Showing results 1 to 6 of 6

Thread: As secure as it was tested?

  1. #1
    New User
    Join Date
    20.09.2007
    Posts
    1

    Daumen hoch As secure as it was tested?

    Hi guys,
    Here's a security paper named "Plague in (security) software drivers" dealing with the correct use of SSDT hooks:
    http://www.matousec.com/projects/win...re-drivers.php
    Congrats for its result:
    So in fact, the only product that passed the tests was Daemon Tools.
    But out of curiousity, did their BSODhook utility not find anything in Daemon Tools just by chance or did you really think of the topic before?
    If not then this post at least fits into the category and you've got something to do.
    Cheers

  2. #2
    Experienced User
    Reef's Avatar
    Join Date
    30.03.2003
    Posts
    860

    Default

    Too bad they didn't test Starforce drivers. I really would like to see the result of it

  3. #3
    Administrator
    Alco's Avatar
    Join Date
    04.07.2006
    Posts
    216

    Default

    yes, it is interesting to read their Conclusion:
    ( at:
    http://www.matousec.com/projects/win...re-drivers.php)

    ---
    Conclusion

    Almost every software that implements SSDT hooks is vulnerable to the bug we introduce in this article. BlackICE PC Protection, G DATA InternetSecurity, Ghost Security Suite, Kaspersky Internet Security, Norton Internet Security, Online Armor Personal Firewall, Outpost Firewall Pro, Privatefirewall, ProcessGuard, ProSecurity, ZoneAlarm Pro, Process Monitor, RegMon are just a few examples of badly written, not properly tested, vulnerable software.
    There were only two personal firewalls that passed our argument validation testing successfully, Comodo Personal Firewall and Sunbelt Personal Firewall. Our tests revealed, that the current versions of these products are probably not vulnerable, but earlier versions of both these personal firewalls contained the bug and they were both fixed after our notifications to their vendors. So in fact, the only product that passed the tests was Daemon Tools.


    We also found many articles, tutorials and papers that described either SSDT hooking or other driver code and contained improper parameter validation.
    Even more disturbing is that these bugs are present in professional software products and also in official Sysinternals (Microsoft) tools – Process Monitor and RegMon. Even Mark Russinovich and Bryce Cogswell, the authors of these tools and two of the most famous Windows kernel hackers, seem to have forgotten about validation in their tools. Process Monitor and RegMon have been vulnerable for ages.

    We advise all vendors of affected products to download and use our tool and/or contact us and order our software testing services.
    ---

  4. #4
    Experienced User

    Join Date
    07.07.2005
    Posts
    384

    Default

    Nice work, congrats. (Even though I don't understand the article )

  5. #5
    Experienced User

    Join Date
    07.08.2005
    Posts
    181

    Default

    Interesting article...maybe a reason for odd display driver crashes with certain games ? Anti-Cheat or Copyprotection
    programs should be tested on that!!!!

    Btw...Sygate didnt have any red markers either...mistake?
    Cause then it would share the throne with daemon tools...
    not? Author seems to ignore that.
    Guys vote for the threads you read to give
    the rating system a place to live ^^

  6. #6

    Default

    Seems they didn't test Sygate themselves, but had user report about it only, thus Daemon Tools was the unofficial winner.
    Everybody be cool! You, be cool!
    They'll keep fighting! And they'll win!

Bookmarks

Posting Rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •