| Page 5 of 6 |
|
|
 Posted: Thu, 2nd Feb 2006 21:42 Post subject: |
|
 |
but one thing is true that if you have the drivers of this protection for to long it can slower your pc + made some of my pc burning programs unable to burn disks + and it made my win xp turn off USB ,
yeah i know this sounds crazy but with those drives my stick drive didn`t worked , the funny thing was that after un - instaling those drivers my burning programs worked again (Nero , Alcohol) and my stick drive was recognized and didn`t crash the win ,
but after i installed again some SF game (like B.O.S ) those problems came back , uninstaled the drivers no-probs
That is the only BUG for me that i have experienced playing starforce games
|
|
| Back to top |
|
|
TheDuck
Posts: 148
Location: Australia
|
| Posted: Thu, 2nd Feb 2006 21:52 Post subject: |
|
|
| |NFiNiTY wrote: | | CableMunkeh wrote: | There's no exploit of Starforce to enable a Ring 3 -> Ring 0 transition. An issue was seen and fixed a while ago.
AV software runs in Ring 0 as well ya know, as does Alcohol, Daemon Tools and the other virtual drive products which install drivers. Just because something uses sysenter doesn't mean it is vulnerable. |
Even if an exploit existed at one time, it was never used by any virus that i remember, and whatever used it would have to have used an exploit to even get on the system anyway. Clearly much bigger security issues you have there if that becomes the case. I can say 100% there is no actual security risk presented by the starforce drivers, just some more anti-starforce hype. Maybe in some pseudo-situations, but here in the real world, how many computers have ever be rooted using the help of starforce? none.
Im pretty sure its in the license that you agree to install starforce, if you dont like that then dont install. Its not exactly covert. |
Not True, Starforce drivers are installed, so like any SF game, viruses can access those drivers and use same technique to allocate its own code to ring0 base, which will be kindly executed by the drivers, use your imagination, in other words, no real exploit is needed, it's all on the table, just load and use, your full system access is granted without reboot, and the best thing is, kernel mode protections are disabled thanks to those drivers, even if you got them enabled in the registry (enabled by default, doh  )
-TD |
|
| Back to top |
|
|
|
|
| Posted: Fri, 3rd Feb 2006 01:18 Post subject: |
|
|
| TheDuck wrote: | | |NFiNiTY wrote: | | CableMunkeh wrote: | There's no exploit of Starforce to enable a Ring 3 -> Ring 0 transition. An issue was seen and fixed a while ago.
AV software runs in Ring 0 as well ya know, as does Alcohol, Daemon Tools and the other virtual drive products which install drivers. Just because something uses sysenter doesn't mean it is vulnerable. |
Even if an exploit existed at one time, it was never used by any virus that i remember, and whatever used it would have to have used an exploit to even get on the system anyway. Clearly much bigger security issues you have there if that becomes the case. I can say 100% there is no actual security risk presented by the starforce drivers, just some more anti-starforce hype. Maybe in some pseudo-situations, but here in the real world, how many computers have ever be rooted using the help of starforce? none.
Im pretty sure its in the license that you agree to install starforce, if you dont like that then dont install. Its not exactly covert. |
Not True, Starforce drivers are installed, so like any SF game, viruses can access those drivers and use same technique to allocate its own code to ring0 base, which will be kindly executed by the drivers, use your imagination, in other words, no real exploit is needed, it's all on the table, just load and use, your full system access is granted without reboot, and the best thing is, kernel mode protections are disabled thanks to those drivers, even if you got them enabled in the registry (enabled by default, doh )
-TD |
So you're suggesting that every driver is a rootkit that can be used to leverage ring0.
If you've some information regarding the interface between apps and drivers that shows that the driver can do anything bar a relatively small subset of functions, and certainly doesn't give the ring3 protection full on demand access to ring0 I'd be interested.
As far as I was aware the Starforce drivers are not a kernel, as you are suggesting, there to accept commands from higher level programs and execute them in ring0. It holds the low level disc checking and other functions that can only be performed in ring0, it's not there to execute arbitrary code as that would make it a plain and simple rootkit. Parameters are passed from ring 3 code to the ring 0 and results from those parameters returns.
If it were all that easy where is this exploit for all of the protections running components in ring0 as no exploit is required as such?
If you can prove that one can simply code a program that will use Starforce drivers and they will blindly execute this code I'll be interested. A potential stack overflow perhaps but just handing it code to execute would be awful programming and I'd hope SF developers aren't that insecure.
|
|
| Back to top |
|
|
TheDuck
Posts: 148
Location: Australia
|
| Posted: Fri, 3rd Feb 2006 01:23 Post subject: |
|
|
Starforce uses multilevel VM, and when ring3 app gives the data to the SF driver (the data is the VM) driver takes it and does initalization. It is easly exlpoitable and the driver can take virus code and do whatever you want on ring0 level.
|
|
| Back to top |
|
|
|
|
| Posted: Fri, 3rd Feb 2006 01:27 Post subject: |
|
|
| TheDuck wrote: | | Starforce uses multilevel VM, and when ring3 app gives the data to the SF driver (the data is the VM) driver takes it and does initalization. It is easly exlpoitable and the driver can take virus code and do whatever you want on ring0 level. |
There is checking done to this data though, you'd agree?
Such an exploit would be a positive nightmare even if possible, you're talking about passing the driver some pretty specific stuff.
|
|
| Back to top |
|
|
TheDuck
Posts: 148
Location: Australia
|
| Posted: Fri, 3rd Feb 2006 01:32 Post subject: |
|
|
I do not want to go into details here, but it is not as hard and exploit-protected as you think. And the VM is a x86 code which is executed, now give good execution point and upload technique to ANY virus coder, I bet that would be a nigthmare and it's far from impossible.
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 4th Feb 2006 10:14 Post subject: |
|
|
winter challenge sf 3.7.12.3 wasn't the new frontline supposed to be unclonable? gonna check this one
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 4th Feb 2006 11:04 Post subject: |
|
|
works perfect unplug the ide and mount in demon but the game sucks !!
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 4th Feb 2006 12:42 Post subject: |
|
|
| Selt wrote: | | winter challenge sf 3.7.12.3 wasn't the new frontline supposed to be unclonable? gonna check this one |
According to their own nfo it is actually Sf 3.7.13.0. If true I also have to ask wasnt this version of sf absolutly unclonable as all the previous versions of Sf?
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 4th Feb 2006 13:30 Post subject: |
|
|
new winter challenge frontline pro newest version ide card doesnt work anymore...
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 4th Feb 2006 13:32 Post subject: |
|
|
tried. works fine as always to me...
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 4th Feb 2006 14:06 Post subject: |
|
|
| Selt wrote: | | tried. works fine as always to me... |
you mean with ide card ?
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 4th Feb 2006 14:08 Post subject: |
|
|
never used one. i just unplug
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 4th Feb 2006 14:17 Post subject: |
|
|
with ide?? how does it always work for you?? explain dont just say works for me with what>ide card sfcure sfnightmare with what?? somepeople here want to know also.thnkz.
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 4th Feb 2006 14:19 Post subject: |
|
|
| gexx wrote: | | with ide?? how does it always work for you?? explain dont just say works for me with what>ide card sfcure sfnightmare with what?? somepeople here want to know also.thnkz. |
he said he just unplug his drives and not using an ide-card
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 4th Feb 2006 19:12 Post subject: |
|
|
thnkz for the answer,,they either blacklisted deamon tools or they patched the ide controller card workaround?? can anyone who has an ide controller card installed test it and let us know if it works mounting with deamon tools and running th e image of the controller??thnkz alot.
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 4th Feb 2006 19:35 Post subject: |
|
|
| gexx wrote: | | thnkz for the answer,,they either blacklisted deamon tools or they patched the ide controller card workaround?? can anyone who has an ide controller card installed test it and let us know if it works mounting with deamon tools and running th e image of the controller??thnkz alot. |
They haven't blacklisted dtools at all. all they have done is a full scsi blacklist and ide/raid controllers blacklist as far as i've been told from friends testing this game
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 4th Feb 2006 23:03 Post subject: |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 5th Feb 2006 02:30 Post subject: |
|
|
maybe SF Frontline *3.07* != SF 3.7.X ?
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 5th Feb 2006 08:57 Post subject: |
|
|
Yes, I confirm Wintersport Pro 2006 works fine DT4.03 & don't unplug anything!
SF3.7 Frontline PRO
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 5th Feb 2006 09:54 Post subject: |
|
|
LOL, new patch iz out for Wintersport Pro 2006
chill out man, life is beautifull...
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 5th Feb 2006 12:43 Post subject: |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 5th Feb 2006 15:11 Post subject: |
|
|
|
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
| Page 5 of 6 |
All times are GMT + 1 Hour |
