Can LUA+SRP resist Stuxnet infection?

View previous topic View next topic Go down

Can LUA+SRP resist Stuxnet infection?

Post by flatfly on 1/10/2010, 15:34

Hi SSJ100,

I'm a big fan of the LUA+SRP approach, and I'm one of those guys who really hate running a resident A-V.
However, I'm also rather paranoid, so in the light of the recent Stuxnet outbreak, I would like to hear your opinion - do you still stand by your statement that LUA+SRP is enough to block all known malware, including Stuxnet (note that it uses 4 Windows zero-days including 2 privilege escalations)?

For reference, here's a good summary of what is currently known about Stuxnet on the F-Secure blog:
http://www.f-secure.com/weblog/archives/00002040.html

Thanks!

flatfly
New Member
New Member

Posts : 2
Join date : 2010-10-01

View user profile

Back to top Go down

Re: Can LUA+SRP resist Stuxnet infection?

Post by ssj100 on 1/10/2010, 16:19

Hi flatfly, and welcome to the forums!

To be honest, I don't know for sure. But I'd bet that LUA + SRP can block them all in the real-world and keep a system infection free.

With regards to the LNK exploit, I showed here that SRP blocked it easily:
http://ssj100.fullsubject.com/security-f7/vulnerability-in-windows-shell-could-allow-remote-code-execution-t187.htm#1303

With regards to privilege escalations, I think in theory that LUA + SRP could be bypassed. However, I won't believe it until someone gives me a malware sample or POC to demonstrate such a bypass.

And regardless, for my own setup, the malware would also need to bypass Sandboxie 32-bit to infect my system. In all honesty, I cannot think of a stronger setup than Sandboxie + LUA + SRP.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum