New 64-bit root-kit gave me an idea...

[tonecool]

@ tonecool -
Yes I am sure about this statement, but since you are questioning it, I was wondering if you have an opinion or knowledge to the contrary. If thts the case then feel free to contribute them to this thread.

I'm questioning this because if that's true, this is indeed a great idea. I know that some (maybe similar) technique is used by win7 activator and M$ can't do anything about that either. You can install any win7 version as OEM and it passes win genuine without any problems.

[subset]

Subset, your post is irrelevant on so many levels, no offence.

Never mind, usually my posts are deleted after a few days anyway.

Cheers

[tzuk]

Never mind, usually my posts are deleted after a few days anyway

[subset]

It was meant as a joke about the removed posts in the Translation area, nothing serious, just to soothe the waters.
But that was another flop.

Cheers

[tzuk]

Right, well, as long as it's clear that I'm not persecuting you personally ...

[pinkyyyy]

@tzuk

why you did not receive security certificates from microsoft to bypass patchguard? with these certificates sandboxie can run with full ring0 access...

many vendor like agnitum ,kaspersky and so on has for their Programs Microsofts Certificates...

ask microsoft to receive your own certificate =)

[tzuk]

why you did not receive security certificates from microsoft to bypass patchguard?

This is what one might call a loaded question. There's no such thing as a certificate to bypass PatchGuard, and that kinda gets in the way of actually getting such a certificate.

[j0pp3]

Legitimate software can't afford to do something like that. How would it look like if Sandboxie did that and then some rootkit scanner started warning you that your system has been compromised most likely by a rootkit. Well, I can tell you, it wouldn't look good for Sandboxie.

I totally agree with you tzuk.

Don't you other guys remember what happened when SONY tried using legitimate root kits? Then google it. I'm one of those who still has that in mind when reading about this idea.

[Oneder]

There are now root-kits that hi-jack the Master Boot record in order to load their drivers into windows, and hide themselves.

You could have a look at MBRguard for 32 bit installs?
http://www.blueridgenetworks.com/suppor ... bguard.php

Tested against Seftad Ransomware sample and MBRguard protects.
http://windows7forums.com/security-zone ... ecord.html

[kNOLOGY]

Sandboxie already protects the MBR oneder...

[Oneder]

Sandboxie already protects the MBR oneder...

Sandboxie protects against everything that I have thrown at it and yes I should of stated that the Seftad Ransomware sample is contained if run sandboxed.

MBRguard could be a usefull install where the user is too lazy to use a decent security app like Sandboxie.

[Superguest]

The only problem that happened when Sony tried to use their rootkits is that they didn't tell people that they were using them. Actually, know that I think about it, I can think of a few more problems. One, it was badly written. I trust tzuk to write code, considering I'm trusting him with my system! I would hope he could do better (as in, not hide any file that starts with $sys$, for instance). Second, they didn't offer an option for users not to install it. If you didn't install the rootkit, the average user wasn't able to play the music on the disk.

Sure, you could say, "But, they had to tell you what they were doing in the EULA, that they DID present to users, and the USERS did click "I Accept"." My idea of this is, hey, you are probably security minded. Do YOU read through those EULAs? Didn't think so. Do you think you could understand the roundabout, legalize way that they would put, quite simply, "We're going to put a rootkit on your system so that we can know if you are copying our music?" Didn't think so. I like this idea. It's a little old now, but, hey, I think it could work. Please, tzuk, we need it!

[warwagon]

I totally under stand where the developer is coming from. If Sandboxie was being detected as malware / rootkit would create a bad reputation pretty fast. Although, if the feature was never on by default and more of an Opt in, that would be something different. Everyone who would turn the feature on, even if they knew would they were doing would be prompted with a box that looks like this. (yes I was bored)

[tzuk]

You're a little late to the party warwagon. Version 3.55 already has improved protection for 64-bit.

http://www.sandboxie.com/phpbb/viewtopic.php?t=10201