Symantec Script Blocking?? |
Author: |
Message: |
ShawnZ
Veteran Member
Posts: 3146 Reputation: 43
32 / /
Joined: Jan 2003
|
RE: Symantec Script Blocking??
quote: Originally posted by jeff0806
Can I just uninstall Norton Antivirus and dont get another one?
Cause I am using Zone Labs with Norton Antivirus now..
those happen to be the worst two products on the market
quote: Originally posted by vikke
Actually there are a lot of viruses using WSH scripting (.vbs & .js files). And if they get access to the memory (and the ability to create/remove files), you'll never know what happens. That's why the anti-virus is blocking the registry interface, to prevent these malwares that actually exists. This is a good protection, too bad it blocks Messenger Plus!.
However Messenger Plus!'s scripts are using these interfaces in a good way. If there's an option to ignore it just for that process (msnmsgr.exe), that would be great for you.
except... hey, wait a minute, virus scanners already have the capability to check executable files for virus signatures and monitor important registry locations! gee, that sort of makes blocking any use of activex in WSH useless, doesn't it?
This post was edited on 12-08-2007 at 08:17 AM by ShawnZ.
Spoiler: the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
|
|
12-08-2007 08:16 AM |
|
|
vikke
Senior Member
Posts: 900 Reputation: 28
31 / /
Joined: May 2006
|
RE: RE: Symantec Script Blocking??
quote: Originally posted by ShawnZ
quote: Originally posted by vikke
Actually there are a lot of viruses using WSH scripting (.vbs & .js files). And if they get access to the memory (and the ability to create/remove files), you'll never know what happens. That's why the anti-virus is blocking the registry interface, to prevent these malwares that actually exists. This is a good protection, too bad it blocks Messenger Plus!.
However Messenger Plus!'s scripts are using these interfaces in a good way. If there's an option to ignore it just for that process (msnmsgr.exe), that would be great for you.
except... hey, wait a minute, virus scanners already have the capability to check executable files for virus signatures and monitor important registry locations! gee, that sort of makes blocking any use of activex in WSH useless, doesn't it?
Nope. New viruses are created everyday, and if Symantec wouldn't have added this block, you would have got infected since you get the virus before Symantec's updates. Also, you cannot be sure these checks on the PE-file is working correct. If I'm not mistaken a lot of programs has been identified as viruses when they're not.
It's a well-used technology, it's recommended to block these objects.
It's better having this block than getting infected by the virus.
|
|
12-08-2007 08:26 AM |
|
|
ShawnZ
Veteran Member
Posts: 3146 Reputation: 43
32 / /
Joined: Jan 2003
|
RE: Symantec Script Blocking??
so your logic is that executable files themselves are more trustworthy than scripts that create executable files?
Spoiler: the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
|
|
12-08-2007 08:33 AM |
|
|
vikke
Senior Member
Posts: 900 Reputation: 28
31 / /
Joined: May 2006
|
RE: RE: Symantec Script Blocking??
quote: Originally posted by ShawnZ
so your logic is that executable files themselves are more trustworthy than scripts that create executable files?
Not at all, but they can be.
|
|
12-08-2007 08:35 AM |
|
|
CookieRevised
Elite Member
Posts: 15517 Reputation: 173
– / /
Joined: Jul 2003
Status: Away
|
RE: Symantec Script Blocking??
[OFF TOPIC]
quote: Originally posted by vikke
Edit: Patchou can solve this problem by creating his own object for registry access instead of forcing the scripts to use the WSH object.
No need, use the Windows registry APIs. You can even do a lot more with them.
[/OFF TOPIC]
.-= A 'frrrrrrrituurrr' for Wacky =-.
|
|
12-08-2007 08:38 AM |
|
|
ShawnZ
Veteran Member
Posts: 3146 Reputation: 43
32 / /
Joined: Jan 2003
|
RE: Symantec Script Blocking??
so then why should ALL registry/file system access be blocked to scripts, whereas only suspicious things are flagged in real executables (when it's just as easy to do this for scripts too?)?
Spoiler: the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
|
|
12-08-2007 08:38 AM |
|
|
vikke
Senior Member
Posts: 900 Reputation: 28
31 / /
Joined: May 2006
|
RE: Symantec Script Blocking??
quote: Originally posted by CookieRevised
quoteriginally posted by vikke
Edit: Patchou can solve this problem by creating his own object for registry access instead of forcing the scripts to use the WSH object.
No need, use the Windows registry APIs. You can even do a lot more with them.
They're a pain in the arse! I might just wrap it up into a JavaScript-class later.
quote: Originally posted by ShawnZ
so then why should ALL registry/file system access be blocked to scripts, whereas only suspicious things are flagged in real executables (when it's just as easy to do this for scripts too?)?
Because if you block the registry access in executables Windows would stop working. This doesn't mean I don't think it shouldn't be blocked in executables, but hopefully the anti-virus will find the virus, and remove it.
1% of all executables are viruses. 25% of all scripts are viruses. These values may be incorrect, but I hope you understand what I mean.
This post was edited on 12-08-2007 at 08:49 AM by vikke.
|
|
12-08-2007 08:45 AM |
|
|
ShawnZ
Veteran Member
Posts: 3146 Reputation: 43
32 / /
Joined: Jan 2003
|
RE: Symantec Script Blocking??
quote: Originally posted by vikke
if you block the registry access in executables Windows would stop working.
obviously, i didn't mean executables that are part of the system
quote: Originally posted by vikke
I hope you understand what I mean.
not really.
Spoiler: the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
|
|
12-08-2007 08:48 AM |
|
|
vikke
Senior Member
Posts: 900 Reputation: 28
31 / /
Joined: May 2006
|
RE: RE: Symantec Script Blocking??
quote: Originally posted by ShawnZ
quote: Originally posted by vikke
if you block the registry access in executables Windows would stop working.
obviously, i didn't mean executables that are part of the system
quote: Originally posted by vikke
I hope you understand what I mean.
not really.
Viruses are often part of the system. Either injected or running as a service. And any executable which is blocked from registry will stop working as every Win32 application is independent of the registry.
Blocking every program (with PE-files) would just be stupid, all programs would stop working. However if you block it from scripts, there's a chance you actually stop a virus.
There could be other methods which are more accurate than registry blocking, but Symantec chose to apply this block, and I don't see why to remove a block that actually blocks viruses quite often.
|
|
12-08-2007 08:56 AM |
|
|
ShawnZ
Veteran Member
Posts: 3146 Reputation: 43
32 / /
Joined: Jan 2003
|
RE: Symantec Script Blocking??
quote: Originally posted by vikke
Blocking every program (with PE-files) would just be stupid, all programs would stop working. However if you block it from scripts, there's a chance you actually stop a virus
if you block registry and file access from every user-mode application, there's a chance you'd stop a virus too. in fact, a much higher chance. but you don't. you just check executables for virus signatures and suspicious activities that a virus might perform. so why not do that with scripts if it works so effectively?
Spoiler: the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
|
|
12-08-2007 06:00 PM |
|
|
Pages: (3):
« First
«
1
[ 2 ]
3
»
Last »
|
|