system
13
Could you try to inject the dll in SafeBrowser child processes, instead of the parent one?(if you haven't tried already)
Strange: It does not give an error, but no dll is loaded. However: One can read and write the process memory of the child processes from remote, so it is definitively possible to execute code. But I do not have the patience to turn on my compiler today, besides I normally charge people for writing that kind of code.
"remotely" (tentative name, since it's not really a "remote") execute
These kind are my speciality *haha*
It's interesting info. I don't have the level of understanding you guys have, but I have been pondering for a while whether the safezone virtual isolated desktop approach or the trusteer rapport block browser mods/logging/capture approach is actually the more secure against malware on the machine.
Well, such approaches are usually secure… as long as malware writers do not take em into consideration when writing their code. If the malware has admin rights (remember: UAC on standard level in Windows 7 is still broken by design) the machine is lost. If the malware has “only” user rights, a Secured desktop approach could really help, but only if it runs under a different user account! And avast makes the mistake that the secured browser is running under the same user account! That is the root cause of this flaw.