VappWare Real Time Browser Protection(Browser Condom)

~Off topic comment removed~

For newbies: copy the link to browser URL field and change hxxp to http.
Kind of interesting to read info about the company, offices etc. hehe, but overall this has been a funny thread. I also suggest a bit more conventional name for the product. Just a friendly advice.

 

I thought it was a shortcut for condominium, like demo for demonstration. Thanks.

 

Hello,
A question to developer:
Why does your app need 100MB installation space?
Mrk

 

I ll tell you why?
When you run any application inside the Vcondom, every time the application need to open any file (read, write, or just query).The condom first verify is the requested file reside inside the condom, if this is true the application could access to this file, else the requested file reside outside the condom, the condom first copy this file in the condom and give this new file (path) to the application.

So you have duplicated data. (just for the files requested by the protected application)

Example, when an application needs a c:\windows\system32\notepad.exe
the condom return this path to the application
c:\vcondom\condom1\disks\hardiskdrive0\windows\system32\notepad.exe

And to make the system with a high performance, first we fill the condom with the most used file to avoid copying files while running the application.

Example qhen you create a condom, the font directory, cursor directory, program files internet explorer directory, mozilla directory and some other applications are placed in the condom.

Hope this explain the installation and running space.

Best regards and please test this application inside a virtual machine.
We are in alpha, i dont want to crash your system.

Thanks a lot for your question.

Moises

 

Hi mswiczar,
I'm using a clean vm to test BC but I get bsod at the moment - opening ie & FF.
I notice you have to wait before you can use the protection as it takes 3-4 mins to make a condom - can you quicken this up?
As I cannot test it right now can you tell me what threats it will protect against?

 

You are right...
I really would like that this forum was as 2/3 years ago...

This wave of disrespect become frequent, and this harms what really must be spoken...

 

Looks like SandboxIE more and more. Again, don't take me wrong!
How do you plan on programing to recover files from the sandbox, pardon , condom? By exploring the condom folder only?

 

Thanks again

Did you create the Condom First?
When you create the condom this steps are done by the main form.

Create "virtual Disk" doing this

1) c:\vcondom\Condom1\Disks\Device\HarddiskVolume1\;
2) and one Hardiskvolume for each volume (not yet implemented, i just implemented 1 volume)

Create Virtual Registry repository
1) c:\vcondom\Condom1\Registry\Machine\
2) c:\vcondom\Condom1\Registry\user\


3) ModifyPrivilege(SE_BACKUP_NAME,TRUE) // Need backup privilege
4) Export Macine key RegSaveKeyEx(hTestKey,afilename,NULL,REG_LATEST_FORMAT);
5) Export user key
RegSaveKeyEx(hTestKey,afilename,NULL,REG_LATEST_FORMAT);

Thats all.
Those are the task of the create condom procedure.
Remarks, when the RegSaveKeyEx run, its seems to frozen the pc, but its the way microsoft export the keys


Then

You must start the condom.

When you start the condom, this happend
1) I patched a lot of SSDT to prevent treats to bypass my protection.
2) I restore the backuped keys when you created the condom.
cbName = ModifyPrivilege(SE_RESTORE_NAME,TRUE);
cbName = RegLoadKey(HKEY_USERS,CONDOM_USER_CLASSES,afilename);
So i use the Windows algorithm to give access to the registry.

then when you start the browser

All the request data from the Applicatin living in the condom will be redirected to the "virtual disk" example c:\vcondom\Condom1\Disks\Device\HarddiskVolume1\

If the file is in the Virtual repository, it just open from there, if not, its copies from the real path to the "virtual disk" and then redirected to this place.

all the request registry from the application will be redirected to the new keys

Hope this will help you.

thanks again for your interes

 

yes. you are right!
any suggestion?

 

Serious charge, more information please.

I agree, it's criminal for him to not frequent security forums. How dare him!!

 

If he really is the author of a software that works like Sandboxie, almost everyone (I would guess all) here particularly those acting all high and mighty* in this thread are NOT his *peers*. They would instead be people like Tzur, Ilya etc.

It's amazing how running a few HIPS and hanging around here for some time, can make you think you know more than you really do.

PS Not directed at you Perman.


* Wow, someone used a compiler once!

 

Ofcourse.

Yes I understand the program and looking at it more closely. You hook SSDT 11 times on start of condom.

 

Who is this directed at? Yes I design and wrote software and a computer language. Now can we discuss program?

 

if you want i can send you the source of the patching.
But first please contact me in mswiczar [at] vappware.com
I want to speak with you.
Now i just uploaded a new version compiled with checked build.
More data on

hxxp://www.vappware.com/vapp/index.php?option=com_content&task=view&id=17&Itemid=47

 

by now im hooking (in this version)

ZwCreateFile
ZwOpenFile
ZwOpenKey
ZwCreateKey
ZwLoadDriver
ZwUnloadDriver
SetSystemInformation
ZwCreateSymbolicLinkObject
ZwCreateThread
ZwCreateProcess
ZwCreateProcessEx

this other patching are deactivated for now.

ZwAllocateVirtualMemory
ZwProtectVirtualMemory
ZwOpenProcess
ZwOpenProcessToken
ZwOpenProcessTokenEx
ZWDEBUGACTIVEPROCESS ZWREMOVEPROCESSDEBUG
ZwOpenJobObject
ZwSetInformationJobObject
ZwCreateJobSet
ZwOpenThread
ZwSetInformationThread



more data?

 

Could you sendme your crash dump please?

 

if you have to ask, it's not you.

I'm talking about the guy who is acting all upset because he thinks the guy doesn't hang around in security forums. And I'm still waiting to see him provide evidence (based on some weird reasoning), that all the code is cut and paste.

 

Vappware's website seems to be down at the moment. I was going to try this app in shadow mode, but it is almost 3o a.m. I'm done.

 

humm, well, i can't think of anything that hasn't already been done.

The obvious solution, that others use but i don't think it's that special (it is obvious, one has to do something of the sort), is having the user choose what folders should be monitored (downloads for instance, bookmarks...), so that, when clearing the condom (more like trashing it, i don't re-use them...), the program would ask to save files from these folders. One would review the content of the folder from the program's GUI still, and save what is important.

 

Pedro, first of all, thanks for your interest.
This kind of feedback is very important.
Of course I ll do it, but whats happen if you forgot something?

What do you think if we put a trashcan?
When you discard the Vcondom, you could always restore files from the trash can. you could configure which files, or extension or folders do you want to always store in the trashcan.
We could have a watermark of how many storage can contain a trashcan?
The contens of the trashcan coud be encrypted, for more security.

 

That sounds good. The user could choose if he wanted to use the trash can, or delete. Nice!
The encryption is also a good idea, but i can imagine the work ahead of you!

 

i want to do my best.
i can buy a component to do the dirty job.
There are a lot of components for about 20 U$s to make encryption, without royalties
And the Trash is just a folder outside the Condom.

 

Alright then mswiczar looks like you have something on the horizon worth some attention and hope it pans out for you and the users alike, but Say Dude, if you were after BOTH attention and a laugh then you got it, no offense meant, really, but of all names in the world you could have chosen, what guided your imagination with this one?

 

Attention is an important thing in a product.
But laugh is Very important.
Do you know when anybody laugh, he felt good. He could forget just for a while any other bad moments.

What more i can expect with a name?

 

I had no idea one could buy components. Always learning, thanks.
I hope you keep posting about the development of the program, maybe i can learn more (if i can understand..). This is early stage, so please share your frustrations/ obstacles/ achievements

Oh, and welcome to Wilders!