Notepad thoughts. in Security

Notepad thoughts. in Security http://www.dslreports.com/forum/r15155301 en Sat, 05 Dec 2009 08:46:51 EDT Sat, 05 Dec 2009 08:46:51 EDT Re: Notepad thoughts. http://www.dslreports.com/forum/remark,15174363 norwegian :

said by Reply 23 :

Not everybody knows about those programs though. Maybe they are intimidated by them and don't want to buy them.

That is why we need to educate, or we will be fixing these computers a week after an fresh install]]> http://www.dslreports.com/forum/remark,15174363 Thu, 05 Jan 2006 04:03:00 EDT Re: Notepad thoughts. http://www.dslreports.com/forum/remark,15172659 anon : Not everybody knows about those programs though. Maybe they are intimidated by them and don't want to buy them.]]> http://www.dslreports.com/forum/remark,15172659 Wed, 04 Jan 2006 22:39:18 EDT Re: Notepad thoughts. http://www.dslreports.com/forum/remark,15172574 dannyboy 950 : Is this not what programs like system safety monitor; process guard; sandboxie and deep freeze do?

SSM and Process Guard keep it from happening at all. The other 2 kinda do the same thing don't they?]]> http://www.dslreports.com/forum/remark,15172574 Wed, 04 Jan 2006 22:23:13 EDT Re: Notepad thoughts. http://www.dslreports.com/forum/remark,15172469 anon : So it goes from the cd to Memory, where it is no longer safe.

I think the point is.
Malware is a product that decides what can be dropped from the infected program.
So, Admin should have a greater power than this, and have the tool to decide what gets dropped, not some mistakenly executed .exe malware program.]]> http://www.dslreports.com/forum/remark,15172469 Wed, 04 Jan 2006 22:13:17 EDT Re: Notepad thoughts. http://www.dslreports.com/forum/remark,15172384 ZOverLord : Lets use your concept, and lets use the unofficial .wmf exploit patch as well.

Once your program gets in memory, since Notepad uses User32.dll the unofficial patch will inject itself into your program context, even that it came from a CD.

So nothing it really safe, once it gets into memory to execute, because it can be modified after the fact.

Hope this makes sense.
--
Black, Grey and White Hats Unite here -> »testing.OnlyTheRightAnswers.com]]> http://www.dslreports.com/forum/remark,15172384 Wed, 04 Jan 2006 22:01:46 EDT Re: Notepad thoughts. http://www.dslreports.com/forum/remark,15172322 anon : I believe Malware alters the burnt cd version from the hdd version by deciding what can be dropped in the hdd version.

I think a administrator should decide what can be dropped in the above example, not the malware.

There needs to be a tool to help the administrator decide. And it needs to be more effective than the malware at deciding what stays and what's dropped.]]> http://www.dslreports.com/forum/remark,15172322 Wed, 04 Jan 2006 21:55:53 EDT Re: Notepad thoughts. http://www.dslreports.com/forum/remark,15156544 devicenull : You seem to be talking about a program like "Deep Freeze".. it reverts any changes made to your system when you restart.]]> http://www.dslreports.com/forum/remark,15156544 Mon, 02 Jan 2006 23:07:55 EDT Re: Notepad thoughts. http://www.dslreports.com/forum/remark,15156055 anon : For example.

A antivirus goes through it's list and looks through a hard drive. When it see's malware it quarantines it and "Flushes" it. Much like a cookie is flushed. Or history.

The thing I was saying was. Instead of using a antivirus for example. Just get the notepad program to id what can be flushed and do it without the use of the antivirus.
What can fall off the table.

To do this. The program, like notepad. Would need a table that can get things to fall off it, get flushed.

How to do this though. It's like a nat and os are joined.]]> http://www.dslreports.com/forum/remark,15156055 Mon, 02 Jan 2006 21:59:22 EDT Re: Notepad thoughts. http://www.dslreports.com/forum/remark,15155874 anon : - The cache example was to point out the changed cd copy.

I don't know the exact technical specification terminology that would be affected. I do know the hard drive version would be different from the cd copy. I called this change "cache".

- I understand the malware would restart on reboot. But not if the hard drive copy was formatted to a exact copy of the cd version. To do this would require a flushing of the changes the hard drive copy went through.
I don't know of the possible flushing techniques that could be used, or the best one.

Thanks for the kind reply. :D]]> http://www.dslreports.com/forum/remark,15155874 Mon, 02 Jan 2006 21:34:42 EDT Re: Notepad thoughts. http://www.dslreports.com/forum/remark,15155547 atangel :

said by Notepad thoughts :

- It is my understanding that malware is the misuse of cache.

No. That's one possible use of malware.

What is malware:
»www.microsoft.com/technet/securi···are.mspx

said by Notepad thoughts :

Maybe then. If a ghost can be used to ID Cache and flush it when Your infected. This would fix all pc problems software related.

If I take your meaning (and I'm not sure that I do), if you could flush the memory or the cache, the malware would reappear then next time it ran (because of a reboot, or the next time you executed notepad in your example).

said by Notepad thoughts :

- Don't spam my thread.

The mods around here do a pretty good job of keeping things on an even keel. Doesn't mean things don't get heated (what's a lively discussion among friends without some passion?)

Hope this was on target.
--
The reason you think I'm way on the left is cause you're so far to the right
Why I mistrust Zone Labs
Use BBR Search]]> http://www.dslreports.com/forum/remark,15155547 Mon, 02 Jan 2006 20:46:29 EDT Notepad thoughts. http://www.dslreports.com/forum/remark,15155301 anon : - Notepad can be used as an example only.

Say I type program in notepad. And it's a very, very long list. Now I make a cd out of it, I burn it on a cd.

I can then pop it in the cd drive and read it whenever I want.
There's no cache writting on the cd notepad list I made.

- On the other hand. Hard drives are used for cache.

Take that notepad program I made and store it on the hard drive only. Now ADD a malware program that corrupts the notepad program with Malware-Cache.
The result is a infected program.

- It is my understanding that malware is the misuse of cache.

Maybe then. If a ghost can be used to ID Cache and flush it when Your infected. This would fix all pc problems software related.

- Don't spam my thread. ]]> http://www.dslreports.com/forum/remark,15155301 Mon, 02 Jan 2006 20:14:54 EDT