After reading a hacker's blog,I feel it's so hard to be safe.

Discussion in 'other anti-malware software' started by bonedriven, Oct 22, 2008.

Thread Status:
Not open for further replies.
  1. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    I've been playing with security softwares for about 3 years.Although I have not become an expert,I get some "common sense" at least.
    I used to think my security combo were so powerful and it would be hard enough to break in.In (link removed) her blog,she showed several security flaws in RTD、MD、EQSecure etc.
    A month ago,I found her blog from her post "Helpless and useless Diskshield" in Comodo's forum.
    Well,maybe I'm just too naive to realize the real danger earlier.:doubt:
     
    Last edited by a moderator: Oct 22, 2008
  2. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Caution,on the link your providing my geswall just blocked an attack.
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    really?what kind of attack was it?
     
  4. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    Hey,seriously!?:blink:
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i click on the link but all is quiet hereo_Omy security is sleeping maybe,they work hard all day long
     
  6. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    yea a big orange warning and blocked checking logs if I can make sense of them
     
  7. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    Same. The page is full of chinese and some code, perhaps the code there triggers this alert of yours?

    Some software react even to posted, non-harmful code.
     
  8. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    Hmmm

    The blog link returns for me this.........The page cannot be displayed


    I wouldn't be so put off by any of that. The key is multiple security and with the right combination of certain security apps (including HIPS), it would be a difficult climb to pierce thru them all.

    Malware makers, exploit investigators and the like commonly reverse engineer security programs of all sorts to surface limitations they can point to.

    EASTER
     
  9. lu_chin

    lu_chin Registered Member

    Joined:
    Oct 27, 2005
    Posts:
    294
    I got an alert from OA about an activeX control to be loaded by this page. Maybe that's why.
     
  10. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I can not make sense of geswall logs,the only thing I see is a deny 3 messages to geswall serv.exe at around the time I clicked the link.The deny was imediate clicking the link.anyway I manged a second attempt on the link and captured it.
     

    Attached Files:

    Last edited: Oct 22, 2008
  11. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    I'm using OA v3 free.It's quiet as usual.
    BTW,I don't think it contains any malicious code except some in her post like lordpake said.
     
  12. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    It appears to be a working proof-of-concept BSOD denial-of-service attack against MD, RTD, and EQS. It crashes my Vista + MD systems. I submitted my minidump to MD (Xiaolin) last week. I gather that the next release will include a fix.

    Nick
     
  13. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Well my geswall is getting upset about it consistent.Man I love Geswall
     
  14. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    I bet it is a FP of your GW.:thumbd:
     
  15. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    better a false postive then a false negative if it was real and if a simulation of real attack then it did its job with out crashing.
     
    Last edited: Oct 22, 2008
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I get this.
     

    Attached Files:

  17. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    catroot dberr, difficult to say, could be windows internals thing
    or maybe a attempt to manipulate catalog database.
    If you really install a new language could be windows internal pepatch.
     
  18. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    thanks Aigle somewhat different then what mine say but same results I guess.
     
  19. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Thanks systemJunkie,
     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    Since the link is questionable it is being removed.

    Pete
     
  21. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    Hi peter,

    I searched her blog and links in her blog,found that she is security software
    360safe's developer.Maybe the best in the team I think.Hence,I don't think her blog would contain malicious codes.
    360safe is a popular security software in China at the moment.
     
    Last edited: Oct 22, 2008
  22. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    easter do you use mvps host file?
     
  23. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    that is bad,man sorry aout that,so is your malware defender updated already to defeat this kink of attack?
     
  24. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    No harm done. I always image before I play. According to Xiaolin, the next release of MD (due to be released this month) will include a fix.

    Nick
     
  25. Alcyon

    Alcyon Registered Member

    Joined:
    Jan 16, 2008
    Posts:
    438
    Location:
    Montr?al, Canada
    I'm a little bit curious. Can someone PM me the removed and probably innofensive link?
     
Loading...
Thread Status:
Not open for further replies.