[bug] New Rule Path Distinction

Discussion in 'ESET Smart Security v3 Beta Forum' started by Meister, May 30, 2007.

Thread Status:
Not open for further replies.
  1. Meister

    Meister Registered Member

    Joined:
    Apr 8, 2007
    Posts:
    32
    When adding new rules manually, ESS makes a distinction between

    c:\progra~1\*etc and c:\program files\*etc

    when in reality they are the same thing which leads to the creation of multiple "same programs" on the rules list.

    ESS Beta 1a
     
  2. Teazle

    Teazle Registered Member

    Joined:
    Apr 7, 2007
    Posts:
    42
    well, thecnically they will be the same if there are no other folders in C:\ that starts with "progra" and are longer then 8 letters.

    for example you might (might) have 3 dirs:

    c:\programming -> c:\progra~1
    c:\programmable -> c:\progra~2
    c:\program files -> c:\progra~3

    so, c:\progra~1 is only the same as c:\program files\ if there are no other dirs with the 6 first letters being "progra" and they aren't longer then 8 letters.

    But if there would exist no such dirs, your assumption would be correct. But that also leaves a vector of attack: if a malicious program creates that dir, it would, by your words, be treated as safe.

    I hope I made myself understood

    Regards

    Teazle


    edit: changed a word, I no longer sound so condecending...
     
  3. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Hi,

    I agree with Meister, the problem is not that the DOS names can be separate folder, but that rules for a same app are created like DOS paths when automatically created by ESS, and "long" paths when you create rules manually (browse for the exe). So, bug I think Meister mentioned, is that if there is already an application, be it in long or short path,ESS shouldn't create the other version, because the apps are in fact the same, and that makes the list messy.
     
Thread Status:
Not open for further replies.