Does OA has protection against direct disk access?

Discussion in 'other anti-malware software' started by aigle, Jun 27, 2008.

Thread Status:
Not open for further replies.
  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,122
    Location:
    U.S.A. (South)
    If that is indeed the case then it's disturbing. Even though i don't have or will bother with Vista, i was under the impression it was constructed or improved to better enhance against those type of potential loopholes.

    Anyone else care to elaborate on this further?
     
  2. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    One more thing about Vista. I activated Guest account. Then I switched to Guest account (UAC is enabled). Then I selected notepad.exe to "Run as admin". I expected to be asked for Admin password .. but nope. I was not asked and notepad.exe was started with admin rights from Guest account and with UAC enabled. Isn't it incredible ?
     
  3. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Correct :) You cannot open disks for raw access under LUA/RunSafer/DropMyRights.
    IMO, alerting on direct/raw disk access should be restricted to SSM-like classical HIPS.
     
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,122
    Location:
    U.S.A. (South)
    Anymore if this accessing Device\Physical Memory maliciousness from malware keeps up i would expect many other apps could be adding this type of an alert process.
     
  5. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Against the most evil virus it does not offer protection like most firewalls. I saw cruel things with activated oa but that is likely not the fault of oa either the fault of the os and internet in general. What firewall should withstand subhack tunneling?
     
  6. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    What is this ?
     
  7. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Something cruel that most people are not aware of... undermining of privacy.. omnipresent evil eye.. man-in-the-middle
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    KD.exe is some trojan, not sure the name. Does the same thing as killdisk, trashes the mbr/partition table.

    Pete
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Yep the run safer option does indeed do the same. In the new beta's of OA, you can set unknown programs to not prompt but run safer. Then if you try to run something like Killdisk, or kd.exe, you get no prompts, and no damage. Kind of neat.

    Pete
     
  10. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    MiTM Attacks are also possible through secure socket layer, some people don´t believe this but it is proven, they even make special use of ssl channels/ports.
     
  11. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Access to physical memory isn't possible under LUA IIRC.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.