GentleSecurity's Blog

This OSR tool loads a kernel driver and crashes and reboots the computer in 1sec.

“You say the drivers you develop aren't doing a good enough job of crashing your system and you need a way to force a system crash? Here's that way: BANG! Run BANG.EXE and a dialog box with a big red button reading "Crash Now!" appears. Click the button and... BANG! Or, change your mind and click on the little "Never Mind" button. Somebody's needed to write this utility for years. And who would you expect it to be other than OSR?”

GeSWall successfully prevents system crash by preventing driver start.

Link: http://www.osronline.com/OsrDown.cfm/BANG_v1.zip?name=BANG_v1.zip&id=153

Link: http://www.av-comparatives.org

av-comparatives.org project reported the evaluation results of 16 leading AV products.

Proactive detection against 8,745 pieces of modified malware:
- 12 out of 16 products did not recognized even half of test pieces
- the best result is 58%

On-demand detection against 243,671 pieces of known malware:
- One vendor missed over 90,000 pieces of malware
- 4 out of 16 missed over 10,000 of pieces

So, in order to ensure that at least all known pieces of malware are detected you have to install dozens of AVs :-)

Martin’s Keylogger is a passive keylogger or better to say key listener.
It polls the keyboard queue state in a loop and takes the keys pressed at poll snapshot. While this keylogger may not recognize a letter’s case and misses keys pressed too fast, it doesn’t interact with other system components, doesn’t load DLLs or drivers. This makes Martin’s keylogger usually undetectable by the solutions that aim keylogger prevention.

GeSWall’s access control policy prevents obtaining the keyboard state. Therefore, isolated applications cannot poll the state of pressed letters, digits and special symbols, while can receive non-critical information required for their functionality such as: Ctrl, Alt, arrows, mouse clicks.

Note: Martin’s Keylogger does not require administrative privileges and can log the keys pressed in the current session of any user, even restricted.

Link: http://www.gentlesecurity.com/download.html

The new version is more stable and faster. It has improved application rules engine to meet the performance, extended logging, enhanced support of the Microsoft Office Outlook, Word, Excel and PowerPoint. Now GeSWall blocks silent passive key loggers, e.g. Martin’s keylogger.

Additionally, the version fixes various GeSWall Management Console bugs and introduces GeSWall context button. The button makes easier access to GeSWall options such as restarting an application as non-isolated and customizing isolated window’s look.

There are two options. First, you may restart chosen isolated application as non-isolated by caption context menu.

Note, restart is required because an isolated application can not be merely switched to non-isolated state without security breach.

Second, you can enable pop-up dialogs again by following steps:
1) open GeSWall Console from Programs\GeSWall\GeSWall Console menu of
Start button
2) go to "Applications" folder
3) select the application for which you have disabled pop-up
4) Right button mouse click, properties menu item

5) set "Security Level" from "Trusted, auto-siolation" to Trusted and
press OK.