Author Topic: AnalogX Script Defender (Read 6820 times)

Beaky · « **on:** June 29, 2004, 11:06:14 PM »

A few weks ago I downloaded AnalogX Script Defender, a test script is also downloaded with the program. So I ran the test script from its location on C drive and sure enough Script Defender successfully detected it. At this point I thought it would be a good idea to try emailing the file to myself, to see how Script Defender would react when I tried to open it!

Well I was surprised with what happened next, before I could send the file as an email attachment Avast 4 Home Edition, popped up and warned me that the file I was trying to send was suspect. I sent the email to myself anyway, and again when it arrived back in my mail box Avast 4 sent me another warning about the attachment content being suspect!

I didn't expect Avast to react at all, so it just goes to show there is lot more protection built into this program than you might first think!

Lisandro · « **Reply #1 on:** June 30, 2004, 12:00:18 AM »

You're feeling the email heuristic protection of avast!

Thorough check of attachments: if the attachment's name has an executable extension (EXE, COM, BAT etc.), a warning will be displayed.

DavidR · « **Reply #2 on:** June 30, 2004, 03:26:12 PM »

AnalogX script defender only activates when you click the file, so it doesn't matter how you receive it or where it is located, script defender will act the same.

Script Defender works by changing the windows file associations, so when you click on file types protected by SD, first script defender is executed. When you allow it to execute the file, it will then be opened by the program usually associated with it (before it was changed by SD).

Beaky · « **Reply #3 on:** June 30, 2004, 11:11:15 PM »

DavidR,

If I am understanding you correctly, I think you are politely trying to tell me that sending the AnalogX test file by email was a waste of time, because Script Defender will always activate exactly the same way when the file is opened.

Okay thanks, I understand this, no problem!

At least it was not a complete waste of time for me as I learnt something new about Avast.

Lisandro · « **Reply #4 on:** June 30, 2004, 11:17:55 PM »

Quote from: Beaky on June 30, 2004, 11:11:15 PM

Sending the AnalogX test file by email was a waste of time, because Script Defender will always activate exactly the same way when the file is opened.

I think not... At least, depends on which file you are talking about: the email message (.eml) or the attached files...

DavidR · « **Reply #5 on:** July 01, 2004, 12:44:39 AM »

Quote from: Technical on June 30, 2004, 11:17:55 PM

Quote from: Beaky on June 30, 2004, 11:11:15 PM
Sending the AnalogX test file by email was a waste of time, because Script Defender will always activate exactly the same way when the file is opened.

I think not... At least, depends on which file you are talking about: the email message (.eml) or the attached files...

Opening the attachment.

It would be valid test if in the body or headers of the email it were possible to run the attachment when view in the preview pane of say O.E.

In that case if the email tried to automatically run the attachment then script defender would intercept any file types it is protecting.

Simply attaching a file to an ordinary email that didn't trigger auto running (and sending it to yourself) of the attachment wouldn't.

Avast may warn about a suspicious email (file type) when you receive it.

Beaky · « **Reply #6 on:** July 01, 2004, 12:48:58 AM »

Now I am getting confused, surely there is only one file (the AnalogX test file) whether this is attached to an email or not?

As I understand it, Avast email monitor read the test file when attached to the email and warned me before I was able to open/run it on my computer.

AnalogX cannot read the test file until it is open on my computer and an attempt is made to run the test script.

So if I have got this right, Avast will protect me from email attachments containing scripts, but as I am currently running the Home Edition will not detect other scripts downloaded directly from the Net ..... for this I need AnalogX, yes?

Lisandro · « **Reply #7 on:** July 01, 2004, 03:06:58 AM »

Got it! Yeah!

DavidR · « **Reply #8 on:** July 01, 2004, 04:05:25 PM »

Quote

Now I am getting confused, surely there is only one file (the AnalogX test file) whether this is attached to an email or not?

This is a complex issue and without a greater understanding of how scripts/programs are executed would take a bit more explanation. I will try to explain it better.

There is only one file (test.vbs for example), one that has an extension that script defender intercepts or rather it intercepts the command (your double click is a form of but not the only command) to execute/open/run the file.

The analogx test.vbs file is simply a file with an extension (file type) that it checks that it's ok to execute, e.g. you iniatiated the execution/opening or running of the file and not some other program/person/malicious code, etc.

Test it yourself, create a notepad .txt file with some lines of text and save it, change the file type from .txt to .vbs; now double click on the file and analogx script will ask do you want to 'Execute the Script' or 'Abort'.

Quote

As I understand it, Avast email monitor read the test file when attached to the email and warned me before I was able to open/run it on my computer.

Avast doesn't read the test file (attachment) when you receive it. Avast simply points out the attachment's file type could be suspicious/dangerous; so unless you are expecting it and know who it's from it is a warning not to open the email/attachment.

Quote

AnalogX cannot read the test file until it is open on my computer and an attempt is made to run the test script.

Script defender doesn't read/examine/look inside of the file at any time, all it does is confirm that you give permission, to execute the script or deny, abort (because you probably didn't initiate the script). Script defender is a simple intercept and confirmation program, it doesn't attempt to check the code for malicious code/intention, that would be far to complex.

Quote

So if I have got this right, Avast will protect me from email attachments containing scripts, but as I am currently running the Home Edition will not detect other scripts downloaded directly from the Net ..... for this I need AnalogX, yes?

No, avast home doesn't protect against scripts (pro version only), if the script is contained inside and attachment with a suspicious fyle type it will warn about the suspicious attachment, not its content.

Yes to a degree. Script defender intercepts the call/command to run the script, scripts are usually no more than text files, they require an other program to compile and execute the instructions, without that other program running the test.vbs file it is just a text file, but when executed/run dangerous.

Check in file association in windows for .vbs and you will see that it is associated with script defender and not the program that would usually run the .vbs file (CScript.exe )

Lisandro · « **Reply #9 on:** July 01, 2004, 04:53:32 PM »

Quote from: DavidR on July 01, 2004, 04:05:25 PM

Check in file association in windows for .vbs and you will see that it is associated with script defender and not the program that would usually run the .vbs file (CScript.exe )

You can tweak this file assocition.
Really, .vbs file could be opened (run by double-click) into Notepad and not executed.
Hope this help to increase security.

DavidR · « **Reply #10 on:** July 01, 2004, 07:05:15 PM »

Quote from: Technical on July 01, 2004, 04:53:32 PM

Quote from: DavidR on July 01, 2004, 04:05:25 PM
Check in file association in windows for .vbs and you will see that it is associated with script defender and not the program that would usually run the .vbs file (CScript.exe )

You can tweak this file assocition.
Really, .vbs file could be opened (run by double-click) into Notepad and not executed.
Hope this help to increase security.

Yes, that would open with notepad, but would stop any legitimate .vbs script from running.

By allowing script defender to intercept it and have you confirm it is ok to execute the script and script defender handing it off the the CScript.exe to be run.

If you want to examine the contents of the script (.vbs) file you can press the Shift key and Right click on the file, This will usually give you the Open With option, from here you can select your text editor of choice.

Beaky · « **Reply #11 on:** July 01, 2004, 07:14:53 PM »

DavidR & Technical,

Wow isn't life complicated?

Thanks both of you for taking the time to educate me about scripts!

DavidR, I appreciated your patience and comprehensive answer, you really have helped me to understand how AnalogX works!

Cheers,

Beaky

Lisandro · « **Reply #12 on:** July 01, 2004, 08:04:14 PM »

Quote from: Beaky on July 01, 2004, 07:14:53 PM

Wow isn't life complicated?

Well, do you remember old and good DOS without dll's?

Beaky · « **Reply #13 on:** July 01, 2004, 10:48:14 PM »

Yea, now you mention it I do...... and all those lovely glowing valves

Lisandro · « **Reply #14 on:** July 02, 2004, 03:59:38 AM »

Quote from: Beaky on July 01, 2004, 10:48:14 PM

Yea, now you mention it I do...... and all those lovely glowing valves

And a tape recorder playing the role of a floppy

Author Topic: AnalogX Script Defender (Read 6820 times)

Beaky

AnalogX Script Defender

Lisandro

Re:AnalogX Script Defender

DavidR

Re:AnalogX Script Defender

Beaky

Re:AnalogX Script Defender

Lisandro

Re:AnalogX Script Defender

DavidR

Re:AnalogX Script Defender

Beaky

Re:AnalogX Script Defender

Lisandro

Re:AnalogX Script Defender

DavidR

Re:AnalogX Script Defender

Lisandro

Re:AnalogX Script Defender

DavidR

Re:AnalogX Script Defender

Beaky

Re:AnalogX Script Defender

Lisandro

Re:AnalogX Script Defender

Beaky

Re:AnalogX Script Defender

Lisandro

Re:AnalogX Script Defender