Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
WiseVector Free AI Driven Security
Message
<blockquote data-quote="In2an3_PpG" data-source="post: 790659" data-attributes="member: 56957"><p>Hi, [USER=76851]@WiseVector[/USER]</p><p></p><p>1. I do not believe for one second you've been doing this type of stuff for a long time, which would explain why you are under the impression that you cannot obtain a threads context from kernel-mode or that you must prohibit yourself from using kernel-mode callbacks like PsSetCreateProcessNotifyRoutine/Ex/Ex2 or PsSetLoadImageNotifyRoutine/Ex (you can wait for NTDLL.DLL) for on-execution scanning on the grounds that you have plans to use user-mode API hooking for other things in the future.</p><p></p><p>I do not recommend people to uninstall security software because they are using API hooking technology - I rely on API hooking myself. I recommend people to uninstall security software like WiseVector because the people behind it are incapable of understanding simple things and do not seem to know why a security solution should be stable and reliable. I do not recommend people to use software which blindly uses flawed underlying designs for parts which can be implemented with a secure design with a bit of work.</p><p></p><p>Microsoft Detours is an open-source project which was published by Microsoft's research team, but this does not mean that user-mode API hooking is going to be safe 24/7 and is a stable thing to do, which is why I think that it should be done to the best possible minimum where applicable. You may need to do things in WiseVector which cannot be done using officially supported and documented mechanisms, this is perfectly understandable, but you do not need to explicitly rely on user-mode API hooking so you can filter process creation for the on-execution scanning. Period.</p><p></p><p>What you're failing to understand here is just because you plan to use API hooking for other things which cannot be achieved using officially supported and documented mechanisms, it does not mean that you must resort to non-officially supported and undocumented techniques for things that can be achieved using an officially supported and documented techniques. You're allowed to do a pick and mix, you do not have to limit yourself to official or unofficial... use both if you must, most vendors do.</p><p></p><p>Things have existed for years and years until they become obsolete due to new things showing up which produce results and are more secure/efficient/both... progress forwards, not backwards.</p><p></p><p>2. Security software is not malicious software and the fact that you have even just said what you've just said has raised huge red alarms in my mind about WiseVector and WiseVector's future - companies turn rogue all of the time and get busted. Security software should behave ethically and be as stable as it can possibly be to prevent damage to the customers of the product. But... as long as WiseVector have their brand new "Ai", who cares about collateral damage, right boys?</p><p></p><p>Malicious software has a wide-range of category types from rootkits, ransomware, crypto-currency miners and more... do you think it would be acceptable for WiseVector to start imitating them as well? I don't think so.</p><p></p><p>If an attacker can compromise the Windows kernel then they can start relying on subverting the Windows kernel with patches (Kernel Patch Protection can be bypassed, and Microsoft already know that enforcing security against an attacker running with the same privilege level is not realistically feasible) but that doesn't mean security software should go around deploying zero-days for Kernel Patch Protection. What about PatchGuard's Driver Signature Enforcement bypasses (e.g. via exploiting the VirtualBox driver)? I bet you won't be interested in exploiting that for WiseVector.</p><p></p><p>What about ELAM? You can force it without official access to ELAM but that doesn't mean vendors who are not partnered with Microsoft and have been given official access to it as well as the APIs should go around and start using it.</p><p></p><p>3. See point #1, you do not have to implement on-execution scanning in an unreliable fashion just because you plan on using user-mode API hooking for other things later down the road.</p><p></p><p>4. Yes, we do have a very big difference in our understandings of malware prevention: I think that stability and security should be two important factors and that unofficial/undocumented mechanisms should be best avoided where applicable.</p><p></p><p></p><p></p><p>I am going to re-iterate something very important which all readers of this post need to remember:</p><p></p><p></p><p></p><p>^^ I said that yo.</p><p></p><p>The bottom line here is that I do not have an issue with code injection and API hooking as long as it is used responsibly and is not blindly abused when it is not truly required. This is my personal opinion and marketing hype about the latest and greatest "Ai" is not going to change my opinion... I do not like security through obscurity and prefer to avoid it as much as possible.</p><p></p><p>I apologize if I have upset anyone because this was not the intention... if you give me something really interesting and funny then maybe I'll reply again, but I'm short on time for the foreseeable future because I'm currently making myself an "Ai" system which works by extracting complex patterns from a program's behavior graph.</p><p></p><p>Kind Regards,</p><p>In2an3_PpG</p><p>Self-proclaimed professional for "Ai" development</p></blockquote><p></p>
[QUOTE="In2an3_PpG, post: 790659, member: 56957"] Hi, [USER=76851]@WiseVector[/USER] 1. I do not believe for one second you've been doing this type of stuff for a long time, which would explain why you are under the impression that you cannot obtain a threads context from kernel-mode or that you must prohibit yourself from using kernel-mode callbacks like PsSetCreateProcessNotifyRoutine/Ex/Ex2 or PsSetLoadImageNotifyRoutine/Ex (you can wait for NTDLL.DLL) for on-execution scanning on the grounds that you have plans to use user-mode API hooking for other things in the future. I do not recommend people to uninstall security software because they are using API hooking technology - I rely on API hooking myself. I recommend people to uninstall security software like WiseVector because the people behind it are incapable of understanding simple things and do not seem to know why a security solution should be stable and reliable. I do not recommend people to use software which blindly uses flawed underlying designs for parts which can be implemented with a secure design with a bit of work. Microsoft Detours is an open-source project which was published by Microsoft's research team, but this does not mean that user-mode API hooking is going to be safe 24/7 and is a stable thing to do, which is why I think that it should be done to the best possible minimum where applicable. You may need to do things in WiseVector which cannot be done using officially supported and documented mechanisms, this is perfectly understandable, but you do not need to explicitly rely on user-mode API hooking so you can filter process creation for the on-execution scanning. Period. What you're failing to understand here is just because you plan to use API hooking for other things which cannot be achieved using officially supported and documented mechanisms, it does not mean that you must resort to non-officially supported and undocumented techniques for things that can be achieved using an officially supported and documented techniques. You're allowed to do a pick and mix, you do not have to limit yourself to official or unofficial... use both if you must, most vendors do. Things have existed for years and years until they become obsolete due to new things showing up which produce results and are more secure/efficient/both... progress forwards, not backwards. 2. Security software is not malicious software and the fact that you have even just said what you've just said has raised huge red alarms in my mind about WiseVector and WiseVector's future - companies turn rogue all of the time and get busted. Security software should behave ethically and be as stable as it can possibly be to prevent damage to the customers of the product. But... as long as WiseVector have their brand new "Ai", who cares about collateral damage, right boys? Malicious software has a wide-range of category types from rootkits, ransomware, crypto-currency miners and more... do you think it would be acceptable for WiseVector to start imitating them as well? I don't think so. If an attacker can compromise the Windows kernel then they can start relying on subverting the Windows kernel with patches (Kernel Patch Protection can be bypassed, and Microsoft already know that enforcing security against an attacker running with the same privilege level is not realistically feasible) but that doesn't mean security software should go around deploying zero-days for Kernel Patch Protection. What about PatchGuard's Driver Signature Enforcement bypasses (e.g. via exploiting the VirtualBox driver)? I bet you won't be interested in exploiting that for WiseVector. What about ELAM? You can force it without official access to ELAM but that doesn't mean vendors who are not partnered with Microsoft and have been given official access to it as well as the APIs should go around and start using it. 3. See point #1, you do not have to implement on-execution scanning in an unreliable fashion just because you plan on using user-mode API hooking for other things later down the road. 4. Yes, we do have a very big difference in our understandings of malware prevention: I think that stability and security should be two important factors and that unofficial/undocumented mechanisms should be best avoided where applicable. I am going to re-iterate something very important which all readers of this post need to remember: ^^ I said that yo. The bottom line here is that I do not have an issue with code injection and API hooking as long as it is used responsibly and is not blindly abused when it is not truly required. This is my personal opinion and marketing hype about the latest and greatest "Ai" is not going to change my opinion... I do not like security through obscurity and prefer to avoid it as much as possible. I apologize if I have upset anyone because this was not the intention... if you give me something really interesting and funny then maybe I'll reply again, but I'm short on time for the foreseeable future because I'm currently making myself an "Ai" system which works by extracting complex patterns from a program's behavior graph. Kind Regards, In2an3_PpG Self-proclaimed professional for "Ai" development [/QUOTE]
Insert quotes…
Verification
Post reply
Top
