Full Disclosure mailing list archives
Re: Re: Administrivia: Testing Emergency Virus Filter..
From: "Thor Larholm" <lists.netsys.com () jscript dk>
Date: Thu, 21 Aug 2003 10:32:24 +0200
From: "Drew Copley" <dcopley () eeye com> Actually, quite a few don't, some still rely on piggy backing Outlook. But, yes, this trend should be dissapearing as people upgrade so their Outlook client will no longer be able to be remote controlled by another application. (Current versions not only block attachments but also the ability for applications to access the api framework, itself).
Specific parts of the API for Outlook is blocked completely (unless the enduser manually approves otherwise), which has also had an effect on existing mainstream applications such as tighly integrated antispam products (I had problems using my favorite, www.spamfighter.com). Precisely because of this, several solutions were devised almost immediately to circumvent these restrictions by proxying through thirdparty COM objects such as Redemption ( http://www.dimastr.com/redemption/ ) so one could still reach the entire Outlook object model. "Outlook Redemption works around limitations imposed by the Outlook Security Patch and Service Pack 2 of MS Office 2000 and Office XP (which includes Security Patch) plus provides a number of functions to work with properties and functionality not exposed through the Outlook object model." I like Redemption, not as much for its ability to circumvent the complete API block but for its utility functions which come quite handy when developing Outlook extensions :)
Even if email clients do start encrypting this information, it will still be easy to bypass because it is local. There is always a crack for local work. But, such a thing may deter some virus writers.
99% of virus writers would have problems understanding the concept of Redemption. I'm still amazed at how many virii rely on enduser interaction when they clearly need not to. Regards Thor Larholm PivX Solutions, LLC - Senior Security Researcher _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Administrivia: Testing Emergency Virus Filter.., (continued)
- Re: Administrivia: Testing Emergency Virus Filter.. Bryan Allen (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Schmehl, Paul L (Aug 20)
- Re: Administrivia: Testing Emergency Virus Filter.. Valdis . Kletnieks (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Gary E. Miller (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Schmehl, Paul L (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Drew Copley (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Gary E. Miller (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Paul Schmehl (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Gary E. Miller (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Drew Copley (Aug 21)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Drew Copley (Aug 20)
- Re: Re: Administrivia: Testing Emergency Virus Filter.. Thor Larholm (Aug 21)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Drew Copley (Aug 21)