Author Topic: Helpless and useless Disk "Shield"  (Read 39992 times)

Offline 3DNow

  • Comodo Member
  • **
  • Posts: 25
Helpless and useless Disk "Shield"
« on: July 05, 2008, 03:08:59 AM »
So weak , kill it under ring3 with just less than 100 lines of code




from:

http://hi.baidu.com/mj0011/blog/item/0b453934becde73e5bb5f5a8.html


[attachment deleted by admin]
« Last Edit: July 05, 2008, 04:13:39 AM by 3DNow »

3xist

  • Guest
Re: Helpless and useless Disk "Shield"
« Reply #1 on: July 05, 2008, 04:07:29 AM »
So weak , kill it under ring3 with just less then100 lines of code




from:

http://hi.baidu.com/mj0011/blog/item/0b453934becde73e5bb5f5a8.html


This is a BETA. It's ONLY used for testing purposes.

I suggest you wait till the final version.

Josh

Offline 3DNow

  • Comodo Member
  • **
  • Posts: 25
Re: Helpless and useless Disk "Shield"
« Reply #2 on: July 05, 2008, 04:11:36 AM »
yeah , I'll waiting  for your legendary "final version" and bypass it use my old "BypassDisk.exe" :)

take it easy

 (:WIN)

Offline 3DNow

  • Comodo Member
  • **
  • Posts: 25
Re: Helpless and useless Disk "Shield"
« Reply #3 on: July 05, 2008, 04:26:12 AM »
This is a BETA. It's ONLY used for testing purposes.

I suggest you wait till the final version.

Josh

yes , you release it for testing purposes ,so I download and test it .

I find its so weak even cannot stop attacker from user mode.and its driver just like a copy of the famous open source project "filedisk"(  (:CLP))

so I think this protection system will always be bypassed if you do not use more powerful technique and do not remove your "plagiarize " driver code


Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14648
    • Video Blog
Re: Helpless and useless Disk "Shield"
« Reply #4 on: July 05, 2008, 06:24:24 AM »
hi 3dnow

we appreicate you testing it and providing useful feedback.

Can you tell me which version you tested pls?
thanks
Melih

Offline 3DNow

  • Comodo Member
  • **
  • Posts: 25
Re: Helpless and useless Disk "Shield"
« Reply #5 on: July 05, 2008, 07:09:02 AM »
I tested the newest version (1.0.1.18) of diskshield

Offline doskey

  • Comodo Loves me
  • ****
  • Posts: 123
Re: Helpless and useless Disk "Shield"
« Reply #6 on: July 05, 2008, 08:18:46 AM »
Hi, 3DNow.
Thanks for your support firstly.
DiskShield 1.0.1.18 is a BETA version. It's ONLY used for testing purposes.
Protection of RAW access should only effect in regard to RING3 application in this version. Just like you see. This version of protection of RAW access is NOT full-blown. If you can provide any binary of your testing application, we should resist it in future version.

In addtition, I don't think our developers plagiarized any codes. We don't need to plagiarize any codes.

Anyway, Our developers should make CDS more powerfully in future.

Thanks
Doskey.

Offline 3DNow

  • Comodo Member
  • **
  • Posts: 25
Re: Helpless and useless Disk "Shield"
« Reply #7 on: July 05, 2008, 09:27:18 AM »
protection of the RAW Access to disk (seems DiskShield use fsd filter of \FileSystem\RAW and so on)can not  stop attacker from user mode

there are a lot of methods can bypass the fsd\disk\port filter,even Disk IoPort Hook :)

you see , It's not so easy to stop disk attack, Good luck (:WAV) :Beer
« Last Edit: July 05, 2008, 09:31:26 AM by 3DNow »

Offline doskey

  • Comodo Loves me
  • ****
  • Posts: 123
Re: Helpless and useless Disk "Shield"
« Reply #8 on: July 05, 2008, 10:24:50 AM »
protection of the RAW Access to disk (seems DiskShield use fsd filter of \FileSystem\RAW and so on)can not  stop attacker from user mode

there are a lot of methods can bypass the fsd\disk\port filter,even Disk IoPort Hook :)

you see , It's not so easy to stop disk attack, Good luck (:WAV) :Beer

Hi, 3DNow.
Thanks for you again.
We all know there are many ways to bypass any filters, such as FSD filter, Volume filter and Disk filter.
We think that DISK I/O hooking should NOT be the final solution.For any hooking should make system unsafe or unstable.
We prefer to choose the more stable and more effective way to protect your PC. Although it is not powerful enough now. But we will improve it continuous in the future.
If you need to protect your disk, even I/O disk access from OS, I suggest you can choose some hardware protection produces to protect your PC --- Although it maybe make more issues of application.

Thanks
Doskey.
« Last Edit: July 05, 2008, 10:48:03 AM by doskey »

Offline 3DNow

  • Comodo Member
  • **
  • Posts: 25
Re: Helpless and useless Disk "Shield"
« Reply #9 on: July 05, 2008, 11:52:29 PM »
Oh! what is the most stably security software ?

--- no security software at all!!

No more CPU and memory cost

No more sick message box (and stupidly let me choice yes or no , block or allow)

No more bule screen (even your driver use M$ standard framework and functions)

but , tell me , why user should install your security software ? even cost some money for it ? because your driver is steady ? because your driver in BSOD probability is less then the others?

No , the reason is your software can stop attacker ,your software can protect their PC  ! It is your Promise .
If you can't , your software will be nothing .
« Last Edit: July 05, 2008, 11:58:04 PM by 3DNow »

3xist

  • Guest
Re: Helpless and useless Disk "Shield"
« Reply #10 on: July 06, 2008, 03:10:27 AM »
Oh! what is the most stably security software ?

--- no security software at all!!

No more CPU and memory cost

No more sick message box (and stupidly let me choice yes or no , block or allow)

No more bule screen (even your driver use M$ standard framework and functions)

but , tell me , why user should install your security software ? even cost some money for it ? because your driver is steady ? because your driver in BSOD probability is less then the others?

No , the reason is your software can stop attacker ,your software can protect their PC  ! It is your Promise .
If you can't , your software will be nothing .

3D Now.

We do appreciate the testing... But please have some patience & let's keep things cool here. The Developers are working hard on CDS.

Josh

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14648
    • Video Blog
Re: Helpless and useless Disk "Shield"
« Reply #11 on: July 06, 2008, 08:28:02 AM »
Oh! what is the most stably security software ?

--- no security software at all!!

No more CPU and memory cost

No more sick message box (and stupidly let me choice yes or no , block or allow)

No more bule screen (even your driver use M$ standard framework and functions)

but , tell me , why user should install your security software ? even cost some money for it ? because your driver is steady ? because your driver in BSOD probability is less then the others?

No , the reason is your software can stop attacker ,your software can protect their PC  ! It is your Promise .
If you can't , your software will be nothing .

You claim you have found a way to bypass the security.
Will you share your method with us so that we can fix it?

We suspect what you are doing is using a vulnerable windows OS to bypass the security rather than bypass CDS. Of course we are not ruling out anything here, hence we would appreciate if you could provide the details.

thanks
Melih

Offline 3DNow

  • Comodo Member
  • **
  • Posts: 25
Re: Helpless and useless Disk "Shield"
« Reply #12 on: July 06, 2008, 09:02:24 AM »
No , I just use the standard method which provided by Microsoft(but you ignored).

I am told that you cannot protect raw access to disk with just block the access to \FileSystem\RAW even if attacker only under ring3

Disk attacker can access harddisk without use neither any of Windows function nor any of Windows system relative things (for example, IRP or IoPacket) even its in user mode. :SMLR


We love research of  Windows kernel because its have so many secrets , and always been ignorant of security software developers

Certainly, I am also a  security software developer, so I do not want to publish the details so easy to improve the levels of both blackhat & whitehat . Maybe you can see this technique on some security conference in the future :Beer


Offline salmonela

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 637
  • COMODO Volunteer DEModerator
Re: Helpless and useless Disk "Shield"
« Reply #13 on: July 06, 2008, 05:30:20 PM »
So you are here 3DNow to say: "look your software cannot do this, haHa"?
You know, I could also fabricate some images and paste it here...
Bad English, I know...
Thanks
PLEASE DO NOT REPLY DUMB QUESTIONS/ANSWERS

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11743
  • Linux is free only if your time is worthless.;-)
Re: Helpless and useless Disk "Shield"
« Reply #14 on: July 06, 2008, 10:23:20 PM »
So you are here 3DNow to say: "look your software cannot do this, haHa"?
You know, I could also fabricate some images and paste it here...

Ease up. He knows what he's on about. Have a look at some of the links referenced in his posts. I don't doubt his ability to do what he says he can. Similarly I don't doubt Comodo's ability to improve CDS.

Ewen :-)
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek