Question From Security Hole Thread

Discussion in 'Ghost Security Suite (GSS)' started by QuinnK, Dec 12, 2005.

Thread Status:
Not open for further replies.
  1. QuinnK

    QuinnK Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    47
    Didn't put this is the RegDefend section because it's from the Security Hole thread already in this section.

    As a completely new user to GSS (and RegDefend), I have a 'how to' question from an unknowledgeable (as yet) user. IF you wanted to create a rule to protect against unauthorized changes to GSS itself, would this work?:

    'GSS Program Protection' as added group under Global Registry Rules

    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Ghost Security\GhostSecuritySuite
    Value: * (or **) ?
    Events: create key, modify key, set value, delete value
    Action: ask User, log to disk

    I realize there's a long list of entries to deal with when asked, that don't really need protection... but is that a good way to start, or is there a much better way to go about it? Will doing it this way create a 'too many entries' problem in the log?

    Thanks for any help... Quinn
     
    Last edited: Dec 12, 2005
  2. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Hi Quinnk,

    That rule would protect against modification of specific Ghost Security Suite items. I don't think you will receive too many log items regarding those entries, so it wouldn't hurt to add it I think.

    If you changed the key to :-

    HKEY_LOCAL_MACHINE\SOFTWARE\Ghost Security\GhostSecuritySuite**

    You would also protect the versions subkey in there too (make sure gssupdater.exe has access to modify this area in application rules).
     
  3. QuinnK

    QuinnK Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    47
    Thanks Jason... I really appreciate you taking the time to answer. What specifically would you allow, for gssupdater to have access to modify (I assume you mean in AppDefend)?

    Quinn
     
    Last edited: Dec 12, 2005
  4. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Hi Quinn,

    I mean Ghost Security Suite's updater modifies the registry in the versions subkey, so if you added a rule which blocked access to the versions subkey, gssupdater.exe would need access to modify them (otherwise the updater would never think you updated).
     
  5. QuinnK

    QuinnK Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    47
    Very good. Thanks again for your response. I'm knowledgeable in other computer related areas, but not at all about GSS yet. Very impressive program... I ran the trial for a couple of days and then purchased 'unlimited'. Looking forward to seeing you develop it's potential over a period of time. Considering the quality of the program in beta form, what you get with the 'unlimited' choice, and the overall potential... I have no problems at all with the cost. It always costs a little more to go first class. :cool:

    Quinn
     
  6. f3x

    f3x Guest

    hi
    this is how i have made my "protection"

    HKEY_LOCAL_MACHINE\Software\Ghost security\Ghostsecuritysuite
    *Ruleset

    HKEY_LOCAL_MACHINE\Software\Ghost security\Ghostsecuritysuite
    *Reg*

    it covers *all* registry key that are *vulnerable*
    other registry key i assume are for the size/ position of different things on the gui, and i don't feel it's needed to protect them.
     
  7. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    Just double checked mine were ok and noticed 'MD_Ruleset',what is this o_O ,i can't remember if it there last time i looked,but i think it was,it rings a bell anyhow.

    Is this a teaser for us to guess what your next app will be called Jason?.
     
  8. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Medication Defend , but it is still very beta and the beta testers are trying to much of them...:D
     
  9. f3x

    f3x Guest

    Jason must have done some cleaning ?

    Anywais i cannot find it anywhere but i'm sure i have read it was mutex defend

    Somone was playing with reshacker and gss and found this mutex thingy
    Jason have made a post about it and said it was only a "placeholder" for the next app ie to see if the desing is ok with 3 application rather than 2
     
Thread Status:
Not open for further replies.