Full Disclosure mailing list archives
Re: when will AV vendors fix this???
From: "Bipin Gautam" <gautam.bipin () gmail com>
Date: Tue, 8 Aug 2006 07:54:13 +0545
> This is similar to the problem of alternative data streams. Essentially, the work needed to solve this problem isn't worth the expenditure of time and effort, because the file, in order to infect the system, has to be executed. Once the file is executed "normal" on-access scanning will catch the exploit *if* it is known. (If it's unknown, it doesn't matter anyway.) Yes, on-demand scanning won't "see" the file, but even malicious files are benign until they are run.
i still insist, it might be a minor glitch to NOT ALLOW even admins to access a private file directly, but it isn't an issue with windows at all!!! I thought the the files should be accessed via "SeTcbPrivilege" BUT it doesn't. )O; but hey, most of "the file undelete utilities" already do this..... if you try reading/copying a EXISTING file (via sys admin privilage) using (say Restorer2000 Demo) it effectively bypasses file permission regardless if it...... & can read the file! there must be another undocumented? API doing this??? another note, even WINDOWS ONECAIR is pron to this bug. -bipin _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Re: when will AV vendors fix this???, (continued)
- Re: Re: when will AV vendors fix this??? <...> (Aug 06)
- Re: when will AV vendors fix this??? Marius Huse Jacobsen (Aug 07)
- Re: when will AV vendors fix this??? Bryan (Aug 07)
- RE: when will AV vendors fix this??? Thomas D. (Aug 07)
- Re: RE: when will AV vendors fix this??? Dude VanWinkle (Aug 07)
- RE: RE: when will AV vendors fix this??? Thomas D. (Aug 07)
- RE: RE: when will AV vendors fix this??? Dmitry Yu. Bolkhovityanov (Aug 11)
- Re: RE: when will AV vendors fix this??? Paul Schmehl (Aug 14)
- Re: RE: when will AV vendors fix this??? Bipin Gautam (Aug 15)
- Re: RE: when will AV vendors fix this??? Dude VanWinkle (Aug 07)
- Re: when will AV vendors fix this??? Bipin Gautam (Aug 07)