Jump to content

[OLD] Aero Glass for Win8.1+

bigmuscle

By bigmuscle
in Aero Glass For Windows 8+

 Share

Recommended Posts

bigmuscle

bigmuscle

Posted
  • Author
Posted

@aphelion, Your knowledge level is obviously way above mine, but just showing what you've showed and saying "this is wrong" isn't proving anything to me, as an admitted noob.

It might be more constructive, assuming that your intention is to help rather than complain for whatever purpose, if you said something like - " This is what I see ____, this is bad because ____, it would be better if it was like this ____, and this is one way to do that _____." Isn't the real purpose of free forums such as this one to help users and provide feedback to developers to help make the tools better, safer, and more productive for everyone?

Cheers and Regards

Your post explains what I meant above. Normally, in software development, when some security vulnerability appears, it is reported to developers in a private way so nobody cannot abuse it. It is described what happens, the potential risk and possible solution. But what is shown here? He only spams the forum with many unuseful messages with the goal "look, look everybody how Aero Glass is unsecure, look how it is dangerous", then he does not forget mention that debug window is annoying and that it can be simply removed and that the biggest vulnerability is in the nagging message popup. And he finishes with request to refund. So that's why I'm saying he's trolling only... Can any moderator clean this discussion so it is readable for regular users only? If someone really wants to report any security bug he can use PM with possible solution and not only cry how he is clever and how Aero Glass is bad.

Link to comment
Share on other sites

aphelion

aphelion

Posted
Posted (edited)

No, I'm not. And here's your proof:

attachicon.gif00eventlog.png

PID of system level (nagware delivery mechanism

attachicon.gif00psexec.png

Process Explorer correlating PID to csrss.exe

I can't imagine that you might try to say that the role of csrss.exe, a process critical to system operation which "terminating will result in system failure", is being hijacked here in some other way than I described, but since there's lots of time until I wake up I'm sure you'll think of something to pick at. Whatever that is, keep in mind that the as more is posted the picture only gets clearer and I will come back to refute every single point where you said I was wrong until it's clear you're full of it.

And here we are, because your answer is what I was exactly expecting. Maybe you should look how process isolation and interactive services works. DWM process is a service with very limited privileges and it runs in its own session thus it cannot interact with user desktop in any way. However, the operating system, since Windows Vista, provides a feature so non-interactive services can send a message to the interactive desktop. And this is handled by CSRSS.EXE process. Very simple, it's no taking over the security policy, elevating some privileges nor hooking any system process. It is official WinAPI feature by calling MessageBox function. I don't comment whether this way is secure or not, I just say that it is handled completely by official OS function and if there is anything unsecure with it, then it is bug in the OS itself and not something which I do.

Glad we have a response, hope it keeps coming. Especially these good ones.

Here's the problem. You said hook again. Never once have I said it hooked csrss.exe. I did say many things that you entirely skipped over, and had a 1 run on paragraph response about something you have in your mind that's entirely made up. You don't see that?

Also, thanks for the primer, I'll try to remember all that. If you really think that was necessary, maybe skip the stuff that seems too easy. I am happy to jump in anytime. Of course I'd bring up things you didn't mention like the protect lock. Which may be a self defense mechanism although I've not seen that by the WIndows team before. But as you said, possible.

Fact remains that the lock is there when DWMGlass is running and not there when it's not running. That's a problem whether directly or indirectly caused by DWMGlass. I'm not going to waste any more typing on this but I will create those screenshots if you can't replicate. It seems to be a strange coincidence to lock read access to the process being used... to... deliver the donation message. I find it difficult to reconcile, but it's not that important.

There is a big deal, though, and that's the first one on my list. And the one right above your post. Look at that for a second while I put together some pictures to help so I can go to sleep.

Also, can I get more space?

Edited by aphelion
Link to comment
Share on other sites
aphelion

aphelion

Posted
Posted (edited)

@aphelion, Your knowledge level is obviously way above mine, but just showing what you've showed and saying "this is wrong" isn't proving anything to me, as an admitted noob.

It might be more constructive, assuming that your intention is to help rather than complain for whatever purpose, if you said something like - " This is what I see ____, this is bad because ____, it would be better if it was like this ____, and this is one way to do that _____." Isn't the real purpose of free forums such as this one to help users and provide feedback to developers to help make the tools better, safer, and more productive for everyone?

Cheers and Regards

Your post explains what I meant above. Normally, in software development, when some security vulnerability appears, it is reported to developers in a private way so nobody cannot abuse it. It is described what happens, the potential risk and possible solution. But what is shown here? He only spams the forum with many unuseful messages with the goal "look, look everybody how Aero Glass is unsecure, look how it is dangerous", then he does not forget mention that debug window is annoying and that it can be simply removed and that the biggest vulnerability is in the nagging message popup. And he finishes with request to refund. So that's why I'm saying he's trolling only... Can any moderator clean this discussion so it is readable for regular users only? If someone really wants to report any security bug he can use PM with possible solution and not only cry how he is clever and how Aero Glass is bad.

Are you reading the same forum?

Debug window I mentioned is annoying, thats your gripe?

Maybe I was unclear in some way. My concern is singular: security. And the effects of DWMHook on it.

Why does it insert the DWM group (skip the isolation lesson) into so many privileges?

Why is lsass constantly asking to get permission from user land?

Any answers to the real questions?

And no, I would never message you personally because I actually read the thread and saw how you responded before. If you prefer to be PM'ed, I think you have a long way to go

How about all the ones you skipped....

  1. Why is it a process thta launches with the highest permissions possible left entirely unprotected in a user folder?
  2. How is that different than a text file on the desktop, in terms of security?
  3. Why are there no permissions set to prevent even basic exploitation left wide open by this dll?
  4. Are you even aware of ingtegrity level and trust levels? I dont mean to insut, but the way it's approached in the DLL is duplicating existing OS functionaity of integrity in an inherently flawed way. Now I'm speaking from the point of view of viewing through a debugger all the security holes, which is what I've always been talking about.
  5. The only secure thing I see (barely, sorry) is the crypotgraphy around the key. At the cost of everything else.

So many questions, so few answers. I think that clears things up enough for me. Sorry guys, I tried. He'll fix them eventually.

Edited by aphelion
Link to comment
Share on other sites
bigmuscle

bigmuscle

Posted
  • Author
Posted

Here's the problem. You said hook again. Never once have I said it hooked csrss.exe.

Are sure that you never said it hooked csrss.exe ?

Your words: "Hooks DWM and elevates privilege using the new tokens to bypass all security so it can hook csrss.exe"

Debug window I mentioned is annoying, thats your gripe?

Then I don't see reason why you use debug version if you see debugging tools as annoying.

My concern is singular: security.

Nope, it is not. Your concern is to shout here how Aero Glass is bad. If someone wants to discuss some topic (and especially security problem), he uses completely different means than spamming with tens of posts in increased font, complaining about annoying debug window, nagging message popup and asking for a refund.

Why does it insert the DWM group (skip the isolation lesson) into so many privileges?

Because it does not. The only line about obtaining special privileges in code is:

//ObtainPrivilege(GetCurrentProcess(), SE_DEBUG_NAME);

and as you can see it is commented out so it is never called. DWM group is never touched, the only elevated privilege is for reading HKCU\Software\Microsoft\Windows\DWM and although it is just same trick as uses DWM itself then there is no problem with it.

Yes, I ignored some of your stuff and I didn't want and even will not answer it and already said why in previous posts. I just answered to the majority of your first post where you are blaming me that I hook lsass.exe, csrss.exe, modify some protect flags and elevate privileges to display nagging dialog, because I exactly know what you saw in Process Explorer and wanted only a confirmation from you. You provided and it only confirmed me that you had no point what you were talking about. Sorry, nothing more to say.

Link to comment
Share on other sites
aphelion

aphelion

Posted
Posted

Ok, i just read about 3 words there about me bashing Glass. I think you really think that's true. So that fits in well with the reason I came back, which was the donation I made a joke about. If you're still not sure, just ask anyone. They will confirm it's a joke. That's how they're written here.

But of course I know that won't be enough, so I sent another donation. I don't know any other way to communicate that any more clearly in a way that seems to speak louder than any other.

I hope when things are calm you will have a chance to review with perspective what I actually wrote.

Link to comment
Share on other sites
aphelion

aphelion

Posted
Posted

I'll do the same also. And I see where the expectation of communicating privately came from. Personal preference aside, I was also under the impression, apparently mistakenly, that public disclosure wouldn't be surprising or offensive as that's been by far the norm for 6 months dating back to around 2.5 years. But I forget things are different elsewhere and I realize iI assumed. so for what it's worth I didnt mean to offend by posting publicly. Intent is singular, resolution, and thats been what I've seen in the past. In this case there is no immediate risk of an exploit and not a line of code was posted so that there wouldn't be the risk of one. The context was the focus in the debug example but thats far too long ago to be of any use clarifying now.

As I don't really look anywhere outside the US and it's always up the author what is decided, I didn't realize the opposite of what the intention was would happen. If really only 1 line of procexp was looked at there is definitely more there, but I may be misreading an exaggeration literally. In any case it seems I will be up after all and i'm sure I won't be able to keep my curiosity for more than a few hours. Im sure its highly unlikely but in case anything exists that i can clarify I am am happy to do that either public or private with the email you have

Link to comment
Share on other sites
aphelion

aphelion

Posted
Posted

aphelion

Are you saying bigmuscle CAN USE DWMGlass.dll AS A BACK DOOR, TO TAKE OVER / CONTROL / SPY ON MY PC ? :unsure:

No absolutely not. This was a theoretical discussion that got out of hand.

Link to comment
Share on other sites
ace2

ace2

Posted
Posted

aphelion

Are you saying bigmuscle CAN USE DWMGlass.dll AS A BACK DOOR, TO TAKE OVER / CONTROL / SPY ON MY PC ? :unsure:

No absolutely not. This was a theoretical discussion that got out of hand.

SO WHAT ARE YOU SAYING ? :unsure:

&

WHAT IS THE POINT OF ALL THIS THAN ? :wacko:

Link to comment
Share on other sites
aphelion

aphelion

Posted
Posted

aphelion

Are you saying bigmuscle CAN USE DWMGlass.dll AS A BACK DOOR, TO TAKE OVER / CONTROL / SPY ON MY PC ? :unsure:

No absolutely not. This was a theoretical discussion that got out of hand.

SO WHAT ARE YOU SAYING ? :unsure:

&

WHAT IS THE POINT OF ALL THIS THAN ? :wacko:

Very funny but I'll play along. Formus are for discussion and this was a discussion. What's your experience with forums?

Link to comment
Share on other sites
Loading

Loading

Posted
Posted

Well, that was a heated discussion back there.. anyway it doesn't take a genius to understand that DWMglass.dll somehow screws up system security.

Hell, one of the versions of aero glass requires secure boot to be disabled??! WTH. No thanks. I'll stick around with ugly flat windows borders while I wait

for someone to crack Mr. Developer's tool or create a tool of his own, free with no nags.

Your tool is fantastic, Mr. Developer. Too bad you let yourself be taken by greed.

cheers.

Link to comment
Share on other sites
Kelsenellenelvian

Kelsenellenelvian

Posted
Posted (edited)

Wait, do any of you guys use the newer adobe commercial products (i.e cs2 and above)? Cause they write to your hardrives BOOTSECTOR when installed.

How about kapersky? It inserts itself into your boot routine.

This app does nothing more than use MS features to ensure its running properly and to notify you that you should support it. You don't like it don't use it.

Ask Mr. "I wanna beat people up with my big brain" to compare similar stuff like stardocks software. You'll be pretty surprised how invasive that is....

How about MS's smartscreen filter that reports everything you download and install to MS?

Edited by Kelsenellenelvian
Link to comment
Share on other sites
aphelion

aphelion

Posted
Posted

Wait, do any of you guys use the newer adobe commercial products (i.e cs2 and above)? Cause they write to your hardrives BOOTSECTOR when installed.

How about kapersky? It inserts itself into your boot routine.

This app does nothing more than use MS features to ensure its running properly and to notify you that you should support it. You don't like it don't use it.

Ask Mr. "I wanna beat people up with my big brain" to compare similar stuff like stardocks software. You'll be pretty surprised how invasive that is....

How about MS's smartscreen filter that reports everything you download and install to MS?

Practically every security product on the market has some implementation of intrusion prevention spefically to address the issues you mention. I suggest Comodo's although it's a bit agressive sometimes

If you can't see a distinction between reporting an issue and not liking a product, the nI can understand why calling someone "Mr. Big Brain" could make sense

Good luck clearing up those infections. The clean endpoint tool can be helpful in cases where they are all present but I would start from scratch and practice good security from the beginning.

Link to comment
Share on other sites
aphelion

aphelion

Posted
Posted (edited)

aphelion

I am not being funny OR playing. :blushing:

WHAT ARE YOU TRYING TO SAY ABOUT DWMGlass.dll ? . :unsure:

WHAT IS THE POINT OF ALL THIS THAN ?. :unsure:

There is a bullet point list near my first post that summarizes that. If you have trouble finding it i can go back in an hour or 2 and PM you the link

Edit: This may be helpful if the list seems unfamiliar: http://en.wikipedia.org/wiki/Computer_security. The Security by Design section is good background reading for the topics that were covered. If it is not a relevant concern of course you can skip it

Edited by aphelion
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...