*BladeDefender Update*

Discussion in 'other anti-malware software' started by trjam, Sep 23, 2010.

Thread Status:
Not open for further replies.
  1. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I contacted Long Lu who is part of the development team from Georgia Tech University involved in the creation of BladeDefender. I see this summer he worked as a intern from June till August for Microsoft Research. Anyway he got back to me and his comments are below.

    Thanks for your interest in BLADE. The release surely will happen within this year. But sorry that I cannot promise you a concrete date for now.
    Please understand that we are an academical research lab -- converting research prototypes into products definitely interests us, but cannot be our first priority due to the limited human resources.

    Cheers,
    Long
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Thanks for the update!

    I wonder how many people will be interested in this product, since at the moment, according to their research paper, the product monitors only the browser attack vector, ie, drive-by download:

    BLADE (Block All Drive-by download Exploits)​

    This leaves USB, email attachments, Office documents, etc, as possible attack vectors for malware executables. There are many solutions already available that cover multiple attack vectors.

    BLADE-ACM-CCS-2010.pdf
    http://www.blade-defender.org/BLADE-ACM-CCS-2010.pdf


    ----
    rich
     
  3. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    They should have put that info on their page instead of the "available soon" mesaage. :rolleyes:
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ trjam

    Thanks for asking, now we know :(
     
  5. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Guys,

    Soon Safe-Admin will achieve the same for you.


    Applying EMET-2 reduces the risk of succesfull shellcode injection. This mitigates fase 1 of their approach.

    Running your Browser with Low rights will contain it from the rest of your system (running medium or high rights with UAC on), so no shell code can touch your other processes. Contains fase 2 of their approach)

    Applying a No-execute-Up access control list on your download (and temp) directories will deny execution of anything downloaded by the browser from code within the browser or pocesses called by that browser (heeeeeeeee a long sentence to say that you are able to execute with Explorer, but injected malware or javascript running in/ran by the browser NOT). This blocks the third step (execution) of their model (Quoting RMUS when it can't execute it can't infect).

    See https://www.wilderssecurity.com/showpost.php?p=1753328&postcount=2

    Regards Kees
     
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Not all of us have or want Vista or W7 :p

    EMET only works on XP/SP3 and above, i'm staying with XP/SP2 ;)

    So things like BD might be useful, if only to play with :)
     
Loading...
Thread Status:
Not open for further replies.