LooknStop-GUI_Exit-Protection.exe *NEW*

Discussion in 'LnS English Forum' started by Phant0m, Sep 22, 2004.

Thread Status:
Not open for further replies.
  1. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
  2. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    How does this utility actually work Phant0m?

    Do tools that try to exit the GUI of a program looking for something static in the titlebar (like the name of the program)?

    How come the utility no longer works after a reboot?

    The animating toolbar does look cool though :)
     
  3. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Actually there are many different ways of exiting Applications, this here particular utility (GUI_Exit) doesn’t attack Look ‘n’ Stop process but instead uses Sendkeys to-do what I call an App-Friendly shutdown. Doing what it does I’m uncertain if PG offers security against it. Also using this way it can easily be made to alter application settings, make rules for instance or deleting rules and so on.

    Yes this way looks for static titlebar name to retrieve handle for an application, there are other ways to go about protecting an application against this form of attack.

    This here GUI_Exit-Protection Utility doesn’t insert itself into the start-up group, if the user wishes to use it on a regular bases they going to have to insert it to the start-up group themselves.

    Yea, you aren’t the only one to say that.
     
  4. MaxCr

    MaxCr Guest

    Hi,

    Quite interresting, I'm sure that there's more then one way about it... is it possible to have the service of LNS to be unloaded which would terminate Looknstop all in it self and also aside from that I've notice that there's a loaded driver there should also be a way to have that removed rendering the application and the users computer defenseless?

    regards,
    Max
     
  5. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    This problem can also be solved with Process Guard
     
  6. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    I'd like to see a screen shot of PG in stoping the utilitie

    regards,
    Fluxgfx
     
  7. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    Hi,
    I wanted to take the screenshot, but didn't succeed:
    I have set up protection for LnS in ProcessGuard, but somehow the "exit" demonstration tool does not exit LnS without PG even kicking in (at least not that i could see). LnS just minimizes and PG notifies me about LnS_Exit.exe having been allowed (manually by me) to start. Could it have to do with me starting LnS with its service utility?
     
  8. Jazzie1

    Jazzie1 Registered Member

    Joined:
    Dec 5, 2003
    Posts:
    174
  9. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    here it is then.
    The gui-exit version this thread originally referred to wouldn't work (LnS would just minimize), but Phant0m kindly dropped me a link to an update. Now here is PG handling the update's attempt to shut down LnS (with CMH enabled on it).
    CU,
    Andreas
     

    Attached Files:

  10. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    Hi Jazzie,
    We've still not been there. seems I never get things done all from my own.
    :rolleyes:

    CU,
    Andreas
     
  11. Jazzie1

    Jazzie1 Registered Member

    Joined:
    Dec 5, 2003
    Posts:
    174
    Quick ANdreas, hit cancel twice and see what happens!!! ;)

    I hear you!!!

    Take care
    Jazzie
     
    Last edited: Sep 28, 2004
  12. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    I can't remember for sure if I had to hit cancel twice or once, but I did it and nothing happened - LnS continued as if nothing had happened. (But I'm on a more recent PG3 beta, so there might have been improvements there.) I will re-try tomorrow again to make sure, but I'm pretty certain now already (except for once-or-twice-cancel-?).
    (I've also noticed that on another one of my apps the peculiar behaviour of PGv2's CMH has disappeared and is now working correctly - so there is hope ;) .)

    CU,
    Andreas
     
  13. Jazzie1

    Jazzie1 Registered Member

    Joined:
    Dec 5, 2003
    Posts:
    174
    Hi Andreas, I know we are getting off the topic a bit, but yeah, if you hit cancel twice then the CMH dissapears and so does the app you are trying to close, so I will wait till it is fixed before even attempting to use it as a security tool. Because I am sure that is the biggest week point a malware writer will shoot for... But, I am confident Jason and team will work it out! Just was hoping/thinking it would have been fixed by now. Seeing it is that noticeable!! Don't you agree? Or do you have another opinion/theory? :)

    CU
    Jazzie
     
  14. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    I've just re-tried it, and it's apparently fixed now. I cannot reproduce what you describe. Maybe you want to try tomorrow's beta yourself?

    Cheers,
    Andreas
     
  15. Jazzie1

    Jazzie1 Registered Member

    Joined:
    Dec 5, 2003
    Posts:
    174
    Well, they must of through something together real fast to fix the issue, because it happened yesterday, not tomorrow!!! (just kidding, not everyone jump on me at once!--Geeees!!!:D ) It is great they could provide support and fix issues that users request... I just wish Frederic would do the same with the issues I have here in LNS (No disrespect intended !!!!) I just notice that the customer support here is rather "slim" by nature........

    Take care
    Jazzie :cool:
     
Thread Status:
Not open for further replies.