Advanced Process Manipulations

11/23/06 Posted by geswall

DiamondCS's Advanced Process Manipulations (APM) is an advanced process/module viewer and manipulation utility that allows flexible control over target processes.

GeSWall blocks all operations with the processes from within isolated APM

Link: http://www.diamondcs.com.au/downloads/apm.exe

Posted in GeSWall's Security Tests

RegHide

11/12/06 Posted by geswall

Link: http://www.sysinternals.com/files/reghide.zip

RegHide demonstrates how the Native API can be used to create object names that are inaccessible from the Win32 API. While there are many different ways to do this, the method used here it to include a terminating NULL that is explicitly made part of the key name. There is no way to describe this with the Win32 API, which treats a NULL as the end of the name string and will therefore chop it. Thus, Regedit and Regedt32 won't be able to access this key, though it will be visible

GeSWall prevents creation of this key if RegHide running isolated.

Link: http://www.sysinternals.com/files/reghide.zip

Posted in GeSWall's Security Tests

AV-comparatives evaluates GeSWall’s security engine

11/01/06 Posted by geswall

Link: http://www.av-comparatives.org

AV-comparatives evaluated GeSWall’s security engine as a part of “Comparative of various protection tools” report. The evaluation based on execution of 40 real malware samples, which have to be blocked by evaluated products. GeSWall access control policy effectively prevented damage to the system in all tests. Note that report focuses only on ability of products to block malicious actions without taking in account other parameters such as usability.

Posted in Announces, GeSWall's Security Tests

STDRestore

10/08/06 Posted by geswall

Link: http://www.security.org.sg/code/sdtrestore.html

STDRestore is a tool that demonstrates the possibility of defeating rootkits by removing Kernel Native APIs hooks and restoring the ServiceTable entries back to their original state. The similar technique can be used by rootkits as well.

Isolated STDResource have not enough privileges to access physical memory device in order to modify Service Table.

Link: http://www.security.org.sg/code/sdtrestore.html

Posted in GeSWall's Security Tests, Rootkits

OSR Driver Loader

09/03/06 Posted by geswall

The OSR Driver Loader is a program, which allows Device Driver developers an easy way to register, unregister, start, and stop their Device Driver.

GeSWall prevents a driver installation by blocking access to Service Control Manager

Link: http://www.osronline.com/section.cfm?section=27

Posted in GeSWall's Security Tests, Rootkits

<< 1 2 3 4 5 6 >>