May 1st, 2006
New security program to prevent exploits -- it works!
SocketShield is a new security application just launched by Exploit Prevention Labs, founded by two veterans of the anti-malware/anti-spyware business, Bob Bales and Roger Thompson, both former executives of Pest Patrol which was bought by Computer Associates two years ago.
SocketShield is designed to stop exploits and block malware at the gate. Since we’ve seen several zero-day exploits this year already, I think this application can really help prevent the massive trashing of machines as we’ve seen with the WMF exploit and the CreateTextRange exploits that were used and are still being used, in fact.
The program is still in beta and is now available for public download. I downloaded and tested SocketShield Beta tonight on a virtual machine running a totally unpatched version of Windows XP, no service packs. I went to a website known for running exploits. The last time I was there the site was running 3 exploits actually, the WMF exploit, the CreateTextRange exploit and a JavaScript exploit, all of which have been patched by Microsoft. Tonight the site was using "only" one exploit, the CreateTextRange, along with some iframes leading to other malware sites. You can see a screenshot of the first alert of a CreateTextRange exploit from SocketShield here. WARNING — Do Not go to the IP addresses shown in the screenshots using Windows, patched or not, unless you’re in a virtual machine. SocketShield also blocked malicious code in an iframe, as seen below.
I went to another site known for exploits and got a few more attempted exploits as shown in the screenshot here. SocketShield did not prevent a couple of adware programs from downloading without notice and consent, however. The machine was still very functional, whereas if I had not been using SocketShield when I went to those sites, I guarantee the machine would have been taken over with malware — trojans, keyloggers and a ton more adware, to the point where it would have been unusable. You can read all the features of SocketShield at the website http://www.socketshield.com. The SocketShield Beta is a free download and the program will be $29 for a one year subscription when released.
