Can LUA+SRP resist Stuxnet infection?

Go down

Can LUA+SRP resist Stuxnet infection?  Empty Can LUA+SRP resist Stuxnet infection?

Post by flatfly on 1/10/2010, 15:34

Hi SSJ100,

I'm a big fan of the LUA+SRP approach, and I'm one of those guys who really hate running a resident A-V.
However, I'm also rather paranoid, so in the light of the recent Stuxnet outbreak, I would like to hear your opinion - do you still stand by your statement that LUA+SRP is enough to block all known malware, including Stuxnet (note that it uses 4 Windows zero-days including 2 privilege escalations)?

For reference, here's a good summary of what is currently known about Stuxnet on the F-Secure blog:


New Member
New Member

Posts : 2
Join date : 2010-10-01

Back to top Go down

Can LUA+SRP resist Stuxnet infection?  Empty Re: Can LUA+SRP resist Stuxnet infection?

Post by ssj100 on 1/10/2010, 16:19

Hi flatfly, and welcome to the forums!

To be honest, I don't know for sure. But I'd bet that LUA + SRP can block them all in the real-world and keep a system infection free.

With regards to the LNK exploit, I showed here that SRP blocked it easily:

With regards to privilege escalations, I think in theory that LUA + SRP could be bypassed. However, I won't believe it until someone gives me a malware sample or POC to demonstrate such a bypass.

And regardless, for my own setup, the malware would also need to bypass Sandboxie 32-bit to infect my system. In all honesty, I cannot think of a stronger setup than Sandboxie + LUA + SRP.

Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)

Posts : 1389
Join date : 2010-04-14

Back to top Go down

Back to top

Permissions in this forum:
You cannot reply to topics in this forum