I saw an article last week but did not follow up on it, but the short version was they were very upset.

I just see them all running amuck, and even with all the "laws" they seem to run with impunity. I have had 3 credit cards hacked, and yet the banks don't investigate or prosecute, and some, like CapOne, just tell you they are sending a new card because of a "merchant data breach" and won't tell you what merchant. So if you used another card, too bad. It is a dysfunctional system, akin to faking money. If you fake money, they are all over you and have herds of investigators, take it online and Poof, nothing. The ecosystem has changed and enforcement has not kept up, they are too busy seeing what websites you have visited or what is in your email. Bah....

wow! Heavy!

No, this is the first I've heard of it.

Thanks. Did you hear about the Mint Linux hacking? I guess it was their website, but really.. If we had efficient enforcement, and maybe took a few out and shoot who steal identities and hack, it might go a long way to slow it down.

Yes, they do. I'm on my ubuntu system right now, so I don't see the app, but as I recall there is a Feedback button, when pressed takes you to the mbarw forum. For your convenience here is the link:

https://forums.malwarebytes.org/index...

Thanks for the update, do they allow you to report such occurrences?

Update: Malwarebytes requested that I submit a "False Positive" report of the issue for developer analysis as described here:

https://forums.malwarebytes.org/index...

I have received one update to Malwarebytes Anti-Ransomware. Everything has gone smoothly until this morning when I saw an alert that ransomware activity had been detected and that the process (I believe the alert used the word "process") explorer.exe had been quarantined. I nearly panicked because even with my rudimentary understanding, I knew that explorer.exe was crucial to the operation of Windows. The taskbar had disappeared and only the familiar desktop was showing. Holding my breath I chose to restart the machine. It started normally, the taskbar reappeared and I was able to launch Malwarebyes Anti-Ransomware but did not see any history or explanation that anything untoward had occurred.

OK, now I see, this is an issue sort of one we have run into internally, where we have locally set up web sites within our factory and they went through and changed all the active directory's so most are set to just view but not alter data. Had to go fight with them for sites where we enter data for specific tools and we were locked out. I would have to do each of my home machines as they are all independent.

No. This is completely separate from your website. Most businesses are using Active Directory for authenticating windows computers. Active Directory is set up with a domain name, (similar to yourdomain.com but has little if anything to do with the web), so that when they log into their computer the computer looks for Username in the xyz.local domain namespace. Within active directory you can apply policies to groups of computers that are joined to that domain. In essence, you can control everything that those computers can or cannot do, from installing software, to what the desktop wall paper is. One of the things you can do is choose to secure the appdata directory that resides in every user profile across all the computers joined to the domain from one location. This is how I go into a company like JP Morgan and apply a fix to 60,000 computers by doing 10 minutes of work.

Alternatively, if you don't have a domain that your office computers are joined to, you can secure that directory by affecting the local computer policy on each computer. it's more time consuming, but very very effective.

Now when you lock down the directory, there will be things you might not be able to do as a restricted user anymore. launching webex or gotomeeting might be one of those things. You can customize which software can run using the appdata folder while blocking everything else. This is what I do for my clients. You effectively deny all, while making allowances for the few good things you need.

So you have to ask your domain provider to do it? Say for my own website I lease my space from a provider where my domain name is held. It is a Linux server so would it still be needed?

technology has it's own fearful reputation, in that there have been a lot of misrepresentation that has built into urban legends. Hopefully you can maybe use the ransomeware plague as a illustrative example.

It's neither. It's a policy. Applied to the domain, it's a group policy, or for just one machine you can just apply a local policy.

Oh, they need only look in the news paper for evidence of why they should. Consider that true disaster recovery, that of a hot spare clone server coupled with offsite cloud based backup AND the ability to run and restore the entire server in the cloud can be purchased for about $4.00 per day and any business owner would be admitting to diminished mental capacity if he or she didn't avail themselves of the opportunity to mitigate risk. In my business, the hardest part is simply talking to people, once they see how affordable things are and how expensive the downside is they make the smart choice. And it's not as complex as one would think.

Is that a reg edit or an application?

In that premise, you are correct, security companies should be instituting multi layered defense that does not rely on a single method or group of methods, for business and large groups. Even if available, though, the geniuses in management running around today would probably not invest in something that complicated and expensive.

This isn't totally correct. Chrome, and others will install for an end user who does not have permissions to install regular software. Spotify does too. They exploit the appdata directory just like cryptolocker and other ransom ware packages do. Regardless of whether the user clicks it, or JavaScript launches it via a website, the payload is installed dude to a basic and simple to fix flaw in Windows which doesn't require malware bytes. I've protected thousands of computers this way.

The point is you could have prevented the robbery in the first place. As I explained before, the anti-malware will work against known signatures, and potentially has some hieuristic features, but could be defeated by changing the signatures or creating a new payload. This gets demonstrated all the time at security seminars. As for a full backup, well I suppose that would be appropriate for a ho,e user to rely on, but the analogy would be that of insurance for a bank. Explains to your boss why 20 terabytes of data were maliciously encrypted and it will take a couple of days to restore when you could have just tightened up the operating system security via a simple group policy. Downtime costs money and tarnishes a companies reputation.

Listening to lectures on programming syntax is deadly. It's best to read it, learn by doing, and experiment, followed by looking up what you need in references.

Well, Windows does allow you to have a user account that does not allow installers to work, or requires the painful process of going through all the clicking. That is one reason that is the reccomended setup, but the valid software people have created so many scrpts and inside the inside programs that run as executables, that it sort of hobbles the web experience. That is one thing they rely on, is users who have got all the windows open so they don't have to put up with it. Most of the ransomeware reports I have seen say they had to click on a file or such to install it. The latest one I saw can install like a JS file, just by going to the infected website. Now that is a real problem, which is why I am in favor of this Malwarebytes Beta.

Why would not having your own full back up to restore from, or even this Beta be appropriate? I am not seeing the analogy here.

The "defense" analogy would be, in this case, as follows:

You are in charge of guarding a bank vault. You hire a security firm who is trained in spotting bank robbers and other shaddy looking folks. You get the best combination lock and security system money can buy. And then you post the combination and alarm codes on a sign out in front of the bank. All that is needed to swindle your customers is a disguise that Barney Fife hasn't seen yet.

Bell labs was a fun place to work.
UNIX 1984-1987 +++

I work in infosec and while these products may do an ok job, the problem with the ransomware/malware is 1) the end user 2) the fact that windows allows an unprivileged user to run an .exe from the appdata directory structure in the users profile. These ransomeware apps run just like the webex or gotomeeting installers and while an AV or Anti-Malware product may be effective to an extent, they rely on either signatures (which come from after the ware is in the wild) or from heuristics, which in some cases are good and getting better, but still difficult to identify.

My recommendation is locking down the ability to install/run from the appdata directory and using allowances for the apps you need which need to run this way. Google Chrome takes advantage of the appdata flaw (yes it is a flaw imho) and will install itself despite user privilege restrictions. If you are a home user, this may be over your head, and if you are sysadmin and haven't done this for your users yet, well... get to work.

If you need help or want to do this for your computer or in your company I will be happy to point you in the right direction (I'm not advertising per se so don't flag me por favor).