Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
Bouncer - Discussion & Support Thread
Message
<blockquote data-quote="WildByDesign" data-source="post: 524112" data-attributes="member: 48641"><p>That is rather interesting, indeed. So if I understand this correctly, your idea would involve MZWriteScanner monitoring the hard drive for any executable/binary writes to disk (which MZWriteScanner does in general) and take that a step further by having MZWriteScanner force those executables through Microsoft's SmartScreen to allow for reputation checking. So by default, SmartScreen would generally come into play when the user attempts to execute those binaries. With your suggestion, you would want SmartScreen to come into play earlier and check the binary reputation as soon as it hits the hard drive, whether that is downloaded by a browser, copied from one drive to another, etc. </p><p></p><p>That might be possible and is an interesting concept. I am not a programmer myself, so I don't know for certain whether or not Microsoft provides an API in which third party programs can interact with SmartScreen directly. That's something that Florian would need to look into. Another possibility here would be to have MZWriteScanner intercept (as it typically does) but extend further by modifying the zone details to ensure that the executables have that "Downloaded from Internet" type of attribute (if not, then have the driver add it) and try to force the executable to run in some sort of safe way. I'm not certain which of these two methods would be possible or which would make the most sense. But certainly interesting for discussion.</p><p></p><p></p><p>I agree 100%, and those are all great suggestions to further lockdown systems. I am strongly in favor of preventative security measures such as these.</p></blockquote><p></p>
[QUOTE="WildByDesign, post: 524112, member: 48641"] That is rather interesting, indeed. So if I understand this correctly, your idea would involve MZWriteScanner monitoring the hard drive for any executable/binary writes to disk (which MZWriteScanner does in general) and take that a step further by having MZWriteScanner force those executables through Microsoft's SmartScreen to allow for reputation checking. So by default, SmartScreen would generally come into play when the user attempts to execute those binaries. With your suggestion, you would want SmartScreen to come into play earlier and check the binary reputation as soon as it hits the hard drive, whether that is downloaded by a browser, copied from one drive to another, etc. That might be possible and is an interesting concept. I am not a programmer myself, so I don't know for certain whether or not Microsoft provides an API in which third party programs can interact with SmartScreen directly. That's something that Florian would need to look into. Another possibility here would be to have MZWriteScanner intercept (as it typically does) but extend further by modifying the zone details to ensure that the executables have that "Downloaded from Internet" type of attribute (if not, then have the driver add it) and try to force the executable to run in some sort of safe way. I'm not certain which of these two methods would be possible or which would make the most sense. But certainly interesting for discussion. I agree 100%, and those are all great suggestions to further lockdown systems. I am strongly in favor of preventative security measures such as these. [/QUOTE]
Insert quotes…
Verification
Post reply
Top