Malware damage by UAC bypass?

Littlebits

Littlebits

Retired Staff
May 3, 2011
3,893
Nikos751 said:
thanks for providing the time to type all this. Very useful and informative.
If a user browses the web and enters all kind of grey pages but does not let files to be downloaded to the pc, he only clicks everywhere and cancel any transfer going to start.. will windows security protect him fully from any malware coming from these sites?
Click to expand...

There are exceptions to every rule, but for the most part yes Windows default security should protect them.
Exceptions would include vulnerabilities exploited in the browser or browser plugins, vulnerabilities exploited within Windows OS.

Resolutions to prevent these exceptions would be to make sure that your browser, browser plugins and Windows OS is kept updated with the latest patches. Add security extensions to your browser to block scripts, plugins, suspicious sites, ads, etc. If you have Java Runtime installed, disable the browsers extensions.

Thanks. :D
 
  • Like
Reactions: Nikos751, Koroke San and Nico@FMA
Koroke San

Koroke San

Level 29
Verified
Jan 22, 2014
1,804
Nikos751 said:
thanks for providing the time to type all this. Very useful and informative.
If a user browses the web and enters all kind of grey pages but does not let files to be downloaded to the pc, he only clicks everywhere and cancel any transfer going to start.. will windows security protect him fully from any malware coming from these sites?
Click to expand...
You can't cancel transfer if u clicks everywhere. like when u lick on a dangerous exploit link in IE earlier version ur browser will hangs & shut down itself & ur system will crash. a guy showed this in yt. So updating browser is good idea & sometimes malware hides in temporary files without notifying u when u clicks on malicious links even ur AV BB or real time protection sometimes miss that. So better wisely use ur mouse clicks.
 
  • Like
Reactions: Littlebits and Venustus
Nikos751

Nikos751

Level 20
Thread author
Verified
Malware Tester
Feb 1, 2013
969
Koroke San said:
You can't cancel transfer if u clicks everywhere. like when u lick on a dangerous exploit link in IE earlier version ur browser will hangs & shut down itself & ur system will crash. a guy showed this in yt. So updating browser is good idea & sometimes malware hides in temporary files without notifying u when u clicks on malicious links even ur AV BB or real time protection sometimes miss that. So better wisely use ur mouse clicks.
Click to expand...
Of course I am always cautious when browsing, I asked for learning reasons. :)
I had those thng you say in mind when made the question. Lets say the browser is being exploited and crashes, lets say the same for system too. After that, whats the possibility uac or/and hips etc to block the infection?
Can uac do it as well as the hips or antivirus?

I personally have the system and apps fully updated, I use Internet explorer with epm & 64 bit mode enabled, foxit reader instead of adobe reader, no java, UAC full, smartscreen on, norton dns.
For what I ve not decided is the av/firewall part. I currently have avira with private firewall.
thanks!
 
Last edited:
Cats-4_Owners-2

Cats-4_Owners-2

Level 39
Verified
Honorary Member
Top Poster
Well-known
Dec 4, 2013
2,800
Nikos751 said:
For what I ve not decided is the av/firewall part. I currently have avira with private firewall.
thanks!
Click to expand...

Older systems like our XP SP 3 need a solid 3rd party firewall. Online Armor looked like a good one, but I use Avira & Privatefirewall;) & both are free.:D
 
Koroke San

Koroke San

Level 29
Verified
Jan 22, 2014
1,804
Nikos751 said:
Of course I am always cautious when browsing, I asked for learning reasons. :)
I had those thng you say in mind when made the question. Lets say the browser is being exploited and crashes, lets say the same for system too. After that, whats the possibility uac or/and hips etc to block the infection?
Can uac do it as well as the hips or antivirus?

I personally have the system and apps fully updated, I use Internet explorer with epm & 64 bit mode enabled, foxit reader instead of adobe reader, no java, UAC full, smartscreen on, norton dns.
For what I ve not decided is the av/firewall part. I currently have avira with private firewall.
thanks!
Click to expand...

I can't find that Yt video for you which he tested that exploit coz i watched it long time ago. But after his system crashed, it wasn't rebooting. I don't know he was enabled UAC , HIPS or any AV. But what i know is AV can miss some exploits. He just pasted a rare exploit url link in IE 9 & pressed enter then his system gets owned. But then he tested it against IE 11, firefox & chrome latest version , it can't execute in system. So if ur browser, ur addons, plugins, java & adobe flash players is up to date , it's rare that exploit can execute in ur system . Also ur AV url protection will block malicious links. Norton & comodo DNS failed in my test to detect malicious URL so u can use panda url filter or Avira browser safety with K9 to block malicious urls. Both panda url filter & Avira browser safety gives me impressive results to detect malicious url & K9 ( tweak settings ) block almost malicious urls :) For checking suspicious link, u can use addons like VTchromizer (chrome) & VTzilla (firefox). U can use sanboxie for ur browser if u want, it depends on u. U can also use malwarebytes Anti-exploit if u want a lil extra protection. Overall ur setup is good :)
 
  • Like
Reactions: Venustus and Nikos751
Nikos751

Nikos751

Level 20
Thread author
Verified
Malware Tester
Feb 1, 2013
969
Koroke San said:
I can't find that Yt video for you which he tested that exploit coz i watched it long time ago. But after his system crashed, it wasn't rebooting. I don't know he was enabled UAC , HIPS or any AV. But what i know is AV can miss some exploits. He just pasted a rare exploit url link in IE 9 & pressed enter then his system gets owned. But then he tested it against IE 11, firefox & chrome latest version , it can't execute in system. So if ur browser, ur addons, plugins, java & adobe flash players is up to date , it's rare that exploit can execute in ur system . Also ur AV url protection will block malicious links. Norton & comodo DNS failed in my test to detect malicious URL so u can use panda url filter or Avira browser safety with K9 to block malicious urls. Both panda url filter & Avira browser safety gives me impressive results to detect malicious url & K9 ( tweak settings ) block almost malicious urls :) For checking suspicious link, u can use addons like VTchromizer (chrome) & VTzilla (firefox). U can use sanboxie for ur browser if u want, it depends on u. U can also use malwarebytes Anti-exploit if u want a lil extra protection. Overall ur setup is good :)
Click to expand...
I decided to use internet explorer with epm & 64 bit mode, for now so these addons cannot be used for now, thanks anyway!
 
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
What is EPM?
http://msdn.microsoft.com/en-us/library/ie/dn265025(v=vs.85).aspx
http://support.microsoft.com/kb/2864914
How to Enable/Disable EPM in Internet Explorer:
http://www.eightforums.com/tutorials/31977-internet-explorer-enhanced-protected-mode-turn-off.html

You can use the Fanboy IE AdBlock Filter via the TPL option.
http://www.fanboy.co.nz/ie.html (Add TPL)

If you use Windows 8, you can download Adobe Reader Touch from the Windows Store, or use Chrome as your default PDF Reader. Mozilla Firefox also have their own PDF.js for viewing PDF documents.
 
  • Like
Reactions: Venustus and Littlebits
Nikos751

Nikos751

Level 20
Thread author
Verified
Malware Tester
Feb 1, 2013
969
Huracan said:
What is EPM?
http://msdn.microsoft.com/en-us/library/ie/dn265025(v=vs.85).aspx
http://support.microsoft.com/kb/2864914
How to Enable/Disable EPM in Internet Explorer:
http://www.eightforums.com/tutorials/31977-internet-explorer-enhanced-protected-mode-turn-off.html

You can use the Fanboy IE AdBlock Filter via the TPL option.
http://www.fanboy.co.nz/ie.html (Add TPL)

If you use Windows 8, you can download Adobe Reader Touch from the Windows Store, or use Chrome as your default PDF Reader. Mozilla Firefox also have their own PDF.js for viewing PDF documents.
Click to expand...
Thanks! I have already enabled these features and added fanboy and easy privacy. I use foxit reader for pdf at the moment. What I wanna know is which technology is more malware proof. Internet explorer's 64 bit mode, and epm or chrome's sandbox? Or more generally, which browser is safer considering ie's epm etc are on.
In general I 've learned some general things about each of them, but what happens in action?
 
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Old Windows ‘Mock Folders’ UAC bypass used to drop malware
Replies
8
Views
1,157
News Archive
Trident
Trident
Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Security News Chinese hackers infect Dutch military network with malware
Replies
3
Views
1,293
Security News
Gandalf_The_Grey
Gandalf_The_Grey
silversurfer
    • Like
    • +Reputation
Casbaneiro Banking Malware Goes Under the Radar with UAC Bypass Technique
Replies
0
Views
985
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top