Trustware.com

[Avital]

This thread lists all known attacks that are currently virtualized by BufferZone

We hope to update this thread frequently with your help.


Known End point Attacks category Methods virtualized by BufferZone Technology
--------------------------------------------------------------------------------------------------

1. Registry tampering
The Windows registry contains information crucial to the normal operation of the operating system and installed applications. An attacker may try to corrupt the Registry which may result in an un-bootable system or writing new values to the Registry (for example making a Trojan to start automatically every time the system start).

BufferZone Solution: Programs running in the BufferZone interact with a Virtual Registry. All registry writes are directed to the virtual registry, hence protecting the real registry.


2. Files tampering
A Trojan may try to overwrite existing files, hide itself inside existing files or exiting folders, or steal files and send them to a remote site.

BufferZone Solution: Programs running in the BufferZone can't write to files out of the BufferZone. All writes are directed to a Virtual-HD. In addition, a "confidential" property may be set to files or folder out of the BufferZone making them in-accessible for both read and write (data steal is prevented).


3. DLL injection
This method uses a trusted process to load a malicious DLL file. After it's loaded, the DLL code becomes a part of the trusted process; hence any malicious activity is related to the trusted application. This technique is often used by Trojans.

BufferZone Solution: The "Contamination" mechanism ensures that whenever a trusted application is trying to execute an un-trusted code, it is first moved to the BufferZone before execution is allowed.

4. Process/Thread injection
This method tries to inject malicious code to a running trusted process, or write faulty data to the memory space of a trusted process.

BufferZone Solution: Program running in the BufferZone are prevented from accessing programs that run out of the BufferZone.

5. Global Hooks installing.
A global hook is a piece of code that is connected to a specific system event. Every time this system event occurs, the code will be executed by the system. An attacker may abuse this mechanism to trigger the execution of a malicious code.

BufferZone Solution: Program running in the BufferZone are prevented from installing global hooks.

6. Physical Memory access attacks (\device\physicalmemory)
Writing to physical memory allows a Trojan to change the behavior of the OS and under some circumstances even gain an Administrator rights.

BufferZone Solution: Programs running in the BufferZone do not have access to physical memory.


7. Service Manager Operations
The Service Manger controls the system services. A service is a program that runs in the background and is usually part of the OS. Services can be the front-end of device drivers, OS components (spooler for example), Antivirus Real-Time scanners etc… A Trojan may try to disable the Antivirus or install a malicious device driver by using Service Manager operations.

BufferZone Solution: Programs running in the BufferZone can't access the Service Manager.

8. Starting\Killing Processes
This method tries to kill a running process (a Real-Time Antivirus scanner for example), or to run a program / system command ("format c:" for example).

BufferZone Solution: Programs running in the BufferZone can't access programs out of the BufferZone. A program running in the BufferZone will "contaminate" any new program it will try to run ("contaminate" means move it to the BufferZone).

9. Key Loggers
Keyloggers are used to record keyboard input typed by the user and either save it to a file or send it to a remote site. This method may be used to steal passwords and other sensitive data.

BufferZone Solution: KeyLoggers running in the BufferZone are prevented from using specific system calls required for capturing keyboard input.

10. Scripting Attacks
Scripts are text files containing commands that are parsed and executed by a host program. Common script files are .bat, .cmd, .vb, etc… An attacker may write a malicious script that is later executed by a trusted host.

BufferZone Solution: The "Contamination" mechanism ensures that the host program will be temporarily moved to the BufferZone prior to execution of an un-trusted script.


Known Hacking Tools, Trojans and Viruses that were successfully tested against the BufferZone:
----------------------------
1. Finjan data theft tests.
2. Win 2K/XP SDT Restore - Service Descriptor Tables overwriting.
3. DiamondCS Hooktest – installing hooks
4. Zapass – DLL Injection.
5. Ghost Security RegTest – Registry write
6. DiamondCS APT (Advanced Process Termination)
7. Keyloggers at: http://www.keylogger.org/

[Guest]

This thread lists all known attacks that are currently virtualized by BufferZone

So who collects it then?

[Avital]

We will edit the first post as required, so if you test the BufferZone againts other tools, simply post it and we'll update.

Thanks,

Avital

[charko]

I'm not really sure where to go--I installed the free software last night and when I restarted my personal desktop disappeared. All my passwords, favorites everything is gone. I have a new desktop with only some of my shortcuts on it. I de-installed the program but that did not seem to help. Can anyone help me get my desktop back?


Thankyou,

Daniel

[dayecm]

I like the strategy of this new technology by creating a virtual drive. However, seems to good to be true and I really hope you can fine tune this to become flawless.

I tried installing both to my Windows Vista and XP SP3.

This is what happened:

Vista:

1. When I mute my laptop, I can't un-mute unless I removed/uninstall the Beta Bufferzone
2. Unable to launch Yahoo Messenger, I need to unload the Bufferzone.
3. Sometimes Bufferzone cannot be unloaded, I need to restart my PC.


XP,

1. Unable to uninstall this software
2. Can't even start at safe mode now

Where do I go now? There's not even a support for this? How can you expect the consumer to trust your product?

I do hope that before launching this kind of software, there should be a Tech Support who can provide assistance to mess like this. It's really a havoc if you guys will just dive into this ocean of digital world of security without any foresight. Don't put the test to the public if you don't even know what the answer is.

This I cannot recommend.

[sbargay]

Hello,

I apologize for the delay and inconvenience.

This is not a support forum, hence the slow response.
We will work directly with you in regards to the specific issues.

In the future, Trial and Beta users, please use the following forums:

Beta Testers - Vista
BufferZone Home

Regards,

[Michaeljohn]

Known Attacks

__________________________________________________
Diablo 3 Gold|Buy Diablo 3 Gold|Buy Wow Gold|D3 Gold

[Goldtop]

thank you