Interesting HIPS test:restore SSDT hooks

Lonewolf

yes the super elite hackers from SI think all AV's AT's HIPS & FW's are just a bunch of crap and of course Windows LOL
but with the new and improved Windows 7 coming out soon to a theater near you, I am they will have to start a new game. I wonder if 7 will have a multi kernel?

Anybody here doing any testing with it yet?

 

Hm, it may be they are the best programmers. I just wonder why don't they produce the best software ? What I see, all the "cool hackers" are young enough people. Then, after they stop being "cool hackers" they go to work in software companies to resist new "cool hackers" ..

 

I think you understand well

 

These boy are good at using the decompiler tool to "research" anything they are interested. some of them like to "copy the code" from decompiler and build them with a new name, then make a webste and sale their products.

 

Comodo is aware of the trick so the program has no chance.

http://i25.tinypic.com/s24e20.png

@controler: the problem is especially windows subsystem for compatibility reasons.
Not sure if Windows7 will change that they simply make too much money to make drastic changes
but exactly that predicts them a critical future. Check Windows Collapses (in german)

 

Yes I knew the young great hackers would go to work for the bigger companies and even start their own security web sites and that is a nice gesture indeed. Moving from the true dark side to the light side is always good for whatever reason, unless it is for money

I don't know much about Windows 7 but do think it will be completely rewritten.
Not using the old windows kernel. This is why Vista will be short lived.
I guess we will see.

Mj mentions Komodo is crap but I know she isn't talking about Kevin.

If I was abetting man I would bet on Kevin above Mj. I would probably even bet on him over EP in knowledge about rootkits. As you know while he had his own business and had Gov contracts , he could not touch the kernel and did a great job of it until it could not be done that way anymore. He was not allowed to touch the kernel even from ring3. Most can see why not, BSOD
on GOV machines is not a nice thing.

Now does NSA use Windows, Linux or their own OS? How many other governments should design their own OS?

I think they can afford it, instead of spending trillions dominating the world.

OPPS did I make a political statement, not allowed here?

Back to sysinternals I go then.

 

Probably it would be faster to list HIPS that do not pass it
None?

Fax

 

Unfortunately we have less statements from chinese people would be interesting what they think.

So this Kevin you are talking about is producer of Comodo? Sounds cool the Gov story.

Actually Sysinternals is abandonned.

 

SystemJunkie

Kevin didn't produce comodo but sold he 7 his wife's buisness to them. I am not sure what part he has in Comodo's Hips if any. He mainly works on Comobo BoClean and maybe with their Av people. he has been biching about Microsoft for years I haven't spent much time over at the Comodo forums
but now that I have some free time, I might try to check it out.

I don't know if the government here has changed their minds about touching the kernel or not but maybe that is why they counted on companies that used hardware with it's own OS before the main machines to find rootkits.
MS's latest buy.
I am still interested to see if anyone is testing any part of Windows 7 at this time.

 

Because that antidote is used by few people.

 

Why write a BSOD generator when you can use MyFault test app or anything like that.

This has got to be the silliest so-called HIPS test i ever seen, it was absolutely baseless and useless as a 2 day old popcicle on a 90 degree day.

It proved nothing. It even has the appearance of some script kiddie pieced together garage project.

Ok, let's compare it to SSS that was release some time back, a gui that at least had some substance to match.

I still don't get it.

 

Not such a great observation when you realize that one despite visting the great "rootkit dot com" when they were in diapers one still know less than 1/10 what these kids do now...

 

Lusher

are you referring to the Windows OS, or programming in general?
That's what i am guessing you are referring to.

You probably are right about the 1/10th if looking only at what I asked above.


I know i was shunned here some years back for talking about rootkits becoming a problem in the future.

The only thing now that will stop the criminals is if the mobo, other hardware & bios manufacturers get it right together & microsoft works with them.
We know Joanna R is working with Phoenix.
anywho whatever.

 

Hi controler

You probably read them and know they don't think much of Wilder's discussions but i really think they, the super so-called hackers are pinned against the wall and thats why they lash out. I made a comment they should offer a better improvement to HIPS then just running them down and our confidence in them or at least piece something together more useful to improve on HIPS instead of just running them down and calling us Sh*t for our support of them.

I post at both but i do not pull punches or take sides, security is #1, and if a POC is productive i'm all for that, but if they can't offer a better alternative then it's useless garble just to nick pick at HIPS supporters and their respective choice. I think there hackers are simply jealous because they can't completely climb the wall so they have nothing left but to lash out in frustration.

The latest so-called bypass sh*t HIPS is the biggest joke i seen yet but a good BSOD generator, but then anyone can fashion a BSOD file, thats lame stuff.