ThreatLocker: Zero Trust vs Malware & Exploits
ฝัง
- เผยแพร่เมื่อ 12 ต.ค. 2024
- Testing Threatlocker vs Malware to see if zero trust is an effective strategy for the future to prevent hacking attempts. The test includes pdf exploits, commands to simulate attacks etc. and a discussion of protection approaches. Is this a better or worse approach than detection?
ThreatLocker is one of the members of our annual Mal X programme so they receive additional test reports and data from us. However, all public tests are conducted fully independently with no interference.
Buy the best antivirus: thepcsecurityc...
Join the discussion on Discord: discord.tpsc.tech/
Get your business endpoints tested by us: tpsc.tech/
Contact us for business: thepcsecurityc...
it seems it the best solution to keep non tech savvy employees safe and make sure they're not doing something they're not suppose to do
I'd say a combination of both would be ideal
o hey, finally a solution that has any real chance of catching a 0 day. My personal go-to is always ida Pro and a VM/sandbox, this is basically that but on a company scale.
Have you tried AppLocker or WDAC?
thats what we use in our organization. Works pretty well
Your CISO must be a very well adjusted person then…😂😂
We use threatlocker, and love it!
Don't be so sure of yourself. 😉
@@black_dragon274yes
@@black_dragon274 Can't they be sure they love it? What are you talking about?
I think both an allow listing and detection based system are necessary. As far as making sure execution is secure, allow listing is the way to go... It just can be difficult for some jobs.
Yeah and avoid clownst... I mean crowdstrike 😆
When Part 2 of "Best Antivirus/EDR vs Unknown Ransomware" with Kaspersky etc?
Soon (TM)
zero trust is definitely the way to got for an entreprise environment. 100% of the times any type of virus infects a company is because of user error, be it downloading and opening a file they received on an email or just poor security practices (Ie no firewalls or whatever). For a single home user though, this creates waaaay more problems and solutions. I installed "Simple Wall" the other day because of your video on "How to stop apps from spying on Windows" and omfg was it triggering. I couldn't open absolutely any program without having to add each individual .exe related to it on Simple Wall.
it seems promising concept, I'll use it as addition layer to detection product
Thanks for the good video!
Could you make a video about Sandboxie-Plus and whether it makes sense to use it?
I would be curious to see you testing Kaseya/Datto AV + EDR + Ransomware solutions!
I use Threatlocker for my job, and while it's a good protector, you do have to put quite some work into it to properly configure applications so they're both protected, but still work.
@@ym5891 no pain no gain
Great video!!! I like this approach (zero trust approach). What I want to know is will this perform better than UltraAV? :D lol Thanks for posting!!!
It would be better since it effectively gives you 100% block rate for unknown (or non standard) applications but of course it relies on manual accept/deny so it doesn't detect if it's safe or not itself.
@@SmilerRyanYT zero trust it self has default rules like forced all user use low root admin to what they want to do,when you try to open important thing need to users need prove identity,this rules decrease attacker steal super admin as securtiy layer
Thats actually almost the same as Kaspersky's Intrusion Prevention, it literally does the same thing lol.
threatlocker is similar to applocker but more advanced.
@@josemmm11 I meant Kaspersky's Security Module in Anti Virus called "Intrusion Prevention", because its almost the same thing, it does many things the same way but in some ways better.
@@Zero-sm8oi ok I understand. Something new to learn .
no surprise. These or similar features are present in many security suits, including KAV, ESET, COMODO, SOPHOS
@@Zero-sm8oiHow do those compare to Komodo?
AppLocker/WDAC tests when?
Jokes aside, I hope you cover them as well
WDAC is being retired :(
AppLocker is good but when apps update, you have to manually update the hashes etc - where as threatlocker manages updates for you.
@@BakerWase No, it isn't. I think you confused WDAG (run apps in VMs) with WDAC (app allowlisting)
@@BakerWase Second, you can use signatures insted of hashes, so you don't need to update the policy every update (that is what I am doing right now).
Besides, what is the point of using hashes if they auto update on changes? Might as well just use a path rule (I think)
Oh man. would love that software for the house. But looks like its going to have enterprise pricing.
Allowing you to run PowerShell as Admin is a gap in your configuration; a standard user should not be allowed to elevate PowerShell in the first place; that's what Elevation Control is for.
So since it works in a different way than a typical Anti virus and firewall program, does that mean you can have both on your system without conflicts ?
Yes
I'd say it's a complement for anti viruses. Honestly, this tool has great potential since it allows what only an employee it's supposed to do in their duties. Now, the UI and the problem PC said can be solved by a QOL update
This is interesting, I have been working on zero-trust solutions and the idea is exactly the same, but like with all software there is definitely going to be some misses, especially if someone knows how these zero-trust solutions works.
Yeah,that why business cybersecurity companies provide more advanced solutions like EPR+XDR,Zero trust,NGFW,MDR,NDR,encryption solutions help for business cybersecurity team more effectively deal with incidents
Can you use your knowledge to test how good Sandboxie Plus virtualization is and how it keeps spaces isolated from malware?
imo it's complimentary to NGAV/EPP and other layers of protection
I don't like either/or questions, because the best answer is rarely just one or the other. As you pointed out, this tool wouldn't step in on a phishing attack. Also, as you noted, this tool can have a major (even if momentary) impact on system performance. It seems to me that this is a great second layer in a defense-in-depth strategy.
Very informative! Seems kinda similar to Glasswire
In practice software like this makes security worse because you can't update software.. Some help desk employee who knows nothing about security or your job installs the software and you hope it works and you can never apply security updates because they will be blocked. So, everyone is running two year old versions of everything on there computer. That's my experience at multiple companies.
I love this product for advanced users, but not for your typical average user. It would probably work well, if you were to configure a single image that you then deployed to all of your end-user computers.
Could you do a video (and a tutorial on what to block to protect ourselves from ost threats without breaking windows) on AppLocker?
So whats is the price of this . they dont say anything on their site, which makes me suspicious
Its business focused and they have minimum endpoints type buy in. They also offer elevation control, storage control, MDR etc. The full suite is roughly 18$ per month; but the basic product is only like 5.50 per month per device.
I like the idea of antivirus and whitelisting, but i'd rather not have a dashboard and just a local yes/no/sandbox option for allowing execution when it blocks something.
Any way at all if I could have like the popup of SecureAPlus but just the whitelisting feature I would, along with an option to accept once, or allow all if i want to.
MacOS does this
Excelente Gracias.
Best Antivirus would be the combination of Bitdefender , Malwarebytes and Kaspersky i would name it ShadowAV
Ik
looks like a typical HIPS, but this one has bells and whistles, i.e. good for corpos. Isn't free, besides a 30 days trial. If so, should be compared to many similar packages included in SOPHOS, ESET, Kaspersky etc. The old good COMODO still looks at least not bad compared to this software, and COMODO firewall (internet security) is freemium
great bit of kit. if only it were a bit more lightweight.
Leo, please make a new Norton test video. The old video that you have on this channel is 4 years old.
I like this, it has possibilities. ZT FTW.
bitdefender vs kaspersky pliz
Nowadays Cybersecurity companies All solutions difficult to deal with attacker because attacker always very like find high value
According to copilot info first time use heuristic engine 2.0 is since 2010 years nowadays near end of 2024years but still didn’t study new heuristic engine,and Antivirus not a Anti-hacker
Unfortunately we'd need the benefits of both.
Zero trust is the ONLY answer in today's day and age.
Honestly, even with stuff like this, be careful what you open and download.
You can’t rely on only an AV all the time, it requires some human effort too!
(Edited to make more sense as I haven’t watched the whole thing)
Thats why I got myself ESET + Malwarebytes + Voodoshield + NextDNS.
Ocasionally scanning with NPE, KVRT, Hitmanpro and FARBAR.
Not to mention I am planing to sometimes get a physical firewall with OPNsense.
I am very confident nothing can penetrate my system, even if it is a targeted attack.
Is Threatlocker compatible with AV+EDR on same system?
It is, yes. They even offer a Managed EDR service too. We run them with webroot + windows defender with no problem.
There are a lot of security software offerings. The question I always have is, how do I know if the software is not a Trojan horse? How do you know if the software I buy is legit? Is there a computer security consortium certifying these software offerings?
yes. As an example, Linux foundation. I doubt there are any similar for Windows, because it's a close source and proprietary. For open source there are communities and organizations that look at source code and report any problems they find
Windows community is totally different. It's about different companies that compete in the market and offer better protection. They may have a better history and public opinion, and in certain way the product might be better but you never know what's behind the code
app rating services like virus total or hatching io are the place to start with that.
threatlocker does maintain a list of "known trusted" apps too fyi
Should the average user use this or would it be overkill.
@@Robertganca overkill, but if you sail the 7 seas, it could help avoid the kraken
average user cannot even get a price without writing a request. It's for corporation business. You can get only 30 days trial
Its a business focused solution tbh
These random cuts in the video makes it seem illegitimate. I notice in every video..
best product i like it
Do kaspersky vs bitdefender 😊
I believe detection is the best due too the trouble of allowing new programs
You need zero trust AND good detection
So it's basically SELinux but less secure
Ok, as an old senile man who likes to rant angrily into the clouds, I am going to "fart in church". First, the OS and BIOS should be locked down to a paranoid level. But the reality is that OS give permissions to almost anything by default. [Except non-commercial Linux and similar distributions where you have to OPT-IN to allow apps to be permissive. It is generally a shit idea to give an app direct kernel access, but this is routinely done in gaming, where a gain of a few FPS is more than offset with badly compromised security. Debian distros that conform to the full GPL make you have opt-in to install the latest video driver for example, like NVIDIA commercial drivers.
The current design philosophy of Microsoft OS products is seems to be a permissive OS, which you then have to lock down if you want to. Security provisions should be customizable at all times, and especially at first installation. The amount of telemetry and connections that windows 11 does [home or professional] is absurdly high. So you have to make yourself an expert fining out which connections are actually essential and which are just crap. [Or for Microsoft's benefit and not necessarily yours].
You can easily go on the web and find cut-down versions of win10 or 11 [with names like "Tiny 11"], but that does not help much, because as well as taking out some of the bloatware, it will also disable MS's anti-virus. In short, you stand the risk of an OS that is even more insecure than the standard version.
In theory, polices control in Win Pro should stop a lot of nonsense, but most of them are quite easy to bypass. "Hardening" win 11 needs an expert level of knowledge which most people don't have.
I see that M$ has adopted the SUDO command but I have no idea how safe it is. In Linux it is great, but then Linux is much more orientated in keeping the user in user space, rather than let them swan around in kernel space.
the most fun thing in your comment is that you try to estimate security of Windows and compare it with a good OS like linux ) that OS is made not for security, it's for profit. Profit of making some apps including games, that will be sold. Well in some states they are now legally obliged to replace selling with licensing
Please stop the whooshing sounds!
could you do a review on TotalAV please?
totalshit
Try Going to Computer solutions on youtube and search the term in their search box you will probably find a bunch of tests of total av
Why it is rubbish & a scam as it auto-renews @ 10 times the price.
@@zetectic7968 exactly. because there is tons of bot/fake reviews on it
Would love to see a vid on how to permanently remove MS Copilate in win 10?
First!
Hello im second
This is a very good video
Comodo but more weaker
Bravo nice one