Smart UAC Replacement 1.0

Discussion in 'other anti-malware software' started by guest, Aug 4, 2008.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    http://www.softpedia.com/get/Security/Firewall/Smart-UAC-Replacement.shtml

    http://www.replaceuac.com/

    http://www.replaceuac.com/images/alert.jpg

    http://www.replaceuac.com/images/red_alert.jpg

    http://www.replaceuac.com/images/options_status.jpg
     
  2. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Just downloaded to test out doesn't seem to do anything at XP! Gonna try it on Vista next...

    dja2k
     
  3. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Well that is not a big surprise since XP doesnt have UAC ;)

    Wow! 10 times a day, jeez what a burden :D

    Other than that to me this seems a bit like SuRun with malware detection. Looks interesting though, it would be nice if one could skip AV using this and if it remebers software like Processmonitor and other software that need deep access into windows (and UAC only alert when the file changes) it could be a keeper. I will try it when I come home.
     
    Last edited: Aug 4, 2008
  4. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Yeah I know that's no surprise since only Vista has UAC but the main site http://www.replaceuac.com/ says "Works with Windows 2000/2003/XP/Vista".

    dja2k
     
  5. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Oh.. My ignorance shines through again.
    I had no idea that XP could have anything to do with UAC, even remotely. sorry.
     
  6. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    So if it works for XP it must mean that this proggie gives a UAC to XP, sort of HIPS lite? XP doesnt have any UAC to replace.
    That sure would be a nice move. (Well, at least when someone actually notice it doing anything in XP that is :) )
     
  7. alloucho

    alloucho Registered Member

    Joined:
    Dec 26, 2007
    Posts:
    145
    I just tested it with xp sp2 and it works.
     

    Attached Files:

  8. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Confirmed working on W2003 (and quickly uninstalled as I hate UAC prompts and this looks way too much like the original UAC). Anyway, if M$ made their UAC stuff at least this usable, people wouldn't hate it so much.
     
  9. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Dev = Security Stronghold still = rouge software?

    Perhaps there's a statement somewhere letting users know they have changed their ways.:rolleyes:

    SiteAdvisor
    Spywarewarrior:
     
    Last edited: Aug 4, 2008
  10. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Thanks for the hint.
     
  11. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    929
    Strange that there is no price for this product on their website. It very well could be malware.
     
  12. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    I thought it was free since it is not mentioned anywhere that it will cost money.

    I have now installed it. Initially the increase of popups compared to UAC is about 1000% (well, maybe not but I havent seen this many popups since I used HIPS damit!!)
    Every software that I start gives a prompt saying:

    I mean whatta...o_O

    Firefox, Shadowprotect, Windows mail you name it...
    Sure you can white list the prompts, but if I was getting off of clicking on prompts I´d rather use a HIPS like SSM or Ghost security.
    No good first impression imo.
     
  13. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
  14. MysteryFCM

    MysteryFCM Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    24
    Location:
    Newcastle, Tyne & Wear
    Interesting ........ from license.txt

    Emphasis mine ....... and from the PAD file thats included in the installer;

    Code:
    <Company_Info>
    		<Company_Name>Бла-бла-бла</Company_Name>
    		<Address_1>69-16/1 28 Army Street</Address_1>
    		<Address_2 />
    		<City_Town>Astrakhan</City_Town>
    		<State_Province />
    		<Zip_Postal_Code>414056</Zip_Postal_Code>
    		<Country>Russian Federation</Country>
    		<Company_WebSite_URL>http://www.dancingsnakegames.com</Company_WebSite_URL>
    		<Contact_Info>
    			<Author_First_Name>Konstantin</Author_First_Name>
    			<Author_Last_Name>Artemev</Author_Last_Name>
    			<Author_Email>support@dancingsnakegames.com</Author_Email>
    			<Contact_First_Name>Konstantin</Contact_First_Name>
    			<Contact_Last_Name>Artemev</Contact_Last_Name>
    			<Contact_Email>support@dancingsnakegames.com</Contact_Email>
    		</Contact_Info>
    		<Support_Info>
    			<Sales_Email>sales@dancingsnakegames.com</Sales_Email>
    			<Support_Email>support@dancingsnakegames.com</Support_Email>
    			<General_Email>manager@dancingsnakegames.com</General_Email>
    			<Sales_Phone>N/A</Sales_Phone>
    			<Support_Phone>N/A</Support_Phone>
    			<General_Phone>N/A</General_Phone>
    			<Fax_Phone>N/A</Fax_Phone>
    		</Support_Info>
    	</Company_Info>
    .... snipped.....
    		<Expire_Info>
    			<Has_Expire_Info>Y</Has_Expire_Info>
    			<Expire_Count />
    			<Expire_Based_On>Days</Expire_Based_On>
    			<Expire_Other_Info>60 minutes of gameplay</Expire_Other_Info>
    			<Expire_Month />
    			<Expire_Day />
    			<Expire_Year />
    		</Expire_Info>
    ..... snipped .....
    	<Web_Info>
    		<Application_URLs>
    			<Application_Info_URL>http://www.dancingsnakegames.com/</Application_Info_URL>
    			<Application_Order_URL>http://store.esellerate.net/s.asp?s=STR2129824678&amp;Cmd=BUY&amp;SKURefnum=SKU88198397698</Application_Order_URL>
    			<Application_Screenshot_URL>http://www.dancingsnakegames.com/images/screenshots/screenshot_3.jpg</Application_Screenshot_URL>
    			<Application_Icon_URL>http://www.dancingsnakegames.com/files/ds_icon.gif</Application_Icon_URL>
    			<Application_XML_File_URL>http://www.dancingsnakegames.com/files/DanceDanceSnake_pad.xml</Application_XML_File_URL>
    		</Application_URLs>
    		<Download_URLs>
    			<Primary_Download_URL>http://www.dancingsnakegames.com/download/game/DanceDanceSnake.exe</Primary_Download_URL>
    			<Secondary_Download_URL />
    			<Additional_Download_URL_1 />
    			<Additional_Download_URL_2 />
    		</Download_URLs>
    	</Web_Info>
    	<Permissions>
    		<Distribution_Permissions>You must disclose that this is evalution version with functional limitations.
    Full version is not free. Evalution version can be turned into full version by entering 
    registration code that you'll receive when buy it. 
    You may include evalution version on any CD compilation.
    You may not sell the evalution copy.</Distribution_Permissions>
    		<EULA>License
    
    Dance Dance Snake 
    Copyright (C) 2006-2007 Dancing Snake Games
    All Rights Reserved
    SOFTWARE LICENSE
    
    Trial Version
    -----------------------
    The trial version of this software may be used for evaluation purposes at the user's own risk. To activate all programs' features the user must purchase a license.
    The trial version may be freely distributed, provided the distribution package is not modified. No person or company may charge a fee for the distribution of Dance Dance Snake  without written permission from the copyright holder. 
    
    Licensed Version
    ---------------------------------
    On payment of the appropriate license fee, the user is granted a non-exclusive license to use Dance Dance Snake on one computer (i.e. a single CPU) or by one person (but not both), for any legal purpose, at a time. The registered software may not be rented or leased, but may be permanently transferred, if the person receiving it agrees to terms of this license. If the software is an update, the transfer must include the update and all previous versions. 
    While every care has been taken in the construction and testing of this software, it is supplied subject to the condition that the user undertakes to evaluate the suitability of the control for his/her purposes. Dancing Snake Games makes no representation of the software's suitability for any purpose, and the user agrees that Dancing Snake Games has no responsibility for any loss or damage occasioned by the use of this software.
    TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SOFTWARE AND DOCUMENTATION ARE PROVIDED AS IS AND DANCING SNAKE GAMES DISCLAIMS ALL OTHER WARRANTIES AND CONDITIONS, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, CONFORMANCE WITH DESCRIPTION, TITLE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. 
    TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL DANCING SNAKE GAMES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL OR EXEMPLARY DAMAGES OR LOST PROFITS WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR ANY OTHER PECUNIARY LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE PRODUCT, EVEN IF DANCING SNAKE GAMES HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ANY CASE, DANCING SNAKE GAMES' CUMULATIVE AND ENTIRE LIABILITY TO YOU OR ANY OTHER PARTY FOR ANY LOSS OR DAMAGES RESULTING FROM ANY CLAIMS, DEMANDS OR ACTIONS ARISING OUT OF OR RELATING TO THIS AGREEMENT SHALL NOT EXCEED THE PURCHASE PRICE PAID FOR THIS LICENSE.
    Should any term of these terms and conditions be declared void or unenforceable by any court of competent jurisdiction, such declaration shall have no effect on the remaining terms hereof. 
    If you do not agree to these conditions you should uninstall this software.</EULA>
    	</Permissions>
    
    Couldn't be bothered to change it to reflect the application it actually comes with?

    Ref:
    http://64.233.183.104/search?q=cach...ncingsnakegames.com"&hl=en&ct=clnk&cd=5&gl=uk

    There doesn't appear to be anything at dancingsnakegames.com now, but there was in April, as evident by the cache from Google.

    .... and in January;

    http://web.archive.org/web/20071209104424/www.dancingsnakegames.com/download/

    But lets get to something more recent from this company shall we?

    http://www.siteadvisor.com/sites/securitystronghold.com
    http://www.emsisoft.com/en/malware/?Adware.Win32.Active Shield

    ... and from July 08;

    http://www.americanchronicle.com/viewByAuthor?authorID=3195

    ... and these articles do one thing - very badly - promotion of TrueSword, via deception. Why via deception? lets take a look at one of the pages shall we;

    http://www.americanchronicle.com/articles/69968

    ... and where does "My Svchost Fix Wizard" lead to? yep;

    http://www.securitystronghold.com/solutions/svchost.exe-generic-host-process-win32-services-encountered-problem.html#fix

    Step 1 proudly displays;

    ... with a lovely little "Trusted Vendor" badge next to it. Trusted by who? clicking it doesn't tell me, it just takes me to a download for TrueSword - not very trusted!

    Step 2, the actual "Fix Wizard" that the articles mention, says;

    DOH! ......... since your articles are pushing this "Fix", you shouldn't be requiring people pay for TS before they can actually use the damn thing!.

    Oh, thats alright then! ......... NOT!

    Worse still, step 2 is telling people to purchase TS if TS has claimed they don't actually have the infection that the fix is actually for?. What does this fix actually do? if the rest of the page is anything to go by then;

    ... did you just pick random infections out of a hat for this one?

    Not a single one of the articles seems to mention the fact the poor sod has to pay your company, irrespective of whether they are actually infected or not, simply because they've got to pay for the damn "Fix Wizard" .........

    Now, lets get back to ReplaceUAC shall we? extracting the installer, which for some reason, seems to want to tell me it is a zip file (probably to try and confuse Universal Extractor - pity I know how to extract it manually isn't it?).

    What is "EvilProgram.exe" doing there?, and why does it have options to create whatever Preved.exe is? Since preved.exe is a 0KB file when created, and doesn't seem to have anything when viewed with a hex editor, and similarly the registry entry when created, is also empty - what is this for?

    imgEvilProgram_exe.gif

    http://www.virustotal.com/analisis/79023f059837cc50df3e8816a681e927

    Just for the hell of it, here's 3 other sites he apparently runs;

    vipdefense.com
    qwertystudios.com
    vistaglance.com

    ... and umm?

    qwertystudios.com/products/tspyware-scanner/

    Really? and here's me thinking you needed a database of stuff to actually detect aswell - I highly doubt it is going to provide this. I also doubt it's going to be of any use to people that want to develop an AM that actually detects malware, rather than just claiming it has.

     
    Last edited by a moderator: Sep 20, 2008
  15. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    omg..that doesnt look good imo.
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Shucks

    It was beginning to look like a useful XP alternative that mimiced UAC for Vista but i guess thats a bit too much to expect right?

    Looked good on type though. But then some things often do only to found out their not compatible or worse.

    EASTER
     
  17. MysteryFCM

    MysteryFCM Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    24
    Location:
    Newcastle, Tyne & Wear
    As an addendum, TrueSword is still generating ludicrous false positives ...... IMHO it should be re-added to the SWW rogue list.

    Ignoring the cookies, the only file it actually flagged that wasn't an F/P (the rest, including those it claimed were malware in the registry, were F/P's), was an installer for RelevantKnowledge, that came with KiwiAlpha (and it wasn't actually installed - was just sitting amongst 400+ other malware samples that TS actually missed, including Nuwar samples, lol)

    Code:
    ClickSpring
    	1.	C:\WINDOWS\security\tmp.edb
    
    Win32.TrojanPWS.Lmir
    	2.	C:\WINDOWS\system32\GroupPolicy\Machine\Scripts\scripts.ini
    
    Agent BIQ Trojan
    	3.	C:\WINDOWS\system32\drivers\npf.sys
    
    Marketscore(Netsetter)
    	4.	E:\Misc\Malware\kiwialpha_com\kiwialphafree\{sys}\rkinstaller.exe
    
    Adware.Emusic
    	5.	{1E796980-9CC5-11D1-A83F-00C04FC99D61} at key HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar
    
    Win32.Trojan.Downloader
    	6.	run at key HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
    
    MyCleanerPC
    	7.	HKEY_CLASSES_ROOT\tabdlg.sstab
    	8.	HKEY_CLASSES_ROOT\tabdlg.sstab.1
    
    Toolbar.Softo
    	9.	HKEY_CLASSES_ROOT\toolband.xbtb04482
    	10.	HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{01e69986-a054-4c52-abe8-ef63df1c5211}
    
    Hijacker.Qyule
    	11.	HKEY_LOCAL_MACHINE\system\currentcontrolset\services\npf\enum
    
    Win32.Trojan.Agent
    	12.	Window title at key HKEY_CURRENT_USER\software\microsoft\internet explorer\main
    
    Win32.Generic.PWS
    	13.	C:\WINDOWS\system32\sessmgr.exe at key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list
    
    Win32.Trojan.MatrixHasYou
    	14.	C:\WINDOWS\system32\sessmgr.exe at key HKEY_LOCAL_MACHINE\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list
    
    Win32.Winshow
    	15.	:Range at key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range1
    
    FindFM Toolbar
    	16.	HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01E69986-A054-4C52-ABE8-EF63DF1C5211}\iexplore
    	17.	Count at key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01E69986-A054-4C52-ABE8-EF63DF1C5211}\iexplore
    	18.	Type at key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01E69986-A054-4C52-ABE8-EF63DF1C5211}\iexplore
    	19.	Time at key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01E69986-A054-4C52-ABE8-EF63DF1C5211}\iexplore
    
    Tracking cookies
    	20.	steven burn@tacoda[2].txt
    	21.	steven burn@atdmt[2].txt
    	22.	steven burn@adbrite[1].txt
    	23.	steven burn@doubleclick[1].txt
    	24.	steven burn@cams[1].txt
    	25.	steven burn@cms.trafficmp[1].txt
    	26.	steven burn@tripod[1].txt
    	27.	steven burn@www.etracker[1].txt
    	28.	steven burn@apmebf[1].txt
    	29.	steven burn@statse.webtrendslive[2].txt
    	30.	steven burn@adultfriendfinder[2].txt
    	31.	steven burn@bravenet[1].txt
    	32.	steven burn@bs.serving-sys[1].txt
    	33.	steven burn@trafic[1].txt
    	34.	steven burn@mediaplex[1].txt
    	35.	steven burn@ad.yieldmanager[1].txt
    	36.	steven burn@cgi-bin[2].txt
    	37.	steven burn@specificclick[2].txt
    	38.	steven burn@www.burstnet[2].txt
    	39.	steven burn@rambler[1].txt
    	40.	steven burn@advertising[1].txt
    	41.	steven burn@clickbank[1].txt
    	42.	steven burn@serving-sys[1].txt
    	43.	steven burn@statcounter[2].txt
    
    
     
  18. MysteryFCM

    MysteryFCM Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    24
    Location:
    Newcastle, Tyne & Wear
    Oh and, if you want it to "fix" more than 3 things without paying for it, forget it .....
     

    Attached Files:

  19. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
  20. MysteryFCM

    MysteryFCM Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    24
    Location:
    Newcastle, Tyne & Wear
    hehe yep, MB has had it listed for a while :)
     
Loading...
Thread Status:
Not open for further replies.