Faronics Anti-Executable Standard 5 is live with granular publisher control

Discussion in 'other anti-malware software' started by faronics, Apr 2, 2012.

Thread Status:
Not open for further replies.
  1. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Light as well.
     
  2. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    So with DLL protection disabled, is this anything for a normal user to be concerned with? If so, is there a way to mitigate this some other way than using AE's DLL protection?
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    Hi acr1965,

    Note Dmitry's comment in post #66 :

    One example is Duqu, using the truefont parsing vulnerability, MS11-087, to install a DLL payload. One analysis stated:

    And another:

    I contacted Faronics and sent them the Symantec and Securelist analyses of the Duqu exploit. They responded saying that based on that information, their product, Anti-Executable, will block the exploit with DLL protection enabled.

    A lot would depend on your own approach to security. Some of the exploits with DLL payloads used USB devices as the attack method. How do you secure against USB exploits? If the code on the USB device cannot execute, then the DLL payload has no chance to get onto your system. The LNK exploit, MS10-046, used by Stuxnet, was one example.

    With Duqu, a user has to take into account the mitigating factors (Browser, other sofware used) and assess the risk involved to determine if other security measures in place are sufficient without needing a product with DLL protection.

    For myself, not being able to forsee the myriad future potential attack vectors for DLL payloads, I consider DLL protection a nice layer to have!

    regards,

    -rich
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    to be more secure i just check DLL protection ON;)
     
  5. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    thanks for the info
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.