Please convince me !

Discussion in 'ProcessGuard' started by Rudy nework, Jan 17, 2004.

Thread Status:
Not open for further replies.
  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    all it would take to convince Rudy is a simple demonstration which proves that he is not completely protected. If you can't provide then you need to say so. So far all the arguments come up short apt.exe is not trusted therefore user control says do not allow - it can't run - period end of story.

    a silent bypass of AP and or SSM demonstration would do the trick - your choice of attack, but stop talking theory.


    You guys just don't want to get it. Whats this silent bypass stuff. Also there is no theory here. Can something silently get by AP and attack. NO!. BUT... you go to a website to get a neat program that you think is safe. You download the install.exe and have tell AP to allow it to install software. (this is what you do to install new software). Once you have done this AP assumes everything installed is okay, and if by chance it has a nasty in it(this has happened), then AP WILL NOT catch it, because you installed it. THIS IS NOT THEORY.

    In the final analysis, if Rudy can't see this, then he should pass on PG. Hopefully he won't be convinced the hard way.
     
  2. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    @peekaboo

    you are exactly the kind of guy..snipped. please don't play personal hard ball - let's stick to factual opinions - paul

    The fact is that AP can't save you from 1) mistakes, 2) exploits of trsuted apps 3) theoritical exploits
    You are saying in addition that you has never done, and will never do any mistakes... i have nothing to advise to someone like you.
    (there is nothing theoritical, all was explain by me, Petter, ans Jason, just read again).

    snipped for one and the same reason as mentioned above - paul
     
  3. Rudy nework

    Rudy nework Guest

    To Peter 2150 :

    I can see (and understand) fully that AB does NOT protect you after you have giving launch (install) permission to a possibel malware.

    The thing is, I seldom (rare) install new downloaded software. not to say never.

    If i decide to do anyway, I run it against AVG, RAV online, Pest-patrol, FIRST prior to installing.

    The final answerto all this is ; AB CAN'T be terminated / bypassed by auto excecuting malware. It isn't even vurnable when excecuting the malware local on your desktop, as it can't run anyway. No mather what you try, if it is not in AB "safe list", it won't run. Period !

    It is clear to me that ALL those "so called" bypasses you guys know about don't excist. Otherwise you should have demonstrated / told about one. Not just theory. I already said before, i understand technical explenations very well. go ahead.

    I'm never said i'm a God that doesn't make mistakes. I make them everyday.

    But i do take ALL possibel precautions to protect my pc. Like described above.

    I run resident > AVG, PP, AB, ZA PRO, Script defender, Reg.prot.

    Rudy.
     
  4. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    will if you run a hard ware and software fire wall plus a good av and at and you say you never dowenload anything then i wouldnt buy it in less your like me

    see i do the following

    i do everything amaginable to this pc

    i dowenload stuffs all the time

    i go to pornsites

    i dowenload music sometimes

    i use dangeriouse applications

    i have very good friends that i like to test out my pc

    my curiosity threw the darkside of net to see what new nastys are out there or products often kills my pc

    i have juno hackers look at me as eat at joes neon sighn on my head

    i do everything on this pc

    if you just surf for 10 minutes a day and check e-mail then you most likely dont need this

    if you spend alot of time surfing and dowenloading and so forth then you need this

    but if your into security you probably do alot on that pc like testing stuff and saying what can break
     
  5. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    no one is saying you guys are wrong about mistakingly adding a trusted Ap which could act out

    I personally think PG is a great addition to the layared defense. Cost/benefit if it fits buy it. Look at the habits of Rudy... does not install alot of software etc... essentially he is saying he does not need it based on his habits - that's it.

    the above is not the issue.

    I think with a little effort a demonstration could be put together to show what Rudy is saying is impossible. I do not have the skill to do it but... you or someone like you might


    before you scoff at the concept of silent bypass, vulnerabilities exist in many software - we are human we make mistakes therefore the products we make are also not perfect and can be exploited if given enough time and incentive.

    [hr]

    we really do get it:

    ... Not because we are gods, and never make mistakes but because we understand potential threats and do the upfront work necessary before allowing a program access.

    After the scanning... etc

    but again all this is relative based on the surfing habits of the individual...

    if we don't agree... it ain't the end of the world - lighten up. :)
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Okay. Rudy asked to be convinced and he isn't. So be it. I've also known people who wouldn't buy fire insurance for their house because they they believe they are very careful and they are sure they won't burn their house down. Tis their choice, but I won't have much sympathy if they are wrong.

    Rudy best of everything.
     
  7. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Peter,
    I also know people who didn't think they needed an anti-virus scanner until a virus destroyed their drives ... :). Likewise, I don't have much sympathy for them.
     
  8. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    I'd just like to refute the claim that it is rare to have an undetected or for sale trojan because this is far from true

    Process Guard was born to stop the latest trojans at their source, prevention is better than cure. The sheer number of process injecting and rootkit style trojans appearing is a little scary. The facts are that anyone can buy an undetected version of their favourite trojan for as low as $21, and it seems quite a few have been sold at $21 for Lithium, $50 or more for Beast, up to even $300 for Optix Pro

    The other (probably WORSE) thing is that a lot of users learn how to package these cleverly, not only PATCHING the trojan to be undetected, but also using free installer packages like NSIS to distribute the program with a more genuine look. Scanning these with most scanners first is pointless, since most dont scan inside the package. And if the trojan has been patched first (hex edited) then its pointless scanning again.

    So if you trust the package, then after install it has a few EXE files then its still whether you allow all those EXE files to run ? What if one is cleverly named to be some "compatibility module" and is the trojan. The rest of it seems ok, it all scans clean.

    In short, private malware is not detected by ANYTHING, and most trojans can be edited with ease to an experienced user, and yes there are a lot of them out there.
     
  9. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    786
    Location:
    West Virginia (USA)
    It's a proven FACT that Abraham Lincoln did NOT say "you can please some of the people............" :D

    Let's get on with the release of PG 1.2 ... anxious to install and be further protected. ;)
     
  10. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Rudy nework (guest),

    If you are still purusing these parts, have a look at the thread below:

    http://www.spywareinfoforum.com/index.php?s=63db60d1072aba5cbc55b7a0f1da7cdc&showtopic=23137&st=0&#entry129914

    go to the gaming spot mentioned in the link above (gamewinners - link not provided for obvious reasons) with all your defenses up and let us know how you faired out...

    I think with all the theory spouted here all you were asking for was a real example... sounds like that gaming spot has some nice silent drivebys for you to try out.


    Be interesting to know 1st if you get the driveby download (not sure if activex & java are the injectors so if it don't work for you and you normally run with those disabled, just for grins you might want to try loosining your security a bit to see if #2 can occur) , second if they are able to execute...

    if 1 & 2 occur don't come back here for help ;) LOL sounds like you will get no sympathy...

    go back to the above link someone there will be able to help you if you need it.

    BTW, based on your surfing habits I agree with your position. If on the other hand you surfed like Blaze well enough said :eek:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.