Matousec

henryg · Sep 19, 2007

Matousec's exploitability...

Looks like Matousec has made a quick change to his list of "vulnerable software". It now appears that Sunbelt's Personal Firewall (4.5.916.0) is O.K. now?
I wonder as to how much "ransome" Sunbelt had to pay...

http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php

fax · Sep 19, 2007

Re: Matousec's exploitability...

henryg said:

Looks like Matousec has made a quick change to his list of "vulnerable software". It now appears that Sunbelt's Personal Firewall (4.5.916.0) is O.K. now?
I wonder as to how much "ransome" Sunbelt had to pay...

http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php
Click to expand...

LoL... strange testing procedure...
Anyway, latest ZA 7.408.000 is not vulnerable.

Cheers,
Fax

Dwarden · Sep 19, 2007

Re: Matousec's exploitability...

henryg said:

Looks like Matousec has made a quick change to his list of "vulnerable software". It now appears that Sunbelt's Personal Firewall (4.5.916.0) is O.K. now?
I wonder as to how much "ransome" Sunbelt had to pay...

http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php
Click to expand...

guess You failed to read , he wrote that in article that 'some' of the vendors fixed it 'since' it was found ...

tlu · Sep 19, 2007

Peter2150 said:

The funny part is now is criticizing, all the hooking techiques which vendors have done to pass his leak test. Geesh.
Click to expand...

Peter, I disagree. First of all, Matousec mentions products that are very good in his leak tests (e.g. Comodo) while implementing the SSDT hooking in a proper way at the same time. So it is possible to achieve both goals.

But the more important aspect for me is that improper SSDT hooking is not only a security issue (which is not all-to relevant for me - here I agree with Stem), but also a stability issue that could eventually crash Windows. No software should be able to de-stabilize your OS - least of all poorly programmed security software. That's why I find Matousec's warnings absolutely justified although I agree that he tends to magnify some things at times.

wat0114 · Sep 19, 2007

tlu said:

But the more important aspect for me is that improper SSDT hooking is not only a security issue (which is not all-to relevant for me - here I agree with Stem), but also a stability issue that could eventually crash Windows. No software should be able to de-stabilize your OS - least of all poorly programmed security software. That's why I find Matousec's warnings absolutely justified although I agree that he tends to magnify some things at times.
Click to expand...

I agree 100%

Peter2150 · Sep 19, 2007

tlu said:

Peter, I disagree. First of all, Matousec mentions products that are very good in his leak tests (e.g. Comodo) while implementing the SSDT hooking in a proper way at the same time. So it is possible to achieve both goals.

But the more important aspect for me is that improper SSDT hooking is not only a security issue (which is not all-to relevant for me - here I agree with Stem), but also a stability issue that could eventually crash Windows. No software should be able to de-stabilize your OS - least of all poorly programmed security software. That's why I find Matousec's warnings absolutely justified although I agree that he tends to magnify some things at times.
Click to expand...

I don't need him to tell which products are good. The BSOD"s tell the story just fine. I've found the stable ones I want.

jrspie · Sep 19, 2007

Hi everybody.
I'm enjoying this thread and have a question or 2.
I've learned from you that passing the leak tests is not the most important aspect of a good firewall.
Stability is probably more important.
But my question falls to this simple thing.
Matousec, for the most part, seems to rate being leak proof very highly.
So where do we find info about ratings of firewalls that are kill proof, more stable etc.?
I can do my own leak tests. But I wouldn't know where to start to test for stability or anything else.
So if I eliminate Matousec, where do we go for test results and non biased info?
Thanks.
J.

Peter2150 · Sep 19, 2007

jrspie said:

Hi everybody.
I'm enjoying this thread and have a question or 2.
I've learned from you that passing the leak tests is not the most important aspect of a good firewall.
Stability is probably more important.
But my question falls to this simple thing.
Matousec, for the most part, seems to rate being leak proof very highly.
So where do we find info about ratings of firewalls that are kill proof, more stable etc.?
I can do my own leak tests. But I wouldn't know where to start to test for stability or anything else.
So if I eliminate Matousec, where do we go for test results and non biased info?
Thanks.
J.
Click to expand...

Unfortunately the only way to determine that is to install and trial them. I would recommend a good recovery program, like FDISR/ROllback or imaging program like Acronis/ShadowProtect/Paragon/IFW so you can insure complete removal.

Pete

henryg · Sep 19, 2007

Re: Matousec's exploitability...

Dwarden said:

guess You failed to read , he wrote that in article that 'some' of the vendors fixed it 'since' it was found ...
Click to expand...

That's funny.... The version number is still the same and has been for some time. So how or when was it "fixed"? To fix a piece of software without providing an update..... Now that's a neat trick!

H

Dwarden · Sep 24, 2007

Re: Matousec's exploitability...

henryg said:

That's funny.... The version number is still the same and has been for some time. So how or when was it "fixed"? To fix a piece of software without providing an update..... Now that's a neat trick!
H
Click to expand...

guess You missed the part of

During our security analyses of personal firewalls and other security-related software that uses SSDT hooking...
Click to expand...

and

There were only two personal firewalls that passed our argument validation testing successfully, Comodo Personal Firewall and Sunbelt Personal Firewall. Our tests revealed, that the current versions of these products are probably not vulnerable, but earlier versions of both these personal firewalls contained the bug and they were both fixed after our notifications to their vendors.
Click to expand...

simply put while testing firewalls they found this problem, reported to vendors and they fixed it

later they wrote test program and tested multiple products which results into article here discussed

ofc it seems that these who were 'caught' and were 'fixing' the issue seems to be fine atm ...

Log in or Sign up

Matousec

henryg Registered Member

fax Registered Member

Dwarden Registered Member

tlu Guest

wat0114 Guest

Peter2150 Global Moderator

jrspie Registered Member

Peter2150 Global Moderator

henryg Registered Member

Dwarden Registered Member

Log in or Sign up

Matousec

henryg Registered Member

fax Registered Member

Dwarden Registered Member

tlu Guest

wat0114 Guest

Peter2150 Global Moderator

jrspie Registered Member

Peter2150 Global Moderator

henryg Registered Member

Dwarden Registered Member

Useful Searches