*BladeDefender Update*

Discussion in 'other anti-malware software' started by trjam, Sep 23, 2010.

Thread Status:
Not open for further replies.
  1. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    I contacted Long Lu who is part of the development team from Georgia Tech University involved in the creation of BladeDefender. I see this summer he worked as a intern from June till August for Microsoft Research. Anyway he got back to me and his comments are below.

    Thanks for your interest in BLADE. The release surely will happen within this year. But sorry that I cannot promise you a concrete date for now.
    Please understand that we are an academical research lab -- converting research prototypes into products definitely interests us, but cannot be our first priority due to the limited human resources.

    Cheers,
    Long
     
    trjam, Sep 23, 2010
    #1
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    Thanks for the update!

    I wonder how many people will be interested in this product, since at the moment, according to their research paper, the product monitors only the browser attack vector, ie, drive-by download:

    BLADE (Block All Drive-by download Exploits)​

    This leaves USB, email attachments, Office documents, etc, as possible attack vectors for malware executables. There are many solutions already available that cover multiple attack vectors.

    BLADE-ACM-CCS-2010.pdf
    http://www.blade-defender.org/BLADE-ACM-CCS-2010.pdf


    ----
    rich
     
    Rmus, Sep 23, 2010
    #2
  3. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    They should have put that info on their page instead of the "available soon" mesaage. :rolleyes:
     
    Searching_ _ _, Sep 24, 2010
    #3
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    @ trjam

    Thanks for asking, now we know :(
     
    CloneRanger, Sep 24, 2010
    #4
  5. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Guys,

    Soon Safe-Admin will achieve the same for you.


    Applying EMET-2 reduces the risk of succesfull shellcode injection. This mitigates fase 1 of their approach.

    Running your Browser with Low rights will contain it from the rest of your system (running medium or high rights with UAC on), so no shell code can touch your other processes. Contains fase 2 of their approach)

    Applying a No-execute-Up access control list on your download (and temp) directories will deny execution of anything downloaded by the browser from code within the browser or pocesses called by that browser (heeeeeeeee a long sentence to say that you are able to execute with Explorer, but injected malware or javascript running in/ran by the browser NOT). This blocks the third step (execution) of their model (Quoting RMUS when it can't execute it can't infect).

    See https://www.wilderssecurity.com/showpost.php?p=1753328&postcount=2

    Regards Kees
     
    Kees1958, Sep 24, 2010
    #5
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Not all of us have or want Vista or W7 :p

    EMET only works on XP/SP3 and above, i'm staying with XP/SP2 ;)

    So things like BD might be useful, if only to play with :)
     
    CloneRanger, Sep 24, 2010
    #6
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...