VappWare Real Time Browser Protection(Browser Condom)

[Jarmo P]

Quote:

Discuss the software only.

~Off topic comment removed~

For newbies: copy the link to browser URL field and change hxxp to http.
Kind of interesting to read info about the company, offices etc. hehe, but overall this has been a funny thread. I also suggest a bit more conventional name for the product. Just a friendly advice.

[ErikAlbert]

I thought it was a shortcut for condominium, like demo for demonstration. Thanks.

[Mrkvonic]

Hello,
A question to developer:
Why does your app need 100MB installation space?
Mrk

[mswiczar]

Quote:

Originally Posted by Mrkvonic

Hello,
A question to developer:
Why does your app need 100MB installation space?
Mrk

I ll tell you why?
When you run any application inside the Vcondom, every time the application need to open any file (read, write, or just query).The condom first verify is the requested file reside inside the condom, if this is true the application could access to this file, else the requested file reside outside the condom, the condom first copy this file in the condom and give this new file (path) to the application.

So you have duplicated data. (just for the files requested by the protected application)

Example, when an application needs a c:\windows\system32\notepad.exe
the condom return this path to the application
c:\vcondom\condom1\disks\hardiskdrive0\windows\system32\notepad.exe

And to make the system with a high performance, first we fill the condom with the most used file to avoid copying files while running the application.

Example qhen you create a condom, the font directory, cursor directory, program files internet explorer directory, mozilla directory and some other applications are placed in the condom.

Hope this explain the installation and running space.

Best regards and please test this application inside a virtual machine.
We are in alpha, i dont want to crash your system.

Thanks a lot for your question.

Moises

[Meriadoc]

Hi mswiczar,
I'm using a clean vm to test BC but I get bsod at the moment - opening ie & FF.
I notice you have to wait before you can use the protection as it takes 3-4 mins to make a condom - can you quicken this up?
As I cannot test it right now can you tell me what threats it will protect against?

[rdsu]

Quote:

Originally Posted by Notok

Once upon a time, Wilders was a place where we could come to discuss software on a technical level. We could learn the technology and were thrilled to see something new to try. You could actually learn something about security, and not just brand names. Now it seems to be just the opposite.

You are right...
I really would like that this forum was as 2/3 years ago...

This wave of disrespect become frequent, and this harms what really must be spoken...

[Pedro]

Quote:

Originally Posted by mswiczar

When you run any application inside the Vcondom, every time the application need to open any file (read, write, or just query).The condom first verify is the requested file reside inside the condom, if this is true the application could access to this file, else the requested file reside outside the condom, the condom first copy this file in the condom and give this new file (path) to the application.

So you have duplicated data. (just for the files requested by the protected application)

Example, when an application needs a c:\windows\system32\notepad.exe
the condom return this path to the application
c:\vcondom\condom1\disks\hardiskdrive0\windows\system32\notepad.exe

And to make the system with a high performance, first we fill the condom with the most used file to avoid copying files while running the application.

Example qhen you create a condom, the font directory, cursor directory, program files internet explorer directory, mozilla directory and some other applications are placed in the condom.

Looks like SandboxIE more and more. Again, don't take me wrong!
How do you plan on programing to recover files from the sandbox, pardon , condom? By exploring the condom folder only?

[mswiczar]

Quote:

Originally Posted by Meriadoc

Hi mswiczar,
I'm using a clean vm to test BC but I get bsod at the moment - opening ie & FF.
I notice you have to wait before you can use the protection as it takes 3-4 mins to make a condom - can you quicken this up?
As I cannot test it right now can you tell me what threats it will protect against?

Thanks again

Did you create the Condom First?
When you create the condom this steps are done by the main form.

Create "virtual Disk" doing this

1) c:\vcondom\Condom1\Disks\Device\HarddiskVolume1\;
2) and one Hardiskvolume for each volume (not yet implemented, i just implemented 1 volume)

Create Virtual Registry repository
1) c:\vcondom\Condom1\Registry\Machine\
2) c:\vcondom\Condom1\Registry\user\


3) ModifyPrivilege(SE_BACKUP_NAME,TRUE) // Need backup privilege
4) Export Macine key RegSaveKeyEx(hTestKey,afilename,NULL,REG_LATEST_FORMAT);
5) Export user key
RegSaveKeyEx(hTestKey,afilename,NULL,REG_LATEST_FORMAT);

Thats all.
Those are the task of the create condom procedure.
Remarks, when the RegSaveKeyEx run, its seems to frozen the pc, but its the way microsoft export the keys


Then

You must start the condom.

When you start the condom, this happend
1) I patched a lot of SSDT to prevent treats to bypass my protection.
2) I restore the backuped keys when you created the condom.
cbName = ModifyPrivilege(SE_RESTORE_NAME,TRUE);
cbName = RegLoadKey(HKEY_USERS,CONDOM_USER_CLASSES,afilename);
So i use the Windows algorithm to give access to the registry.

then when you start the browser

All the request data from the Applicatin living in the condom will be redirected to the "virtual disk" example c:\vcondom\Condom1\Disks\Device\HarddiskVolume1\

If the file is in the Virtual repository, it just open from there, if not, its copies from the real path to the "virtual disk" and then redirected to this place.

all the request registry from the application will be redirected to the new keys

Hope this will help you.

thanks again for your interes

[mswiczar]

Quote:

Originally Posted by Someone

Looks like SandboxIE more and more. Again, don't take me wrong!
How do you plan on programing to recover files from the sandbox, pardon , condom? By exploring the condom folder only?

yes. you are right!
any suggestion?

[Devil's Advocate]

Quote:

Originally Posted by EASTER.2010

I agree. The very use of that term to try to bring attention to a security software only tells us one thing. You copy/paste others code to create your so-called rubber balloon

Serious charge, more information please.

Quote:

and additionally you obviously don't frequent security forums or else you would know what is mutually acceptable and what throws up big red flags like you have offered in this topic. No criticism just the facts.

I agree, it's criminal for him to not frequent security forums. How dare him!!

[Devil's Advocate]

Quote:

Originally Posted by Perman

Be humble, learning from peers, otherwise your baby will stay in your incubator for a long long time.

If he really is the author of a software that works like Sandboxie, almost everyone (I would guess all) here particularly those acting all high and mighty* in this thread are NOT his *peers*. They would instead be people like Tzur, Ilya etc.

It's amazing how running a few HIPS and hanging around here for some time, can make you think you know more than you really do.

PS Not directed at you Perman.


* Wow, someone used a compiler once!

[Meriadoc]

Quote:

Did you create the Condom First?

Ofcourse.

Quote:

...Then You must start the condom.

Yes I understand the program and looking at it more closely. You hook SSDT 11 times on start of condom.

[Meriadoc]

Quote:

It's amazing how running a few HIPS and hanging around here for some time, can make you think you know more than you really do.

Who is this directed at? Yes I design and wrote software and a computer language. Now can we discuss program?

[mswiczar]

Quote:

Originally Posted by Meriadoc

Ofcourse.

Yes I understand the program and looking at it more closely. You hook SSDT 11 times on start of condom.

if you want i can send you the source of the patching.
But first please contact me in mswiczar [at] vappware.com
I want to speak with you.
Now i just uploaded a new version compiled with checked build.
More data on

hxxp://www.vappware.com/vapp/index.p...d=17&Itemid=47

[mswiczar]

Quote:

Originally Posted by Meriadoc

Ofcourse.

Yes I understand the program and looking at it more closely. You hook SSDT 11 times on start of condom.

by now im hooking (in this version)

ZwCreateFile
ZwOpenFile
ZwOpenKey
ZwCreateKey
ZwLoadDriver
ZwUnloadDriver
SetSystemInformation
ZwCreateSymbolicLinkObject
ZwCreateThread
ZwCreateProcess
ZwCreateProcessEx

this other patching are deactivated for now.

ZwAllocateVirtualMemory
ZwProtectVirtualMemory
ZwOpenProcess
ZwOpenProcessToken
ZwOpenProcessTokenEx
ZWDEBUGACTIVEPROCESS ZWREMOVEPROCESSDEBUG
ZwOpenJobObject
ZwSetInformationJobObject
ZwCreateJobSet
ZwOpenThread
ZwSetInformationThread



more data?

[mswiczar]

Quote:

Originally Posted by Meriadoc

Hi mswiczar,
I'm using a clean vm to test BC but I get bsod at the moment - opening ie & FF.
I notice you have to wait before you can use the protection as it takes 3-4 mins to make a condom - can you quicken this up?
As I cannot test it right now can you tell me what threats it will protect against?

Could you sendme your crash dump please?

[Devil's Advocate]

Quote:

Originally Posted by Meriadoc

Who is this directed at?

if you have to ask, it's not you.

I'm talking about the guy who is acting all upset because he thinks the guy doesn't hang around in security forums. And I'm still waiting to see him provide evidence (based on some weird reasoning), that all the code is cut and paste.

[steve161]

Vappware's website seems to be down at the moment. I was going to try this app in shadow mode, but it is almost 3o a.m. I'm done.

[Pedro]

Quote:

Originally Posted by mswiczar

yes. you are right!
any suggestion?

humm, well, i can't think of anything that hasn't already been done.

The obvious solution, that others use but i don't think it's that special (it is obvious, one has to do something of the sort), is having the user choose what folders should be monitored (downloads for instance, bookmarks...), so that, when clearing the condom (more like trashing it, i don't re-use them...), the program would ask to save files from these folders. One would review the content of the folder from the program's GUI still, and save what is important.

[mswiczar]

Quote:

Originally Posted by Pedro

the program would ask to save files from these folders. One would review the content of the folder from the program's GUI still, and save what is important.

Pedro, first of all, thanks for your interest.
This kind of feedback is very important.
Of course I ll do it, but whats happen if you forgot something?

What do you think if we put a trashcan?
When you discard the Vcondom, you could always restore files from the trash can. you could configure which files, or extension or folders do you want to always store in the trashcan.
We could have a watermark of how many storage can contain a trashcan?
The contens of the trashcan coud be encrypted, for more security.

[Pedro]

That sounds good. The user could choose if he wanted to use the trash can, or delete. Nice!
The encryption is also a good idea, but i can imagine the work ahead of you!

[mswiczar]

Quote:

Originally Posted by Pedro

That sounds good. The user could choose if he wanted to use the trash can, or delete. Nice!
The encryption is also a good idea, but i can imagine the work ahead of you!

i want to do my best.
i can buy a component to do the dirty job.
There are a lot of components for about 20 U$s to make encryption, without royalties
And the Trash is just a folder outside the Condom.

Quote:

Originally Posted by Pedro

That sounds good. The user could choose if he wanted to use the trash can, or delete. Nice!
The encryption is also a good idea, but i can imagine the work ahead of you!

Alright then mswiczar looks like you have something on the horizon worth some attention and hope it pans out for you and the users alike, but Say Dude, if you were after BOTH attention and a laugh then you got it, no offense meant, really, but of all names in the world you could have chosen, what guided your imagination with this one?

[mswiczar]

Quote:

Originally Posted by EASTER.2010

Alright then mswiczar looks like you have something on the horizon worth some attention and hope it pans out for you and the users alike, but Say Dude, if you were after BOTH attention and a laugh then you got it, no offense meant, really, but of all names in the world you could have chosen, what guided your imagination with this one?

Attention is an important thing in a product.
But laugh is Very important.
Do you know when anybody laugh, he felt good. He could forget just for a while any other bad moments.

What more i can expect with a name?

[Pedro]

Quote:

Originally Posted by mswiczar

i want to do my best.
i can buy a component to do the dirty job.
There are a lot of components for about 20 U$s to make encryption, without royalties
And the Trash is just a folder outside the Condom.

I had no idea one could buy components. Always learning, thanks.
I hope you keep posting about the development of the program, maybe i can learn more (if i can understand..). This is early stage, so please share your frustrations/ obstacles/ achievements

Oh, and welcome to Wilders!