RE: Re: Image-handling flaws put Windows PCs at risk

[Barrie Dempster <barrie () reboot-robot net>]

On Wed, 2005-11-09 at 09:11 -0500, Wolfe, James M wrote:
> I remember when the VBS viruses started making the rounds if you had an
> NT 4 machine you could simply delete scrrun.dll and you'd be OK. Win 2K
> on the other hand which was just coming out at the time would put the
> file back no matter if you deleted it, renamed it, or tried sticking in
> a zero byte file. So much for being able to remove features that you
> don't want.


Windows File Protection was an addition which was meant as an added
security system in order to give you at least a base level of integrity
checking.

http://support.microsoft.com/?kbid=222193

This was very well documented at the time and has had a lot of attention
sine then. WFP also popped up a message box alerting you to it's
presence and telling you what it did, which allowed you to then check
the documentation on the system and find out how you could configure it.
I met this system in a similar way to yourself and quite quickly found
the documentation and was able to remove the critical system file
(pinball.exe!). It's ironic that this security feature prevented you
from securing your system, although the issue here wasn't in the system
itself but more a lack of understanding on the part of the user.
Although the OS should really have much simpler ways of picking and
choosing what is installed.


-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

"He who hingeth aboot, geteth hee-haw" Victor - Still Game

blog:  http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:    https://www.cacert.org/index.php?id=3

Attachment: smime.p7s
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.