Malware Defender 2.7.0, EQSysSecure 4.1 process privilege control flaw

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Re: Malware Defender 2.7.0, EQSysSecure 4.1 process privilege control flaw

Post by ssj100 on 21/6/2010, 12:08

Tested Spyshelter Free v4.17 against the POC:


Anyway, the point is that I am very surprised that Malware Defender 2.7.1 (modern HIPS) cannot control this POC's behaviour when so many others can. And the shocking thing is that Xiaolin has possibly abandoned developing Malware Defender any further.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Malware Defender 2.7.0, EQSysSecure 4.1 process privilege control flaw

Post by nick s on 29/7/2010, 10:35

FYI, the recently released MD 2.7.2 beta (http://dl.360safe.com/md_setup_en.exe) is still vulnerable.

nick s
Valued Member
Valued Member

Posts : 14
Join date : 2010-04-18

View user profile

Back to top Go down

Re: Malware Defender 2.7.0, EQSysSecure 4.1 process privilege control flaw

Post by ssj100 on 29/7/2010, 10:36

Wow, thanks nick s - I didn't even know MD 2.7.2 beta had been released. What's the changelog so far?

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Malware Defender 2.7.0, EQSysSecure 4.1 process privilege control flaw

Post by nick s on 29/7/2010, 10:53

ssj100 wrote:What's the changelog so far?
If one exists, I can't find it. The obvious changes are cosmetic: a blue UI theme and a revised toolbar location. Useless stuff.

nick s
Valued Member
Valued Member

Posts : 14
Join date : 2010-04-18

View user profile

Back to top Go down

Re: Malware Defender 2.7.0, EQSysSecure 4.1 process privilege control flaw

Post by arran on 29/7/2010, 14:27

But if you select rule in each app "protect this application from being accessed by other processess" the test poc cannot terminate the process.
avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: Malware Defender 2.7.0, EQSysSecure 4.1 process privilege control flaw

Post by ssj100 on 29/7/2010, 14:41

arran wrote:But if you select rule in each app "protect this application from being accessed by other processess" the test poc cannot terminate the process.

Wasn't it you who said it won't work for Windows processes?

EDIT: yes, I just tested it myself (2.7.2 Beta). Strangely, processes from C:\Windows are not protected by that method. For example, you can test it against notepad.exe (which is inside the C:\Windows folder) - the POC can still terminate it. However, if you move notepad.exe on to the desktop, and configure MD to protect that, the POC won't be able to terminate it. I'm fairly sure this is a bug, although it could be intentional?

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Malware Defender 2.7.0, EQSysSecure 4.1 process privilege control flaw

Post by Sponsored content


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum