AntiExectuable and Vista Support

Discussion in 'other anti-malware software' started by jrmhng, Jan 14, 2008.

Thread Status:
Not open for further replies.
  1. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Hi All,

    Does anyone know when or if Faronics is developing support for Vista esp with Anti-Executable?

    Cheers,
    Jeremy
     
  2. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    It is in beta and I was told it would be out in the first quarter of this year.
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    It's predictable and obvious that AE will run under winVISTA as well.
    I like AE alot : simple philosophy, easy-to-use, whitelist-based, killing any executable malware immediately, protects itself very well and is quiet as long everything is normal. A professional evergreen, worth its price.

    I recently unzipped a file, that contained an executable malware, I never saw that malware, it was removed while I was unzipping the file. That's what I call "action". :)
     
    Last edited: Jan 14, 2008
  4. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Remember, that AE does not block the .wmf file from running, but prevents the .wmf code from installing the executable payload.

    When the .wmf exploit surfaced, someone created a PoC where the .wmf file launched the windows calculator. This, of course, AE would not prevent.

    The PoC showed that the exploit could do other things besides run a binary executable. To my knowledge, no in-the-wild-exploits surfaced that did anything else besides attempt to install a trojan executable.

    The .wmf exploit, of course, has since been patched.


    ----
    rich
     
  7. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    So from my understanding, the zero-day exploit still exists. However ANY executable code, even ones from a buffer overflow, is stopped from running. Is this true?
     
  8. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Right :)
     
  9. QQ2595

    QQ2595 Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    159
    the current AE can not prevent the VBscript, Javascript, Flash.

    I hope they can add the protection for this in the new version. There are many posts about how VBscript call Win API in the google. that will be a new holl.
     
  10. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    If the final outcome of those actions continues to be placing an untrusted executable (trojan downloader/dropper, etc) in the system, AE will continue to be up-to-date.
     
  11. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    YES! YES! YES!

    AE is one of those what i call SUPER apps, it's stable plus it's POWER coded to instantly protect against executables in very rapid fashion, almost like it has a sixth sense, (AI ?) internal sensor maybe? :)



     
  12. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Sounds good. Can't wait for it to work on Vista. If all goes well, I might even buy it. (No I usually resort to freebies...I'm a poor uni student).

    Anyone else have experiences to share?
     
Loading...
Thread Status:
Not open for further replies.