How well does Avast Free 2015 block ransomware from being installed or from running?
I could not find an answer to this question when searching here for “ransomware”.
Avast - please let us know whether you are focused on this and how well your tests are working.
Of course Avast! will detect ransomware among other threats as well. However you should also exercise caution when opening files. A antivirus/security product will only protect you from what it can and not from user ignorance. If it looks phishy, upload it to Virustotal (https://www.virustotal.com/) and see what other AV’s say about it. Having good online safety habits is the only way to truly stay safe online.
Sutieday - with respect, I’ve been around for a while. There are so many people being hit, and they all have some kind of anti-virus. Or they have kids with PCs on the network and stuff happens despite the AV.
We all need AVAST to respond to this question. I could not find ANY posts here from Avast that says plainly how well they’re doing - or how badly.
[b]Avast - please respond.
[/b]
If your interested in how avast does against Real World threats, then you can check AV comparatives here: http://www.av-comparatives.org/dynamic-tests/ or Av-test here: http://www.av-test.org/en/antivirus/home-windows/
Avast has hardened mode that can lockdown your machine and prevent unknown threats as seen in this video: https://www.youtube.com/watch?v=3Z3jv6FOMjY
As I said before an AV can only protect you from what it can.
And if you expecting Avast! to tell you that there lacking in detecting ransomware, then your gonna have a long wait.
Edit: Not trying to sound rude, but if Avast answered your question about how it blocks ransomware, then they would have to answer how well avast blocks X,Y or any other trivial threat.
No AV can protect against ALL malware. A layered defense is your best bet. Add cryptoprevent if you haven’t already:
http://www.foolishit.com/vb6-projects/cryptoprevent/
You can also add malwarebytes anti-malware and anti-exploit:
http://www.malwarebytes.org/antimalware/
http://www.malwarebytes.org/antiexploit/
Regardless here is Avast’s answer on the subject:
https://blog.avast.com/tag/ransomware/
https://blog.avast.com/2013/11/19/can-avast-protect-me-against-cryptolocker/
dprout - thanks - at least something from Avast on this topic.
But not a lot of confidence from a post in 2013. As you know, ransomware has mutated like crazy, especially the last few months.
AVAST - can we get an update on this? And for those of us using FREE.
Thanks.
I use Avast FREE…shields only.
I also have MalwareBytes Pro (Active Shield Version) running as well…Avast works fine with it.
I also have CryptoPrevent installed…link given above.
I also use OpenDNS as cloud based filter.
The simple answer is most of the Crypto programs while detected and easily removed by A/Vs & Anti-Malware have already done their damage…encrypted your files. Thus, you need layered approach. You can pile on tons of security items and have diminishing returns of them not working well, slowing PC, etc. The combo of Avast FREE + MBAM Pro + CryptoPrevent all work well together and cover the holes each may have well. Obviously Avast offers other tools in their pay products for network security, cleanup, etc. that are great but the above combo is what I’ve selected and seems to be for most part what alot of folks use…obviously, people swap out the A/V or add an Adware blocker or different Fierwall too…but again, for me there is point of diminishing returns…plus the above combo is affordable.
The other thing I do is a backup image of my PC every night to external USB HDD…runs while I am asleep.
First thing in morning is I un-hook that USB HDD…plug back in before I go to bed.
Also, I use SugarSync (like Dropbox) to backup (sync) my files real-time to the cloud.
Now while CryptoLock would change/lock those files SugarSync would see them as changed/deleted and have copy of previous in Recycle Bin. Thus, even if CryptoLock got past my Avast+MBAM+CryptoPrevent I would eb able to remove the Virus with Avast or MBAM then restore my files from USB or SugarSync.
Hope that helps.
thekochs - That’s more or less the combo I have started to put on my machines. (I use MalwareBytes Free and have not yet decided to pay for MalwareBytes Pro. And my Avast Free is more than just Shields only - why shields only? DeepScan is on and I am now experimenting with Hardened Aggressive on one machine.)
You are right about unhooking that USB backup drive because the encryption will get it also (from what I’ve read), but your USB backup drive is then vulnerable half the time. That’s why I’m worried about Avast Free and whether it stops this from happening.
SugarSync, which we use, has admitted to what you say also - that the encryption malware will send a new, encrypted version of each sync file up to SugarSync. So only the previous version will be good.
Still, we need Avast itself to comment here. Their 2013 posting is no good anymore.
I don’t know why you specifically want avast to tell you something…
Do you think they are going to come on here and say their product doesn’t protect against something? If they knew what it didn’t protect against then they would add it. If they say it does protect against something 100% of the time, all day every day, and forever into the future, and it doesn’t - you’d sue them.
The only thing they are going to tell you which has been posted on the board a few times by avast and as I mentioned in my earlier post is that NO AV can protect you against everything
As I said, and as Koch said…a layered approach
How well does Avast Free 2015 block ransomware from being installed or from running?what is there to say ... No security program have 100% detection, and avast protect just as good/bad as the rest of the AV out there, and the malware writers are constantly updating and releasing new variants and families. All AV vendors work 24/7 trying to detect
Malware statistic
http://www.av-test.org/en/statistics/malware/
20% of all malware ever created appeared in 2013
http://www.pandasecurity.com/mediacenter/press-releases/20-of-all-malware-ever-created-appeared-in-2013/
Over 20 million new strains of malware were identified in Q3 2014
http://www.pandasecurity.com/mediacenter/malware/over-20-million-new-strains-of-malware-were-indentified-in-q3-2014/
When I say “Shields Only”…I mean I don’t install any of the “Tools” in CUSTOM install options.
Example: I don’t want GrimeFighter nor Network Scan, etc…I personally have better ways to do this and won’t comment on my opinion of some of those tools (trying to be nice). I also have not installed “NG” (in “Tools” as well…concept is great and may in one or two more releases of Avast code become “stable” but right now IMHO it is not). So, with the “Shields” you get DeepScan (on by Default) and Hardened Mode (off by Default). I admit I have not tried Hardened Mode and I’ve read the comments/confusion on the nomenclature of “Moderate” versus “Aggressive”: https://forum.avast.com/index.php?topic=142172.msg1032485#msg1032485 I should probably do so on “my” PC but some of the others in my family I’d would be getting calls constantly "is this OK ?..is this OK ?..is this OK ?) How has it worked for you ?
On the USB HDD…I just hook it up at night before I go to bed…then Macrium Reflect images my PC at 3am…when I wake up at 6pm I check Avast Scan, MBAM scan (both also ran…different times) and then I unhook my USB HDD. I figure that the Cryptolock is going to lock down my PC/files as soon as it gets loaded (or within minutes after it gets keys from server and searches/encrypts my files)…not wait until some arbitrary time or hours. Also, even if it does the Macrium image file is not one of the extensions yet it locks down. So, perhaps a small hole of assumption is there but trying to minimize. Also, SugarSync will have “previous” version of file and I also manually from time-to-time have USB stick with my very critical files…not current as the above but close enough if I had to live with. Of course being prudent on where you surf, email attachments you "run’, etc. always help a lot. One thing everyone should do it uncheck “hide file extensions” in Windows Explorer so you see the *.PDF is a *.PDF.EXE file…hopefully seeing that along with no Adobe thumbnail should be warning too.
Lastly, I would buy the MBAM “Pro” active shield…about once a week it catches something “actively” Avast does not.
Also check this article out: http://krebsonsecurity.com/2014/08/new-site-recovers-files-locked-by-cryptolocker-ransomware/
But early Wednesday morning, two security firms – Milpitas, Calf. based FireEye and Fox-IT in the Netherlands — launched decryptcryptolocker.com, a site that victims can use to recover their files. Victims need to provide an email address and upload just one of the encrypted files from their computer, and the service will email a link that victims can use to download a recovery program to decrypt all of their scrambled files.
Also good summary/history: http://en.wikipedia.org/wiki/CryptoLocker
CryptoLocker in Action video: https://www.youtube.com/watch?v=Gz2kmmsMpMI
thekochs - thanks. My Avast Free 2015 does NOT show an “NG” option. What does “NG” mean, and where is the toggle? (This is the case on both an XP Pro 32-bit machine and a Win 7 Pro 64-bit machine.)
Right now, on both machines, I am running
The XP system very likely does not have hardware virtualization.
The Windows 7 system likely has it, but it can be it is disabled.
And you don’t see NG.
It runs hidden.
You can install it/remove it through the control panel > software > avast > change
A good site for information:
https://blog.avast.com
Here is description post from Avast Team on NG: https://forum.avast.com/index.php?topic=154857.msg1125734#msg1125734
It takes advantage of virtualization in both the processor & O/S.
Supposively Avast tests to see if your BIOS/CPU/O/S can handle during the 2015 installer and don’t put in option/Tools if not.
I do not think XP is supported so the only question for you is W7.
Easy way to find out is to go to your installed programs, choose Avast, choose change, look in Tools section at bottom and see if NG is there…and your choice (after researching) to uncheck or leave.
I run the PUP scan in MBAM Pro…Avast does my rootkit scan when it does A/V scan, MBAM Pro scanner only a Malware scan.
If you get MBAM Pro I think you can get rid of some of the other Spyware items you have but I’ll let expert like Eddy comment on that.
I just enabled Hardened Mode/Aggressive on my PC…I’ll see how it goes before I expand to the family.
You really need imaging software…Macrium Reflect is FREE and works awesome…alot of others out there but this is supported, stable, great boot recovery CD/USB…basically not some small BS program/util someone put together.
http://www.macrium.com/reflectfree.aspx
The FREE does allow for “scheduled” imaging (say late at night) but only for FULL backup…but OK with me since I’m a sleep. Forget Virus/Trojan/MW…what happens WHEN (not if) your HDD has physical crash ?
The other util I run from time-time that the A/V experts here run is AdwCleaner
http://www.bleepingcomputer.com/download/adwcleaner/
thekochs - thanks very much for the lead to Macrium Reflect Free. [b]
I’m glad you found NoScript for Firefox - good to return the favor. NoScript is the start of a much more secure browsing experience than you’re used to although it takes some work. You should also consider (for Firefox) the add-ons known as:
If you want avast to answer, submit a ticket.
But stop asking for it here, it is getting annoying.
Besides, you are already being told how avast looks at it.
Also read the blogs and do some (re)searching.
Thx…
For Reflect it images from the HDD you are on (whole HDD or individual partitions…you setup backup job details then schedule) to USB HDD. As above, I have USB HDD I backup to then disconnect…you can get them for $50 now a days.
Here is Forum: http://support.macrium.com/
Here is their knolwdge base link: http://kb.macrium.com/Knowledgebase.aspx
You can restore files within the Macrium software by mounting one of your images and getting the files or if catastrophy happens restore the entire image to new HDD using recovery CD…or recover to current HDD that perhaps has been crypto locked or O/S hosed and you have prior backup image on USB.
Macrium > No incremental or differential backups
Eddy - If you’re an evangelist, then you know Avast’s market needs hard facts.
Avast - how are you actually doing with preventing ransomware? Please answer.