OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [Full-disclosure] Want to test this desktop barrier?, (Unauthorized offer) 0day protection

From: Dan Renner (danlosangelescomputerhelp.com)
Date: Thu Jun 08 2006 - 12:32:51 CDT


This is definitely has more luxury features, but couldn't you do pretty
much the same with MSDN's DROPMYRIGHTS program?

It runs {whatever} program as a guest user, effectively dropping the
capabilities of that program to do nefarious things.

----------------------------------

Sincerely,

Dan Renner
President
Los Angeles Computerhelp
http://losangelescomputerhelp.com
818.352.8700

full-disclosure-requestlists.grok.org.uk wrote:

> Message: 9
>
>Date: Thu, 8 Jun 2006 10:14:21 -0700
>From: "Bill Stout" <bill.stoutgreenborder.com>
>Subject: [Full-disclosure] Want to test this desktop barrier?
> (Unauthorized offer) 0day protection
>To: <full-disclosurelists.grok.org.uk>
>Message-ID:
> <1FA45C2E5F2E4B46967415DA3A804FE83C3A1Cmail.greenborder.com>
>Content-Type: text/plain; charset="us-ascii"
>
>Hello All,
>
>We have an early release of consumer desktop safety software that I'd
>like some feedback on.
>
>http://www.greenborder.com/earlyaccess/
>
>Our software runs on XP SP2, and creates an application-level virtual
>environment primarily (for now) for Internet Explorer. This prevents
>modification of the base system by any content in the virtual
>environment. We refer to the virtual environment as 'x-space', or
>'within GreenBorder'. We apply access control from the virtual
>environment to; the filesystem, registry, user shell, COM objects, and
>system calls.
>
>Although only Internet Explorer and applications which open downloaded
>attachments are supported, other applications can be launched in the
>GreenBorder environment. Any processes running or temporary files or
>temporary registry entries are wiped from the virtual environment by an
>application reset. Files can be saved to a specific directory only, and
>applications in this environment are prevented from reading files
>outside this one directory (applies confidentiality).
>
>We don't determine what application running in the virtual environment
>is malicious or not, so therefore this is not a replacement for
>signature based protection systems. Most anything can run in the
>environment, it just can't modify local resources. This is great
>protection for 0-day exploits, and lets administrators wait to apply
>patches off-hours.
>
>Hammer on our software by running malware of your choice in the software
>environment. Please email me or the marketing email of your results.
>If you're running intensive tests, I would still recommend using a
>scratch system.
>
>We also have an enterprise version which uses a central whitelist to
>determine in which environment to open a site requested or Outlook
>message received.
>
>Bill Stout
>www.greenborder.com
>
>
>Appended below is our marketing spiel:
>
>
>
>"We are very pleased to give you special, early access to GreenBorder
>Pro, the new consumer edition of our patented enterprise technology
>(that's already protecting thousands of users in some of the most
>demanding environments).
>
>With GreenBorder Pro, NOTHING CAN BREAK INTO YOUR PC from the Web. You
>can:
> * Search & browse ANY website-without putting your PC, files or
>private
> identity data at risk (or leaving any trace on your PC of where you
>have been :)
> * Shop & bank in privacy-without anything spying on your personal
>info,
> bank account and credit card numbers, passwords or online
>transactions
> * Use any downloads-without worrying about anything nasty hidden
>inside
>Simply click on the link below to get to the GreenBorder Pro VIP page.
>There, you can see a guided tour, learn about the software, and download
>your own copy. Here is a special VIP license key to copy & paste when
>you install:
>
>34422VS222222222222279429422K44W
>Click here to get GreenBorder Pro
><http://www.greenborder.com/earlyaccess>
>
>We would greatly appreciate any comments or suggestions you might have
>along the way. Just email us at vipgreenborder.com or click on the
>GreenBorder icon and select Contact Customer Support in the software
>itself!"
>
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060608/e9340292/attachment.html
>
>------------------------------
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>End of Full-Disclosure Digest, Vol 16, Issue 16
>***********************************************
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/