Sudown experiences anyone?

Great Thx Cerxes

 

Hi All

Read with interest your comments first time I heard about SUDown.

I use DropMyRights on Firefox & T/Bird etc how does it differ from SUDown is SUDown better if so how?

Do I need it I use Sandboxie and Comodo V3?

Thanks for your help

Terry

 

Hello Everybody,

Although, a little bit off topic, Ilya has informed me that DefenseWall protects against malware that makes changes to NTFS access permissions as described by solcroft in post's #5 and #12 of this thread.


Peace & Gratitude,

CogitoErgoSum

 

If you're not one of the afore-mentioned people who run multiple HIPS + dozens of scanners + miscellaneous utilities on your machines, then I might be inclined to believe you.

 

So you´re saying that none of the HIPS will alert you if malware tries to modify NTFS access permissions? Isn´t this probably some setting in the registry? Btw, a bit OT, but Neoava Guard guards against "creating of new Windows accounts", I just wonder, how can this be used by malware?

What I meant is that what if you trust a tool and you decide to give it admin rights? Then it will still be able to do any damage, not? Of course the fact that a tool needs to have admin rights, for no good reason, is already suspicious. However, LUA will never tell you why a tool needs to have admin rights. That´s why I always rely on my HIPS.

Nice to know, I wonder if other sandboxes also protect against this, but I´m not sure how to test this.

 

Old topic bump.

Just wanted to say I've had a very pleasant surprise while testing some malware earlier: ThreatFire now blocks this kind of attack.

Kudos to the team. Now, if only they'd tackle that string of Pcclient backdoors...

 

Solcroft, I´ve PM'ed you twice, did you receive them?

 

Pcclient backdoors? A family of RATs?