Question about Global Hook

Discussion in 'Ghost Security Suite (GSS)' started by oldBear, Jan 14, 2006.

Thread Status:
Not open for further replies.
  1. oldBear

    oldBear Registered Member

    Joined:
    Dec 3, 2004
    Posts:
    37
    Whenever I visit the site http://www.randyjamesrocksonline.com/
    I receive a "Process Modification - Global Hook" warning from appdefend.

    The site uses flash and does seem to use a cursor when you mouse over certain sections of the screen, but outside of that seems innocent enough.

    Am I concerned over nothing? How would I determine whether to allow or not?

    I'm two weeks into the trial and so far am really impressed with the product. Just need to understand how to use it or understand it a little better.

    cheers

    0001.JPG
     
  2. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    oldBear,
    You aren't concerned over nothing, but in all likelyhood a global hook from a Microsoft supplied directX component is something that you could allow. However it is often that case that programs request features that they can do without and in this case I would deny the process access unless it causes the flash animation to malfunction badly (and you trust it)

    How you might determine whether to allow it is a function of how interested you are and how much time you have.

    Default deny is a fairly safe policy, and in this case you didn't do anything that would have you expecting something special to happen so they policy would seem to apply

    If you had time and the inclination, then ....
    - I would normally check on microsoft.com and msdn.com to see what information has been provided by Microsoft
    - In this case because you have identified that it might be the flash component causing the alert I would check to make sure you have the latest version of flash and that secunia doesn't have an reported vulnerabilities for the version of flash you are running. The last advisory I received for flash (6.x and 7.x) was in November last year (http://secunia.com/advisories/17430/) and that particular one allowed flash to execute arbitrary code
    - After all that I would probably still deny it because its a just a browser and I just don't trust it and also why do I really need to care that it won't get mouse events when the window isn't in focus

    Hope that helps a little :)
     
  3. oldBear

    oldBear Registered Member

    Joined:
    Dec 3, 2004
    Posts:
    37
    Thanks gottadoit, excellent explanation. I did block access and it appears to have had no effect on the site.

    Another reason I was a bit leary of that site is that when my son visited the site using Opera, it immediately crashed his machine - no error or anything, just an immediate crash. That's what caused me to visit the site to begin with. Then when I received the global hook warning . . .

    Actually, the site seems innocent enough, but something about the mouse control appears to cause some problems somewhere.

    Thanks again for your response.

    cheers
     
  4. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    I'm glad that helped, and just for the record I couldn't get that same flash object to trigger the same event for me
     
  5. oldBear

    oldBear Registered Member

    Joined:
    Dec 3, 2004
    Posts:
    37
    Very unusual - it triggers it everytime for me. Firefox 1.0.7 - will have to upgrade and try again.
     
Thread Status:
Not open for further replies.