Idea: SRP shell extension

Discussion in 'other security issues & news' started by Gullible Jones, Mar 31, 2010.

Thread Status:
Not open for further replies.
  1. This is a pretty simple idea: a Windows shell extension that lets you add an application to the SRP whitelist on right-clicking it (or a shortcut).

    Better yet, have an app that:
    - Looks for programs in C:\Windows and C:\Program Files
    - Creates a path based "allow" rule for everything there
    - Adds the aforementioned extension to the Windows shell, allowing the easy creation of path rules
    - And has a convenient GUI that lists the rules and lets you add or delete them

    For an intermediate user this would be a great way to secure a system, even running as admin. It does seem to me that some effort would have to be made to secure the shell extension (a SuRun style popup maybe?). Other than that I don't see a downside (other than the obvious fact that it would fail on an already infected machine).
     
  2. Jav

    Jav Guest

    hmm... Like "Auto Generate Rules" option in AppLocker?

    Overall nice idea...
     
  3. I guess... I've never had the opportunity to use AppLocker. But thanks.
     
  4. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    It is unfortunate that it is not as simple as that. Oh, it can be done, I have prototyped it in XP. But if you plan on using the GP, you need Vista at least. There is a tool somewhere floating around that lets you use an .xml file or something, I cannot remember, but it is not a shell extesion. It could be made into one though.

    The problem with this is that there really should be some user inter-action to creating an SRP rule. There does not HAVE to be, but you have to manage it at some point, and if you only use .reg values for SRP, it is not straight forward. That is one of the reasons I built PGS, so that you can see and manage what is there.

    I am not putting the clamp on your idea, just sharing what I know about it, and why I dropped the idea. Maybe someone else can add some valuable insight that changes this.

    Sul.
     
Thread Status:
Not open for further replies.