Is Google Chrome truly that vulnerable?

Yes I know, but you misunderstood, what if a sandboxed process tries to inject code into another sandboxed process, does SBIE allow that?

 

Oh, within the same sandbox? Should be allowed.

 

I have a question here: VoodooShield wrote some very true and said things about UAC:
https://www.wilderssecurity.com/threads/appguard-4-x-32-64-bit.355206/page-88#post-2403800

So what does this all mean using DEP, SRP, UAC, LUA/SUA is completely useless if you want to protect yourself?
And the only thing you can have is to rely on security/protection companies to et adquate protection?
I guess, you cannot protect yourself against kernel-level exploits and kernel-levle rootkits with DEP, SRP, UAC, LUA/SUA, you would need AppGuard and similar for that?
And if Google Chrome, like Fleischmann said, is more secure than AppGuard what does this all mean?
Sorry, I cannot understand in what exactly way Google Chrome ismore secure than AppGuard?
Because of the increased attack surface or something else?

Here is Flesichmann's post about this:
https://www.wilderssecurity.com/thre...ly-that-vulnerable.365739/page-8#post-2403960

 

Look at the most effective strategy mentioned here.

 

No and the statement doesn't claims that. It's true about the weakness of UAC but speaks nothing about the other mechanismns.

No, you can't see it to simple and can't put kernel exploits and rootkits together like they are equal things. If the kernel get's exploited then it's a possible game over for every security software that runs on Windows. But the kernel must be exploited first and therefore it needs a) a vulnerability and b) an infection way. And for b.) there are (depending on the infection vector) several possibilities to stop them. So no simple black vs. white here.

It's like comparing apples and pears as you write it. And I'm quite sure FleischmannTV didn't mean it that way.
The question was more, what can AG offer to make Chrome more secure and the argumentation was solely based on memory protections and theoretical assumptions. Of course, that part is somehow "black box" by BRN(but btw. I find it quite strange an unfair to ask again and again and if no answer come, that gives deep details, then simply assume some basic things and conclude that memory guard is nothing special...and in other topics the same people rely on marketing claims and intellectual property statements (f.e. MBAE discussions)

But if we leave the memory protection discussion alone there is still a much that f.e. AppGuard can offer for Chrome, look at all the protected ressources, private folders etc. All things that AG tries to secure for guarded apps.

And I don't believe in bullet proof things, even not for Chromium based browsers. But yes - they implement some state of the art security mechanismns out of the box.

In short: Don't get hyped by theoretical discussions, without real examples.

 

Just to make things clear, when it comes to evaluating AppGuard's efficacy regarding Chrome, you need to differentiate between the broker and the slave processes of Chrome.

I think AppGuard offers nothing when it comes to exploits in Chrome slave processes only. These processes run at untrusted integrity, have no file system or registry access (not even read), cannot create other processes, don't have internet access etc. If you wan't to do damage in that scenario, you either need to exploit the kernel or at least exploit the broker chrome.exe. Regarding the latter AppGuard is definitely useful, regarding the former it's not. At least it doesn't mess around with Chrome's internal policies, like disabling some job objects or the Logon SID and NULL SID.

That's at least how I understand these things and please don't regard me as a trusted or quotable source. I am certainly no expert (I neither have an IT education nor do I work in this field) and am only gathering the bread crumbs I can find on the internet. Frankly I don't even bother asking questions anymore when it comes to securing Chrome because no vendor would tell me the truth anyway and I don't know people who are competent enough to break out of Chrome's sandbox, so they could tell me what's really useful or not, or even detrimental.

 

yep, chrome is very strong with its own flash and pdf plugins,virtual classes and sandbox (integrity level, job object and alternate desktop).

 

I honestly don't know what to make of that post, I'm probably missing a lot of context. But UAC is not "the best technology of the 1970s." Even in the 1970s there were systems with safeguards that Windows still doesn't implement, e.g.

http://en.wikipedia.org/wiki/Multics

despite x86 CPUs supporting most of it now.

UAC doesn't register on that scale, nor frankly does AppLocker or other whitelisting approaches; they're all budget strategies for budget security on budget operating systems. A multiuser OS should be able to run untrusted userspace programs in isolation. Just saying "Well I won't run untrusted programs then" is sidestepping the fact that the OS itself is not trustworthy.

 

There is nothing blackbox about the "Memory Guard" function in AG. We already got to the bottom of that.

 

You got some infos from Barb. Nothing more.
And OT: some of your statements show, that you seem no to understand them. You even seem often not to test things for yourself or try them out. But let's stop those things. Some other members already posted their opinion about your "art of asking questions" ;-)

@FleischmannTV:
Yes, thats the way I see it too. But if those mechanisms fail, maybe the policies set by AG can help a little. So I won't say in general "No, it adds nothing".

 

I think you guys are simply having difficulties in differentiating facts from marketing. >_>

Let's just simplify things up here...

Option #1: HTTPSB/uBlock + Chrome + EMET + AppLocker (w/ hotfix) + UAC/LUA
Option #2: HTTPSB/uBlock + Chrome + EMET + AppGuard
Option #3: HTTPSB/uBlock + Chrome + EMET + Sandboxie
Option #4 (32-bit only): HTTPSB/uBlock + Chrome + EMET + DefenseWall
Option #5: HTTPSB/uBlock + Chrome + EMET + EXE Radar
Option #6: HTTPSB/uBlock + Chrome + EMET + Classical HIPS

Those are the most well-planned security setup for Windows OS that I can think of. Use anything you like, you can't really go wrong with either one of them. Just don't expect any kernel-exploit protection. The only thing we have for that is Windows Update and even with that it's not going to end all the world's problems.

 

Do you really want to go there again? It´s clearly YOU that don´t seem to understand certain things. There are only a certain amounts of techniques that you can use to protect against malicious actions, there´s nothing secretive about that. And based upon this reply, I get the feeling that you don´t even know what the discussion was about. And what´s wrong about asking questions? If I didn´t ask them, some people (like you?)would still believe that AG could disrupt exploits, apparently.

 

No, i have no time for it and no time to go in circles or to discuss with you and get personal here.

Nothing is wrong about asking questions and having an interest to look behind all marketing etc. That's fine. But getting on the nerves of many developers and members here in board by asking again and again the same things, making wrong assumptions and so on is another topic. Some things are closed, intellectual property and about other things devs aren't just willing to answer etc. That's life.

 

Well I didn´t see me making wrong assumptions, please be more specific. And why are some of you acting like spokesmen for developers? Because apparently I´m getting on their nerves now. For your information, I have asked numerous of mostly technical questions to developers of tools like MBAE and HMPA, I even PM with some of them, and all my questions have been answered, because that is what developers who are trying to promote their product do.

EDIT: And I also have to give credit to Barb_C, she has always done her best to answer my questions about AG. I think it´s ridiculous and quite silly that some members who are getting "tired" of all these questions, are telling me to test stuff my self, ask questions only if you are willing to buy the app, and if not they will ask developers to ignore me, is this some kind of joke?

 

Oh great, marketing his product as always. UAC limits what a program can do as well, not just outright blocking like VoodooShield.

Anyways, I stopped worrying about these kind of things long ago. About as likely as winning the grand prize in a lottery or having some unfortunate accident resulting in death.

 

I feel the same way. I am not even sure why he's talking so much about UAC, and compare UAC to some commercial products. I did not say I rely on UAC for my security and I am not sure what is the point of his argument.

I myself, and a few other members of this forum, apparently have the habit of trying to learn "HOW" stuff works, oftentimes getting to the point that in order for devs to answer our questions in an honest fashion, they'll have to admit that their marketing presentation is misleading or exaggerating in order to make you believe that only their product is "Unique", is "revolutionary", and that you will die if you don't use their product. That's why they, and some of the fanboys here don't like me and the few other members, because we think independently and critically. We don't defame any product based on nothing, we just wanted to learn the truth and the true merits behind the fancy marketing presentation, and if we found a really great product that worth buying, we'll buy it right away. We never said any product listed in this forum is useless.

If any devs and fanboys can not take some critical questions and comments, that's definitely a demonstration of their lack of confidence in the product, then in this case, why should I buy the product?

 

So, Gullible Jones, Rasheed, Fleishmann, Windows_Security, J_L, Oliverjia, what do you all recommend me?
Can I stay with UAC, DEP, LUA/SUA, SRP settings on Windows 8.1 plus Google Chrome, plus Windows 8.1 firewall everything inbound is blocked, almost everything outbound is blocked (almost) and be fine with this?
So, there is no need for irrational fear at all (because of VoodooShield's post which made quite nervous)?

The only thing I have to keep up watching is my other computer which has old XP Pro Service Pack 3, that's a bit tricky, yes I could use AppGuard4 and SBIE4 on it, unless you have some other more simple, but equally secure solutions?

 

You're fine. Just keep a backup of important data and it won't matter whatever hits you with your perfectly layered security system.

 

Dear CoolWebSearch,

First off, what I will say below is only my opinion (I don't work in IT security), so please only use it as a reference. Please do listen to others' opinions as well, then think about them and make your choices.

Regarding your Windows 8.1 settings, on top of the security measures you mentioned, I would add a modern antivirus/Internet security layer and install EMET 5.0. Contrary to what many of the members here, I consider a decent antivirus/internet security software a must, the 2nd line defense mechanism on your OS behind the OS security features themselves (UAC, DEP, SRP and LUA). The rationale being that although zero-day malwares are dangerous, they are not necessarily common due to the very limited time to spread. You probably have equal or much better chances of coming across older malware, in which case antivirus software can provide simple yet very effective protection. Also, please note, in recent years antivirus/Internet security softwares has also been evolving a long way to include many advanced features such as anti-rootkit, HIPS, Automatic Exploit Prevention, Application Control, Default Deny and other behavior-based proactive, heuristic detection mechanism. Some of these features were tested and proved to be very effective, such as the HIPS and memory protection features in Kaspersky Internet Security. I have been using Kaspersky IS for many years now and although I do not rely on it alone, it did block many malicious webpages and auto downloads before these malicious codes even got onto my computer. Nowadays the rapid hourly update of antivirus provides much better defence against new malware. However, I suspect there could still be delays between the zero-day threats and the actual detection of them so as always, users' consciousness is the best defense mechanism - sometimes common sense works better than any other security measures. For most of the members here, I think since they've made their way to here, they are all vigilant enough to not allow the execution of any suspicious files and not visit suspicious links, which are the most common ways of getting infected. EMET is necessary for anti-exploit. IMHO if you have UAC, DEP, SRP(or AppLocker if you have Enterprise version of Win8.1), LUA, EMET, Google Chrome, plus user's caution, I think you are very well protected even against zero day malware. If you are paranoid maybe you can use SBIE on top of all the above.

Regarding your XP machine, I would do an OS upgrade to at least Windows 7 if I were you. Windows 8.1 64 bit version can be had for less than $90, and most likely free if you work/study in a University. If you prefer to keep using XP, then on top of a decent antivirus such as Kaspersky, Avira and F-Secure, I do think apps such as SBIE and AppGuard, MBAE or HMPA will be a useful additional layer. Also EMET will be very useful. You can also use a LUA on XP for everyday computing, instead of using a Admin account. If you are running XP Professional then you can also configure SRP to harden your OS: http://technet.microsoft.com/en-us/library/bb457006.aspx
Due to the design principle, XP is inherently insecure so more caution is needed when using it, especially since MS ended support of XP.

I think it's a good idea to back up your important data regularly to at least two other HDDs, and use an disk imaging software to backup your whole OS+Programs right after you newly install your system and program files and have them updated. This way, even you are infected, you can simple restore the whole system using the disk imaging software and restore your data from backup.

And finally, users are the ultimate protection and last line of defense against most of the malwares so I always recommend use your caution when surfing the internet and installing softwares.

Regards,
oliverjia

 

That's a good list there. When I first came to Wilders a few years ago I was worried as could be, having had a series of infections, mainly because I didn't have a clue what I was doing. After a little reading here I quickly added some layers, and haven't had any security problems since, and that's with the usual computer work, along with a lot of daily browsing and downloading. I agree that combining a few good layers is going to keep a person safe from just about anything, especially with sane computing habits.

 

+1

Staying safe doesn't have to be complicated.

 

Yes exactly, and to me it wasn´t even about "fancy marketing", it was just a simple question about the exploit blocking capabilities (of tools like AG, EXE Radar and EMET), some people didn´t seem to understand what I exactly meant, so it turned into a lengthy discussion. But apparently some members took it as an attack on their favorite product, so that´s why they got fed up, I´m sorry but IMO this is a bit childish.

The funny thing is, when I say "Memory Guard is nothing special", I didn´t mean that it´s not an important feature, I meant that this feature has been offered for years, and can not be compared to newer forms of protection methods, like the so called "in-memory exploit mitigations". Also, the reason why I am asking all kinds of questions, is because (in contrary what you said) I don´t want to rely on marketing claims.

 

(1) who said it is the same as expoit mitigations Nobody.
(2) It's not the same as in all other apps, cause the policy completely differs. AppGuard distrusts by default, while in classical hips trusted apps are nearly allowed to do anything. (Should have become clear in the answers you got).

Now I stop. But ask yourself, why many old and experienced members got some problems with your posts. No, they are not fanboys, so maybe something in your posting style is confusing?!

Regards and btt.

 

@ SLE

1 At least one person did.
2 Not really relevant, and incorrect.
3 Might be confusing, but most developers don´t seem to have a problem with answering and understanding my questions, so you do the math.

 

so which classical hips put's memory restrictions on trusted apps like browsers?

Confused why you have to ask so often, before you get answers ??

But now it's really OT an I like to stop. I won't get personal, but sometimes it's hard cause you seem to be immune against critics as your answers to others like Pete, or Bellgamin indicate.