funsec mailing list archives
RE: Re: Image-handling flaws put Windows PCs at risk
From: Barrie Dempster <barrie () reboot-robot net>
Date: Thu, 10 Nov 2005 11:42:38 +0000
On Wed, 2005-11-09 at 09:11 -0500, Wolfe, James M wrote:
I remember when the VBS viruses started making the rounds if you had an NT 4 machine you could simply delete scrrun.dll and you'd be OK. Win 2K on the other hand which was just coming out at the time would put the file back no matter if you deleted it, renamed it, or tried sticking in a zero byte file. So much for being able to remove features that you don't want.
Windows File Protection was an addition which was meant as an added security system in order to give you at least a base level of integrity checking. http://support.microsoft.com/?kbid=222193 This was very well documented at the time and has had a lot of attention sine then. WFP also popped up a message box alerting you to it's presence and telling you what it did, which allowed you to then check the documentation on the system and find out how you could configure it. I met this system in a similar way to yourself and quite quickly found the documentation and was able to remove the critical system file (pinball.exe!). It's ironic that this security feature prevented you from securing your system, although the issue here wasn't in the system itself but more a lack of understanding on the part of the user. Although the OS should really have much simpler ways of picking and choosing what is installed. -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
Attachment:
smime.p7s
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Image-handling flaws put Windows PCs at risk Richard M. Smith (Nov 08)
- Re: Re: Image-handling flaws put Windows PCs at risk Jeff Rosowski (Nov 08)
- <Possible follow-ups>
- RE: Re: Image-handling flaws put Windows PCs at risk Wolfe, James M (Nov 09)
- RE: Re: Image-handling flaws put Windows PCs at risk Richard M. Smith (Nov 09)
- RE: Re: Image-handling flaws put Windows PCs at risk Barrie Dempster (Nov 10)
- RE: Re: Image-handling flaws put Windows PCs at risk James Eaton-Lee (Nov 10)
- RE: Re: Image-handling flaws put Windows PCs at risk Wolfe, James M (Nov 10)
- RE: Re: Image-handling flaws put Windows PCs at risk Barrie Dempster (Nov 10)
- RE: Re: Image-handling flaws put Windows PCs at risk Drsolly (Nov 10)
- RE: Re: Image-handling flaws put Windows PCs at risk James Eaton-Lee (Nov 10)
- RE: Re: Image-handling flaws put Windows PCs at risk Drsolly (Nov 10)
- RE: Re: Image-handling flaws put Windows PCs at risk Barrie Dempster (Nov 10)