mayuyu: 遲早有人又找出新漏洞或新方法擋得了一時擋不了永久 04/12 01:37

→ mayuyu: 所以可能還是虛擬機或沙盒、影子系統比較保險 04/12 01:37

→ mayuyu: 像是Shadow Defender的測試 04/12 01:38

→ mayuyu: https://www.youtube.com/watch?v=_cIy80Wkce4 04/12 01:38

→ mayuyu: 不管怎麼亂搞系統重開機就恢復原狀 04/12 01:38

→ mayuyu: 只是沙盒或影子系統會擔心被keylogger盜取密碼 04/12 01:38

→ mayuyu: 然後連上網路傳出去像影片中最後的測試。 04/12 01:38

→ mayuyu: Sandboxie可以限制在沙盒內能夠啟動的程式 04/12 01:39

→ mayuyu: (除了瀏覽器和其他必須的程式以外都不允許啟動 04/12 01:40

→ mayuyu: 不要使用IE就好因為你總不能限制iexplore.exe不能上網xD) 04/12 01:41

→ mayuyu: 限制可以連網的程式 04/12 01:41

→ mayuyu: (除了瀏覽器和其他必須的程式以外都不允許連網) 04/12 01:41

→ mayuyu: 限制可以存取的資源(資料夾、登錄庫) 04/12 01:41

→ mayuyu: 同時降低沙盒內程式的權限再另外搭配防火牆和防毒 04/12 01:42

→ mayuyu: 就可以避免影片中被記錄鍵盤輸入盜取密碼的機會 04/12 01:42

→ mayuyu: 一些病毒在啟動時都會檢測自己是否在沙盒內 04/12 01:42

→ mayuyu: 如果發現是在沙盒內為了避免被分析和追蹤就會自己自殺 04/12 01:42

→ mayuyu: 所以有一些病毒即使你允許讓他執行他也不會有動作。 04/12 01:42

→ mayuyu: 因為HIPS對於一些注入行為還是沒有防禦 04/12 01:42

→ mayuyu: 然後利用瀏覽器漏洞、Flash漏洞、作業系統漏洞 04/12 01:42

→ mayuyu: 讓你一開啟網頁就注入系統程式連網開始下載病毒 04/12 01:43

→ mayuyu: 我覺得防不勝防防毒軟體要很全面很強光靠雲端還不夠 04/12 01:43

→ mayuyu: 啟發模式要很強也能夠阻擋利用漏洞入侵的攻擊 04/12 01:43

→ mayuyu: 要做到這樣可能一套防毒還不夠 04/12 01:43

→ mayuyu: 所以還是用虛擬化加上限制啟動和存取、 04/12 01:43

→ mayuyu: 降低權限的方式保護系統檔案不被破壞應該是最安全的方法 04/12 01:43

→ mayuyu: 現在測病毒很多都是用虛擬機來隔離測試 04/12 01:44

→ mayuyu: 可以拿來測病毒就知道是目前比較安全的方法 04/12 01:44

→ mayuyu: 應該是共識 cruelsister1本身也是建議用沙盒或虛擬機 04/12 01:44

→ swattw: 他一次買五台授權，等等開團購好了 04/12 16:29

→ noname123: WinAnti 始終會顯示 error，只好移除。 04/13 22:55

推 DINJIAPC: 他是使用特徵庫去攔的本來就會漏 06/03 08:28