[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040331063451.47100.qmail@web15409.mail.cnb.yahoo.com>
Date: Tue, 30 Mar 2004 22:34:51 -0800 (PST)
From: Liu Die Yu <liudieyuinchina@...oo.com.cn>
To: Amir Mohammadkhani-Aminabadi <amir.mohammadkhani@...surance.de>
Cc: bugtraq@...urityfocus.com
Subject: Re: security enforcement - new monitor for winnt
i've downloaded iecontroller and checked the app.
no, they do not do the same thing:
iecontroller can monitor ie's network activities(the "Internet" tab), but winblox can't.
iecontroller can monitor ie's activex(the "ActiveX" tab), but winblox cannot.
iecontroller is designed for protecting ie(*ie*controller), but winblox is not.
(winblox can monitor all applications which load USER32.DLL)
iecontroller cannot monitor commandline, but winblox can.
of course, i don't expect a single monitor to monitor all things :-P
most importantly, i believe a monitor must have:
console-mode config tool,
text config file,
and log file,
just like all linux daemons(for flexiblity), but iecontroller does not have such features yet.
btw, source code will be published soon.
best wishes,
--- Amir Mohammadkhani-Aminabadi <amir.mohammadkhani@...surance.de> wrote:
> Please take a look at:
> http://www.heise.de/ct/ftp/projekte/iecontroller/
>
> Its open source and seems to do the same thing.
>
> ----- Original Message -----
> From: "Liu Die Yu" <liudieyuinchina@...oo.com.cn>
> To: <bugtraq@...urityfocus.com>
> Sent: Tuesday, March 30, 2004 6:34 AM
> Subject: security enforcement - new monitor for winnt
>
>
> >
> >
> > i want to stop ie:
> > writing EXE/CAB/LNK ... files,
> > calling MSHTA.EXE to parse remote web pages,
> > accessing files outside "favorites" and cache("content.ie5").
> >
> > i want to stop WSCRIPT.EXE from parsing files inside TEMP and cache.
> >
> > i want to stop the system running executable files located in TEMP and
> cache.
> >
> > afaik, i can stop ie 0day exploits by doing these things.
> >
> > so, i made this:
> > http://umbrella.name/winblox/
> > of course, free. and you can define your own rules easily(assuming you
> guys know a bit about regular expression).
> >
> > it's totally a new idea(afaik). so, not for operational uses.
> >
>
>
>
__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html
Powered by blists - more mailing lists