lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed May 11 00:17:15 2005
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Useless tidbit (MS AntiSpyware)

Steven Rakick wrote:

> Interesting. Has this always been that way? While it's not a huge gaping
> hole, it's definitely concerning. At least to me.

Well, yes, of course it's concerning...

If you have some unknown/unwanted/etc program running on one of your 
machines you darn well should be concerned, regardless of whether its 
called program.exe and located in the root directory of your Windows 
install drive or not.

Of course, (assuming you are an IT admin) your boss should be even more 
concerned in how in the heck you've allowed your IT system to be rolled 
out such that arbitrary executables can actually get onto the machines 
and be run so easily.

_THAT_ is a far larger problem you should have considered long before 
you discovered that one (or more) of the many "band-aid" programs (like 
MS AntiSpyware, most other anti-spywares, known virus scanning 
"antivirus" programs, software firewalls, and so on) so commonly 
advocated by lame (or hamstrung) system admins has this (and dozens of 
other) trivial, stupid holes.


Regards,

Nick FitzGerald

Powered by blists - more mailing lists