Thinstall installs sans registry entries..subversion?

I posted a link deep within a thread to Sebastian that some of you may
be interested in knowing about.

http://www.thinstall.com/products/examples.php
one of the many stated uses could be:

"Internet Explorer ActiveX Controls Deploy Internet Explorer ActiveX
controls without system registration or installation. This demo shows
how Thinstall allows virtual registration for Macromedia Flash and
Shockwave within the web browser."

Now does this mean you could be sent a little download whilst browsing
that your spyware
scanner would not detect because no registry values were altered?
Java,Act-X are a effectively programs and are able to change preferences
and settings just like MS does when updating you silently right?
It would take a long time before it was picked up and flagged
right...especially if 'the good guys' were utilizing it?
look how long it took to find the SONY rootkits. they just have to learn
by that lesson...to be even more deceptive to avoid being caught. How
easy it would be to claim it must have been from mal-ware procurred
after the puter was purchased.

It is dismaying to what extent choice is being battled!
Warf.

warf <warf@hotmail.com> wrote in news:2KOxh.37751$Y6.21528@edtnps89:

> I posted a link deep within a thread to Sebastian that some of you may
> be interested in knowing about.
>
> http://www.thinstall.com/products/examples.php
> one of the many stated uses could be:
>
> "Internet Explorer ActiveX Controls Deploy Internet Explorer ActiveX
> controls without system registration or installation. This demo shows
> how Thinstall allows virtual registration for Macromedia Flash and
> Shockwave within the web browser."


Thinstall does not do "kernel mode" installations.

FWIW Thinstall 3.035 has very recently been posted on the warez scene.
Worthwhile downloading (for experimentation only, of course :-) because
Thisnstall is so filthy expensive (and its licencing scheme sucks hard).

My interest in it is quite circumscribed: as an aid in making programs
portable (since it virtualizes the registry).

Regards,

Sebastian Gottschalk <seppi@seppig.de> wrote in news:52qco0F1p3b7tU1
@mid.dfncis.de:

> nemo_outis wrote:
>
>>
>> FWIW Thinstall 3.035 has very recently been posted on the warez scene.
>> Worthwhile downloading (for experimentation only, of course :-)
because
>> Thisnstall is so filthy expensive (and its licencing scheme sucks
hard).
>>
>> My interest in it is quite circumscribed: as an aid in making programs
>> portable (since it virtualizes the registry).
>
> Maybe I misread the description, but doesn't it basically just do the
COM
> Component Registration in HKCU (thus user-dependent registry)?
>


I have not had a chance to work with it yet so I can say nothing
authoritative, just give my interpretation of the docs and what others
have done with the tool. But my understanding that it is possible to
package a program as a single executable with no registry entries.

FWIW, answers.com says,

"On Windows, Thinstall... essentially work[s] by intercepting filesystem
and registry requests by an application and redirecting those requests to
a preinstalled isolated sandbox, thus allowing the application to run
without installation or changes to the local PC."
....
"Thinstall works by packaging an application into a single EXE which
includes the runtime plus the application data files and registry.
Thinstall’s runtime is loaded by Windows as a normal Windows application,
from there the runtime replaces the Windows loader, filesystem, and
registry for the target application and presents a merged image of the
host PC as if the application had been previously installed. Thinstall
replaces all related API functions for the host application, for example
the ReadFile API supplied to the application must pass through Thinstall
before it reaches the operating system. If the application is reading a
virtual file, Thinstall handles the request itself otherwise the request
will be passed on to the operating system. Because Thinstall is
implemented in user-mode without device drivers and it does not have a
client that is preinstalled, applications can run directly from USB Flash
or network shares without previously needing elevated security
privileges."

Incidentally, for those who wish to download an experimental copy of the
latest Thinstall (complete with crack) nip on over to:

http://mikicun.blogsome.com/

Regards,

nemo_outis wrote:
> Sebastian Gottschalk <seppi@seppig.de> wrote in news:52qco0F1p3b7tU1
> @mid.dfncis.de:
>
>> nemo_outis wrote:
>>
>>> FWIW Thinstall 3.035 has very recently been posted on the warez scene.
>>> Worthwhile downloading (for experimentation only, of course :-)
..........

My reason for the original posting is not yet obviated...but you are
getting there: If Thinstall is already Warez then the utility in Malware
aps is overtly apparent to more than just a helpless fop trying to
ascertain the vagueries of safe cyber surfin like me.......Right?

If the CIA was excited enough by the ability to manipulate software on
locked desktops then a little package hitchhiking on a 'legit' app would
enable the provider access to ...whatever they wanted on the recipients
puter. This in spite of the security settings I presume.

I am assuming that 'choice' is a beast that must subverted at any cost
becasue it sure looks to me like there is no end of development to
thwart it.

>
> Incidentally, for those who wish to download an experimental copy of the
> latest Thinstall (complete with crack) nip on over to:
>
> http://mikicun.blogsome.com/

I became aware of it about 6months ago by using REGEDIT to look for
hidden software entries. There was JITIT with "author 0" and no other
info available. The only thing I have not RE-downloaded and installed
since is WinMX. [p2p software]
So.....the suspicious person in me says "follow the money..." and it
points to the RIAA I suspect.

I expect the latest Russian rootkits available for sale are utilizing
technology or methodology perloined from thinstall???

I googled the developer of Thinstall ...he is obsessed with copyright
protection of media
and software. Ironic that his trojan is now Warez...unless that was the
plan?

Did I get this all wrong, Like "cookies, XML, Java and Javascripts are
for my enhanced browsing experience"?
Warf.

> Regards,

Sebastian Gottschalk wrote:
> warf wrote:
>
>> My reason for the original posting is not yet obviated...
snip....

I was referring to the subtrifuge and masquerading apps like thinstall
allow. Like For Eg; WINMX+thinstall

Granted p2p is no longer welcome here, but the illusion of internet
anonymity and puter saftey/privacy have been the focus of my dis-illusions
I defer to you for logical and didactic thwarts of stated premise;
IE, most of us non-pro admin types are phuked if we think we own our
puters and our information.
Warf..."is there a draft in here or are my pants still down"?