Malware damage by UAC bypass?

Nikos751 said:
thanks for providing the time to type all this. Very useful and informative.
If a user browses the web and enters all kind of grey pages but does not let files to be downloaded to the pc, he only clicks everywhere and cancel any transfer going to start.. will windows security protect him fully from any malware coming from these sites?
Click to expand...

There are exceptions to every rule, but for the most part yes Windows default security should protect them.
Exceptions would include vulnerabilities exploited in the browser or browser plugins, vulnerabilities exploited within Windows OS.

Resolutions to prevent these exceptions would be to make sure that your browser, browser plugins and Windows OS is kept updated with the latest patches. Add security extensions to your browser to block scripts, plugins, suspicious sites, ads, etc. If you have Java Runtime installed, disable the browsers extensions.

Thanks. :D
 
  • Like
Reactions: Nikos751, Koroke San and Nico@FMA
Nikos751 said:
thanks for providing the time to type all this. Very useful and informative.
If a user browses the web and enters all kind of grey pages but does not let files to be downloaded to the pc, he only clicks everywhere and cancel any transfer going to start.. will windows security protect him fully from any malware coming from these sites?
Click to expand...
You can't cancel transfer if u clicks everywhere. like when u lick on a dangerous exploit link in IE earlier version ur browser will hangs & shut down itself & ur system will crash. a guy showed this in yt. So updating browser is good idea & sometimes malware hides in temporary files without notifying u when u clicks on malicious links even ur AV BB or real time protection sometimes miss that. So better wisely use ur mouse clicks.
 
  • Like
Reactions: Littlebits and Venustus
Koroke San said:
You can't cancel transfer if u clicks everywhere. like when u lick on a dangerous exploit link in IE earlier version ur browser will hangs & shut down itself & ur system will crash. a guy showed this in yt. So updating browser is good idea & sometimes malware hides in temporary files without notifying u when u clicks on malicious links even ur AV BB or real time protection sometimes miss that. So better wisely use ur mouse clicks.
Click to expand...
Of course I am always cautious when browsing, I asked for learning reasons. :)
I had those thng you say in mind when made the question. Lets say the browser is being exploited and crashes, lets say the same for system too. After that, whats the possibility uac or/and hips etc to block the infection?
Can uac do it as well as the hips or antivirus?

I personally have the system and apps fully updated, I use Internet explorer with epm & 64 bit mode enabled, foxit reader instead of adobe reader, no java, UAC full, smartscreen on, norton dns.
For what I ve not decided is the av/firewall part. I currently have avira with private firewall.
thanks!
 
Last edited:
Nikos751 said:
Of course I am always cautious when browsing, I asked for learning reasons. :)
I had those thng you say in mind when made the question. Lets say the browser is being exploited and crashes, lets say the same for system too. After that, whats the possibility uac or/and hips etc to block the infection?
Can uac do it as well as the hips or antivirus?

I personally have the system and apps fully updated, I use Internet explorer with epm & 64 bit mode enabled, foxit reader instead of adobe reader, no java, UAC full, smartscreen on, norton dns.
For what I ve not decided is the av/firewall part. I currently have avira with private firewall.
thanks!
Click to expand...

I can't find that Yt video for you which he tested that exploit coz i watched it long time ago. But after his system crashed, it wasn't rebooting. I don't know he was enabled UAC , HIPS or any AV. But what i know is AV can miss some exploits. He just pasted a rare exploit url link in IE 9 & pressed enter then his system gets owned. But then he tested it against IE 11, firefox & chrome latest version , it can't execute in system. So if ur browser, ur addons, plugins, java & adobe flash players is up to date , it's rare that exploit can execute in ur system . Also ur AV url protection will block malicious links. Norton & comodo DNS failed in my test to detect malicious URL so u can use panda url filter or Avira browser safety with K9 to block malicious urls. Both panda url filter & Avira browser safety gives me impressive results to detect malicious url & K9 ( tweak settings ) block almost malicious urls :) For checking suspicious link, u can use addons like VTchromizer (chrome) & VTzilla (firefox). U can use sanboxie for ur browser if u want, it depends on u. U can also use malwarebytes Anti-exploit if u want a lil extra protection. Overall ur setup is good :)
 
  • Like
Reactions: Venustus and Nikos751
Koroke San said:
I can't find that Yt video for you which he tested that exploit coz i watched it long time ago. But after his system crashed, it wasn't rebooting. I don't know he was enabled UAC , HIPS or any AV. But what i know is AV can miss some exploits. He just pasted a rare exploit url link in IE 9 & pressed enter then his system gets owned. But then he tested it against IE 11, firefox & chrome latest version , it can't execute in system. So if ur browser, ur addons, plugins, java & adobe flash players is up to date , it's rare that exploit can execute in ur system . Also ur AV url protection will block malicious links. Norton & comodo DNS failed in my test to detect malicious URL so u can use panda url filter or Avira browser safety with K9 to block malicious urls. Both panda url filter & Avira browser safety gives me impressive results to detect malicious url & K9 ( tweak settings ) block almost malicious urls :) For checking suspicious link, u can use addons like VTchromizer (chrome) & VTzilla (firefox). U can use sanboxie for ur browser if u want, it depends on u. U can also use malwarebytes Anti-exploit if u want a lil extra protection. Overall ur setup is good :)
Click to expand...
I decided to use internet explorer with epm & 64 bit mode, for now so these addons cannot be used for now, thanks anyway!
 
What is EPM?
http://msdn.microsoft.com/en-us/library/ie/dn265025(v=vs.85).aspx
http://support.microsoft.com/kb/2864914
How to Enable/Disable EPM in Internet Explorer:
http://www.eightforums.com/tutorials/31977-internet-explorer-enhanced-protected-mode-turn-off.html

You can use the Fanboy IE AdBlock Filter via the TPL option.
http://www.fanboy.co.nz/ie.html (Add TPL)

If you use Windows 8, you can download Adobe Reader Touch from the Windows Store, or use Chrome as your default PDF Reader. Mozilla Firefox also have their own PDF.js for viewing PDF documents.
 
  • Like
Reactions: Venustus and Littlebits
Huracan said:
What is EPM?
http://msdn.microsoft.com/en-us/library/ie/dn265025(v=vs.85).aspx
http://support.microsoft.com/kb/2864914
How to Enable/Disable EPM in Internet Explorer:
http://www.eightforums.com/tutorials/31977-internet-explorer-enhanced-protected-mode-turn-off.html

You can use the Fanboy IE AdBlock Filter via the TPL option.
http://www.fanboy.co.nz/ie.html (Add TPL)

If you use Windows 8, you can download Adobe Reader Touch from the Windows Store, or use Chrome as your default PDF Reader. Mozilla Firefox also have their own PDF.js for viewing PDF documents.
Click to expand...
Thanks! I have already enabled these features and added fanboy and easy privacy. I use foxit reader for pdf at the moment. What I wanna know is which technology is more malware proof. Internet explorer's 64 bit mode, and epm or chrome's sandbox? Or more generally, which browser is safer considering ie's epm etc are on.
In general I 've learned some general things about each of them, but what happens in action?
 
You must log in or register to reply here.

You may also like...