Awards ?

Discussion in 'other security issues & news' started by f3x, Dec 21, 2005.

Thread Status:
Not open for further replies.
  1. f3x

    f3x Guest

    http://www.firewallleaktester.com/reward.htm

    Sandboxes
    "Best choice" rewards

    Reward :
    There is a single reward, the "Best choice" (blue logo) one.

    Criteria :
    The criteria are about a 'block'.
    The criteria to be rewarded are based on the following :

    - the product must not be on the firewall test page
    - the product must come from and be devellopped by a company
    - the product must not be only available in a free version
    - the product must be actively supported by the company
    - a forum and email support must be available for this product
    - the product must not be a beta version
    - the product must be 'kernel based'
    - the product must be compatible at least with Windows XP/2000/2003
    - the product must be able to block every injection (DLL, thread, code)
    - the product must provide an application startup monitoring (and allow to block)
    - the product must be able to run on a 'less powered' computer, such as a 500Mhz CPU
    - the product must be able to run concurrently with a firewall
    - if the product includes a firewall, the user must be able to turn it off (see point above)
    - the product company must be existing for more than 1 year

    These general rules are very generic and can apply to many softwares.
    They are professional points that the corporate IT managers are looking for before to test a product and to put it in a production environment.
    A professional product will provides a good support for both home use and coporate use, will be actively maintained and followed, and will be highly reliable.

    Once left only high quality products, then we should pick up the more secure ones providing an unseen security level.

    => the "Best choice" rewards the overall sandbox software

    Considering the fact [suave] told us that appdefend block all the leaktest ... this can be a good start for marketting of appdefend

    This is one more reason to hurry the realease of the first non beta lol
     
  2. [suave]

    [suave] Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    218
    Actually, I read the topic here (reply #4): https://www.wilderssecurity.com/showthread.php?p=630776#post630776

    and I see that AD doesn't fully block the PCAudit leak test:

    http://www.pcinternetpatrol.com/page/view/49

    If you give it global hook access, it somehow manages to send info through the net even if you block it from network access. Which basically means there is a way to bypass AD's network access protection. Any malware/trojan can use this method (it has nothing to do with allowing global hooks or not).

    Also, I don't know why this topic was moved from the AD forum... o_O
     
  3. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi [suave],

    FYI, Jason pinpointed the bypass mechanism nearly a week ago. Hopefully, we will see a fix included in the next beta.

    Nick
     
  4. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    I have identified why PCAUDIT is allowed out, and it is DIRECTLY related to global hooks and other DLL injection methods. It isn't a problem with the network access protection at all, and until the new beta is released I don't want to discuss why it can occur. As long as you block global hooks and other dll injection methods using AppDefend you are safe, just remember that AppDefend DOES block PCAudit if you block the global hook (like you should), so I wouldn't say PCAUDIT bypasses AppDefend at all. Rather there is an issue with why PCAUDIT can use the network after it installs its DLL as global hook which has been fixed.
     
  5. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Hi f3x,

    The next beta of AppDefend is a very good step towards a final version, and everyone will be able to witness (some real data) why AppDefend is going to be the most efficient and powerful software of its type.
     
  6. [suave]

    [suave] Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    218
    I'm glad you've figured it out. I knew you would anyways. ;)

    I just wanted to know: You say AD blocks pcaudit if we block global hooks (like we should). But what about the programs that need global hooks? And what about the inexperienced people that don't know how to answer the prompts?

    I know you don't want to discuss this anymore, but I just wanted to let you know my reason for thinking there was no relation between allowing the global hooks and gaining network access.

    It's because of the following:

    1) PCAudit will refuse to go to "Step 2" (the part where internet access is made) unless it has logged some keyboard activity. In order to let it log something, you must give it that right. With that in mind, one would think that if an application wanted internet access (without logging anything) it could do so using the same method that PCAudit does in Step 2.

    2) When I tested it with LNS, PCAudit did get the global hooks, but was blocked from accessing the net. Which meant that it is possible to give an application global hooks and still block it from internet access. Which led me to believe that there's no relation between the global hook and network access.

    Anyways, you are a lot more educated in this field than I am, so I will take your word for it. I'm only assuming things here so I don't really know what I'm talking about and I probably sound really annoying to you (sorry Jason ;) ). But that's what it takes to make AD the best of the best! Well... you say you found the cause so that's great news to me and that's all I care about. I will test it out when you release the next version. I can't wait :)

    Ahh yes, I can see it all now. AD takes the new Platinum Award at:

    http://www.firewallleaktester.com/tests.htm

    24/24 :D :cool:
     
  7. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Hi Suave,

    I'll just say that you can see some network access prompts from AppDefend in relation to PC AUDIT, but it gets through an application eventually. Not due to something the user has allowed but a hardcoded network allowance. So their isn't a bug with network access "letting something through" as in a "real" problem or bug, just an allowance which needs to be removed.
     
  8. [suave]

    [suave] Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    218
    Yep I saw those network prompts. Allow and Deny both had the same outcome. Anyways, thanks for clearing that up for me. I'll be on the lookout for the new release whenever it's ready :)

    take care,

    -[suave]
     
Thread Status:
Not open for further replies.