Win 11 system requirements and compatibility talk

Started 6 months ago | Discussions thread
Austinian
MOD Austinian Forum Pro • Posts: 11,735
Re: Will security requirements help with ransomware protection?

S Castle wrote:

Austinian wrote:

I don't think Secure Boot, TPM, or HVCI in Windows 11 will protect against ransomware; if a user permits the malware to run (as in clicking on a phishing email) I'd expect that to execute like any other program. Attacks against vulnerable system components, maybe.

I'd be interested to see an informed discussion about this.

This is my second try. I've been away from the front lines of infosec for a while so I might be a bit rusty, but here are some comments. I've used some terms that might not be known to people without infosec backgrounds. If I've used any not understood, Google should tell you what they mean.

All this depends on the sophistication of the malware.

Various systems have used access control lists of various kinds, with varying results. Still, malware can be crafted that leaves no "fingerprints" on disk until its work of compromising the system is done. Ransomware, of course, must modify the attached disk storage in order to hold the contained data for ransom, but this can be done without leaving an AV or similar signature, if it is entirely memory-contained.

If a zero-day vulnerabilty is being exploited and the defenders have allowed the malware inside the network, it's up to various intrusion detection tools to give the alert. These might include HVCI and CFA, but if the vulnerability is deep enough in the system space you might not get an alert. Real-time log analysis (part of host-based IDS) might alert. There is an open-source tool for this that runs on Windows - Wazuh is its new name; it was OSSEC before. It's not at all turn-key, though, and needs good system chops to install, configure, and use. Again, sophisticated malware might turn off logging before doing its job.

I've read about intrusion detection systems, but haven't seen anything yet that sounded suitable for my use. I'll certainly investigate Wazuh to see if I have the technical nous to benefit from it; thanks for mentioning it.

Ransomware is the golden goose for malware writers; it's the most direct way of monetizing malware yet devised, and it's not going to go away -- especially as victims can be squeezed again and again, it seems. The recent supply-chain compromises are very troubling, and we can expect to see more of them -- or maybe not, which would be even more worrying.

As an individual with only single-user PCs to protect, I fortunately have a much simpler task than IT professionals; I can't begin to grasp the difficulties involved in restoring function to enormous, widely distributed networks after a successful attack.

Unless we can make every computer owner and user into a cyber security expert, we are vulnerable to every mistake, short cut, or other stupid error that software companies make, and even then there will be incidents.

That will never happen IMO.

I see too many comments on the Net that even I know are dangerously clueless.

 Austinian's gear list:Austinian's gear list
Sony a7R III Panasonic Lumix DC-G9 Sony a7R IV Panasonic Lumix G Vario 7-14mm F4 ASPH Panasonic 12-60mm F3.5-5.6 OIS +4 more
Post (hide subjects) Posted by
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
MOD Austinian
Keyboard shortcuts:
FForum PPrevious NNext WNext unread UUpvote SSubscribe RReply QQuote BBookmark MMy threads
Color scheme? Blue / Yellow