Can LUA+SRP resist Stuxnet infection?
2 posters
Page 1 of 1
Can LUA+SRP resist Stuxnet infection?
by flatfly 1/10/2010, 15:34
Hi SSJ100,
I'm a big fan of the LUA+SRP approach, and I'm one of those guys who really hate running a resident A-V.
However, I'm also rather paranoid, so in the light of the recent Stuxnet outbreak, I would like to hear your opinion - do you still stand by your statement that LUA+SRP is enough to block all known malware, including Stuxnet (note that it uses 4 Windows zero-days including 2 privilege escalations)?
For reference, here's a good summary of what is currently known about Stuxnet on the F-Secure blog:
http://www.f-secure.com/weblog/archives/00002040.html
Thanks!
I'm a big fan of the LUA+SRP approach, and I'm one of those guys who really hate running a resident A-V.
However, I'm also rather paranoid, so in the light of the recent Stuxnet outbreak, I would like to hear your opinion - do you still stand by your statement that LUA+SRP is enough to block all known malware, including Stuxnet (note that it uses 4 Windows zero-days including 2 privilege escalations)?
For reference, here's a good summary of what is currently known about Stuxnet on the F-Secure blog:
http://www.f-secure.com/weblog/archives/00002040.html
Thanks!
flatfly- New Member
- Posts : 2
Join date : 2010-10-01
Re: Can LUA+SRP resist Stuxnet infection?
by ssj100 1/10/2010, 16:19
Hi flatfly, and welcome to the forums!
To be honest, I don't know for sure. But I'd bet that LUA + SRP can block them all in the real-world and keep a system infection free.
With regards to the LNK exploit, I showed here that SRP blocked it easily:
https://ssj100.forumotion.com/security-f7/vulnerability-in-windows-shell-could-allow-remote-code-execution-t187.htm#1303
With regards to privilege escalations, I think in theory that LUA + SRP could be bypassed. However, I won't believe it until someone gives me a malware sample or POC to demonstrate such a bypass.
And regardless, for my own setup, the malware would also need to bypass Sandboxie 32-bit to infect my system. In all honesty, I cannot think of a stronger setup than Sandboxie + LUA + SRP.
To be honest, I don't know for sure. But I'd bet that LUA + SRP can block them all in the real-world and keep a system infection free.
With regards to the LNK exploit, I showed here that SRP blocked it easily:
https://ssj100.forumotion.com/security-f7/vulnerability-in-windows-shell-could-allow-remote-code-execution-t187.htm#1303
With regards to privilege escalations, I think in theory that LUA + SRP could be bypassed. However, I won't believe it until someone gives me a malware sample or POC to demonstrate such a bypass.
And regardless, for my own setup, the malware would also need to bypass Sandboxie 32-bit to infect my system. In all honesty, I cannot think of a stronger setup than Sandboxie + LUA + SRP.
ssj100- Administrator
- Posts : 1390
Join date : 2010-04-14 -
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum|
|
|