Should Trustware Vulnerability Test comes under the supervision of Anti-Keyloggers?

Discussion in 'other anti-malware software' started by sg09, Nov 13, 2011.

Thread Status:
Not open for further replies.
  1. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    Trustware Free Security Test
    http://www.trustware.com/Free-Security-Test/
    I know this is a test for sandboxing softwares but logging the filenames in My Document folder; doesn't this a king of logging? So, shouldn't anti-keyloggers protect us from this kind of vulnerability?
     
  2. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Damn. I put this in a one of my sandboxed folders. Even with Comodo firewall, panda cloud pro and sandboxie, this "test" still read my documents folder and supposedly sent it to trustware. Odd I don't have any log in the firewall that it tried to connect out. I was sure that panda would have said something or even D+. Nothing. Nada. I even have sandboxie folder dropmyrights and internet restriction. It says that it went through FTP.exe. Telnet.exe failed though. I'm kinda surprised by all of this.
     
  3. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Were you alerted to its actions? If no then that is worrying otherwise not
     
  4. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Not a peep. yeah scarey. Of course I did notice that D+ showed it as "scaned online and found safe". So that's why comodo didn't speak up. Panda not really sure. Log didn't show anything. Sandboxie I have the sandbox folder as internet restriction to everything but MBAM, Killswitch and hitman, dropmyrights applied and anything running in that folder is forced into sandbox. Not cool. I might have to go back to appguard.
     
  5. chris1341

    chris1341 Guest

    I take it you disabled AppGaurd for the test? For me it blocks this on lock-down & high. It will run at medium but if you have protected folders set it blocks access to them.

    Cheers

    Edit: Sorry was reading your sig. Now noticed you say you may go back to AppGaurd so assume it was not installed for the test.
     
    Last edited by a moderator: Nov 13, 2011
  6. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    So,
    Should Trustware Vulnerability Test comes under the supervision of Anti-Keyloggers?
     
  7. chris1341

    chris1341 Guest

    No don't think so. It is reading the contents of potentially sensitive folders and transmitting that data not recording keystrokes. Seems like HIPS/Firewall responsibility to me.

    In those terms Online Armor Premium deals with it very well. Informative prompts and no data compromise.

    Cheers
     
    Last edited by a moderator: Nov 13, 2011
  8. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    yeah I took off appguard and I replaced it with PCAV pro. Obviously not a great choice.
    Can someone else run this and please tell me that I'm not going crazy.
    It opens the notepad and browses your my documents folder.

    ------ Files Attack test ------<br>
    Attacking C:\Windows\system32\TASKMGR.EXE: SUCCESS!<br>
    Attacking C:\Windows\system32\TELNET.EXE: Failed!<br>
    Attacking C:\Windows\system32\FTP.EXE: SUCCESS!<br>
    <br>
    ------ Local Spy test ------<br>
    -- Browsing local documents.. --<br>
    I'm not really sure that it sends any info out but it does open up the notepad.exe without a peep. I do think that its sandboxed but it does open things up. CIS under paranoid says that it was trying to access MBAM.exe.
     
  9. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    Tried to run it in my Sandboxed 'Downloads' folder and Online Armor stopped it dead :thumb:
     

    Attached Files:

  10. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Hmm. Might be time to switch my firewall again. :( I was sure that comodo would stop it.
     
  11. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    977
    Location:
    Paris
    Guys- This is one of the MOST BOGUS of all bogus tests, and here is why-

    Run the file and after a minute it will appear and inform you that it stole the names of whatever number of files and posted it on the internet. Following their instructions, in order to view the files I had to click the Attack Files button, allow the program to get out to see a list of my stolen files.

    OH MY GOD!!!!! CIS didn't even alert me!!! I'M DOOMED!!!! I'VE GOT TO BUY BUFFERZONE!!!!

    Actually no, I'm not doomed nor will I buy Bufferzone. I tested it again, you see, but this time physically disconnecting my computer from the Internet.

    Ran the program again, got the same alert that my information was stolen and posted on the Internet.

    Conclusion (Multiple Choice- you may pick more than one answer):

    1). This test is so powerful that even if you shut off access to the Internet it will create it's own Hotspot and transmit your data.

    2). The data is actually transmitted when you allow the program to access the Internet- ACCORDING TO THEIR INSTRUCTIONS (and if you got a FW alert you were safe all along).

    3). They are LYING FEAR-MONGERING SLIME out to deceive people into buying their product.

    "Trustware" indeed.
     
  12. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Easy there cruelsister. I never said that it had access to the internet. I was more concerned that it was able to open another process without comodo or even sandboxie saying something. I know that it didn't have internet access because when it went to transmit via my browser sandboxie wouldn't let my browser open.
     
  13. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Could be the way CIS is configured. Just one of many alerts. So not much to be concerned about.
     

    Attached Files:

  14. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Is that in paranoid or safe mode for D+? I have mine in safe mode and didn't get any alerts.
     
  15. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    From memory I think it is in Safe mode, with no auto scanning in cloud and set to limited for unrecognised files
     
  16. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Ah. I have that one ticked on. Must be on safe list because it found it as safe online.
     
  17. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Test's credibility aside, no, you don't have to buy BufferZone. It's free. :D
     
  18. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    I downloaded Trojdemo,then installed it in my Geswall Confidential folder and ran it untrusted.

    Supposively,it "stole" 9 data files,but yet when I click "attack results" nothing shows up.

    Not impressed with their test.
     
  19. Tunerz

    Tunerz Registered Member

    Joined:
    Jun 12, 2007
    Posts:
    96
    Location:
    Philippines
    Privatefirewall detected the executable easily. Got a prompt and I blocked it.
     
  20. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    run the executable and got a pop up alert from NoVirusThanks EXE Radar Pro
    then i selected block and delete file:cool: end of story:)
     
  21. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    @chris1341: thanks

    I think blocking the executable by anti-executable is not the idea of the test. The idea is to run the executable and still don't let it steal anything.
     
  22. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    ofcourse but is not good idea to run unknown programs at all;)
     
  23. chris1341

    chris1341 Guest

    Agreed, That's what I did - reduced AppGuard protection until it allowed the executable to run but the Protected Folders functionality prevented reading of the My Documents folder.

    Similarly, I allowed the executable to run in OA Premium (in Advanced mode) and just answered BLOCK to the alerts where OA recommended that course of action (red ones). Same result the app fed back the My Documents folder is empty. It wasn't obviously.

    I think any decent HIPS should prompt or block when an unknown/untrusted executable tries to read sensitive folders or use another to do so and a firewall should prompt when that app tries to connect out itself or through another process IMO. Obviously some don't.

    Anyway............
     
  24. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Agree deny execute of 1806 is not the real deal, after removing block, low rights world kicks-in

    shine on . . .
     

    Attached Files:

  25. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I have Nothing of importance etc in D&S :p so it's no big deal for me. Lots of other people though do allow important/personal/private to be stored in there, so it "might" be for them :eek:

    However as usual any such Trojan etc has to allowed to run in the 1st place. Either by tricking someone, or having insecure practices in place. Neither apply here ;)

    PG blocked it :) so i allowed it

    pg.gif

    ZA v5.5 :p blocked it out :)

    za.gif

    Click on here for the .txt results

    ha.gif

    Results

     
Loading...
Thread Status:
Not open for further replies.