Ok, so I was reading this:
Always use a reliable Anti-virus
Keep your anti-virus up to date
Let somebody else test the download, and if they give the thumbs-up, you know it's safe!
No such thing as gold changer, stat changer or anything long those lines
HOWEVER:
Always use a reliable Anti-virus --- Anti-viruses are weak junk. If you really want to defend yourself, you should do so by monitoring your task processes yourself, as several malware creators will encrypt their trojans that will last a good few days, even years, without getting picked up or added to any anti-virus database.
Let somebody else test the download, and if they give the thumbs-up, you know it's safe! --- Doing so would be very rude, but ok
No such thing as gold changer, stat changer or anything long those lines ---- Yes. Runescape packets are encrypted to the core (main reason for the lag). It is still possible to manage a few read-only memory hacks, as I have made a bunch.
Ok, enough of my criticism (no offense to whoever wrote that, it was well written!).
Here are MY techniques:
I only use 4 things to monitor my computer..
1) Task manager
2) Hex editor / Notepad++
3) Sandboxiee
4) MSE
Sandboxie is the BEST way to detect malware on here. Why? Because on here, people usually bind their viruses to fake application which execute at run-time. This may fool some AV's, but not us humans at runegear because we are smart and use sandboxie!
"...but,,but,---" YES, I know sandboxie can be bypassed. But doing so would mean they would leave a signature that several anti-viruses can pick up, meaning your anti-virus can save you from it. Bitdefender also has great technology to pick up obfuscated viruses for suspicious activity and runtime. If your av CAN'T, then you can do it yourself using a(n?) hex editor!
One last thing, people would thing installing all that spyware bot trash that freezes your PC will make you completely safe, well here's a surprise!
Try coding a simple keylogger in C++. Encrypt it using a VERY BASIC technique, and you will see that NO ANTI-VIRUS will be able to pick it up. Why? Anti-viruses only "learn" from viruses that they could analyze in their database.
There is yet another way malware developers can make their trojans FUD (fully undetectable).
First, they would use a .NET crypter to encrypt detected strings. Then, they would use a hex editor to edit out detected strings that classify in the TR/Crypt.Gen dictionary. In Darkcomet these detected strings are :
The IP address and port of the host
The strings "DDOSUDPFLOOD" and "DDOSHTTPFLOOD"
The final step would be to sign the assembly with a strong name key (SNK file) and then obfuscate it, then binding it using a trusted utility like winrar or iexpress to avoid detection. All this quiet neatly makes your file appear CLEAN on novirusthanks. On virustotal where they include scanners that flag a file for a virus EVEN IF ITS JUST SUSPICIOUS (like bitdefender) you might get detections, and some AV's share their dictionaries so scanning on virustotal would make the Detection rate multiply.
But what happens when you click the file?
The binded file opens, the trojan, being a persistent process, will become a permanent part of your system. There will be no going back, especially when it starts attaching itself to common exe files that you always use (like your default browser!).
NOT IF YOU USE A VIRTUAL ENVIRONMENT LIKE A SANDBOX!
Guys, please, even if you're going to rely 100% on your AV, at least let it be one with auto-sandboxing like Avast!
That about concludes it I guess.
Always use a reliable Anti-virus
Keep your anti-virus up to date
Let somebody else test the download, and if they give the thumbs-up, you know it's safe!
No such thing as gold changer, stat changer or anything long those lines
HOWEVER:
Always use a reliable Anti-virus --- Anti-viruses are weak junk. If you really want to defend yourself, you should do so by monitoring your task processes yourself, as several malware creators will encrypt their trojans that will last a good few days, even years, without getting picked up or added to any anti-virus database.
Let somebody else test the download, and if they give the thumbs-up, you know it's safe! --- Doing so would be very rude, but ok
No such thing as gold changer, stat changer or anything long those lines ---- Yes. Runescape packets are encrypted to the core (main reason for the lag). It is still possible to manage a few read-only memory hacks, as I have made a bunch.
Ok, enough of my criticism (no offense to whoever wrote that, it was well written!).
Here are MY techniques:
I only use 4 things to monitor my computer..
1) Task manager
2) Hex editor / Notepad++
3) Sandboxiee
4) MSE
Sandboxie is the BEST way to detect malware on here. Why? Because on here, people usually bind their viruses to fake application which execute at run-time. This may fool some AV's, but not us humans at runegear because we are smart and use sandboxie!
"...but,,but,---" YES, I know sandboxie can be bypassed. But doing so would mean they would leave a signature that several anti-viruses can pick up, meaning your anti-virus can save you from it. Bitdefender also has great technology to pick up obfuscated viruses for suspicious activity and runtime. If your av CAN'T, then you can do it yourself using a(n?) hex editor!
One last thing, people would thing installing all that spyware bot trash that freezes your PC will make you completely safe, well here's a surprise!
Try coding a simple keylogger in C++. Encrypt it using a VERY BASIC technique, and you will see that NO ANTI-VIRUS will be able to pick it up. Why? Anti-viruses only "learn" from viruses that they could analyze in their database.
There is yet another way malware developers can make their trojans FUD (fully undetectable).
First, they would use a .NET crypter to encrypt detected strings. Then, they would use a hex editor to edit out detected strings that classify in the TR/Crypt.Gen dictionary. In Darkcomet these detected strings are :
The IP address and port of the host
The strings "DDOSUDPFLOOD" and "DDOSHTTPFLOOD"
The final step would be to sign the assembly with a strong name key (SNK file) and then obfuscate it, then binding it using a trusted utility like winrar or iexpress to avoid detection. All this quiet neatly makes your file appear CLEAN on novirusthanks. On virustotal where they include scanners that flag a file for a virus EVEN IF ITS JUST SUSPICIOUS (like bitdefender) you might get detections, and some AV's share their dictionaries so scanning on virustotal would make the Detection rate multiply.
But what happens when you click the file?
The binded file opens, the trojan, being a persistent process, will become a permanent part of your system. There will be no going back, especially when it starts attaching itself to common exe files that you always use (like your default browser!).
NOT IF YOU USE A VIRTUAL ENVIRONMENT LIKE A SANDBOX!
Guys, please, even if you're going to rely 100% on your AV, at least let it be one with auto-sandboxing like Avast!
That about concludes it I guess.
