Virtualization question.

Don't worry about it Erik. I still use FileMapp byBB which is by far more relic then ScriptDefender but i'll tell you what, it was THE ONLY program that registered a "hidden" file was released in System32 before it went stealth when i tested a rootkit on my system.

Otherwise, no program would have ever even known of it's existence including some popular ARK's.

Latest is not always the greatest and oft times more than not, something which might be considered outdated by most still can carry the mail if you catch my drift. I still use Kerio 2.15 and can't even get a nibble like a port scan.

 

Logical question regarding Script Defender :

If I can add the file extension .REG, I assume I can add ANY file extension in Script Defender, not only script file extensions.
Which would mean that Script Defender is more like an Extension Defender. Am I right about this ?
Thank you in advance.

PS: SD has a dumb uninstaller, but that is common for most softwares.

 

Yes, you can add any extension and SD will intercept it.
When you install your favourite media player, you associate it with .mp3, .wav, .avi, .vmv extensions. SD does the same with scripts extensions. Very simple, eh?
You only need SD due to AE's lack of script interception.
Prior to uninstalling, you must reset the associations.

 

I know, but I don't understand why I have to remove intercepts, the programmers of SD should have programmed this in the uninstaller of SD.

 

I'd call it a "functional bug".
For example, if you're going to uninstall SpywareBlaster, you must disable the protection first.
I'd be concerned of these "bugs" in paid software. SD and SWB are freebies (and very good ones), so I can't complaint.

 

Hello,
To answer the original question:
Programs running in virtual environment can do only what the environment permits them. If the virtual environment allows its contents to modify files on the host system - then they will - but that's kind of contrary to virtualization - as opposed to physicalization.
Mrk

 

The purpose of virtualization is, that a malware installs itself in an environment, where it can do NOTHING, not even sending data over the internet.
If the developper of the virtualization software didn't succeed in doing this, then his software doesn't work properly and needs to be corrected.
Virtualization is supposed to work like that and I don't want anything else, otherwise I can better work in a real environment.
I understand that it isn't easy, but that's the ART of programming and there are alot of differences between programmers from very bad to very brilliant.

 

If that were so,then you could not surf the internet, because to connect to a web site, the browser has to send out data (DNS request, your IP address).

Or are you thinking of something else?

regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

Hello,

The purpose of virtualization is to create a virtual layer of hardware for programs to run on and use. If this layer permits internet access, then malware installed in it will have internet access.

Example: if you allow NAT for a virtual machine in VMware Server, anything installed in a guest OS will be able to dial out. But if you set the virtual machine to host only, then it will not have this access. Very simple.

Mrk

 

Wish i am the virtu developper who can make the thing you wish,i become richer than uncle bill in no time !!

 

What looks impossible at first sight, doesn't mean it is impossible, you just have to think LONGER or have better brains than the rest. Never heard of inventions ?
You can't boot in an archived snapshot of FDISR either according the manual, but it is possible once you know how FDISR works.

 

At work we call this a mistake of an application analyst, but lots of programs are created by programmers only. Programmers aren't analysts and a good analyst/programmer (one person) doesn't exist, they are usually a good analyst or a good programmer but seldom both. They are cheaper for the boss.

 

As you stated many times around this Wilders " i never trust any security app "or words alike,in practical implications virtual is of no difference as compared with the host and virtual has to be treated like the hostsystem,there is no magical "something in there" what makes the difference,and for sure protect your virtu you do like mothersystem,and also i differ in opinion with you that someday some time in the future technical advances lead to total protection,remember the gloomy dudes are also advancing, maybe the super coders already reside on the darkside,its all about money and i have no illusions.

 

I'm sorry, but that's your wish of what virtualization should be like, not what it really should be. Depending on the virtualization software you use, you can tell it to virtualize a network connection, or disable it completely. Virtualization is a very powerful tool whose usage is not limited to malware containment. It wasn't designed specifically to combat malware at all, but due to its operating principles it ends up doing just that very nicely, though I guess you wouldn't know that.

 

Hello,
Erik, you quoted me by accident. I did not write that virtu sentence. Huupi did.
Thanks,
Mrk

 

I noticed that too. I thought i was going nuts!

 

Wonder if PowerShadow loads the system into memory like the Returnil Virtual App?Hence some users reporting their systems running faster in PS mode?

Returnil Virtual System

 

The precursors to current virtual technology were the various RAM disk drivers. People would work in a RAM disk because of the speed. One of my programming friends compiling in a RAM disk, for example. On bootup, you allocate a RAM disk (virtual), and it would go away on next bootup.

A very innovative product was vRamDir, which I used for many years in the mid '90s. It's its difference was that you were not limited to the normal 32MB RAM disk size, rather, you could allocate as much RAM as you wanted, depending upon how much free RAM was available on you system.

In those days (mid '90s) processor speed was not as high as today, and it was like flying to do word processing and graphics in a RAM disk, or virtual directory, in the case of vRamDir.

We never thought of it as protection against malware, because only the directory you specified was loaded into RAM, where today, working on an entirely different principle, the entire partition or system is loaded into RAM, as in the case of Returnil.

I stopped using vRamDir once CPU speed increased to the point where my working in a real environment was fast enough.

I notice that vRamDir is still available - the same file dated from 1996! Designed for Win9x, I doubt it would work on NT systems.

http://www.btsoftware.com/products/vramdir.htm

I still have my install file, although I never use it, but I do remember those days of working in RAM!

regards,

-rich

 

My guess, it does something like the *nix chroot command.

Under the folder C:\$ISR, there are folders with just a number, ie: 0, 1, 2, etc

Under those number folders is apparently a complete copy of each snapshot.

So, I am guessing it does a "chroot C:\$ISR\2". This fakes out XP to think the partition starts below C:\$ISR\2.

I am also guessing the VSS service keeps the current running system in sync with the appropriate numbered folder.

The Copy/Update command just does a "simple" difference between each number folder to figure out what to keep/change/delete.

What do you think of my goofy idea?

Mike

 

I'm used to use imperfect security softwares and not to find what I really want.
That's why I replace my current system partition with a clean, trouble-free and malware-free partition during each reboot and that removes every mistake of my security softwares.
I only need my security softwares to save the period between two reboots as good as possible.

These developpers of virtualization softwares would save me alot of time, if they described their softwares in an objective way and telling the full truth. What it does and above all what it not does. It would save me alot of posts as well.

 

Erik, sometimes we just miss that, but they do write those things:
http://www.vmware.com/solutions/whitepapers.html
See Virtualization Overview for instance.
I've lost track of this thread, so one final sentence:
VMware is not like SandboxIE. They are similar in some aspects, but NOT the same by a long shot.

 

Well, I guess their description also relies a fair bit on the user knowing what virtualization is in the first place. Are you going to take on antivirus software vendors for not telling you that making your morning coffee is not part of their software's functions?

 

In stead of praising their software into heaven, they better tell the users what it doesn't do. This has nothing to do with making coffee. I might be less-knowledgeable, but I'm not stupid.

 

Well, there's a lot that virtualization doesn't do. They could write a bible on what virtualization doesn't do.

My point was simply that some things are too redundant for vendors to mention. It would be nice to provide a Virtualization 101 on their website for users who have no idea what the concept is, but the truth is, I wouldn't be too shocked if they didn't.

 

The principle of virtualization is quite simple : trap the malware in an environment where it becomes useless. But it's already clear to me that they didn't succeed in doing this and that's why you have a bible on what virtualization doesn't do.