Security bods mop blood, sigh: NEW CryptoLocker zombies? We don't see their kind Infections from the infamous CryptoLocker ransomware have fallen off sharply since a takedown operation earlier this week, according to security researchers. An FBI-led takedown operation disrupted the internet infrastructure powering the Gameover ZeuS botnet and the even more infamous CryptoLocker ransomware. Gameover ZeuS is …
1. tries to connect to the internet - without either letting me know it WANTS to do it (please), and WHY it wants to do it
2. won't run without the internet connection
3. upon de-installation (how did I know?) it tries to open a web page, I bet to ask "we're soooo sorry you don't like our software, please tell us why").
Yes, it's free software, yes, it's most probably gathering "anonymized" information about systems that run it, but hey, I'd appreciate if they ASK me. Or if they don't know what this word means, perhaps TELL me what it's going to do, instead of going through my pocket, because they know better what's good for me and "oh, by the way, we do you a favour cause it's free, you dumbfuck".
Agree, software like this is part of the problem and not a good solution. If you've been hit or suspect you've been hit, the last thing you want to bloody do is connect this machine to a network even an internal one, never mind the internet! If this Danish firm is truly going to help, to help spread their own PR of course, then give us a simple standalone tool guys!
El'reg needs to flag up advert sponsored "news" items. What does this dubious looking demo of Heimdel's software do that standard anti-virus doesn't? That site looks like the standard dodgy scamware with mocked up images. And I certainly don't trust their boast of being "World champion hackers" - especially when combined with the comments from the above posters.
This is a demo of a paid for product. So is this El'Reg post is just a (paid for?) advert.
Earlier posts about Cryptolocker included links to the FREE cryptoprevent tool. Clearly written by a geek, for other geeks, for free. With the choice of paying a tiny fee to the guy for the full "pro" version. Whereas this Heimdal is just trying to profit off of other people's misery.
"looks like the standard dodgy scamware with mocked up images"
Too bloody right it does. Captured as a screen shot, its blatently obvious that they are scanned images. The images have missing pixels galore, its the crappiest, easiest, cheapest attempt to flog crud-ware i've seen.
http://www.foolishit.com/vb6-projects/cryptoprevent/
THATS a proper crypto locker prevention... Simple, easy and free!!!
Hi
I work for CSIS and do support for Heimdal, so I am definitely very biased about our product. With that said, I may be able to answer some of your questions and clear up some of the misconceptions about Heimdal.
Yes, Heimdal connects to the internet. It does not ask the user before doing so, but of course power users can use a firewall to gain that level of control. Heimdal uses the internet connection in order to check for updates to itself, to download updates to the 3. party programs that it monitors for updates, to download additional scanning tools etc.
I’m not sure about the comment that Heimdal should not be able to run without an internet connection. I have not had this issue reported before and I am unable to reproduce it. Feel free to elaborate.
Regarding the claim that Heimdal should gather anonymized information about systems where it is run, this only happens in case Heimdal should crash. It will then send us the IP address, the license key (for Heimdal Pro users), the eventlog with app crash, the Heimdal regkeys, and a unique ID for the installation which does not relate to any specific individual. Any users who feel uncomfortable with this, can simply remove the check in Heimdal at “Allow to send debug information”.
Thank you anonymous poster who points out that when uninstalling Heimdal a browser window pops up with the download page for Heimdal. We are now looking into getting it fixed in a future release.
To the user asking this question: “What does this dubious looking demo of Heimdel's software do that standard anti-virus doesn't?”. Several things. But let me start by making it clear, that Heimdal is a supplement to antivirus, not a replacement. Heimdal is designed to run alongside antivirus and provide an additional layer of protection.
To answer the question: Security modules varies between different antivirus products, but many of them do not have a feature to help update old and vulnerable software. Also, many antivirus products do not use DNS to blacklist malicious domains. Heimdal provides these additional security-features. Also, Heimdals detection capabilities of a few but serious malwarethreats related to netbanking, will also add an additional layer of security to supplement the malware-detection provided by antivirus-products.
Quote: “And I certainly don't trust their boast of being "World champion hackers"”. I believe that phrase could be a reference to 2011 where we won the “Capture the flag” hacking contest at the well-known security conference Defcon. Link: http://blog.sat0ri.com/ctf/2011/08/european-nopsled-team-win-defcon-2011/
I hope this has cleared up some misconceptions about Heimdal. If I should have missed any points, or if you have any questions about Heimdal, then I welcome you all to contact us directly at support@heimdalsecurity.com.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
