how to fight dll hijacking?

Discussion in 'privacy problems' started by hojtsy, Mar 16, 2004.

Thread Status:
Not open for further replies.
  1. hojtsy

    hojtsy Registered Member

    Dec 28, 2003
    Several security software (firewalls, sandbox, Process Guard) assign privileges to applications based on the full path and MD5 of the executable file. If a dll of a privileged application is replaced by a malicious software, that dll could load and run in the address space of the trusted application, and break out of security measures.
    I am searching for a solution for this problem. List of solutions I am already aware of, so please do not repeat them:
    - don't ever execute anything which has a remote possibiliy of being malicious: sorry this is too strict
    - use "whatever software" which checks dll/exe files ever 10 seconds: sorry 10 seconds way too long, in that time the damage is already made. I need prevention.
    - don't care about damage and use "whatever software" to repair the computer: sorry but damage is not limited to my computer, it could be my private data broadcasted.
    - use Abtrusion Protector: I was told that it continually accesses the disk, even if you are idle.

    Do you have any other ideas? Some tricky sofware hidden behind your back? Or are we completely utterly lost after we intentionally start an executable which turns out to be malicious, and it is not yet recognized by the antivirus?

  2. Peter2150

    Peter2150 Global Moderator

    Sep 20, 2003
    Hojtsky, I think you are looking for perfection in an inperfect world. Abtrusion Protector will do what you want, but there is a price. I used it. I have been beta testing DCS's Process Guard, and frankly I think it covers that base more efficiently, and thats why I dropped AP. I realize you haven't yet seen the new version of PG which of course is a disadvantage. This is one layer. I mentioned GoBack in another thread. This is another layer, in that it allows you to easily undo any damage. Key word here is easily. As far as your data being broadcast to the world. Again layers. Firewall should help block unwanted outbound communications. Also new PG, AP ete, should help keep something from running which could create the outbound communication.
    Finally depending on your data, encryption, to protect is another layer.

    There are multiple layers, all provide a measure of security, all have a price.

    What you may be looking for, is the proverbial free lunch and it doesn't exist. We each have to decide how much protection we need, and what we are willing to give up for it.
Thread Status:
Not open for further replies.