Btw, there is some discussion going on about malware that is actually able to recognize if it runs in a sandbox or not, this way it can try to act legit or will refuse to run at all. But I can also see advantages, for example, if a tool won´t run sandboxed, this might be an indication that something is wrong.
And what if SBIE could actually monitor the possible dangerous behavior that a process tries to invoke (just like GeSwall)? Of course it would stay quite when "sandbox aware" malware will run, but your HIPS will not stay quite when the malware runs on your real machine! This way you would immediately know that it´s most likely to be malicious.
SnDPhoenix wrote:Ok then yeah, I guess it's a good idea, though I could think of other uses for that!
For example, GeSwall (a sandbox who sucks *ss IMO) has got an "attack detection" feature.
Rashbleed wrote:Ok then yeah, I guess it's a good idea, though I could think of other uses for that!
Can you explain? What other uses?
If I am not mistaken, didn't GesWall go out of development?
Well if I told you, I'd have to kill you!
Rasheed187 wrote:No, they just recently (a month ago or so) launched a new version, but this app has never worked for me, and IMO the concept sucks.
Rasheed187 wrote:Well if I told you, I'd have to kill you!
Well, I guess I will have to take the risk, but no seriously, what do you mean?
Users browsing this forum: No registered users and 1 guest