RE: Cisco VPN client

["Dom De Vitto" <dom () DeVitto com>]

XP driver signing isn't (really) a security thing - not yet anyway.
As only the administrator can add/remove drivers, the extra protection
provided by having the drivers "signed" before installation is low.

I'd also imagine that the sigs are not checked prior to loading,
just prior to installation. So you could "install" a signed one, and
then switch/modify binaries (I guess?).

If MS wanted this to be security they would require all executable
components be signed before use, and that, combined with "immutible"
file access for such signed objects would effectively kill the
trojan/virus business....

Dom
 |-----Original Message-----
 |From: Kayne Ian (Softlab) [mailto:Ian.Kayne () softlab co uk] 
 |Sent: Wednesday, April 17, 2002 2:35 PM
 |To: Vuln-Dev
 |Subject: Cisco VPN client
 |
 |
 |Hey all,
 |      When installing the Cisco Systems VPN Client on Windows 
 |XP, it warns you that XP driver signing will cause some 
 |"error messages" to pop up during the installation. To 
 |prevent this, instead of telling you just to OK them, it 
 |actually tells you to go and disable XP driver signing 
 |completely. It makes no mention of re-enabling it afterwards. 
 |Anyone else find that a bit of stupid advice?
 |
 |Just FYI, in case your users are doing this themselves.
 |
 |Ian Kayne
 |Technical Specialist - IT Solutions
 |Softlab Ltd - A BMW Company
 |
 |
 |** Softlab customer, Provident Financial Management Services (PFMS) 
 |has been short-listed in the category of Best Customer Contact Centre 
 |Led Project at the CRM Industry Awards, which are being held on 18th
 |April.** 
 |
 |** Softlab presented with the exclusive EMEA Partner award for their 
 |continued success in the implementation of Genesys' 
 |most complex and demanding solutions in Europe. **  
 |
 |For further information please see the Softlab website 
www.softlab.co.uk 

******************************************************************** 
This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom 
they are addressed. 

If you are not the intended recipient or the person responsible for 
delivering to the intended recipient, be advised that you have received 
this email in error and that any use of the information contained within

this email or attachments is strictly prohibited. 

Internet communications are not secure and Softlab does not accept 
any legal responsibility for the content of this message. Any opinions 
expressed in the email are those of the individual and not necessarily 
those of the Company. 

If you have received this email in error, or if you are concerned with 
the content of this email please notify the IT helpdesk by telephone 
on +44 (0)121 788 5480. 

********************************************************************