RE: Oddness with the MS antispyware beta

["Larry Seltzer" <larry () larryseltzer com>]

Someone should ask about this on the MS Windows AntiSpyware (Beta)
Newsgroups:
http://communities.microsoft.com/newsgroups/default.asp?ICP=spyware&sLCID;us

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer () ziffdavis com 

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of MN Vasquez
Sent: Monday, April 11, 2005 3:13 PM
To: Paul Kurczaba
Cc: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Oddness with the MS antispyware beta

No, it's not present via Alt Tab.  It's not in Task Mgrs application list,
or on the task bar. it may be on the processes list, but I have not yet
investigated it further.

I googled all the "button" names, but it yielded nada.


----- Original Message -----
From: "Paul Kurczaba" <seclists () securinews com>
To: "MN Vasquez" <mnv () alumni princeton edu>
Cc: <full-disclosure () lists grok org uk>
Sent: Monday, April 11, 2005 11:15 AM
Subject: Re: [Full-disclosure] Oddness with the MS antispyware beta


> If you hold down "alt" + "tab", does the hidden windows name and icon 
> appear on the list?
>
> MN Vasquez wrote:
> > I don't know if this is programming technique is "common", but I've not 
> > seen it before.  I'm running the MS antispyware beta 1 on Windows XP sp2.

> > I hooked up a 2nd monitor to my laptop.  I set the resolution to 
> > 1600x1200, and the monitor position in relation to the primary, is to the

> > left.  Align the bottom screens.  You can use a different resolution, I 
> > imagine, if you offset the positions of the monitors.
> >  On the 2nd monitor I found a program window "hiding".  Basically, in a 
> > very odd position -- on a typically non-displayed portion of the desktop,

> > which I only found by configuring multiple monitors.  It seems the 
> > programmers are "hiding" a window, which I have attached as a jpg.  For 
> > those that don't want to open an attachment:
> >  there are 5 buttons: systrayhide, systrayshow, systraynormal, 
> > systrascanning, systrayupdating.
> >  The window title is gcasDtServHolder
> >  Clicking the buttons modifies the tooltip associated with the system 
> > tray icon.  I can hide/show the systray icon.  The status of the icon 
> > also changes from Active to Running when Normal is selected, and I then 
> > click either the Scanning or Updating button.
> >  Closing the window removes the system tray icon and apparently closes 
> > the program.
> >  I do not know if this possibly leads to a vulnerability or not.
> >  Mike
> >
> > ------------------------------------------------------------------------
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/