New 64-bit root-kit gave me an idea...

Ideas for enhancements to the software
tonecool
Posts: 53
Joined: Tue Feb 24, 2009 12:57 pm

Post by tonecool » Sun Sep 19, 2010 11:21 am

D1G1T@L wrote: @ tonecool -
Yes I am sure about this statement, but since you are questioning it, I was wondering if you have an opinion or knowledge to the contrary. If thts the case then feel free to contribute them to this thread.
I'm questioning this because if that's true, this is indeed a great idea. I know that some (maybe similar) technique is used by win7 activator and M$ can't do anything about that either. You can install any win7 version as OEM and it passes win genuine without any problems.

subset
Posts: 18
Joined: Thu Jun 05, 2008 8:21 pm
Location: Austria

Post by subset » Sun Sep 19, 2010 7:50 pm

D1G1T@L wrote:Subset, your post is irrelevant on so many levels, no offence.
Never mind, usually my posts are deleted after a few days anyway.

Cheers

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Tue Sep 21, 2010 7:35 am

subset wrote:Never mind, usually my posts are deleted after a few days anyway
:?:
tzuk

subset
Posts: 18
Joined: Thu Jun 05, 2008 8:21 pm
Location: Austria

Post by subset » Tue Sep 21, 2010 9:05 am

tzuk wrote: :?:
It was meant as a joke about the removed posts in the Translation area, nothing serious, just to soothe the waters.
But that was another flop.

Cheers

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Tue Sep 21, 2010 11:09 am

Right, well, as long as it's clear that I'm not persecuting you personally ... :)
tzuk

pinkyyyy

ms security certificates

Post by pinkyyyy » Sat Oct 09, 2010 9:58 am

@tzuk

why you did not receive security certificates from microsoft to bypass patchguard? with these certificates sandboxie can run with full ring0 access...

many vendor like agnitum ,kaspersky and so on has for their Programs Microsofts Certificates...

ask microsoft to receive your own certificate =)

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Sat Oct 09, 2010 6:19 pm

pinkyyyy wrote:why you did not receive security certificates from microsoft to bypass patchguard?
This is what one might call a loaded question. There's no such thing as a certificate to bypass PatchGuard, and that kinda gets in the way of actually getting such a certificate.
tzuk

j0pp3
Posts: 1
Joined: Mon Jan 24, 2011 9:03 am

Post by j0pp3 » Mon Jan 24, 2011 9:13 am

tzuk wrote:Legitimate software can't afford to do something like that. How would it look like if Sandboxie did that and then some rootkit scanner started warning you that your system has been compromised most likely by a rootkit. Well, I can tell you, it wouldn't look good for Sandboxie. :)
I totally agree with you tzuk.

Don't you other guys remember what happened when SONY tried using legitimate root kits? Then google it. I'm one of those who still has that in mind when reading about this idea.

Oneder
Posts: 364
Joined: Tue Aug 30, 2005 8:19 am
Location: Perth,West Oz

Re: New 64-bit root-kit gave me an idea...

Post by Oneder » Sun Jan 30, 2011 7:18 pm

securityphreak wrote:There are now root-kits that hi-jack the Master Boot record in order to load their drivers into windows, and hide themselves.
You could have a look at MBRguard for 32 bit installs?
http://www.blueridgenetworks.com/suppor ... bguard.php

Tested against Seftad Ransomware sample and MBRguard protects.
http://windows7forums.com/security-zone ... ecord.html
Hunting the Hunter!

kNOLOGY

Post by kNOLOGY » Sun Jan 30, 2011 9:04 pm

Sandboxie already protects the MBR oneder...

Oneder
Posts: 364
Joined: Tue Aug 30, 2005 8:19 am
Location: Perth,West Oz

Post by Oneder » Sun Jan 30, 2011 9:52 pm

kNOLOGY wrote:Sandboxie already protects the MBR oneder...
Sandboxie protects against everything that I have thrown at it and yes I should of stated that the Seftad Ransomware sample is contained if run sandboxed.

MBRguard could be a usefull install where the user is too lazy to use a decent security app like Sandboxie.
Hunting the Hunter!

Superguest

Post by Superguest » Sun Feb 27, 2011 11:38 pm

The only problem that happened when Sony tried to use their rootkits is that they didn't tell people that they were using them. Actually, know that I think about it, I can think of a few more problems. One, it was badly written. I trust tzuk to write code, considering I'm trusting him with my system! I would hope he could do better (as in, not hide any file that starts with $sys$, for instance). Second, they didn't offer an option for users not to install it. If you didn't install the rootkit, the average user wasn't able to play the music on the disk.

Sure, you could say, "But, they had to tell you what they were doing in the EULA, that they DID present to users, and the USERS did click "I Accept"." My idea of this is, hey, you are probably security minded. Do YOU read through those EULAs? Didn't think so. Do you think you could understand the roundabout, legalize way that they would put, quite simply, "We're going to put a rootkit on your system so that we can know if you are copying our music?" Didn't think so. I like this idea. It's a little old now, but, hey, I think it could work. Please, tzuk, we need it!

warwagon
Posts: 34
Joined: Sun Jun 03, 2007 4:32 pm

Post by warwagon » Mon May 02, 2011 10:25 pm

I totally under stand where the developer is coming from. If Sandboxie was being detected as malware / rootkit would create a bad reputation pretty fast. Although, if the feature was never on by default and more of an Opt in, that would be something different. Everyone who would turn the feature on, even if they knew would they were doing would be prompted with a box that looks like this. (yes I was bored) :)

Image

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Tue May 03, 2011 8:25 am

You're a little late to the party warwagon. Version 3.55 already has improved protection for 64-bit.

http://www.sandboxie.com/phpbb/viewtopic.php?t=10201
tzuk

Post Reply

Who is online

Users browsing this forum: Google [Bot] and 4 guests