Author Topic: Helpless and useless Disk "Shield"  (Read 39557 times)

Offline Zeus

  • Comodo Member
  • **
  • Posts: 49
Re: Helpless and useless Disk "Shield"
« Reply #15 on: July 22, 2008, 01:56:38 AM »
I hope below can give some helps to comodo, which was from a article that is wrote by somebody to introduce her(3Dnow, if 3Dnow was her) husband's work on security technic.

I think one word is useful.
'There is a way to through protection system(Sandbox,Shiedl ....by translator) directly without instaling driver under user mode. As harddisk system provides a set of instructions, these instructions can get harddisk informations and even acces harddisk sector directly while need not to sent request to harddisk. The instruction IDE/SCSI/ATA PassThrough  can bypass protection system when use Deviceiocontral function sending request under RING3.Mostly protection system haven't been inspecting this or have been inspecting it but is not so strictly.'

My English is poor and is a little knowledge of relevant field,The translations is not so exactly.

Below is origianl, hope your somebody can read it.

The whole article can find on http://tech.qq.com/a/20080320/000261.htm
还有一种方法,这是方法不使用驱动程序,直接在用户模式穿透还原系统。磁盘系统提供一套passthrough指令,不向磁盘发送直接请求,就可以获取磁盘信息甚至直接读写磁盘扇区。IDE/SCSI/ATA Pass Through指令穿透还原,RING3下使用Devicelocontrel函数发送请求。大多数还原系统对此过滤不严或根本未过滤,导致在RING3下即可达成攻击。


« Last Edit: July 22, 2008, 02:14:30 AM by Zeus »

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11703
  • Linux is free only if your time is worthless.;-)
Re: Helpless and useless Disk "Shield"
« Reply #16 on: July 22, 2008, 03:07:46 AM »
On behalf of the development team, thank you for your kind efforts in translating this.

Ewen :-)


As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

3xist

  • Guest
Re: Helpless and useless Disk "Shield"
« Reply #17 on: July 22, 2008, 06:14:37 AM »
The whole article can find on http://tech.qq.com/a/20080320/000261.htm
还有一种方法,这是方法不使用驱动程序,直接在用户模式穿透还原系统。磁盘系统提供一套passthrough指令,不向磁盘发送直接请求,就可以获取磁盘信息甚至直接读写磁盘扇区。IDE/SCSI/ATA Pass Through指令穿透还原,RING3下使用Devicelocontrel函数发送请求。大多数还原系统对此过滤不严或根本未过滤,导致在RING3下即可达成攻击。
[/quote]

That's some coding!

Good work!  :)

Cheers,
Josh

Offline doskey

  • Comodo Loves me
  • ****
  • Posts: 123
Re: Helpless and useless Disk "Shield"
« Reply #18 on: July 22, 2008, 10:34:49 AM »
Hi, Zeus.
We have read your article. Thanks for your help.
And we have a improved version coming soon. This version will be safer, stable and easy-to-use.
Please let us know if this new version is vulnerable to attacks you mention. We will continously improve CDS and look forward to everyone's input to make it better.

Thanks,
Doskey
« Last Edit: July 22, 2008, 12:12:09 PM by Melih »

Offline Zeus

  • Comodo Member
  • **
  • Posts: 49
Re: Helpless and useless Disk "Shield"
« Reply #19 on: July 22, 2008, 10:42:05 PM »
Hi, Zeus.
We have read your article. Thanks for your help.
And we have a improved version coming soon. This version will be safer, stable and easy-to-use.
Please let us know if this new version is vulnerable to attacks you mention. We will continously improve CDS and look forward to everyone's input to make it better.

Thanks,
Doskey

Thank you for your confidence.

I cann't find the test tool which 3Dnow used in internet, because she never released it(she said so).
Althoug, I'm willing to do something.

The attachment maybe is useful to you

[attachment deleted by admin]
« Last Edit: July 23, 2008, 08:52:02 AM by Zeus »

Offline 3DNow

  • Comodo Member
  • **
  • Posts: 25
Re: Helpless and useless Disk "Shield"
« Reply #20 on: July 24, 2008, 06:22:33 AM »
oh ha! , but actually , this article is written by me ~!
and the information in this article is out-of-date
in this post , I use the more powerfully technique to attack your protection system which you never see or hear in the internet :)

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11703
  • Linux is free only if your time is worthless.;-)
Re: Helpless and useless Disk "Shield"
« Reply #21 on: July 24, 2008, 09:23:06 AM »
[at] 3dnow,

Would you be willing to discuss this with the developers, to help improve DiskShield?

Ewen :-)
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline 3DNow

  • Comodo Member
  • **
  • Posts: 25
Re: Helpless and useless Disk "Shield"
« Reply #22 on: September 22, 2008, 06:54:43 AM »
this bypass technique will release on XCON2008 Security Conference in Beijing on November 18th~19th :BNC

Offline LaserWraith

  • pillow fighting fool
  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 4590
  • I'm going to go out with a bang
Re: Helpless and useless Disk "Shield"
« Reply #23 on: September 25, 2008, 01:11:58 PM »
this bypass technique will release on XCON2008 Security Conference in Beijing on November 18th~19th :BNC

So Comodo: Are any of your guys going to be there?  (:LGH) ;D

Offline lingweiz

  • Newbie
  • *
  • Posts: 2
Re: Helpless and useless Disk "Shield"
« Reply #24 on: September 30, 2008, 11:16:26 AM »
from china?????

Offline LaserWraith

  • pillow fighting fool
  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 4590
  • I'm going to go out with a bang
Re: Helpless and useless Disk "Shield"
« Reply #25 on: September 30, 2008, 12:47:09 PM »
from china?????
(:LGH)  So do you know any Chinese coders that will teach us for free, without giving us viruses?  If so, please reply.   (if there are any Chinese here, sorry ;D)

3xist

  • Guest
Re: Helpless and useless Disk "Shield"
« Reply #26 on: October 09, 2008, 01:08:23 AM »
I think this thread has reached the end of it's purpose, So I will close it. :)

Please try the new beta and bring in the bug reports for developers!

Cheers,
Josh

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek