Jump to content
Search In
  • More options...
Find results that contain...
Find results in...


  • Content Count

  • Joined

  • Last visited


This user doesn't have any awards

About captain_to_fire

Contact Methods

  • Twitter

Profile Information

  • Gender
  • Location
    head above water
  • Occupation
    Med student

Recent Profile Visitors

70,680 profile views
  1. In my opinion, this is how all antivirus programs detect malicious files: It examines files by pattern matching with known signatures or variations with similar malicious code (the 100% way to detect a virus is if the AV has signatures for it) If it's a new file and the AV can't make a decision if it's malicious or not, it'll execute it in a local emulator to see if it does something malicious like enumerating files to disk (ransomware) or hook into web browsers (spyware). But since malware authors are clever, they'd make their virus perform benign tasks when executed inside an emulator or conceal the payload to evade detection. But the antivirus can do one or both things: it uploads the suspicious file to a cloud based sanbox for a more thorough detonation and/or allow the malicious file to run while the AV monitors how the execution unfolds. Once detonated in the sandbox, the people of the AV company will document how it behaves and push an update to everyone. Should the unknown file allowed to run inside a PC and it performs a behavior characteristic of malware that the AV knows, it will terminate the process and, if the damage is not yet severe, it will try to roll back malicious actions like an unknown ransomware attempting to overwrite the Master Boot Record or modify registry keys. Basically, they all work the same. The only differences I think between AV vendors is how often their researchers fine tune their machine learning algorithms based on the threats they're facing, and how many vulnerabilities does an antivirus has. Because an antivirus has a deep access of the system files including the kernel, it is another vector of attack as demonstrated by the researchers of Google Project Zero actually found critical vulnerabilities in AV programs from Kaspersky, Symantec, ESET, Sophos, FireEye, and even Windows Defender [1] [2] [3], typically they find problems with the AV's file parser. I think at the moment, only Microsoft has follwed Project Zero's recommendation of running the antivirus process inside a sandbox although I don't think it is enabled by default for everyone.
  2. I thought ATP is mostly a service on top of Windows Defender for workstations running Windows 10 E3 or E5 that reports and correlates security events from endpoints back to the IT staff as well as manage detection sensitivity, blacklist/whitelist websites, mark USB flash drives as read only or block them all together, etc. [here] Looking at the documentation it looks like their general threat detection rules and signatures come from the same cloud service for both consumers and enterprise. But yeah, there are indeed more advanced features that ATP has over the consumer defender.
  3. Considering that its detection scores are lower than the built in Windows Defender, I hope no one does.
  4. I know that @leadeater will probably ban me if I spread the rumor that his favorite program to use at work is Symantec Endpoint Protection /jk
  5. Controlled Folder Access and Windows 10 in S Mode I think. From my personal testing, Controlled Folder Access stops the execution of applications that is not trusted by Microsoft. I noticed that it blocked BitTorrent from writing to disk weeks ago. Also, Windows Defender is on par with the top antivirus programs. https://selabs.uk/download/consumers/epp/2019/jul-sep-2019-home.pdf https://www.mrg-effitas.com/wp-content/uploads/2019/11/MRG_Effitas_2019Q3_360.pdf https://www.av-comparatives.org/tests/real-world-protection-test-july-october-2019/
  6. Can't find the one for Windows Defender for consumers. I was thinking they have the same privacy policy considering that both have the same scanning engine and they feed off the same cloud component.
  7. What data does Microsoft Defender ATP collect? Microsoft Defender ATP will collect and store information from your configured machines in a customer dedicated and segregated tenant specific to the service for administration, tracking, and reporting purposes. Information collected includes file data (such as file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and machine details (such as machine identifiers, names, and the operating system version). Microsoft stores this data securely in Microsoft Azure and maintains it in accordance with Microsoft privacy practices and Microsoft Trust Center policies. This data enables Microsoft Defender ATP to: Proactively identify indicators of attack (IOAs) in your organization Generate alerts if a possible attack was detected Provide your security operations with a view into machines, files, and URLs related to threat signals from your network, enabling you to investigate and explore the presence of security threats on the network. Microsoft does not use your data for advertising. Is my data isolated from other customer data? Yes, your data is isolated through access authentication and logical segregation based on customer identifier. Each customer can only access data collected from its own organization and generic data that Microsoft provides.
  8. Makes me wonder before if Blockchain based elections will make it more secure, but considering the number of attacks in cryptocurrency ledgers, probably not at the moment. 

  9. I’m bringing back this status update of mine from March 2018. While there are proven ways to lower risk of certain cancers, in actuality the best way to not have any kind of cancer is to not be born at all.
  10. It took me an hour to figure out that the cause of my muted speakers is a botched Realtek audio driver update. Good thing Task Manager allows roll back of driver updates.


    Edit: The problem persists even after the driver update roll back. Now I’m getting desperate. 


  11. Use a password manager people. It's not that expensive.
  12. The MBP is way too much for my simple workflow. I’ll wait for the 2020 MacBook Air refresh. It has the Touch ID button It has function keys instead of a touch bar
  13. Most of the "free" password managers that I know is only free on one platform and is only stored locally and can only save a limited amount of entries. It reminds me of Enpass . While you have the freedom to pick which cloud service to sync your passwords with, you still have to pay a one time fee for that platform, let's say Android or iOS.
  14. The import/export feature works only between password managers. Let's say I previously use LastPass but decided to use Dashlane, I can export all of my passwords from LastPass via a .csv file, then all I have to do is upload the said .csv file to Dashlane. Do you manually store your passwords? I hope you don't.