Most strict/strongest protect software so far AresProtectionSystem1.0 beta

Maybe you guys would be interested in this...

link:http://bbs.kafan.cn/thread-689512-1-1.html

It's a Chinese bbs,the author of this software 3x3eyes is the chief engineer of Qihu360 Mj0011.

This AresProtectionSystem(APS) is not an application for daily use,acturally the reason why it comes out is that some guy want to bet with mj0011 on a program which mj0011 makes up would be killed by the guy.

So mj0011 write this APS.There's long introduction in the thread,i can't and i don't want to translate that completely, just some key info.

1.AresProtectionSystem(APS)is a system-protection software this is a beta could have some problem to be improved.

2.After starting APS,all new processes created will be isolated to a seperate space,these processes could not do any harm to the system.

3.Partial tech of APS is similar to sandbox(not sandboxie,but Chrome sanbox),APS has sandbox and HIPS both aspects,due to the unique design of APS,it's much stricter and stronger than normal sandobx and hips kind software,and it could prevent windows kernel 0day vulnerability to a large extent.

4.Ditails of tech:
a.rd/fd read only,limited programs could only access drive C.
b.isolate UI,limited programs could not attack other UI outside the seperate UI space.
c.APS will block all kinds of kernel attacks unless breach APS's kernel protection.
d.limited programs could not comunicate with other processes in any way
d.limited programs could not connect to internet
e.limited programs could not shutdown/reboot/logout the OS.

Installation:
Ares Protection System v1.0.0.1001 only support Windows XP now.
a.make sure the environment is definitly clean without any 3rt-part drivers like virtual drive or secure software except hardware drivers.You could check out the SSDT HOOK/ShadowSSDT HOOK/KiFastCallEntry HOOK

b.start OS and wait for about 1 minute after logging in windows,then run APS,if succeed a pop-up will show you it's working.

PK Rules:
a.you could not disturb the test by hardware like cutting out power/Plugging the hardware ,you could not allow to operate any unlimited programs to disturb the test but you could copy your program into the test enviroment.

b.you are allowed to use windows vulnerabilities to breach APS,and the bugs should be windows vulnerabilities and these bugs should be found by your own.
you should follow principles below:
b1.you are not allowed to use kernel 0day which has been patched publicly or published publicly/semipublic or could be found easily like via the internet.
b2.you can not allowed to take advantage of any vulnerabilities of this APS system(actually i don't get this rule...just transliterate it.)

c.the goal is to kill target process alc.exe,you could shut donw or log out the system to get the process exit,but you can't get this donw by giving a BSOD.
the victorty condition is that you can check process list without disturbing with regular tools like Taskmgr.exe,and you can't find alc.exe.

d.test enviroment requires:
XP SP2/SP3 system dirve is NTFS,regular system services /autoruns ,no 3rd-part software.



This is a beta and probably too strict,maybe you can't run many complicated sofwares.

can't this bbs upload attachment?
try if this netdisk works
https://dl-web.dropbox.com/get/share/Ares.rar?w=6d20ce58

...hard work to translate those many....i can't believe i made it...hoooo

Must have been difficult to translate it all. I can't seem to access the link above to download the software?

ssj100 wrote:Must have been difficult to translate it all. I can't seem to access the link above to download the software?

try this link:http://down2.uushare.com:8001/download/get?id=741DF71455CAED8B930436F2292C63A2

Thanks, I'll eventually find some time to try this out.

mature, the links are down. Any chance you can re-upload the file?

updated to 1.0.0.1002
http://dl.dropbox.com/u/5748985/Ares%20%281%29.rar

There are about 4 executables in the folder I downloaded. Which one is the file to install the program?

ssj100 wrote:There are about 4 executables in the folder I downloaded. Which one is the file to install the program?

Run AresProtections.exe first,then it will start LowComp.exe,after these two processes run successfully program will prompt "installation complete",then calc.exe would be started automatically.
Then you can try to breach this system

Sorry, I haven't tried this yet (not at home computer), but why would I want it to launch calc.exe?

Regardless, my guess is that everything will be in chinese, and therefore I'll struggle to know what's going on. Anyway, thanks for letting us know mature - I'll be interested to know about any future developments.

ssj100 wrote:Sorry, I haven't tried this yet (not at home computer), but why would I want it to launch calc.exe?

Regardless, my guess is that everything will be in chinese, and therefore I'll struggle to know what's going on. Anyway, thanks for letting us know mature - I'll be interested to know about any future developments.

This AresProtectionSystem(APS) is not an application for daily use,acturally the reason why it comes out is that some guy want to bet with mj0011 on a program which mj0011 makes up would be killed by the guy.

aps dosen't has GUI yet,the goal is to kill calc.exe ...

so it's just a test program for software engineer mostly,mj0011 says APS may be improved to daily use,you guys could check out then.

I see. That's some interesting stuff. This mj0011 must have some really technical stuff going on at the forum he resides in haha!

I read somewhere that he bypassed Malware Defender and DefenseWall recently. Do you have any details on this and do the developers of the respective programs know about the bypasses?

ssj100 wrote:I see. That's some interesting stuff. This mj0011 must have some really technical stuff going on at the forum he resides in haha!

I read somewhere that he bypassed Malware Defender and DefenseWall recently. Do you have any details on this and do the developers of the respective programs know about the bypasses?

That's old news...bugs were already fixed,well today another guy named Flowercode breached MD 2.6 and EQ4.1,this Flowercode also a guy with real technical stuff

Thanks mature. Would be great if you could translate or link us an english translation of the breach of MD 2.6 and EQ 4.1.

ssj100 wrote:Thanks mature. Would be great if you could translate or link us an english translation of the breach of MD 2.6 and EQ 4.1.

not much introduction in that thread,i think i can translate after supper~