Thinstall installs sans registry entries..subversion?

Thinstall installs sans registry entries..subversion?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Computer Software Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Thinstall installs sans registry entries..subversion? warf 02-05-2007
Posted by warf on February 5, 2007, 6:04 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I posted a link deep within a thread to Sebastian that some of you may
be interested in knowing about.

http://www.thinstall.com/products/examples.php
one of the many stated uses could be:

"Internet Explorer ActiveX Controls Deploy Internet Explorer ActiveX
controls without system registration or installation. This demo shows
how Thinstall allows virtual registration for Macromedia Flash and
Shockwave within the web browser."

Now does this mean you could be sent a little download whilst browsing
that your spyware
scanner would not detect because no registry values were altered?
Java,Act-X are a effectively programs and are able to change preferences
and settings just like MS does when updating you silently right?
It would take a long time before it was picked up and flagged
right...especially if 'the good guys' were utilizing it?
look how long it took to find the SONY rootkits. they just have to learn
by that lesson...to be even more deceptive to avoid being caught. How
easy it would be to claim it must have been from mal-ware procurred
after the puter was purchased.

It is dismaying to what extent choice is being battled!
Warf.

Posted by Sebastian Gottschalk on February 5, 2007, 6:54 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
warf wrote:

> I posted a link deep within a thread to Sebastian that some of you may
> be interested in knowing about.
>
> http://www.thinstall.com/products/examples.php
> one of the many stated uses could be:
>
> "Internet Explorer ActiveX Controls Deploy Internet Explorer ActiveX
> controls without system registration or installation. This demo shows
> how Thinstall allows virtual registration for Macromedia Flash and
> Shockwave within the web browser."
>
> Now does this mean you could be sent a little download whilst browsing
> that your spyware scanner would not detect because no registry values were
altered?

Yes. But I fail to see the connection to ActiveX. You don't need ActiveX to
execute arbitrary code with MSIE.

What it really means is that COM Component registration can be done on HKCU
only. Fine that these guys actually noticed that this is possible and a
good thing. If this would be adopted widely, we could stop hogging on such
tools like RegCap and RegSrvEx.

> Java,Act-X are a effectively programs and are able to change preferences
> and settings just like MS does when updating you silently right?

Not for Java. It's a sandbox.

Posted by nemo_outis on February 5, 2007, 7:19 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

> I posted a link deep within a thread to Sebastian that some of you may
> be interested in knowing about.
>
> http://www.thinstall.com/products/examples.php
> one of the many stated uses could be:
>
> "Internet Explorer ActiveX Controls Deploy Internet Explorer ActiveX
> controls without system registration or installation. This demo shows
> how Thinstall allows virtual registration for Macromedia Flash and
> Shockwave within the web browser."


Thinstall does not do "kernel mode" installations.

FWIW Thinstall 3.035 has very recently been posted on the warez scene.
Worthwhile downloading (for experimentation only, of course :-) because
Thisnstall is so filthy expensive (and its licencing scheme sucks hard).

My interest in it is quite circumscribed: as an aid in making programs
portable (since it virtualizes the registry).

Regards,


Posted by Sebastian Gottschalk on February 5, 2007, 10:58 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
nemo_outis wrote:

>
>> I posted a link deep within a thread to Sebastian that some of you may
>> be interested in knowing about.
>>
>> http://www.thinstall.com/products/examples.php
>> one of the many stated uses could be:
>>
>> "Internet Explorer ActiveX Controls Deploy Internet Explorer ActiveX
>> controls without system registration or installation. This demo shows
>> how Thinstall allows virtual registration for Macromedia Flash and
>> Shockwave within the web browser."
>
> Thinstall does not do "kernel mode" installations.
>
> FWIW Thinstall 3.035 has very recently been posted on the warez scene.
> Worthwhile downloading (for experimentation only, of course :-) because
> Thisnstall is so filthy expensive (and its licencing scheme sucks hard).
>
> My interest in it is quite circumscribed: as an aid in making programs
> portable (since it virtualizes the registry).

Maybe I misread the description, but doesn't it basically just do the COM
Component Registration in HKCU (thus user-dependent registry)?

Posted by nemo_outis on February 6, 2007, 12:52 am
If you were  Registered and logged in, you could reply and use other advanced thread options
@mid.dfncis.de:

> nemo_outis wrote:
>
>>
>> FWIW Thinstall 3.035 has very recently been posted on the warez scene.
>> Worthwhile downloading (for experimentation only, of course :-)
because
>> Thisnstall is so filthy expensive (and its licencing scheme sucks
hard).
>>
>> My interest in it is quite circumscribed: as an aid in making programs
>> portable (since it virtualizes the registry).
>
> Maybe I misread the description, but doesn't it basically just do the
COM
> Component Registration in HKCU (thus user-dependent registry)?
>


I have not had a chance to work with it yet so I can say nothing
authoritative, just give my interpretation of the docs and what others
have done with the tool. But my understanding that it is possible to
package a program as a single executable with no registry entries.

FWIW, answers.com says,

"On Windows, Thinstall... essentially work[s] by intercepting filesystem
and registry requests by an application and redirecting those requests to
a preinstalled isolated sandbox, thus allowing the application to run
without installation or changes to the local PC."
...
"Thinstall works by packaging an application into a single EXE which
includes the runtime plus the application data files and registry.
Thinstall’s runtime is loaded by Windows as a normal Windows application,
from there the runtime replaces the Windows loader, filesystem, and
registry for the target application and presents a merged image of the
host PC as if the application had been previously installed. Thinstall
replaces all related API functions for the host application, for example
the ReadFile API supplied to the application must pass through Thinstall
before it reaches the operating system. If the application is reading a
virtual file, Thinstall handles the request itself otherwise the request
will be passed on to the operating system. Because Thinstall is
implemented in user-mode without device drivers and it does not have a
client that is preinstalled, applications can run directly from USB Flash
or network shares without previously needing elevated security
privileges."

Incidentally, for those who wish to download an experimental copy of the
latest Thinstall (complete with crack) nip on over to:

http://mikicun.blogsome.com/

Regards,



Similar ThreadsPosted
Strange entries in address book June 13, 2005, 8:07 am
Unofficial WMF fix gets thumbs up by SANS.org and NIST.org January 3, 2006, 3:54 am
sans GIAC training course material January 13, 2006, 3:13 pm
How delete protected XP registry entry? December 8, 2005, 7:38 pm
Uniblue Registry Scanner any good? September 23, 2008, 9:07 pm
Registry Problem? Is this band sites list or is this an allowed siteslist? June 23, 2005, 11:16 pm
Group policy setting to restrict user access to change registry March 30, 2006, 5:31 pm

The site map in XML format XML site map

Contact Us | Privacy Policy