Bugtraq mailing list archives
Re: Bypassing Personal Firewalls
From: Torbjörn Hovmark <torbjorn.hovmark () abtrusion com>
Date: Sun, 23 Feb 2003 11:05:37 +0100
Oliver,
Yes. Before we go prompting users ever time someone calls CreateFile, though, there are much simpler measures. One of them would
make
OpenProcess require a priviledge of some sort (see below).
Restricting OpenProcess won't help much. For example, CreateProcess will return a handle with full access. Actually, the Windows NT code to start a process utilizes this fact to write to the new process' memory space (although using native calls rather than Win32). Essentially, once someone can execute arbitrary code on your system you're toast. There are just too many holes in Windows for it to be feasible to plug them all. The focus ought to be on preventing the code execution in the first place, not on trying to contain it. Best regards, Torbjörn Hovmark ______________________________________ Abtrusion Security AB - next generation intrusion protection http://www.abtrusion.com
Current thread:
- RE: Bypassing Personal Firewalls, (continued)
- RE: Bypassing Personal Firewalls Drew Copley (Feb 21)
- RE: Bypassing Personal Firewalls Oliver Lavery (Feb 21)
- RE: Bypassing Personal Firewalls Drew Copley (Feb 21)
- RE: Bypassing Personal Firewalls Oliver Lavery (Feb 21)
- Re: Bypassing Personal Firewalls Shaun Clowes (Feb 23)
- Re: Bypassing Personal Firewalls Johan Verrept (Feb 24)
- Re: Bypassing Personal Firewalls Shaun Clowes (Feb 24)
- Re: Bypassing Personal Firewalls Zow (Feb 24)
- Re: Bypassing Personal Firewalls Johan Verrept (Feb 24)
- Re: Bypassing Personal Firewalls Darwin (Feb 28)
- RE: Bypassing Personal Firewalls John Howie (Feb 23)
- RE: Bypassing Personal Firewalls Oliver Lavery (Feb 24)
- Re: Bypassing Personal Firewalls Torbjörn Hovmark (Feb 24)
- RE: Bypassing Personal Firewalls John Howie (Feb 24)
- RE: Bypassing Personal Firewalls Drew Copley (Feb 21)