Fireshoot's notebook config
- Thread starter FireShootSK
- Start date
- Feb 17, 2015
- 824
oh ok i found some sites for u?
https://www.phishtank.com/
http://support.clean-mx.com/clean-mx/phishing.php
https://www.phishtank.com/
http://support.clean-mx.com/clean-mx/phishing.php
Last edited by a moderator:
- Feb 17, 2015
- 824
We sincerely thank you for sharing this. Very, very Strong.
Now when my wife call me paranoid I'll show your config .
Now when my wife call me paranoid I'll show your config .
- Feb 17, 2015
- 824
Lol, thanks. My config is but still not completeWe sincerely thank you for sharing this. Very, very Strong.
Now when my wife call me paranoid I'll show your config .
this is alpha version I very good know this pages
malc0de.com/database btw u do awesome videos
- Feb 17, 2015
- 824
- Jun 3, 2014
- 1,136
Most on demand scanners dont need driversit is not necessary, a lot of scanners (+ install many drivers - mbam, zemana......etc - this is a bad)
Unless the on-demand scanner needed to load a driver to scan for rootkits and then clean any detected rootkits up.
Example: MBAM loads a driver.
Last edited by a moderator:
Lol, thanks. My config is but still not complete
Something like this, perhaps?
- Feb 17, 2015
- 824
Global weapon to fight with NSA and malware
- Apr 25, 2013
- 5,356
- Jun 3, 2014
- 1,136
You gave me 1 example. Malware bytes ≠ most on demand scanner.
There are so many that don't use a driver
Last edited:
- Apr 25, 2013
- 5,356
Zemana am portable -> zam64.sysCongrats you gave me 1 example. Malware bytes ≠ most on demand scanner.
- Feb 17, 2015
- 824
Please stop this flame war I know a lot on-demand scanners using driver.
I know a lot on-demand scanners using driver.Congrats you gave me 1 example. Malware bytes ≠ most on demand scanner.
The on-demand scanners may use the drivers for things like rootkit scanning, process termination, permissions, ... There are many reasons as to why they may be used. Being in kernel mode is better in general.
For example, the scanner may load a driver which may be used to try to look for traces of a SSDT hook. After finding any, it would then need to clean it up. For this, it'll have to be done in kernel mode (through the kernel mode driver).
Of course there are products which don't use a driver, however at the same time, they don't have the features the products which take advantage of kernel mode have. For example, Xvirus Personal Guard doesn't have a driver however then again, it doesn't have any features like rootkit detection (on-demand or with the behavioural blocker). Crystal Security doesn't have a driver either.
I think it's better if the product used a driver not just for the rootkit scanning, detection and then cleanup, but for things like process termination. If a threat is detected and it's protecting itself from being terminated from the usual TerminateProcess() API call (this is what Task Manager uses by default), then kernel mode will be necessary. From the driver, the security products (in this case the on-demand scanners) can attempt to remove the hooks.
After scanning has completed, the user mode process may send up back the information (so the target process PID) and then from kernel mode the process will be tried to be terminated.
For example, if you were infected by a rootkit (on a 32-bit system in this case) and it performed SSDT hooking (System Service Dispatch Table hooking), it may change the first bytes in the API which was targetted (Inline) (so if it wanted to hook NtTerminateProcess to try to prevent it from being terminated from e.g. Task Managers)... Instead of this, it may change the addresses in the System Service Dispatch Table. For a Anti-Rootkit supporting product to detect this, they'd have to load a driver into kernel mode.
Those were just some examples.
Point being, some products make use of drivers, some don't. Products like Zemana Antimalware, Malwarebytes Antimalware do. So for this reason I agree with both @Dani Santos and @Petrovic.
Cheers.
EDIT: @FireShootSK I was writing when you replied so I never saw. Hopefully you aren't mad at me for replying to Dani and Petrovic. Maybe this post will clear up the situation anyway.
- Oct 23, 2012
- 12,527
- Mar 15, 2011
- 13,070
Very tight configuration there, if you want more program then add a fully virtualized function like Shadow Defender or Toolwiz Time Freeze (haha likely redundant)
But to save a snapshots of system state then you may consider Toolwiz Time Machine or Rollback RX however in that state its already fine.
But to save a snapshots of system state then you may consider Toolwiz Time Machine or Rollback RX however in that state its already fine.
I think malware will definitely think twice before infecting fireshoot's PC.
Last edited:
Similar threads
-
- Poll
