AntiExectuable and Vista Support

Discussion in 'other anti-malware software' started by jrmhng, Jan 14, 2008.

Thread Status:
Not open for further replies.
  1. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Hi All,

    Does anyone know when or if Faronics is developing support for Vista esp with Anti-Executable?

    Cheers,
    Jeremy
     
  2. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,100
    Location:
    North Carolina USA
    It is in beta and I was told it would be out in the first quarter of this year.
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    It's predictable and obvious that AE will run under winVISTA as well.
    I like AE alot : simple philosophy, easy-to-use, whitelist-based, killing any executable malware immediately, protects itself very well and is quiet as long everything is normal. A professional evergreen, worth its price.

    I recently unzipped a file, that contained an executable malware, I never saw that malware, it was removed while I was unzipping the file. That's what I call "action". :)
     
    Last edited: Jan 14, 2008
  4. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,982
    Location:
    California
    Remember, that AE does not block the .wmf file from running, but prevents the .wmf code from installing the executable payload.

    When the .wmf exploit surfaced, someone created a PoC where the .wmf file launched the windows calculator. This, of course, AE would not prevent.

    The PoC showed that the exploit could do other things besides run a binary executable. To my knowledge, no in-the-wild-exploits surfaced that did anything else besides attempt to install a trojan executable.

    The .wmf exploit, of course, has since been patched.


    ----
    rich
     
  7. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    So from my understanding, the zero-day exploit still exists. However ANY executable code, even ones from a buffer overflow, is stopped from running. Is this true?
     
  8. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Right :)
     
  9. QQ2595

    QQ2595 Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    159
    the current AE can not prevent the VBscript, Javascript, Flash.

    I hope they can add the protection for this in the new version. There are many posts about how VBscript call Win API in the google. that will be a new holl.
     
  10. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    If the final outcome of those actions continues to be placing an untrusted executable (trojan downloader/dropper, etc) in the system, AE will continue to be up-to-date.
     
  11. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    7,324
    Location:
    U.S.A. (South)
    YES! YES! YES!

    AE is one of those what i call SUPER apps, it's stable plus it's POWER coded to instantly protect against executables in very rapid fashion, almost like it has a sixth sense, (AI ?) internal sensor maybe? :)



     
  12. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Sounds good. Can't wait for it to work on Vista. If all goes well, I might even buy it. (No I usually resort to freebies...I'm a poor uni student).

    Anyone else have experiences to share?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.