The strength of SRP as an Anti-Executable

andyman35 · Sep 28, 2009

ssj100 said:

Agreed. I'm completely lost haha. But I think I can see where you're coming from. Perhaps Tzuk will know the answer to this.
Click to expand...

I'd be fairly certain that Tzuk could clear it up yes.

wat0114 · Sep 28, 2009

Kees1958 said:

Ah well, very old fashioned, also the reason why I am not testing a lot.

A seperate play PC

Phyiscally disengage the data disk

Load a test image

Test

Make a new image of test result

restore to working image

Bit by bit compare of clean image versus test image

Once some unused bits were changed in the master boot record, although everything seemed to work normally, I did mount that image regurly for a year, but it was not a time bomb either.

After some years of playing with malware and general usage on two PC's, we had one virus interception on my son's PC. I on the other hand had managed to destroy our home PC two times and my Son's once. Therefore my wife wanted a laptop, with only one security application (you guess what).

So I was more or less banned to an old PC and am not allowed to touch the other PC's anymore.
Click to expand...

Okay Kees, you had to be getting paid for this This procedure seems way too labour-intensive to me, although I'll admit it probably by far results in the most accurate representation of what the virus does to the system. But at least now I think I understand what you meant in your "most unlucky man" suggestion

Kees1958 · Sep 29, 2009

@ Watt and Andyman

Brilliant Wilders community reaction

Windchild · Sep 29, 2009

ssj100 said:

By the way, what real-world malware are you talking about that has been proven to genuinely bypass Sandboxie? The only one I can think of in recent memory is that print spooler service vulnerability that Buster discovered. Have there been others in the last few years? Please enlighten me.
Click to expand...

The spooler service one was the first that came to mind as it was so recent. As I suspected when it was first reported, it wasn't a vulnerability in the spooler service at all, but rather a Windows feature that had been overlooked in Sandboxie design and could be used to get out of the sandbox if the user was logged in as admin. (So, your setup, as far as I know, would have easily prevented that bypass.) There have been others, too, but fat chance that I could remember then now that it would be useful.

You might have noticed - I've tried quite hard to emphasise the importance of having a good "security approach" here on Wilders.
Click to expand...

Yeah, I've noticed. It's a very good thing to emphasize that security is much more than a bunch of apps or settings. Even most quite sophisticated attacks and attempts to bypass security software can be thwarted simply by using one's head and of course social engineering attacks can be only by reliably defended against that way.

Log in or Sign up

The strength of SRP as an Anti-Executable

andyman35 Registered Member

wat0114 Guest

Kees1958 Registered Member

Windchild Registered Member

Log in or Sign up

The strength of SRP as an Anti-Executable

andyman35 Registered Member

wat0114 Guest

Kees1958 Registered Member

Windchild Registered Member

Useful Searches