Bugtraq mailing list archives

Re: security enforcement - new monitor for winnt

From: Liu Die Yu <liudieyuinchina () yahoo com cn>
Date: Tue, 30 Mar 2004 22:34:51 -0800 (PST)

i've downloaded iecontroller and checked the app.

no, they do not do the same thing:
iecontroller can monitor ie's network activities(the "Internet" tab), but winblox can't.
iecontroller can monitor ie's activex(the "ActiveX" tab), but winblox cannot. 
iecontroller is designed for protecting ie(*ie*controller), but winblox is not.
(winblox can monitor all applications which load USER32.DLL)
iecontroller cannot monitor commandline, but winblox can.

of course, i don't expect a single monitor to monitor all things :-P

most importantly, i believe a monitor must have:
console-mode config tool,
text config file,
and log file,
just like all linux daemons(for flexiblity), but iecontroller does not have such features yet.

btw, source code will be published soon.

best wishes,

--- Amir Mohammadkhani-Aminabadi <amir.mohammadkhani () einsurance de> wrote:

Please take a look at:
http://www.heise.de/ct/ftp/projekte/iecontroller/

Its open source and seems to do the same thing.

----- Original Message ----- 
From: "Liu Die Yu" <liudieyuinchina () yahoo com cn>
To: <bugtraq () securityfocus com>
Sent: Tuesday, March 30, 2004 6:34 AM
Subject: security enforcement - new monitor for winnt



i want to stop ie:
writing EXE/CAB/LNK ... files,
calling MSHTA.EXE to parse remote web pages,
accessing files outside "favorites" and cache("content.ie5").

i want to stop WSCRIPT.EXE from parsing files inside TEMP and cache.

i want to stop the system running executable files located in TEMP and

cache.


afaik, i can stop ie 0day exploits by doing these things.

so, i made this:
http://umbrella.name/winblox/
of course, free. and you can define your own rules easily(assuming you

guys know a bit about regular expression).


it's totally a new idea(afaik). so, not for operational uses.



__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html

Current thread:

security enforcement - new monitor for winnt Liu Die Yu (Mar 30)
- Re: security enforcement - new monitor for winnt Amir Mohammadkhani-Aminabadi (Mar 30)
  - Re: security enforcement - new monitor for winnt Liu Die Yu (Mar 31)
- RE: security enforcement - new monitor for winnt Oliver Lavery (Mar 31)
  - RE: security enforcement - new monitor for winnt Liu Die Yu (Mar 31)
- <Possible follow-ups>
- Re: security enforcement - new monitor for winnt http-equiv () excite com (Mar 30)