Security Basics mailing list archives
Re: protect MS Windows 95/98/Me
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Wed, 1 Oct 2003 11:11:22 +0200
On 2003-09-29 Tomas Wolf wrote:
Alexander Suhovey wrote:It was long ago when I played with win9x last time, but if I recall correctly, "Disable registry tools" policy in win9x only restricts ability to run regedit.exe. There are other ways to edit registry: - rename regedit.exe - use reg files - use third-party registry editing software Correct me here if I'm wrong.I couldn't find the real question, so I'll just try to react on what I see is the discussion about... I remember one free (windows natural) tool that can do some locking and policy enforcement -> POLEDIT.EXE. I remember playing with it for some time and using it for a library as the "lock-down" tool, since they didn't want to invest time or money... And it worked well enough... Even though, who knows what they are doing it is not a big deal. But that is my 1c shoot in the dark
Then maybe I can shed some light ;) Yes, poledit.exe is the tool to define policies, but on Windows 9x you can't *enforce* these policies. Sure they are applied in the way you intended, but *any* user can change or disable them, since they are stored in the registry (search for keys named "policies") and Windows 9x does *not* provide ACLs to protect the settings. Even if you define the above mentioned "Disable Registry Tools" policy it disables only interactive usage of regedit, but you are still able to import .reg-files by running it non-interactive. Through these .reg-files you can still manipulate the registry in any way you like, even delete keys and values including those defined by policies. I guess the policies are re-applied on next logon, but for the current session the user is free to do whatever he/she pleases. As Alexander said: to really secure a Windows 9x box, you have to replace almost the whole operating *cough* system, so IMO the question is: why not directly migrate to an operating systems that already provides these features? Regards Ansgar Wiechers --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: protect MS Windows 95/98/Me Ansgar -59cobalt- Wiechers (Oct 01)
- <Possible follow-ups>
- Re: protect MS Windows 95/98/Me Robert Reidenbach (Oct 02)