Thinstall installs sans registry entries..subversion?

Discussion in 'Computer Security' started by warf, Feb 5, 2007.

  1. warf

    warf Guest

    I posted a link deep within a thread to Sebastian that some of you may
    be interested in knowing about.

    http://www.thinstall.com/products/examples.php
    one of the many stated uses could be:

    "Internet Explorer ActiveX Controls Deploy Internet Explorer ActiveX
    controls without system registration or installation. This demo shows
    how Thinstall allows virtual registration for Macromedia Flash and
    Shockwave within the web browser."

    Now does this mean you could be sent a little download whilst browsing
    that your spyware
    scanner would not detect because no registry values were altered?
    Java,Act-X are a effectively programs and are able to change preferences
    and settings just like MS does when updating you silently right?
    It would take a long time before it was picked up and flagged
    right...especially if 'the good guys' were utilizing it?
    look how long it took to find the SONY rootkits. they just have to learn
    by that lesson...to be even more deceptive to avoid being caught. How
    easy it would be to claim it must have been from mal-ware procurred
    after the puter was purchased.

    It is dismaying to what extent choice is being battled!
    Warf.
    warf, Feb 5, 2007
    #1
    1. Advertising

  2. warf wrote:

    > I posted a link deep within a thread to Sebastian that some of you may
    > be interested in knowing about.
    >
    > http://www.thinstall.com/products/examples.php
    > one of the many stated uses could be:
    >
    > "Internet Explorer ActiveX Controls Deploy Internet Explorer ActiveX
    > controls without system registration or installation. This demo shows
    > how Thinstall allows virtual registration for Macromedia Flash and
    > Shockwave within the web browser."
    >
    > Now does this mean you could be sent a little download whilst browsing
    > that your spyware scanner would not detect because no registry values were altered?


    Yes. But I fail to see the connection to ActiveX. You don't need ActiveX to
    execute arbitrary code with MSIE.

    What it really means is that COM Component registration can be done on HKCU
    only. Fine that these guys actually noticed that this is possible and a
    good thing. If this would be adopted widely, we could stop hogging on such
    tools like RegCap and RegSrvEx.

    > Java,Act-X are a effectively programs and are able to change preferences
    > and settings just like MS does when updating you silently right?


    Not for Java. It's a sandbox.
    Sebastian Gottschalk, Feb 5, 2007
    #2
    1. Advertising

  3. warf

    nemo_outis Guest

    warf <> wrote in news:2KOxh.37751$Y6.21528@edtnps89:

    > I posted a link deep within a thread to Sebastian that some of you may
    > be interested in knowing about.
    >
    > http://www.thinstall.com/products/examples.php
    > one of the many stated uses could be:
    >
    > "Internet Explorer ActiveX Controls Deploy Internet Explorer ActiveX
    > controls without system registration or installation. This demo shows
    > how Thinstall allows virtual registration for Macromedia Flash and
    > Shockwave within the web browser."



    Thinstall does not do "kernel mode" installations.

    FWIW Thinstall 3.035 has very recently been posted on the warez scene.
    Worthwhile downloading (for experimentation only, of course :) because
    Thisnstall is so filthy expensive (and its licencing scheme sucks hard).

    My interest in it is quite circumscribed: as an aid in making programs
    portable (since it virtualizes the registry).

    Regards,
    nemo_outis, Feb 6, 2007
    #3
  4. nemo_outis wrote:

    > warf <> wrote in news:2KOxh.37751$Y6.21528@edtnps89:
    >
    >> I posted a link deep within a thread to Sebastian that some of you may
    >> be interested in knowing about.
    >>
    >> http://www.thinstall.com/products/examples.php
    >> one of the many stated uses could be:
    >>
    >> "Internet Explorer ActiveX Controls Deploy Internet Explorer ActiveX
    >> controls without system registration or installation. This demo shows
    >> how Thinstall allows virtual registration for Macromedia Flash and
    >> Shockwave within the web browser."

    >
    > Thinstall does not do "kernel mode" installations.
    >
    > FWIW Thinstall 3.035 has very recently been posted on the warez scene.
    > Worthwhile downloading (for experimentation only, of course :) because
    > Thisnstall is so filthy expensive (and its licencing scheme sucks hard).
    >
    > My interest in it is quite circumscribed: as an aid in making programs
    > portable (since it virtualizes the registry).


    Maybe I misread the description, but doesn't it basically just do the COM
    Component Registration in HKCU (thus user-dependent registry)?
    Sebastian Gottschalk, Feb 6, 2007
    #4
  5. warf

    nemo_outis Guest

    Sebastian Gottschalk <> wrote in news:52qco0F1p3b7tU1
    @mid.dfncis.de:

    > nemo_outis wrote:
    >
    >>
    >> FWIW Thinstall 3.035 has very recently been posted on the warez scene.
    >> Worthwhile downloading (for experimentation only, of course :)

    because
    >> Thisnstall is so filthy expensive (and its licencing scheme sucks

    hard).
    >>
    >> My interest in it is quite circumscribed: as an aid in making programs
    >> portable (since it virtualizes the registry).

    >
    > Maybe I misread the description, but doesn't it basically just do the

    COM
    > Component Registration in HKCU (thus user-dependent registry)?
    >



    I have not had a chance to work with it yet so I can say nothing
    authoritative, just give my interpretation of the docs and what others
    have done with the tool. But my understanding that it is possible to
    package a program as a single executable with no registry entries.

    FWIW, answers.com says,

    "On Windows, Thinstall... essentially work by intercepting filesystem
    and registry requests by an application and redirecting those requests to
    a preinstalled isolated sandbox, thus allowing the application to run
    without installation or changes to the local PC."
    ....
    "Thinstall works by packaging an application into a single EXE which
    includes the runtime plus the application data files and registry.
    Thinstall’s runtime is loaded by Windows as a normal Windows application,
    from there the runtime replaces the Windows loader, filesystem, and
    registry for the target application and presents a merged image of the
    host PC as if the application had been previously installed. Thinstall
    replaces all related API functions for the host application, for example
    the ReadFile API supplied to the application must pass through Thinstall
    before it reaches the operating system. If the application is reading a
    virtual file, Thinstall handles the request itself otherwise the request
    will be passed on to the operating system. Because Thinstall is
    implemented in user-mode without device drivers and it does not have a
    client that is preinstalled, applications can run directly from USB Flash
    or network shares without previously needing elevated security
    privileges."

    Incidentally, for those who wish to download an experimental copy of the
    latest Thinstall (complete with crack) nip on over to:

    http://mikicun.blogsome.com/

    Regards,
    nemo_outis, Feb 6, 2007
    #5
  6. warf

    warf Guest

    nemo_outis wrote:
    > Sebastian Gottschalk <> wrote in news:52qco0F1p3b7tU1
    > @mid.dfncis.de:
    >
    >> nemo_outis wrote:
    >>
    >>> FWIW Thinstall 3.035 has very recently been posted on the warez scene.
    >>> Worthwhile downloading (for experimentation only, of course :)

    ..........

    My reason for the original posting is not yet obviated...but you are
    getting there: If Thinstall is already Warez then the utility in Malware
    aps is overtly apparent to more than just a helpless fop trying to
    ascertain the vagueries of safe cyber surfin like me.......Right?

    If the CIA was excited enough by the ability to manipulate software on
    locked desktops then a little package hitchhiking on a 'legit' app would
    enable the provider access to ...whatever they wanted on the recipients
    puter. This in spite of the security settings I presume.

    I am assuming that 'choice' is a beast that must subverted at any cost
    becasue it sure looks to me like there is no end of development to
    thwart it.

    >
    > Incidentally, for those who wish to download an experimental copy of the
    > latest Thinstall (complete with crack) nip on over to:
    >
    > http://mikicun.blogsome.com/


    I became aware of it about 6months ago by using REGEDIT to look for
    hidden software entries. There was JITIT with "author 0" and no other
    info available. The only thing I have not RE-downloaded and installed
    since is WinMX. [p2p software]
    So.....the suspicious person in me says "follow the money..." and it
    points to the RIAA I suspect.

    I expect the latest Russian rootkits available for sale are utilizing
    technology or methodology perloined from thinstall???

    I googled the developer of Thinstall ...he is obsessed with copyright
    protection of media
    and software. Ironic that his trojan is now Warez...unless that was the
    plan?

    Did I get this all wrong, Like "cookies, XML, Java and Javascripts are
    for my enhanced browsing experience"?
    Warf.

    > Regards,
    warf, Feb 6, 2007
    #6
  7. warf wrote:

    > My reason for the original posting is not yet obviated...but you are
    > getting there: If Thinstall is already Warez then the utility in Malware
    > aps is overtly apparent to more than just a helpless fop trying to
    > ascertain the vagueries of safe cyber surfin like me.......Right?


    Wrong. Malware doesn't need any third-party applications to behave in a way
    that doesn't violate a system's policies. Never did, never will.

    > If the CIA was excited enough by the ability to manipulate software on
    > locked desktops then a little package hitchhiking on a 'legit' app would
    > enable the provider access to ...whatever they wanted on the recipients
    > puter. This in spite of the security settings I presume.


    Everything on MSIE is in spite of security settings. Microsoft even
    documented some of these issues.

    > I expect the latest Russian rootkits available for sale are utilizing
    > technology or methodology perloined from thinstall???


    The latest and best rookit is Agobat/Goabot so far. It's Open Source and
    has a very decent plugin interface with a big load of available plugins.

    > Did I get this all wrong, Like "cookies, XML, Java and Javascripts are
    > for my enhanced browsing experience"?


    Java is for Applets. JavaScript is for both useful functions and annoyance.
    Cookies are for establishing sessions without parameter passing. XML, in
    case of XHTML, is essential for your browsing experience.
    Sebastian Gottschalk, Feb 6, 2007
    #7
  8. warf

    warf Guest

    Sebastian Gottschalk wrote:
    > warf wrote:
    >
    >> My reason for the original posting is not yet obviated...

    snip....

    I was referring to the subtrifuge and masquerading apps like thinstall
    allow. Like For Eg; WINMX+thinstall

    Granted p2p is no longer welcome here, but the illusion of internet
    anonymity and puter saftey/privacy have been the focus of my dis-illusions
    I defer to you for logical and didactic thwarts of stated premise;
    IE, most of us non-pro admin types are phuked if we think we own our
    puters and our information.
    Warf..."is there a draft in here or are my pants still down"?
    warf, Feb 6, 2007
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?ZGFl?=

    registry entries

    =?Utf-8?B?ZGFl?=, Feb 18, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    558
    Pavel A.
    Feb 19, 2005
  2. John Ramsden
    Replies:
    0
    Views:
    833
    John Ramsden
    Jul 24, 2004
  3. NASCAR DADS FOR BUSH

    Kerry's subversion of the military hailedby KGB

    NASCAR DADS FOR BUSH, Apr 9, 2004, in forum: Digital Photography
    Replies:
    6
    Views:
    441
    Bo Raxo
    Apr 11, 2004
  4. shane

    $deity I love subversion

    shane, Dec 9, 2007, in forum: NZ Computing
    Replies:
    3
    Views:
    291
    Lawrence D'Oliveiro
    Dec 9, 2007
  5. Lawrence D'Oliveiro

    Subversion Joins ASF

    Lawrence D'Oliveiro, Jan 13, 2010, in forum: NZ Computing
    Replies:
    2
    Views:
    301
    Lawrence D'Oliveiro
    Jan 13, 2010
Loading...

Share This Page