The Security Suite/TT Livescan

Prev: heureuse
Next: Simple hack to get $500 to your home.

From: Lil' Abner on 19 Jul 2010 21:33

---

idbeholda <idbeholda(a)gmail.com> wrote in news:2fe525f4-ad26-4d33-8b14-
c6796fffcdbd(a)d16g2000yqb.googlegroups.com:

> The alert you're getting for PortStub.exe would be a false positive.
> When the scanner initializes, PortStub.exe is activated, which
> produces a list of ACTIVE processes, and their active port numbers,
> then it exits. The items in this list are checked against the online
> whitelist database. The reason both The Security Suite and TT
> Livescan are as small as they are is because a full local install of
> the database AND the application will be close to 2GB. The only way
> for me to make my project available to the public, is to make it to
> where the current database format is remotely accessed.
>
> The experimental, unreleased version that I have at my own personal
> disposal has database access times that are only limited by the
> physical speed of the hardware architecture that it's installed on.
> The downside is, the way the unreleased database is formatted, it
> takes up nearly 160GB. Yes, you read that correctly, and no, it's not
> science fiction or an urban legend. The reason I bring this up, is
> that if it were commercially viable for me to make this version
> available to the public, I would. Unfortunately, I have neither the
> time OR the resources to do so at this point in time. In the future,
> it's a possibility.
>
> Now, onto the second part... Since the last time I explained
> something similar to this (the ftp uploader), and was accused of
> writing a worm, again, unlike other companies, I will OPENLY discuss
> my work if asked politely. The following code is the only part of the
> code that "drops" anything. And yes, it was modified from a project
> on pscode that I downloaded quite some time ago. The dropped file in
> question being ports.map, as we can see below.
>
>
> If Not Privilege Then
> If Not (LoadPrivilege(SE_DEBUG_NAME)) Then
> End
> End If
> End If
> Privilege = True
>
> If OpenPort() Then
> For i = 0 To 65535
> If ResultPorts(0, i) Then
> PPCode = Replace(Str(i) + vbTab +
> ProcessPathByPID(ResultPorts(0, i)), " ", "")
> If InStr(PPCode, "SYSTEM") < 1 Then
> Open "ports.map" For Append As #2
> Print #2, PPCode
> Close #2
> End If
>
> End If
> If ResultPorts(1, i) Then
> PPCode = Replace(Str(i) + vbTab +
> ProcessPathByPID(ResultPorts(1, i)), " ", "")
> If InStr(PPCode, "SYSTEM") < 1 Then
> Open "ports.map" For Append As #2
> Print #2, PPCode
> Close #2
> End If
> End If
> Next i
> End If
> Unload Me
> End Sub
>
> Gathering the list of processes by port, and then outputting the
> results to a plain text file. There it is. There is the so-called
> "hostile" code.
>
> If you have any more questions, I'll be more than happy to answer them.

OK. Please accept my apologies. I leaped before I looked. "Security Suite"
was a red flag for me and I was bound and determined to prove myself right.
And a few false positives were all it took. And yes, I am quite aware that
false positives exist. Other people's antiviruses are always wiping
legitimate tools off my memory stick.
I was also not aware that the OP (you) was the author of the app. Then when
some of the others for whom I have a great deal of respect started slamming
me, I knew I'd been had!
So again, sorry to all of you. I'll be more careful in my future
assessments!

--
--- Peace? ---

From: Dustin on 19 Jul 2010 22:52

---

"Lil' Abner" <blvstk(a)dogpatch.com> wrote in
news:Xns9DBAD120B6B64butter(a)wefb973cbe498:

> idbeholda <idbeholda(a)gmail.com> wrote in
> news:2fe525f4-ad26-4d33-8b14-
> c6796fffcdbd(a)d16g2000yqb.googlegroups.com:
>
>> The alert you're getting for PortStub.exe would be a false
>> positive. When the scanner initializes, PortStub.exe is activated,
>> which produces a list of ACTIVE processes, and their active port
>> numbers, then it exits. The items in this list are checked against
>> the online whitelist database. The reason both The Security Suite
>> and TT Livescan are as small as they are is because a full local
>> install of the database AND the application will be close to 2GB.
>> The only way for me to make my project available to the public, is
>> to make it to where the current database format is remotely
>> accessed.
>>
>> The experimental, unreleased version that I have at my own personal
>> disposal has database access times that are only limited by the
>> physical speed of the hardware architecture that it's installed on.
>> The downside is, the way the unreleased database is formatted, it
>> takes up nearly 160GB. Yes, you read that correctly, and no, it's
>> not science fiction or an urban legend. The reason I bring this
>> up, is that if it were commercially viable for me to make this
>> version available to the public, I would. Unfortunately, I have
>> neither the time OR the resources to do so at this point in time.
>> In the future, it's a possibility.
>>
>> Now, onto the second part... Since the last time I explained
>> something similar to this (the ftp uploader), and was accused of
>> writing a worm, again, unlike other companies, I will OPENLY
>> discuss my work if asked politely. The following code is the only
>> part of the code that "drops" anything. And yes, it was modified
>> from a project on pscode that I downloaded quite some time ago.
>> The dropped file in question being ports.map, as we can see below.
>>
>>
>> If Not Privilege Then
>> If Not (LoadPrivilege(SE_DEBUG_NAME)) Then
>> End
>> End If
>> End If
>> Privilege = True
>>
>> If OpenPort() Then
>> For i = 0 To 65535
>> If ResultPorts(0, i) Then
>> PPCode = Replace(Str(i) + vbTab +
>> ProcessPathByPID(ResultPorts(0, i)), " ", "")
>> If InStr(PPCode, "SYSTEM") < 1 Then
>> Open "ports.map" For Append As #2
>> Print #2, PPCode
>> Close #2
>> End If
>>
>> End If
>> If ResultPorts(1, i) Then
>> PPCode = Replace(Str(i) + vbTab +
>> ProcessPathByPID(ResultPorts(1, i)), " ", "")
>> If InStr(PPCode, "SYSTEM") < 1 Then
>> Open "ports.map" For Append As #2
>> Print #2, PPCode
>> Close #2
>> End If
>> End If
>> Next i
>> End If
>> Unload Me
>> End Sub
>>
>> Gathering the list of processes by port, and then outputting the
>> results to a plain text file. There it is. There is the so-called
>> "hostile" code.
>>
>> If you have any more questions, I'll be more than happy to answer
>> them.
>
> OK. Please accept my apologies. I leaped before I looked. "Security
> Suite" was a red flag for me and I was bound and determined to prove
> myself right. And a few false positives were all it took. And yes, I
> am quite aware that false positives exist. Other people's
> antiviruses are always wiping legitimate tools off my memory stick.
> I was also not aware that the OP (you) was the author of the app.
> Then when some of the others for whom I have a great deal of respect
> started slamming me, I knew I'd been had!
> So again, sorry to all of you. I'll be more careful in my future
> assessments!
>

I should have spoken up earlier myself. The software and it's author
are legit. Apologies for ignoring this...


--
Too cold to start a fire. I'm burning diesel burning dinosaur bones.
I'll take the river down to still water and ride a pack of dogs!
But I'm gonna break. I'm gonna break my... I'm gonna break my rusty
cage and run.. Yea i'm gonna break.. I'm gonna break my... I'm gonna
break my rusty cage... and run!

From: idbeholda on 19 Jul 2010 23:42

---

On Jul 19, 9:52 pm, Dustin <bughunter.dus...(a)gmail.com> wrote:
> "Lil' Abner" <blv...(a)dogpatch.com> wrote innews:Xns9DBAD120B6B64butter(a)wefb973cbe498:
>
>
>
>
>
> > idbeholda <idbeho...(a)gmail.com> wrote in
> > news:2fe525f4-ad26-4d33-8b14-
> > c6796fffc...(a)d16g2000yqb.googlegroups.com:
>
> >> The alert you're getting for PortStub.exe would be a false
> >> positive. When the scanner initializes, PortStub.exe is activated,
> >> which produces a list of ACTIVE processes, and their active port
> >> numbers, then it exits.  The items in this list are checked against
> >> the online whitelist database.  The reason both The Security Suite
> >> and TT Livescan are as small as they are is because a full local
> >> install of the database AND the application will be close to 2GB.
> >> The only way for me to make my project available to the public, is
> >> to make it to where the current database format is remotely
> >> accessed.
>
> >> The experimental, unreleased version that I have at my own personal
> >> disposal has database access times that are only limited by the
> >> physical speed of the hardware architecture that it's installed on.
> >> The downside is, the way the unreleased database is formatted, it
> >> takes up nearly 160GB.  Yes, you read that correctly, and no, it's
> >> not science fiction or an urban legend.  The reason I bring this
> >> up, is that if it were commercially viable for me to make this
> >> version available to the public, I would.  Unfortunately, I have
> >> neither the time OR the resources to do so at this point in time.
> >> In the future, it's a possibility.
>
> >> Now, onto the second part...  Since the last time I explained
> >> something similar to this (the ftp uploader), and was accused of
> >> writing a worm, again, unlike other companies, I will OPENLY
> >> discuss my work if asked politely.  The following code is the only
> >> part of the code that "drops" anything.  And yes, it was modified
> >> from a project on pscode that I downloaded quite some time ago.
> >> The dropped file in question being ports.map, as we can see below.
>
> >> If Not Privilege Then
> >>     If Not (LoadPrivilege(SE_DEBUG_NAME)) Then
> >>         End
> >>     End If
> >> End If
> >> Privilege = True
>
> >> If OpenPort() Then
> >>     For i = 0 To 65535
> >>         If ResultPorts(0, i) Then
> >>                 PPCode = Replace(Str(i) + vbTab +
> >> ProcessPathByPID(ResultPorts(0, i)), " ", "")
> >>                 If InStr(PPCode, "SYSTEM") < 1 Then
> >>                 Open "ports.map" For Append As #2
> >>                 Print #2, PPCode
> >>                 Close #2
> >>                 End If
>
> >>         End If
> >>         If ResultPorts(1, i) Then
> >>                 PPCode = Replace(Str(i) + vbTab +
> >> ProcessPathByPID(ResultPorts(1, i)), " ", "")
> >>                 If InStr(PPCode, "SYSTEM") < 1 Then
> >>                 Open "ports.map" For Append As #2
> >>                 Print #2, PPCode
> >>                 Close #2
> >>                 End If
> >>         End If
> >>     Next i
> >> End If
> >> Unload Me
> >> End Sub
>
> >> Gathering the list of processes by port, and then outputting the
> >> results to a plain text file.  There it is.  There is the so-called
> >> "hostile" code.
>
> >> If you have any more questions, I'll be more than happy to answer
> >> them.
>
> > OK. Please accept my apologies. I leaped before I looked. "Security
> > Suite" was a red flag for me and I was bound and determined to prove
> > myself right. And a few false positives were all it took. And yes, I
> > am quite aware that false positives exist. Other people's
> > antiviruses are always wiping legitimate tools off my memory stick.
> > I was also not aware that the OP (you) was the author of the app.
> > Then when some of the others for whom I have a great deal of respect
> > started slamming me, I knew I'd been had!
> > So again, sorry to all of you. I'll be more careful in my future
> > assessments!
>
> I should have spoken up earlier myself. The software and it's author
> are legit. Apologies for ignoring this...
>
> --
> Too cold to start a fire. I'm burning diesel burning dinosaur bones.
> I'll take the river down to still water and ride a pack of dogs!
> But I'm gonna break. I'm gonna break my... I'm gonna break my rusty
> cage and run.. Yea i'm gonna break.. I'm gonna break my... I'm gonna
> break my rusty cage... and run!

On Jul 19, 8:33 pm, "Lil' Abner" <blv...(a)dogpatch.com> wrote:
> idbeholda <idbeho...(a)gmail.com> wrote in news:2fe525f4-ad26-4d33-8b14-
> c6796fffc...(a)d16g2000yqb.googlegroups.com:
>
>
>
>
>
> > The alert you're getting for PortStub.exe would be a false positive.
> > When the scanner initializes, PortStub.exe is activated, which
> > produces a list of ACTIVE processes, and their active port numbers,
> > then it exits.  The items in this list are checked against the online
> > whitelist database.  The reason both The Security Suite and TT
> > Livescan are as small as they are is because a full local install of
> > the database AND the application will be close to 2GB.  The only way
> > for me to make my project available to the public, is to make it to
> > where the current database format is remotely accessed.
>
> > The experimental, unreleased version that I have at my own personal
> > disposal has database access times that are only limited by the
> > physical speed of the hardware architecture that it's installed on.
> > The downside is, the way the unreleased database is formatted, it
> > takes up nearly 160GB.  Yes, you read that correctly, and no, it's not
> > science fiction or an urban legend.  The reason I bring this up, is
> > that if it were commercially viable for me to make this version
> > available to the public, I would.  Unfortunately, I have neither the
> > time OR the resources to do so at this point in time.  In the future,
> > it's a possibility.
>
> > Now, onto the second part...  Since the last time I explained
> > something similar to this (the ftp uploader), and was accused of
> > writing a worm, again, unlike other companies, I will OPENLY discuss
> > my work if asked politely.  The following code is the only part of the
> > code that "drops" anything.  And yes, it was modified from a project
> > on pscode that I downloaded quite some time ago.  The dropped file in
> > question being ports.map, as we can see below.
>
> > If Not Privilege Then
> >     If Not (LoadPrivilege(SE_DEBUG_NAME)) Then
> >         End
> >     End If
> > End If
> > Privilege = True
>
> > If OpenPort() Then
> >     For i = 0 To 65535
> >         If ResultPorts(0, i) Then
> >                 PPCode = Replace(Str(i) + vbTab +
> > ProcessPathByPID(ResultPorts(0, i)), " ", "")
> >                 If InStr(PPCode, "SYSTEM") < 1 Then
> >                 Open "ports.map" For Append As #2
> >                 Print #2, PPCode
> >                 Close #2
> >                 End If
>
> >         End If
> >         If ResultPorts(1, i) Then
> >                 PPCode = Replace(Str(i) + vbTab +
> > ProcessPathByPID(ResultPorts(1, i)), " ", "")
> >                 If InStr(PPCode, "SYSTEM") < 1 Then
> >                 Open "ports.map" For Append As #2
> >                 Print #2, PPCode
> >                 Close #2
> >                 End If
> >         End If
> >     Next i
> > End If
> > Unload Me
> > End Sub
>
> > Gathering the list of processes by port, and then outputting the
> > results to a plain text file.  There it is.  There is the so-called
> > "hostile" code.
>
> > If you have any more questions, I'll be more than happy to answer them.
>
> OK. Please accept my apologies. I leaped before I looked. "Security Suite"
> was a red flag for me and I was bound and determined to prove myself right.
> And a few false positives were all it took. And yes, I am quite aware that
> false positives exist. Other people's antiviruses are always wiping
> legitimate tools off my memory stick.
> I was also not aware that the OP (you) was the author of the app. Then when
> some of the others for whom I have a great deal of respect started slamming
> me, I knew I'd been had!
> So again, sorry to all of you. I'll be more careful in my future
> assessments!
>
> --
>                           --- Peace? ---

No worries.

From: idbeholda on 19 Jul 2010 23:45

---

On Jul 19, 8:33 pm, "Lil' Abner" <blv...(a)dogpatch.com> wrote:
> idbeholda <idbeho...(a)gmail.com> wrote in news:2fe525f4-ad26-4d33-8b14-
> c6796fffc...(a)d16g2000yqb.googlegroups.com:
>
>
>
>
>
> > The alert you're getting for PortStub.exe would be a false positive.
> > When the scanner initializes, PortStub.exe is activated, which
> > produces a list of ACTIVE processes, and their active port numbers,
> > then it exits.  The items in this list are checked against the online
> > whitelist database.  The reason both The Security Suite and TT
> > Livescan are as small as they are is because a full local install of
> > the database AND the application will be close to 2GB.  The only way
> > for me to make my project available to the public, is to make it to
> > where the current database format is remotely accessed.
>
> > The experimental, unreleased version that I have at my own personal
> > disposal has database access times that are only limited by the
> > physical speed of the hardware architecture that it's installed on.
> > The downside is, the way the unreleased database is formatted, it
> > takes up nearly 160GB.  Yes, you read that correctly, and no, it's not
> > science fiction or an urban legend.  The reason I bring this up, is
> > that if it were commercially viable for me to make this version
> > available to the public, I would.  Unfortunately, I have neither the
> > time OR the resources to do so at this point in time.  In the future,
> > it's a possibility.
>
> > Now, onto the second part...  Since the last time I explained
> > something similar to this (the ftp uploader), and was accused of
> > writing a worm, again, unlike other companies, I will OPENLY discuss
> > my work if asked politely.  The following code is the only part of the
> > code that "drops" anything.  And yes, it was modified from a project
> > on pscode that I downloaded quite some time ago.  The dropped file in
> > question being ports.map, as we can see below.
>
> > If Not Privilege Then
> >     If Not (LoadPrivilege(SE_DEBUG_NAME)) Then
> >         End
> >     End If
> > End If
> > Privilege = True
>
> > If OpenPort() Then
> >     For i = 0 To 65535
> >         If ResultPorts(0, i) Then
> >                 PPCode = Replace(Str(i) + vbTab +
> > ProcessPathByPID(ResultPorts(0, i)), " ", "")
> >                 If InStr(PPCode, "SYSTEM") < 1 Then
> >                 Open "ports.map" For Append As #2
> >                 Print #2, PPCode
> >                 Close #2
> >                 End If
>
> >         End If
> >         If ResultPorts(1, i) Then
> >                 PPCode = Replace(Str(i) + vbTab +
> > ProcessPathByPID(ResultPorts(1, i)), " ", "")
> >                 If InStr(PPCode, "SYSTEM") < 1 Then
> >                 Open "ports.map" For Append As #2
> >                 Print #2, PPCode
> >                 Close #2
> >                 End If
> >         End If
> >     Next i
> > End If
> > Unload Me
> > End Sub
>
> > Gathering the list of processes by port, and then outputting the
> > results to a plain text file.  There it is.  There is the so-called
> > "hostile" code.
>
> > If you have any more questions, I'll be more than happy to answer them.
>
> OK. Please accept my apologies. I leaped before I looked. "Security Suite"
> was a red flag for me and I was bound and determined to prove myself right.
> And a few false positives were all it took. And yes, I am quite aware that
> false positives exist. Other people's antiviruses are always wiping
> legitimate tools off my memory stick.
> I was also not aware that the OP (you) was the author of the app. Then when
> some of the others for whom I have a great deal of respect started slamming
> me, I knew I'd been had!
> So again, sorry to all of you. I'll be more careful in my future
> assessments!
>
> --
>                           --- Peace? ---

First  |  Prev  | 
Pages: 1 2
Prev: heureuse
Next: Simple hack to get $500 to your home.