I believe browsers are set up to allow dll injection at some level by default (avast behaviour shield employs dll injection on browsers to monitor behaviour - and every time it does trusteer rapport blocks it on my system).
It is not a property of the browsers but the way windows works:
Any program can manipulate any other program running under the same user account at the same Integrity Level in any way it wishes.
The proper and relatively simple solution would be to run the SafeZone under a different user account.
I can't see why the safezone browser should be set up this way though - it doesn't want to let anything else in.
Yes, but it is not so easy to block these functions. The best way is to make windows block it for you somehow! As I said, just running it under a different user account using a service as broker would at least increase the security.
Do any other AIS users find this thread a bit disconcerting
Well, thats most likely because you do not understand the technical details ^^
or is this in reality something that malware would struggle to replicate
DllInjection is very common and already in use for:
-Displaying framerates and other info inside games
-Cheats/mods
-Spell checking
-Bypassing firewalls
-Usermode rootkits
-Keyloggers
There are many variations of the technique
Most common for keyloggers is SetWindowsHookEx, this does not work against SafeZone.
Most common for specific targets (e.g cheats/mods) is CreateRemoteThread, this still works.
And some more complicated variations
So a huge percentage of programs using such techniques will not work. But they could be modified to work again^^
I would like to hear from/chat with a developer.