LnS didn't detect updated program

If I’m not mistaking many of todays Software Firewalls with Application Filtering uses at least MD5 checksum without any noticeable impact on the System & Internet Performance. If a vendor going to implement a feature why not focus on making it near perfection regardless of some additional requirements, after all security outweighs additional requirements.

Hey Defenestration; Look ‘n’ Stop does offer bit of protection of its registry settings, or it did when I last used Look ‘n’ Stop. From what I can re-call when Look ‘n’ Stop starts it loads its registry settings into the memory I believe where it can be referred to, any malicious activity to Look ‘n’ Stop registry settings will not be taking into effect until the next execution of Look ‘n’ Stop and by then Look ‘n’ Stop registry settings should be restored from memory upon exit of Look ‘n’ Stop GUI. Therefore manipulation would have to be done directly to memory.

 

What's going on? Don't you use the program anymore? I thought you were the ultimate LnS diehard.;-)

 

LnS is pretty safe in this department then. The new method of starting LnS as a service should help here to by getting LnS up and running ASAP.

Good practice demands that LnS should be started (as a service) on system startup, and not be stopped until system shutdown (ie. don't terminate it yourself while Windows is running).

Is there any way to delay the LnS service from exiting (on system shutdown)
so that it is one of the last services to be shutdown ? By doing so it would reduce the chances of the registry settings being changed between the time that LnS shuts down and the system actually being shutdown.

Call me paranoid if you like, but I am!

 

Hi,

Thanks to Thomas who sent us the 2 opera files showing the issue.

After investigation, the problem is not coming from the way the signature is computed but is related to the way Look 'n' Stop considers the exe file sections in the memory.
Opera executables are special: they don't contain a CODE section only DATA sections (whereas one of the sections is really a CODE one). That's why it is causing the issue with Look 'n' Stop.

I will try to implement a workaround soon.

Regards,

Frederic

 

Hi Frederic,

I would still recommend using a better algorithm to create the signature (eg. MD5) even if that wasn't the reason for the original problem because using only a 32-bit signature is not very secure and is likely to cause problems in the future.

 

I agree..and think that developing an MD5 check feature shouldn't be that difficult for Frederic!
Any possibility, mate?

 

Hi,

or if Frederic wants to keep Look'n'Stop as light as possible, then give the option
for the "light" checking, or for the MD5 checking ?

So a 133Mhz CPU would still be able to use Look'n'Stop.

regards,

gkweb.

 

that could be a good idea..I don't think some firewall like that exists..I mean, one which gives you such an option...

so I guess LnS would rock if programmed "modularly"..I mean, we've been talking about the unlimited SPI yes/no, and that may very well be another entry..

 

If any more information is needed:
WinMX 3.31 (old): http://www.smartdownloads.net/get-76.html
WinMX new: winmx website.

 

I thought this problem was supposed to have been fixed.
LnS 2.05p2 didn't detect the updated, latest beta version of WinMX.

 

Ok, I will make some tests again with this application.

Regards,

Frederic

 

I don't want to be pushy, but maybe a change in the way it's checksummed might improve it (although I realise you don't simply do a checksum of of the file)).

What do you think ?

 

The problem is not related to the checksum itself, the problem is related to the code section detection of the PE executable.
WinMX executable contains an unusual empty (and incorrect ?) section which causes the trouble:

SECTION HEADER #1
.text name
12416F virtual size
1000 virtual address (00401000 to 0052516E)
0 size of raw data
0 file pointer to raw data
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
E0000020 flags
Code
Execute Read Write​

Frederic

 

Hi Martin,

We have a fix, if you'd like to test it, please contact us at lnssupport@soft4ever.com.

Anyone else encountering a similar issue can contact us as well.

Regards,

Frederic

 

While people have criticised Frederic in the past for not providing great service (myself included), I have to commend you for this prompt response to quite a serious matter.

Keep it up! As someone else mentioned, LnS is the ideal firewall for internet gamers due to it's low resource usage. I have recently recommended it, and will continue to do so if the support stays at its current level.

Respect!

 

I have tested the new LnS version and it works perfectly now.
So, thank you for the very quick update. That's much appraciated.

 

Outpost 2.5 is such.
-hojtsy-