Re: [Full-disclosure] Want to test this desktop barrier?, (Unauthorized offer) 0day protection
Dick, err Bill, odd product you have... anything i tried to run via GreenBorder simply, how do I say this... DID NOT RUN PERIOD. I am amazed at the effectiveness of your product, it's great! I was fully protected from not being able to do anything at all with your product, simply amazing. When I tried to run Internet Explorer, it simply would not run!!! I was obviously fully protected from all threats, again Dick, err Bill, big props to your Product! Now, being one that just has to back up my security product research, I uninstalled your product to compare my computer use and Internet browsing without your Product's protection. After a reboot see now that my HTML icons are now back with that blue "e", not that BIG GREEN SQUARE THINGIE, ( an obvious sign of not being protected ) although I can actually open them now, as well Internet Explorer itself now opens ( I think I'm at rick now huh? ) In my opinion this Product is effective, or not, depending on you Marketing stance and spammimg of security lists touting a questionable product, that offers nothing that I can see of value. cheers, MW ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Want to test this desktop barrier?, (Unauthorized offer) 0day protection
Hi Dan, There's a couple of ways it differs. 1. Programs running in DROPMYRIGHTS and RunAs can still access files and directories to which 'everyone' has access. It's not common for someone to check rights of every single directory in a computer to check who has access to what. A virtualized environment controls what directories the environment has access to, to prevent dropping files in unwanted areas, and to prevent reading confidential data from files. For example; MS-Word launched in the virtualized space to open a download shouldn't be able to open files in 'My Documents'. 2. DROPMYRIGHTS and RunAs exclude membership of the lowered user from known privileged user groups, but not custom privileged user groups. For example; you may have created a new group for backup (backup_exec), and since that new group is not a known privileged group, membership of the lowered user of that group is ignored. See tables in: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/ html/secure11152004.asp 3. Changing the access permissions of a program to certain resources often causes the program to crash. It's a problem if the only permissions available are read/write/modify/delete/enumerate, and it's undesirable to write or modify a value, and a program has to write or modify a value to run. For usability reasons, effectively having a 'virtualize' permission is useful. This way only a copy of the value or a temporary value is changed, which permits the program to run without crashingin a controlled environment. This virtualization can be done for filesystem and registry, but also system calls and COM can be virtualized (spoofed) to the virtual environment. HTH Bill Stout -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Renner Sent: Thursday, June 08, 2006 10:33 AM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Want to test this desktop barrier?,(Unauthorized offer) 0day protection This is definitely has more luxury features, but couldn't you do pretty much the same with MSDN's DROPMYRIGHTS program? It runs {whatever} program as a guest user, effectively dropping the capabilities of that program to do nefarious things. -- Sincerely, Dan Renner President Los Angeles Computerhelp http://losangelescomputerhelp.com 818.352.8700 [EMAIL PROTECTED] wrote: > Message: 9 > >Date: Thu, 8 Jun 2006 10:14:21 -0700 >From: "Bill Stout" <[EMAIL PROTECTED]> >Subject: [Full-disclosure] Want to test this desktop barrier? > (Unauthorized offer) 0day protection >To: >Message-ID: > <[EMAIL PROTECTED]> >Content-Type: text/plain; charset="us-ascii" > >Hello All, > >We have an early release of consumer desktop safety software that I'd >like some feedback on. > >http://www.greenborder.com/earlyaccess/ > >Our software runs on XP SP2, and creates an application-level virtual >environment primarily (for now) for Internet Explorer. This prevents >modification of the base system by any content in the virtual >environment. We refer to the virtual environment as 'x-space', or >'within GreenBorder'. We apply access control from the virtual >environment to; the filesystem, registry, user shell, COM objects, and >system calls. > >Although only Internet Explorer and applications which open downloaded >attachments are supported, other applications can be launched in the >GreenBorder environment. Any processes running or temporary files or >temporary registry entries are wiped from the virtual environment by an >application reset. Files can be saved to a specific directory only, and >applications in this environment are prevented from reading files >outside this one directory (applies confidentiality). > >We don't determine what application running in the virtual environment >is malicious or not, so therefore this is not a replacement for >signature based protection systems. Most anything can run in the >environment, it just can't modify local resources. This is great >protection for 0-day exploits, and lets administrators wait to apply >patches off-hours. > >Hammer on our software by running malware of your choice in the software >environment. Please email me or the marketing email of your results. >If you're running intensive tests, I would still recommend using a >scratch system. > >We also have an enterprise version which uses a central whitelist to >determine in which environment to open a site requested or Outlook >message received. > >Bill Stout >www.greenborder.com > > >Appended below is our marketing spiel: > > > >"We are very pleased to give you special, early acce
Re: [Full-disclosure] Want to test this desktop barrier?, (Unauthorized offer) 0day protection
It's very light on the machine, does not slows down the browser. It also gives acess to clipboard and other features outside the sandbox. The site claims it works with Internet explorer, and it's their default browser, but I opened Firefox, browsed around a little, changed a lot of configurations, and it returned to the previous state after I finished the session. I'm starting to enjoy the red border around GreenBorder's daltonic programmers fine piece of software. :):):) On Fri, 9 Jun 2006 16:23:16 -0700 "Christian Swartzbaugh" <[EMAIL PROTECTED]> wrote: CS> Dan, CS> Sure both methods will prevent many viri from taking over your CS> computer, but notice there is a major difference. You obviously have CS> not used a limited account before because usually software developed CS> for Windows will require some configuration or settings change in CS> order to correctly function under a limited account, with a few CS> notable exceptions. This instead claims to create a sandbox where the CS> functionality of an Administrator account is preserved without the CS> harmful effects by using a virtual type of environment that is CS> separate. CS> CS> I haven't used the software, but from the summary, that seems to be CS> what was intended. Correct me if otherwise. CS> CS> feofil CS> CS> CS> CS> CS> On 6/8/06, Dan Renner <[EMAIL PROTECTED]> wrote: CS> > This is definitely has more luxury features, but couldn't you do pretty CS> > much the same with MSDN's DROPMYRIGHTS program? CS> > CS> > It runs {whatever} program as a guest user, effectively dropping the CS> > capabilities of that program to do nefarious things. CS> > CS> > -- CS> > CS> > Sincerely, CS> > CS> > Dan Renner CS> > President CS> > Los Angeles Computerhelp CS> > http://losangelescomputerhelp.com CS> > 818.352.8700 CS> CS> ___ CS> Full-Disclosure - We believe in it. CS> Charter: http://lists.grok.org.uk/full-disclosure-charter.html CS> Hosted and sponsored by Secunia - http://secunia.com/ CS> Allgemeinen Anschulterlaubnis Cardoso <[EMAIL PROTECTED]> - SkypeIn: (11) 3711-2466 / (41) 3941-5299 vida digital: http://www.contraditorium.com site pessoal e blog: http://www.carloscardoso.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Want to test this desktop barrier?, (Unauthorized offer) 0day protection
Dan, Sure both methods will prevent many viri from taking over your computer, but notice there is a major difference. You obviously have not used a limited account before because usually software developed for Windows will require some configuration or settings change in order to correctly function under a limited account, with a few notable exceptions. This instead claims to create a sandbox where the functionality of an Administrator account is preserved without the harmful effects by using a virtual type of environment that is separate. I haven't used the software, but from the summary, that seems to be what was intended. Correct me if otherwise. feofil On 6/8/06, Dan Renner <[EMAIL PROTECTED]> wrote: This is definitely has more luxury features, but couldn't you do pretty much the same with MSDN's DROPMYRIGHTS program? It runs {whatever} program as a guest user, effectively dropping the capabilities of that program to do nefarious things. -- Sincerely, Dan Renner President Los Angeles Computerhelp http://losangelescomputerhelp.com 818.352.8700 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Want to test this desktop barrier?, (Unauthorized offer) 0day protection
This is definitely has more luxury features, but couldn't you do pretty much the same with MSDN's DROPMYRIGHTS program? It runs {whatever} program as a guest user, effectively dropping the capabilities of that program to do nefarious things. -- Sincerely, Dan Renner President Los Angeles Computerhelp http://losangelescomputerhelp.com 818.352.8700 [EMAIL PROTECTED] wrote: Message: 9 Date: Thu, 8 Jun 2006 10:14:21 -0700 From: "Bill Stout" <[EMAIL PROTECTED]> Subject: [Full-disclosure] Want to test this desktop barrier? (Unauthorized offer) 0day protection To: Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" Hello All, We have an early release of consumer desktop safety software that I'd like some feedback on. http://www.greenborder.com/earlyaccess/ Our software runs on XP SP2, and creates an application-level virtual environment primarily (for now) for Internet Explorer. This prevents modification of the base system by any content in the virtual environment. We refer to the virtual environment as 'x-space', or 'within GreenBorder'. We apply access control from the virtual environment to; the filesystem, registry, user shell, COM objects, and system calls. Although only Internet Explorer and applications which open downloaded attachments are supported, other applications can be launched in the GreenBorder environment. Any processes running or temporary files or temporary registry entries are wiped from the virtual environment by an application reset. Files can be saved to a specific directory only, and applications in this environment are prevented from reading files outside this one directory (applies confidentiality). We don't determine what application running in the virtual environment is malicious or not, so therefore this is not a replacement for signature based protection systems. Most anything can run in the environment, it just can't modify local resources. This is great protection for 0-day exploits, and lets administrators wait to apply patches off-hours. Hammer on our software by running malware of your choice in the software environment. Please email me or the marketing email of your results. If you're running intensive tests, I would still recommend using a scratch system. We also have an enterprise version which uses a central whitelist to determine in which environment to open a site requested or Outlook message received. Bill Stout www.greenborder.com Appended below is our marketing spiel: "We are very pleased to give you special, early access to GreenBorder Pro, the new consumer edition of our patented enterprise technology (that's already protecting thousands of users in some of the most demanding environments). With GreenBorder Pro, NOTHING CAN BREAK INTO YOUR PC from the Web. You can: * Search & browse ANY website-without putting your PC, files or private identity data at risk (or leaving any trace on your PC of where you have been :) * Shop & bank in privacy-without anything spying on your personal info, bank account and credit card numbers, passwords or online transactions * Use any downloads-without worrying about anything nasty hidden inside Simply click on the link below to get to the GreenBorder Pro VIP page. There, you can see a guided tour, learn about the software, and download your own copy. Here is a special VIP license key to copy & paste when you install: 34422VS279429422K44W Click here to get GreenBorder Pro <http://www.greenborder.com/earlyaccess> We would greatly appreciate any comments or suggestions you might have along the way. Just email us at [EMAIL PROTECTED] or click on the GreenBorder icon and select Contact Customer Support in the software itself!" -- next part -- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060608/e9340292/attachment.html -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ End of Full-Disclosure Digest, Vol 16, Issue 16 *** ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Want to test this desktop barrier? (Unauthorized offer) 0day protection
chroot for windows :P good stuff. On Thu, 2006-06-08 at 10:14 -0700, Bill Stout wrote: > >34422VS279429422K44W ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Want to test this desktop barrier? (Unauthorized offer) 0day protection
<> Hi Thierry, It is conceptually different than AV or AS products, which is which is why I fall back to analogies. Even experienced security folk automatically categorize something new with existing products, and presuppose there is nothing new under the sun. If you generally categorize anything that does virtualization as a sandbox, then it's a sandbox. I mean, some people consider virtual machines a way to create a sandbox. Wikipedia does. Personally I think running VMware or Virtual PC just to run a browser securely is way too intrusive for the average user. So to avoid the user experience of booting a virtual OS, why not create a virtual application instance that can't contaminate the computer? I say that like it's easy, but it requires kernel knowledge to develop. Otherwise you only virtualize a few directories and some registry entries, and are exposed to attacks which leverage system calls, COM objects, User Shell, etc.. I believe this list is read by some of the best and most aggressive hackers that exist, and this is the best place to expose a new security product. I am interested in what the list has to say. Bill Stout _ From: Thierry Zoller [mailto:[EMAIL PROTECTED] Sent: Thursday, June 08, 2006 3:04 PM To: Bill Stout Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Want to test this desktop barrier? (Unauthorized offer) 0day protection Dear Bill Stout, Your are posting to Full-disclosure, not your average mailinglist, you don't need stories about toddlers and gloves, or "shots". ;) >If you see a toddler >about to touch a dead animal, it's best they're wearing gloves rather >than being up to date on their shots. First it's a bad analogy, second it's plain wrong. > We refer to the virtual environment as 'x-space', or 'within GreenBorder'. let's stick to some standards should we ? S A N D B O X -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7 --- Begin Message --- Dear Bill Stout, Your are posting to Full-disclosure, not your average mailinglist, you don't need stories about toddlers and gloves, or "shots". ;) >If you see a toddler >about to touch a dead animal, it's best they're wearing gloves rather >than being up to date on their shots. First it's a bad analogy, second it's plain wrong. > We refer to the virtual environment as 'x-space', or 'within GreenBorder'. let's stick to some standards should we ? S A N D B O X -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7 --- End Message --- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Want to test this desktop barrier? (Unauthorized offer) 0day protection
I might be answered a troll, again, but I totally fail to see your point. I am of course aware of my limited brain capacity. My first reaction to the post was intresting, let's see the responses. And I guess that it was the point of the post. I would have expected "ha ha ha, you're smoked"- And even "you've forgotten this". But I have to admit that you've failed to indicate either, except that, by implication, that Mr Stout is wrong. Do you have any hints, ideas, pointers to inform the lower life's like me of what's wrong in his statement? Thierry Zoller wrote: Dear Bill Stout, Your are posting to Full-disclosure, not your average mailinglist, you don't need stories about toddlers and gloves, or "shots". ;) >If you see a toddler >about to touch a dead animal, it's best they're wearing gloves rather >than being up to date on their shots. First it's a bad analogy, second it's plain wrong. We refer to the virtual environment as ‘x-space’, or ‘within GreenBorder’. let's stick to some standards should we ? S A N D B O X -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- // hdw ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Want to test this desktop barrier? (Unauthorized offer) 0day protection
Dear Bill Stout, Your are posting to Full-disclosure, not your average mailinglist, you don't need stories about toddlers and gloves, or "shots". ;) >If you see a toddler >about to touch a dead animal, it's best they're wearing gloves rather >than being up to date on their shots. First it's a bad analogy, second it's plain wrong. > We refer to the virtual environment as ‘x-space’, or ‘within GreenBorder’. let's stick to some standards should we ? S A N D B O X -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Want to test this desktop barrier? (Unauthorized offer) 0day protection
Hi Joxean, I can open any spyware, virus, or other malware in my browser and not infect my computer. This is as a local administrator, with Active-X/Java/Javascript enabled in the browser. Also, I can open any infected downloaded file (as long as it's in the GreenBorder files directory) and not infect my computer. The next version will have activity lights which indicate attempts to modify registry, filesystem, etc. depending on what the product manager (and feedback) decides, which is useful for determining what the heck some particular application is attempting. The advantage is that this is proactive protection, this effectively provides 'gloves' for handling internet content, whereas AV or AS, since they're detection-based, are like 'flu shots'. If you see a toddler about to touch a dead animal, it's best they're wearing gloves rather than being up to date on their shots. Virtualizing at the application level is not as intrusive as sandboxing techniques. Virtualization provides the ability to enumerate or read selected real resources, and the protection is more transparent to the user. Bill Stout -Original Message- From: Joxean Koret [mailto:[EMAIL PROTECTED] Sent: Thursday, June 08, 2006 10:57 AM To: Full Disclosure Cc: Bill Stout Subject: [Full-disclosure] Want to test this desktop barrier? (Unauthorized offer) 0day protection Hi, >We don't determine what application running in the virtual environment >is malicious or not, so therefore this is not a replacement for >signature based protection systems. Most anything can run in the >environment, it just can't modify local resources. This is great >protection for 0-day exploits, and lets administrators wait to apply >patches off-hours. So it is a propietary application like the Open Source Winpooch (http://winpooch.free.fr/home/) that can't be use with an antivirus to have real protection as Winpooch does. Sorry but, Is there any advantage? -- Zer gutxi balio duen langileen bizitza ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Want to test this desktop barrier? (Unauthorized offer) 0day protection
Hi, >We don't determine what application running in the virtual environment >is malicious or not, so therefore this is not a replacement for >signature based protection systems. Most anything can run in the >environment, it just can't modify local resources. This is great >protection for 0-day exploits, and lets administrators wait to apply >patches off-hours. So it is a propietary application like the Open Source Winpooch (http://winpooch.free.fr/home/) that can't be use with an antivirus to have real protection as Winpooch does. Sorry but, Is there any advantage? -- Zer gutxi balio duen langileen bizitza signature.asc Description: Esta parte del mensaje está firmada digitalmente ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Want to test this desktop barrier? (Unauthorized offer) 0day protection
Title: Want to test this desktop barrier? (Unauthorized offer) 0day protection Hello All, We have an early release of consumer desktop safety software that I’d like some feedback on. http://www.greenborder.com/earlyaccess/ Our software runs on XP SP2, and creates an application-level virtual environment primarily (for now) for Internet Explorer. This prevents modification of the base system by any content in the virtual environment. We refer to the virtual environment as ‘x-space’, or ‘within GreenBorder’. We apply access control from the virtual environment to; the filesystem, registry, user shell, COM objects, and system calls. Although only Internet Explorer and applications which open downloaded attachments are supported, other applications can be launched in the GreenBorder environment. Any processes running or temporary files or temporary registry entries are wiped from the virtual environment by an application reset. Files can be saved to a specific directory only, and applications in this environment are prevented from reading files outside this one directory (applies confidentiality). We don’t determine what application running in the virtual environment is malicious or not, so therefore this is not a replacement for signature based protection systems. Most anything can run in the environment, it just can’t modify local resources. This is great protection for 0-day exploits, and lets administrators wait to apply patches off-hours. Hammer on our software by running malware of your choice in the software environment. Please email me or the marketing email of your results. If you’re running intensive tests, I would still recommend using a scratch system. We also have an enterprise version which uses a central whitelist to determine in which environment to open a site requested or Outlook message received. Bill Stout www.greenborder.com Appended below is our marketing spiel: “We are very pleased to give you special, early access to GreenBorder Pro, the new consumer edition of our patented enterprise technology (that’s already protecting thousands of users in some of the most demanding environments). With GreenBorder Pro, NOTHING CAN BREAK INTO YOUR PC from the Web. You can: • Search & browse ANY website—without putting your PC, files or private identity data at risk (or leaving any trace on your PC of where you have been :) • Shop & bank in privacy—without anything spying on your personal info, bank account and credit card numbers, passwords or online transactions • Use any downloads—without worrying about anything nasty hidden inside Simply click on the link below to get to the GreenBorder Pro VIP page. There, you can see a guided tour, learn about the software, and download your own copy. Here is a special VIP license key to copy & paste when you install: 34422VS279429422K44W Click here to get GreenBorder Pro We would greatly appreciate any comments or suggestions you might have along the way. Just email us at [EMAIL PROTECTED] or click on the GreenBorder icon and select Contact Customer Support in the software itself!” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/