Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Default Deny VS traditional AVs
Message
<blockquote data-quote="Andy Ful" data-source="post: 759017" data-attributes="member: 32260"><p>Most readers will not understand the idea. But this is simple. The picture on the right is related to making the light 'on demand sandbox' for the Firefox web browser and the shortcut to run it. This sandbox is simply another account for the user named Secure_Surfer (standard user type of account). When Firefox is running in that sandbox and has been exploited, then the payload is usually dropped somewhere in the %UserProfile% and cannot be executed due to ACL permissions for Secure_Surfer's account.</p><p>The next logical step would be adding some other restrictions for Secure_Surfer's account (via ACL or local policies) , like blocking: CMD shell, script interpreters (powershell.exe, powershell_ise.exe, wscript.exe, cscript.exe, mshta.exe, hh.exe) and some other vulnerable tools.</p><p></p><p>Similar 'on demand sandboxes' can be made for securing other vulnerable applications like MS Office, PDF viewers, etc. In fact, the similar idea was adopted in ReHIPS.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 759017, member: 32260"] Most readers will not understand the idea. But this is simple. The picture on the right is related to making the light 'on demand sandbox' for the Firefox web browser and the shortcut to run it. This sandbox is simply another account for the user named Secure_Surfer (standard user type of account). When Firefox is running in that sandbox and has been exploited, then the payload is usually dropped somewhere in the %UserProfile% and cannot be executed due to ACL permissions for Secure_Surfer's account. The next logical step would be adding some other restrictions for Secure_Surfer's account (via ACL or local policies) , like blocking: CMD shell, script interpreters (powershell.exe, powershell_ise.exe, wscript.exe, cscript.exe, mshta.exe, hh.exe) and some other vulnerable tools. Similar 'on demand sandboxes' can be made for securing other vulnerable applications like MS Office, PDF viewers, etc. In fact, the similar idea was adopted in ReHIPS. [/QUOTE]
Insert quotes…
Verification
Post reply
Top