Can ExploitShield browser version be used next to avast resident av?

[polonus]

I experienced a PFN_list corrupt error as ExploitShield icon did not show at start up,

polonus

[polonus]

To-day I experienced the first time, I was NOT being protected by this stand-alone tool for a zero day XSS attack.
Attack
htxps://serviceweb.solcon.nl/?f_user=%27%20onfocus%3Dalert%28String.fromCharCode%2888%2C83%2C83%2C63%2C32%2C87%2C104%2C97%2C116%2C39%2C115%2C32%2C116%2C104%2C97%2C116%2C63%29%29%20d%3D%27
The message was: You have been protected by
found JavaScript
     error: undefined variable document.login
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var document.login = 1;
          error: line:1: ....^
Malware Script extension alerted that I was being protected against the attack...

polonus

[schmidthouse]

I've been watching/reading the Z forum, interested in beta .8 and how many of the wrinkles  get ironed out.
Actually, it appears not overly active there at the moment.

[schmidthouse]

FYI 
Quote from 'zork' : "We're actually doing a lot of improvements. We hope to have a beta2 out in the next few weeks".
Looking forward to the improvements.

[ZeroVulnLabs]

To-day I experienced the first time, I was NOT being protected by this stand-alone tool for a zero day XSS attack.

An explanation of which vulnerabilities ExploitShield protects against, and which it doesn't, can be found on our website's technology FAQ:
http://www.zerovulnerabilitylabs.com/home/technology/frequently-asked-questions/

Which vulnerability exploits does ExploitShield protect against?
There are many different types of vulnerabilities which can be exploited in different ways, from local to remote, from simple information disclosure through directory traversals, privilege escalation, cross-site scripting to complete system compromise via arbitrary code execution. ExploitShield protects against the most dangerous types of exploits, the ones that result in complete system compromise by running arbitrary malicious code and which are normally used by cyber criminals to infect users with financial-driven malware, botnet infections or corporate espionage malware.  ExploitShield focuses on protecting prevalent applications against attacks which result in system compromise by executing malicious code. ExploitShield will not protect against exploits which take advantage of insufficient or incorrect configuration or information disclosures, XSS, etc.

[Asyn]

Welcome to the forum..!!

[polonus]

Hi ZeroVulnLabs,

The link you give is being flagged by Bitdefender's TrafficLight as containg malware. Is this a FP?
Site has some security issues, for instance header security-> The 'X-Content-Type-Options' HTTP header if set to 'nosniff' stops the browser from guessing the MIME type via content sniffing. Without this option set there is an increased risk of cross-site scripting.

polonus

[ZeroVulnLabs]

The link you give is being flagged by Bitdefender's TrafficLight as containg malware. Is this a FP?

Yes, clearly an FP.

[ZeroVulnLabs]

Here's some info on the safety of the site in case you're interested:

https://www.virustotal.com/url/121ee25b4a7b68b429310a317b6e108979a915b137249cbc207a85fe6ab72786/analysis/1351211708/
http://sitecheck.sucuri.net/results/www.zerovulnerabilitylabs.com
http://www.webutation.net/go/review/zerovulnerabilitylabs.com

[mchain]

Hi and welcome to the forums!

[polonus]

Given clean: http://www.quttera.com/detailed_report/www.zerovulnerabilitylabs.com
access-control-allow-origin follows best practices...

polonus

[schmidthouse]

Yes welcome  to the forum

[polonus]

Will this be a raw awakening http://blog.trailofbits.com/2012/10/29/ending-the-love-affair-with-exploitshield/ author andrew ruef

polonus

[bob3160]

Excellent analysis.

[schmidthouse]

Excellent analysis.

Agreed.
And this is not the first analysis I've read by someone who has dissected and looked into the code in this little piece of software.