Full Disclosure mailing list archives
Re: .hta virus analysys
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 21 Nov 2003 14:38:35 +1300
Jelmer <jkuperus () planet nl> wrote:
There's nothing wrong with .hta files, ...
As local content, agreed -- they are just as "safe" as such other things as .EXE files, .VBS files and so on...
... but that it has an associated mime type boggles the mind
Agreed, but what boggles my mind even more is that I have been told that in the past MS has said it will not remove support for this (and related extreme stupidities) "because some major customers actually _want_ _AND USE_ this functionality". That's right folk -- TCI means that if a couple of pea-brained, slack- arsed "system administrators" at a couple of major MS accounts (think the "big three" (or is it still four?) accounting/consulting firms, really large defense, aerospace, etc manufacturers to get an idea of the size of operation your security is competing with here), who are too stupid to work out a couple of registry tweaks to shoot off both their feet in the pursuit of making their own lives marginally easier, MS will roll the desired "feature" into the default install so as to inflict several hundred million machines worldwide with the associated problems should there be any flaws elsewhere in its products. It's long past time Windows' attack surface was dramatically reduced through the removal of all kinds of stupid and dangerous MIME type mappings, CLSID as file extension tricks, and other such nonsenses. I'm sure these gave wet dreams to the pimply-faced geeks that dreamed them up as yet another cool way to "just make things work" if the only "skill" some yokel user knows is "double-click it and see". However, as those geeks were neither trained in, nor charged with having, the vaguest clue about or concern for security, it's time that a lot of those design decisions were re-considered. It's at least half- pointless having better security-trained programmers (if you believe Redmond's hype) if they are baby-sitting code that is still intended to implement functionality dreamed up when "security-ignorant featuritis" and "everything enabled by default so everything just works" were the driving forces behind the design ideal...
It's been the source of many an issue in the past. Microsoft would be better of disabling it entirely
Yep, couldn't agree more. Maybe in XP SP2??? And if so, will they "back-port" it to the next W2K SP?? Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- .hta virus analysys Jim Duggan (Nov 19)
- Re: .hta virus analysys bryce (Nov 19)
- Re: .hta virus analysys Nick FitzGerald (Nov 19)
- Re: .hta virus analysys madsaxon (Nov 19)
- Re: .hta virus analysys Valdis . Kletnieks (Nov 19)
- Re: .hta virus analysys listas (Nov 21)
- Re: .hta virus analysys Maxime Ducharme (Nov 20)
- Re: .hta virus analysys Scott Taylor (Nov 20)
- Re: .hta virus analysys Gary Flynn (Nov 20)
- Re: .hta virus analysys Jelmer (Nov 20)
- Re: .hta virus analysys Nick FitzGerald (Nov 20)
- Re: .hta virus analysys Nick FitzGerald (Nov 19)
- Re: .hta virus analysys bryce (Nov 19)
- Re: .hta virus analysys Gadi Evron (Nov 20)
- <Possible follow-ups>
- Re: .hta virus analysys Feher Tamas (Nov 20)
- Re: .hta virus analysys http-equiv () excite com (Nov 21)