Of lately researchers must have dreamt about developing a robust program against ransomware. Following it, they have even made certain decryption tools but unfortunately haven’t really been able to fight against Ransomware encryption. Perhaps, this is making the challenge even tougher. Having said that, we must remind ourselves that at the end of the day power of good rules over evil!
Recently, a senior contributor at Macworld, Glenn Fleishman, came up with two budding applications that are potent enough to prevent Ransomware attacks in Mac. These applications are named as Santa & Little Flocker. To put it simply before you, Santa will identify malicious apps while Little Flocker will protect docs in Mac from any damage. But the big question is how will they’ll work?
Working of Santa
Well, it’s not literally ‘Santa Claus’ for your Mac, but might seem to you a look alike of him. While working on a lot Macs, Google has projected to develop an application, Santa that will block all blacklisted apps from getting installed on your Mac.
Until now, only one variant called KeyRanger Ransomware managed to bypass Mac Security. Back then, Mac had pulled down the infected version of Transmission and fixed the vulnerability in updated version. But now, researchers are up to offer a full-proof app that will not let any ransomware outbreak its attack.
A usual anti-malware program identifies and blacklists nasty software to run. But they are limited to blacklist only those software that are identified by “signature” checking of the program. Signatures are unique bunch of software codes with which anti-malware software are programed and help dig out nasty behavior in any program. Malware authors nowadays give great importance to this and develop huge number of variants to help bypass signature checking.
However, Santa (which is still in development process) is a step ahead. It smartly identifies whitelist as well as blacklist programs and will eventually synchronize the database with the server. The app will have two modes- monitor & lockdown mode. When in Monitor mode, Santa will record all information about applications launching on Mac, but will only block some specific blacklisted apps. It identifies wicked apps on the basis of its fingerprint that is the algorithm of the app and is against Santa’s binary code. Once Santa has identified any such apps, it prevents them from launching. While in Lockdown mode, the budding app will allow only whitelisted apps to run, whether they are system level or launched by users. This mode will also allow apps that are approved by authorized developer signature. In addition to this, Lockdown mode will let you blacklist a directory, in order to prevent software from running that are not installed in the Applications or System folders.
Out of these two modes, developing team suggests to run the app in monitor mode for a while and observe routine app usage. Once you’re aware of it, you can make your own list of whitelisted apps and switch to lockdown mode.
Little Flocker on its way…
Well, if Google’s initiate to block disgusting software isn’t enough, then you’ll have Little Flocker with you. This application is an outcome of security researcher Jonathan Zdziarski’s work and currently is in beta testing. Litlle Flocker is more extensive system behavior analyzer and blocker of nasty apps. It closely examines all applications and restricts unfettered ones to modify or delete any file. Littler Flocker approves an access to apps on subsets of folder hierarchy instead of all user-modified files. This essentially helps in protecting known apps from any mutilation and halts the way for new apps to gain sudden access over all files on the Mac, without user knowledge.
At present, many of the anti-malware software that acts as a shield for Mac monitors or blocks only unapproved network activity, both inbound and outbound. This happens because many of the malware programs try to gain access over files remotely and leak it out for criminals. However, Little Flocker keeps a sharp eye on every application and leaves no room for any vulnerability.
Until now, Apple has maintained high-hedging protection for its computers and so its users have remained considerably safe. Santa and Little Flocker will be added high for it, but unfortunately no such application has been made for Windows, which is the chief target of Ransomware crooks. We wish Google, Zdziarski or any other researcher and developer come with a sure prevention of Ransomware for Windows and stop this viciousness from spreading!