Reply to post: Re: Ahh, it's application level granularity...

RDX removable disk has ransomware protection begging to be bypassed

TheVogon Silver badge

Re: Ahh, it's application level granularity...

"Adding both problems and you can get any software to do anything."

I believe that hole (that potentially allowed you to take over the elevated privileges of say antivirus programs!) was fixed some time ago.

"if you allow Office full access, you can always use OLE Automation to open documents, encrypt them, and close them again, all with (moderately) easy to access and stable functions"

True, but corporates would normally only allow trusted signed or trusted location macros to run. Even for consumers Office defaults to disabling active content by default and warning you before enabling them.

However, If you have that level of access to Office and you ignore the warnings, malware could just as easily execute a script that encrypts everything of value outside of Office - not just documents. Which is why for all the attempted Office initiated attacks I have seen that's what they do...Also that makes it easier to install and trigger ransom demands.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019