LoWang Posted March 10, 2012 Share Posted March 10, 2012 (edited) Hello, I know this is not exactly an AutoIt problem, but I hope somebody here might know this I am talking about securing data against session stealing malware. Imagine you create a folder and set NTFS permissions that only one special account in your system has access to it. Theoretically no malware should be able to get into it even if it runs with admin credentials provided you removed "administrators" group from the ACL right? It would have to change the permissions or take ownership (which is theoretically possible but improbable for some malware to try) The other way to get into this folder would be if you have some process running or you just start a process under this special account (using runas) and it gets infected or hijacked or whatever because there is an active malware process running on your pc already. This way malware could get there right? This means you cannot secure the data only by using ntfs permissions in relation to user accounts, BUT in theory if there was a way to allow only some process (name or path) to get into that folder it could fix this problem because even if malware stole your session it would not get there if running under different process name!I am not a security expert so maybe I just said a bunch of nonsense, but I think there was some software or example scripts doing something like this...And there is also this program called trust-no-exe from Beyond Logic that blocks unallowed exe files to be run, so this is relatedhttp://www.techrepublic.com/article/tech...down-computers-with-trust-no-ecan't be downloaded from the homepage already though... Edited March 10, 2012 by LoWang Link to comment Share on other sites More sharing options...
jchd Posted March 10, 2012 Share Posted March 10, 2012 (edited) There you are: http://retired.beyondlogic.org/solutions/trust-no-exe/trust-no-exe.htmDisclaimer: I only followed links starting from the URL you gave. I've no idea how it works or fails, nor if it whistles "God save the Queen" when run on Win7 x64 or what. Hence the risk is yours! Edited March 10, 2012 by jchd This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe hereRegExp tutorial: enough to get startedPCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta. SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt) Link to comment Share on other sites More sharing options...
LoWang Posted March 11, 2012 Author Share Posted March 11, 2012 I am not sure if you understood what I posted:) I can download this utility from various sources so thank you for the link but this is just an example of software which does something similar to what I am asking for, but not exactly. Link to comment Share on other sites More sharing options...
jchd Posted March 11, 2012 Share Posted March 11, 2012 (edited) Ah sorry, I got it that you couldn't locate the new repository. About your main issue, I don't see much that can be done robustly within AUtoIt. In front of a strong opponent (malware) you have to be smarter than it is and AutoIt is certainly not the tool for playing this game. Edited March 11, 2012 by jchd This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe hereRegExp tutorial: enough to get startedPCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta. SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now