What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Messenger Plus! for Live Messenger » WLM Plus! Bug Reports » Symantec Script Blocking??

Pages: (3): « First « 1 [ 2 ] 3 » Last »
Symantec Script Blocking??
Author: Message:
ShawnZ
Veteran Member
*****

Avatar

Posts: 3146
Reputation: 43
32 / Male / Flag
Joined: Jan 2003
RE: Symantec Script Blocking??
quote:
Originally posted by jeff0806
Can I just uninstall Norton Antivirus and dont get another one?
Cause I am using Zone Labs with Norton Antivirus now..

those happen to be the worst two products on the market

quote:
Originally posted by vikke
Actually there are a lot of viruses using WSH scripting (.vbs & .js files). And if they get access to the memory (and the ability to create/remove files), you'll never know what happens. That's why the anti-virus is blocking the registry interface, to prevent these malwares that actually exists. This is a good protection, too bad it blocks Messenger Plus!.

However Messenger Plus!'s scripts are using these interfaces in a good way. If there's an option to ignore it just for that process (msnmsgr.exe), that would be great for you.

except... hey, wait a minute, virus scanners already have the capability to check executable files for virus signatures and monitor important registry locations! gee, that sort of makes blocking any use of activex in WSH useless, doesn't it?

This post was edited on 12-08-2007 at 08:17 AM by ShawnZ.
Spoiler:
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
12-08-2007 08:16 AM
Profile PM Web Find Quote Report
vikke
Senior Member
****

Avatar

Posts: 900
Reputation: 28
31 / Male / Flag
Joined: May 2006
RE: RE: Symantec Script Blocking??
quote:
Originally posted by ShawnZ
quote:
Originally posted by vikke
Actually there are a lot of viruses using WSH scripting (.vbs & .js files). And if they get access to the memory (and the ability to create/remove files), you'll never know what happens. That's why the anti-virus is blocking the registry interface, to prevent these malwares that actually exists. This is a good protection, too bad it blocks Messenger Plus!.

However Messenger Plus!'s scripts are using these interfaces in a good way. If there's an option to ignore it just for that process (msnmsgr.exe), that would be great for you.

except... hey, wait a minute, virus scanners already have the capability to check executable files for virus signatures and monitor important registry locations! gee, that sort of makes blocking any use of activex in WSH useless, doesn't it?
Nope. New viruses are created everyday, and if Symantec wouldn't have added this block, you would have got infected since you get the virus before Symantec's updates. Also, you cannot be sure these checks on the PE-file is working correct. If I'm not mistaken a lot of programs has been identified as viruses when they're not.
It's a well-used technology, it's recommended to block these objects.

It's better having this block than getting infected by the virus.
12-08-2007 08:26 AM
Profile E-Mail PM Find Quote Report
ShawnZ
Veteran Member
*****

Avatar

Posts: 3146
Reputation: 43
32 / Male / Flag
Joined: Jan 2003
RE: Symantec Script Blocking??
so your logic is that executable files themselves are more trustworthy than scripts that create executable files?
Spoiler:
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
12-08-2007 08:33 AM
Profile PM Web Find Quote Report
vikke
Senior Member
****

Avatar

Posts: 900
Reputation: 28
31 / Male / Flag
Joined: May 2006
RE: RE: Symantec Script Blocking??
quote:
Originally posted by ShawnZ
so your logic is that executable files themselves are more trustworthy than scripts that create executable files?
Not at all, but they can be.
12-08-2007 08:35 AM
Profile E-Mail PM Find Quote Report
CookieRevised
Elite Member
*****

Avatar

Posts: 15517
Reputation: 173
– / Male / Flag
Joined: Jul 2003
Status: Away
RE: Symantec Script Blocking??
[OFF TOPIC]

quote:
Originally posted by vikke
Edit: Patchou can solve this problem by creating his own object for registry access instead of forcing the scripts to use the WSH object.
No need, use the Windows registry APIs. You can even do a lot more with them.

[/OFF TOPIC]
.-= A 'frrrrrrrituurrr' for Wacky =-.
12-08-2007 08:38 AM
Profile PM Find Quote Report
ShawnZ
Veteran Member
*****

Avatar

Posts: 3146
Reputation: 43
32 / Male / Flag
Joined: Jan 2003
RE: Symantec Script Blocking??
so then why should ALL registry/file system access be blocked to scripts, whereas only suspicious things are flagged in real executables (when it's just as easy to do this for scripts too?)?
Spoiler:
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
12-08-2007 08:38 AM
Profile PM Web Find Quote Report
vikke
Senior Member
****

Avatar

Posts: 900
Reputation: 28
31 / Male / Flag
Joined: May 2006
RE: Symantec Script Blocking??
quote:
Originally posted by CookieRevised


    quote:Originally posted by vikke
    Edit: Patchou can solve this problem by creating his own object for registry access instead of forcing the scripts to use the WSH object.

No need, use the Windows registry APIs. You can even do a lot more with them.

They're a pain in the arse! I might just wrap it up into a JavaScript-class later.

quote:
Originally posted by ShawnZ
so then why should ALL registry/file system access be blocked to scripts, whereas only suspicious things are flagged in real executables (when it's just as easy to do this for scripts too?)?
Because if you block the registry access in executables Windows would stop working. This doesn't mean I don't think it shouldn't be blocked in executables, but hopefully the anti-virus will find the virus, and remove it.

1% of all executables are viruses. 25% of all scripts are viruses. These values may be incorrect, but I hope you understand what I mean.

This post was edited on 12-08-2007 at 08:49 AM by vikke.
12-08-2007 08:45 AM
Profile E-Mail PM Find Quote Report
ShawnZ
Veteran Member
*****

Avatar

Posts: 3146
Reputation: 43
32 / Male / Flag
Joined: Jan 2003
RE: Symantec Script Blocking??
quote:
Originally posted by vikke
if you block the registry access in executables Windows would stop working.

obviously, i didn't mean executables that are part of the system

quote:
Originally posted by vikke
I hope you understand what I mean.

not really.
Spoiler:
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
12-08-2007 08:48 AM
Profile PM Web Find Quote Report
vikke
Senior Member
****

Avatar

Posts: 900
Reputation: 28
31 / Male / Flag
Joined: May 2006
RE: RE: Symantec Script Blocking??
quote:
Originally posted by ShawnZ
quote:
Originally posted by vikke
if you block the registry access in executables Windows would stop working.

obviously, i didn't mean executables that are part of the system

quote:
Originally posted by vikke
I hope you understand what I mean.

not really.
Viruses are often part of the system. Either injected or running as a service. And any executable which is blocked from registry will stop working as every Win32 application is independent of the registry.
Blocking every program (with PE-files) would just be stupid, all programs would stop working. However if you block it from scripts, there's a chance you actually stop a virus.
There could be other methods which are more accurate than registry blocking, but Symantec chose to apply this block, and I don't see why to remove a block that actually blocks viruses quite often.
12-08-2007 08:56 AM
Profile E-Mail PM Find Quote Report
ShawnZ
Veteran Member
*****

Avatar

Posts: 3146
Reputation: 43
32 / Male / Flag
Joined: Jan 2003
RE: Symantec Script Blocking??
quote:
Originally posted by vikke
Blocking every program (with PE-files) would just be stupid, all programs would stop working. However if you block it from scripts, there's a chance you actually stop a virus

if you block registry and file access from every user-mode application, there's a chance you'd stop a virus too. in fact, a much higher chance. but you don't. you just check executables for virus signatures and suspicious activities that a virus might perform. so why not do that with scripts if it works so effectively?
Spoiler:
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
12-08-2007 06:00 PM
Profile PM Web Find Quote Report
Pages: (3): « First « 1 [ 2 ] 3 » Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On