RE: XPSP2 compatability

["Bundschuh, Anthony D." <ANTHONY.D.BUNDSCHUH () saic com>]

Why couldn't you just do a run Services as a power user or administrator,
she could then stop the service without having to be a power user all of the
time.  It is similar to using su to do a specific task.  Just create a
shortcut for the services program and select run as, that simple.

Tony

-----Original Message-----
From: Kevin Sheldrake [mailto:kev () electriccat co uk] 
Sent: Saturday, August 21, 2004 5:23 AM
To: Wozny, Scott (US - New York); Karo () onnik com; Roman Fomichev; Anjin;
pen-test () securityfocus com
Subject: Re: XPSP2 compatability


I think there is a flaw in your argument.

*nix has had raw sockets for ever but hasn't had the same problem.  Is  
this because people don't code worms for linux (this must be at least  
partially true) or is it because only privileged users can write to raw  
sockets?  Perhaps if the XP installation forced the creation of at least  
one user account and spat out a large alert when someone logged on as  
Administrator then the problem would be lessened?  Of course, this would  
also require MS to prevent normal users from writing to raw sockets.

For instance, my girlfriend uses Win2K on a laptop with a wifi card.  In  
order for her to start and stop the built-in IPSec client (required when  
she switches between wired and wireless), she needs to be a power user of  
some description.  Fine, I'm the administrator so I gave her the  
capabilities.  Now she can let malware act as a power user when it runs -  
brilliant.  On linux, for example, I simply su to start and stop the IPSec  
and run the rest of my session as a normal user.  It's the simple concept  
of least privilege...


Kev


> Does anybody else find it funny that when Microsoft produced OSes that 
> didn't allow sending over raw sockets programmers screamed bloody 
> murder about the restrictive nature of it (you can code that way in 
> *nix, why not in Windows)?  So MS decided to allow it.  If I recall 
> correctly, some of the InfoSec pundits at the time claimed this was a 
> very frightening idea because the truly nasty address-spoofing code at 
> the time only functioned in the *nix world due the Microsoft's 
> 'oppressive' limitation on the TCP/IP stack.  Well Microsoft gave the 
> programmers what they wanted and for the last 2 or 3 years we've been 
> dealing with the fallout of the world of 'point-and-click worms' that 
> your above-average 15 year old on Jolt Cola in his mom's basement can 
> compile and unleash on the world.  Now IT departments the world over 
> have been screaming bloody murder about this wildly insecure operating 
> system and Microsoft, pressured by their corporate clients who are 
> their bread and butter, said they'd work tirelessly to fix this and 
> demonstrate their commitment to security.
>
> So now, Microsoft is back to saying, "No raw sockets" (amongst other 
> things).  I'm not saying that this is the only security hole in 
> Windows. But I am saying that, in a way, we kind of asked for this...  
> :)  It's kind of a gun control thing.  The raw sockets are not the 
> problem, the exploits and the bad code are, but the raw sockets allow 
> spoofing within Windows making the exploit that much easier to 
> propagate with a lesser programming skill set (i.e. guns don't kill 
> people, people kill people, but the gun makes it easier to do it than 
> using a toaster).  Microsoft has explicitly made the point that, in 
> their research, raw sockets are being used for nefarious purposes more 
> often than for noble ones.  Right or wrong, it looks like we're going 
> to have to write around it.
>
> Anybody want to venture a guess as to how many more times this 
> pendulum is going to swing?  :)
>
> Oh, and for the record, I haven't been forced onto SP2 yet.  
> Hopefully, by the time that happens, someone will have quantified all 
> the permutations and combinations of XP Service Packs, WinPCap distros 
> and Ethereal distros that do and don't work together.
>
> Scott
>
> This opinion is my own and does not, necessarily, reflect the opinions 
> of my employer.
>
> -----Original Message-----
> From: Gary everekyan [mailto:karo () onnik com]
> Sent: Tuesday, August 17, 2004 12:42 PM
> To: 'Roman Fomichev'; 'Anjin'; pen-test () securityfocus com
> Subject: RE: XPSP2 compatability
>
>
> Here is a little more detail.
> I have been successfully running ethereal version 0913a and winpcap 
> 3.0 under XPSP2. I have also upgraded and was successful in running  
> ethereal version 0106
> and winpcap 3.1beta3 on XPSP2.
> HTH
>
>
> Regards,
> Gary Everekyan CISSP, CISM, MCSE, MCT
> Information Security and Audit
> "High achievement always takes place in the framework of high 
> expectation" - Jack Kinder
>
>
> -----Original Message-----
> From: Roman Fomichev [mailto:from () e-solutions lv]
> Sent: Tuesday, August 17, 2004 4:52 AM
> To: Anjin; pen-test () securityfocus com
> Subject: Re: XPSP2 compatability
>
> I have been using ethereal for years. I have been using XPSP2 since 
> rc1.
>
> No problems.
>
> On Mon, 16 Aug 2004 22:50:32 +0930, Anjin <wildcard () internode on net>
> wrote:
>
> > Following up on the item from James, it also seems that XPSP2 is 
> > incompatible with WinPCAP.  Both Snort and Ethereal fail with an 
> > identical error when XPSP2 is installed.  Removing the patch solves 
> > the problem.
>
>
>
>
>
>
> This message (including any attachments) contains confidential
> information intended for a specific individual and purpose, and is  
> protected by law.  If you are not the intended recipient, you should  
> delete this message.  Any disclosure, copying, or distribution of this  
> message, or the taking of any action based on it, is strictly prohibited.
>
> ----------------------------------------------------------------------
> --------
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking  
> course,
> learn to write exploits and attack security infrastructure. Attend a  
> course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
> ----------------------------------------------------------------------
> ---------
>
>
>
>
> --
> Incoming mail is certified Virus Free.
> Checked by AVG Anti-Virus (http://www.grisoft.com).
> Version: 7.0.262 / Virus Database: 264.6.4 - Release Date: 19/08/2004



-- 
Kevin Sheldrake MEng MIEE CEng CISSP
Electric Cat (Bournemouth) Ltd


-- 
Outgoing mail is certified Virus Free.
Checked by AVG Anti-Virus (http://www.grisoft.com).
Version: 7.0.262 / Virus Database: 264.6.4 - Release Date: 19/08/2004


----------------------------------------------------------------------------
--
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
----------------------------------------------------------------------------
---

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
-------------------------------------------------------------------------------