Yes, I read /r/sysadmin, Brian Krebs, /r/netsec, etc everyday (Sysadmining and securing our environment is one of my job responsibilities) and its not only out there, its gotten bigger. I see it blocked on my firewall, filtered out in our mail, etc. More players have entered the market (there are several active variants now) and the malware is smarter. The malware uses new tricks to infect (html file in a zip file that just does a redirect to a exe hosted on the web), bundled with 'crimepacks' that perform multiple exploits at once (java, flash, etc), running as a word macro, running fully in memory to avoid disk write restrictions, etc. We've shored up our defenses significantly but unless we move to a whitelisted-only executable environment, then it will probably get through eventually.
One of my chief complaints about Windows 10 is that it does absolutely nothing to solve the "download invoice.pdf.exe" problem Windows suffers from. At least in Linux that file needs to be given a +x and in OSX non-Apple signed executable need to be approved in the system settings. Windows is still the wild west. Its a shame MS didn't use Win10 as a way to lock things down to address today's threats. Signature based AV cannot move faster than a certain speed and malware like Cryptovariants move much, much faster than that. Heuristics are terrible for some reason on popular AV's and everyone is constantly getting infected.
Yeah, leave exceptions for power users and enterprise, but by default it should not allow untrusted unsigned content to run by default.
I told myself that if I ever start my own company that actually allows me to quit my dayjob it would be 100% OSX environment on the client-side. MS just doesn't take security very seriously, its targeted badly, and even the pro-netsec people at MS that want to be better with security are knocked down by the other politics of having 20-30 years of legacy support for ancient apps and not breaking anything. Its just not able to keep up with modern threats. Its a shame Win10 isn't shipping with a Windows store only policy for installs and some kind of OSX-like exception in the control panel for whitelisting. Devs would hate, IT departments would lose their shit, but in a few months we'd all be used to it and the internet would be much safer.
There are various GP solutions available to lock down Windows and if you're a really large scale environment I think Active Directory is pretty respectable.
Except they don't work, or at least anymore. We have a generic one about blocking certain filetypes from being run in a zip (which is the standard vector for now) but all the other ones about blocking certain parts of the user's profile don't work. The malware just keeps trying different locations if its denied write access somewhere.
One of my chief complaints about Windows 10 is that it does absolutely nothing to solve the "download invoice.pdf.exe" problem Windows suffers from. At least in Linux that file needs to be given a +x and in OSX non-Apple signed executable need to be approved in the system settings. Windows is still the wild west. Its a shame MS didn't use Win10 as a way to lock things down to address today's threats. Signature based AV cannot move faster than a certain speed and malware like Cryptovariants move much, much faster than that. Heuristics are terrible for some reason on popular AV's and everyone is constantly getting infected.
Yeah, leave exceptions for power users and enterprise, but by default it should not allow untrusted unsigned content to run by default.
I told myself that if I ever start my own company that actually allows me to quit my dayjob it would be 100% OSX environment on the client-side. MS just doesn't take security very seriously, its targeted badly, and even the pro-netsec people at MS that want to be better with security are knocked down by the other politics of having 20-30 years of legacy support for ancient apps and not breaking anything. Its just not able to keep up with modern threats. Its a shame Win10 isn't shipping with a Windows store only policy for installs and some kind of OSX-like exception in the control panel for whitelisting. Devs would hate, IT departments would lose their shit, but in a few months we'd all be used to it and the internet would be much safer.