Full Disclosure mailing list archives
Re: Avast Antivirus
From: xD 0x41 <secn3t () gmail com>
Date: Fri, 20 Jan 2012 07:47:03 +1100
Here is your post taken from the forum, it was not really taken to well....but, nomatter, im just stating the facts as i see them, and hope you understand this, but, i also giving you the chance to please try a real sandboxie, then load some bot.exe into it, and watch what it does... would maybe explain abit better what a sandbox is about. [..] Then I just wondered: What is that SafeZone and how does it work? I opened Process Explorer and noticed, that the processes run under the same user account o.O I tried some simple dll-injection into the browser and the first attempt worked. This really made me laugh. <--- this is standard for a sandbox, try SandBoxie,it is abit neater for a sandbox, and maybe what your after When I tried to save some screenshots I noticed that the file is created but empty afterwards, when I place it on the system drive. But saving to another drive was no problem at all. Could you please tell me what this feature is supposed to prevent? Re: Safezone vs DllInjection
From what I read and already used, SAFEZONE BROWSER is a Google
browser without toolbars that can access your info. Nothing else. Nothing goes from out into but you can go from in to out,so that's why they call it safezone. What's a dll injection and how do you do it? Yes, dude they wont bother todo anything because thats actually what you 'can' do in the safezone, is inject a dll, and then yes, it should showup virtually tho, not actually running on your main box right... coz, it is injection INTO the sandbox....when you use say, SandBoxie for example, you would load the app up and, simply right-click on any file and open within sandboxie, then, you can watch it drop and dump a million exes, thats exactly what it is supposed to be doing, is not letting this oout. now, if your saying you injected, into the AV dll itself, wich, i see nothing here of, then there would be a vuln, wich would eed attending, but, your injecting into this safezone, wich is, what nearly every AV nowdays comes with,simply a processkiller/sandbox, so in some cases, it can be of use to you in making sure your safe,... anyhow, seems like, normal functioning sandbox to me, you should have this powers to inject anything into it, and, then trace that ll you injected. Cheers dude..hope you have a good time playing with sandbox, dirtying them is definately fun :) drew On 19 January 2012 22:04, Juergen Schmidt <ju () ct de> wrote:
On Tue, 17 Jan 2012, Floste wrote:Hello, Avast Antivirus also comes with sandbox and a "SafeZone". But both can be circumvented using simple dll-injection and they seem to do nothing about it: http://forum.avast.com/index.php?topic=82291.0 Maybe this post here will encourage them to fix it.In my understanding a sandbox is not supposed to prevent you from getting in from the outside but from escaping from the inside. So if a sandboxed process injects a DLL in say a running IE process outside -- then we are talking about vulns bye, ju -- Juergen Schmidt Chefredakteur heise Security www.heisec.de Heise Zeitschriften Verlag, Karl-Wiechert-Allee 10 , D-30625 Hannover Tel. +49 511 5352 300 FAX +49 511 5352 417 EMail ju () heisec de GPG-Key: 0x38EA4970, 5D7B 476D 84D5 94FF E7C5 67BE F895 0A18 38EA 4970 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Avast Antivirus Floste (Jan 18)
- Re: Avast Antivirus Dan Kaminsky (Jan 18)
- Re: Avast Antivirus Juergen Schmidt (Jan 19)
- Re: Avast Antivirus xD 0x41 (Jan 19)
- Re: Avast Antivirus Floste (Jan 20)
- Re: Avast Antivirus Valdis . Kletnieks (Jan 20)
- Re: Avast Antivirus Jeffrey Walton (Jan 20)