Sophos free tools

Reply
Topic Options
AdmGoe
Occasional Visitor
AdmGoe
Posts: 1
Registered: Fri 30-Jul-2010
0

Sophos LNK Tool: Not sufficient by design...

Options

Fri 30-Jul-2010 12:54

deficit 1:

it protects only, if *BOTH*, the LNK file and the executable are *NOT* on a local media.

So it does not protect against Trojan packed in an ZIP archive: Such .ZIP files are regularly expanded on local disks.

 

deficit 2:

it does not protect against hacked .PIF files, which use the pretty same mechanism.

 

deficit 3:

We need a ".LNK Test Kit", some "TEST.LNK" bundled with a "YouAreVulnerablePopup.DLL".

A tool allowing to remotely mass check PCs to scan networks for sufficient protection would be helpful as well.

 

Regards, and thanks for the tool provided for free to the community so far :smileyhappy:

Report Inappropriate Content
Message 1 of 2 (1,416 Views)
 
Reply
Employee
Employee
Shai_Gelbaum
Posts: 19
Registered: Fri 12-Mar-2010
0

Re: Sophos LNK Tool: Not sufficient by design...

Options

Fri 30-Jul-2010 15:33

Hi AdmGoe,

 

  1. We did this to make sure we had a solid tool out there with low false positives quickly to protect people, currently working on improving this without increasing the false positives, was hoping to release today but ran into some snags, should be done start of next week.
  2. So far no .PIF based attacks so we started by focusing on .LNK files. The team has tried implementing the same approach to .PIF as we did for .LNK but that had some adverse affects so we are still researching a clean way to do it.
  3. Not sure I can help with that, best contacting Microsoft, 

Thanks for the comments,

 

Shai Gelbaum

Product manager

Report Inappropriate Content
Message 2 of 2 (1,404 Views)
 
Reply