Not at all! That doesn’t sound good, but it corresponds to reality. There is software, e.g. from the NSO Group from Israel, which is specialised in penetrating foreign systems. If a targeted attack is made on a specific device, no antivirus programme can defend itself against it. Antivirus scanners work with signatures of known malware. In the case of a new, as yet unknown attack scenario, they cannot prevent the attack because there is no signature for it in their database
This is where endpoint security comes in. If attackers succeed in getting onto their target’s system, the infected malware must be executed. Modern operating systems such as Windows 10 try to prevent this by so-called whitelisting. With whitelisting, only programmes and components that have previously been classified as “clean” by the user are executed. Whitelisting only works as long as an attack uses components that are not known to be harmless to get to the performance.
An advanced protection mode is the “Guarded Desktop”, which builds a “secure protective shell” around critical applications and prevents critical activities. These include, among others:
- Keylogging: the recording of keystrokes.
- Record screen activity.
- Changes to messages e.g. emails and messengers.
- Injecting malicious code into whitelisted databases and applications.
With the App-Protect software from Reddfort, users can protect themselves from targeted attacks. The application consists of two components, a sophisticated whitelist system and the Guarded Desktop. App-Protect is effective even if the virus scanner has been overcome by a potential attacker. App Protect simply prevents the start of executable files (EXE, MSI, BAT, etc.) and v the execution of e.g. macros from Office documents (DOC, XLS, etc.). It is still possible to start files such as videos, music, photos and Office documents from external USB drives. However, the execution of active elements, which in turn load malware, is reliably prevented.
The best way to use App-Protect is on a newly installed system to prevent possible malware from already being installed in the system and subsequently being “protected” by App-Protect.