norwegian
Premium
join:2005-02-15
Outback
 ·WestNet Broadband
| reply to Reply 23
Re: Notepad thoughts.
said by Reply 23 :
Not everybody knows about those programs though. Maybe they are intimidated by them and don't want to buy them.
That is why we need to educate, or we will be fixing these computers a week after an fresh install |
|
Reply 23
@telus.net | reply to dannyboy 950
Not everybody knows about those programs though. Maybe they are intimidated by them and don't want to buy them. |
|
dannyboy 950
Premium
join:2002-12-30
Port Arthur, TX | reply to Notepad thoughts
Is this not what programs like system safety monitor; process guard; sandboxie and deep freeze do?
SSM and Process Guard keep it from happening at all. The other 2 kinda do the same thing don't they? |
|
Reply 23
@telus.net
| reply to ZOverLord
So it goes from the cd to Memory, where it is no longer safe.
I think the point is.
Malware is a product that decides what can be dropped from the infected program.
So, Admin should have a greater power than this, and have the tool to decide what gets dropped, not some mistakenly executed .exe malware program. |
|
ZOverLord
Premium
join:2003-10-20
Minneapolis, MN
1 edit | reply to Notepad thoughts
Lets use your concept, and lets use the unofficial .wmf exploit patch as well.
Once your program gets in memory, since Notepad uses User32.dll the unofficial patch will inject itself into your program context, even that it came from a CD.
So nothing it really safe, once it gets into memory to execute, because it can be modified after the fact.
Hope this makes sense.
--
Black, Grey and White Hats Unite here -> »testing.OnlyTheRightAnswers.com |
|
Reply 23
@telus.net
| reply to devicenull
I believe Malware alters the burnt cd version from the hdd version by deciding what can be dropped in the hdd version.
I think a administrator should decide what can be dropped in the above example, not the malware.
There needs to be a tool to help the administrator decide. And it needs to be more effective than the malware at deciding what stays and what's dropped. |
|
devicenull
Premium
join:2002-12-01
Clifton, NJ | reply to Notepad thoughts
You seem to be talking about a program like "Deep Freeze".. it reverts any changes made to your system when you restart. |
|
Notepad thoughts
@telus.net
| reply to Notepad thoughts
For example.
A antivirus goes through it's list and looks through a hard drive. When it see's malware it quarantines it and "Flushes" it. Much like a cookie is flushed. Or history.
The thing I was saying was. Instead of using a antivirus for example. Just get the notepad program to id what can be flushed and do it without the use of the antivirus.
What can fall off the table.
To do this. The program, like notepad. Would need a table that can get things to fall off it, get flushed.
How to do this though. It's like a nat and os are joined. |
|
Notepad thoughts
@telus.net
| reply to atangel
- The cache example was to point out the changed cd copy.
I don't know the exact technical specification terminology that would be affected. I do know the hard drive version would be different from the cd copy. I called this change "cache".
- I understand the malware would restart on reboot. But not if the hard drive copy was formatted to a exact copy of the cd version. To do this would require a flushing of the changes the hard drive copy went through.
I don't know of the possible flushing techniques that could be used, or the best one.
Thanks for the kind reply.  |
|
atangel
Now What??
Premium
join:2002-02-18
Bronx, NY
| reply to Notepad thoughts
said by Notepad thoughts :
- It is my understanding that malware is the misuse of cache.
No. That's one possible use of malware.
What is malware:
»www.microsoft.com/technet/securi···are.mspx
said by Notepad thoughts :
Maybe then. If a ghost can be used to ID Cache and flush it when Your infected. This would fix all pc problems software related. If I take your meaning (and I'm not sure that I do), if you could flush the memory or the cache, the malware would reappear then next time it ran (because of a reboot, or the next time you executed notepad in your example).
said by Notepad thoughts :
- Don't spam my thread.
The mods around here do a pretty good job of keeping things on an even keel. Doesn't mean things don't get heated (what's a lively discussion among friends without some passion?)
Hope this was on target.
--
The reason you think I'm way on the left is cause you're so far to the right
Why I mistrust Zone Labs
Use BBR Search |
|
Notepad thoughts
@telus.net
| - Notepad can be used as an example only.
Say I type program in notepad. And it's a very, very long list. Now I make a cd out of it, I burn it on a cd.
I can then pop it in the cd drive and read it whenever I want.
There's no cache writting on the cd notepad list I made.
- On the other hand. Hard drives are used for cache.
Take that notepad program I made and store it on the hard drive only. Now ADD a malware program that corrupts the notepad program with Malware-Cache.
The result is a infected program.
- It is my understanding that malware is the misuse of cache.
Maybe then. If a ghost can be used to ID Cache and flush it when Your infected. This would fix all pc problems software related.
- Don't spam my thread. |
|
