[<prev] [next>] [day] [month] [year] [list]
Message-ID: <EBF49D1F55C6D349AFBE297CAC238A521FB3FC4C@uskzoms025.uskzo.am.pnu.com>
Date: Wed, 12 Nov 2003 12:09:41 -0500
From: "Reava, Jeffrey [IT/0200]" <jeffrey.reava@...rmacia.com>
To: "'psz@...hs.usyd.edu.au'" <psz@...hs.usyd.edu.au>,
bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: RE: MS03-048: Thor and unpatched?
<snip>
(Is it known what http://www.pivx.com/qwikfix/ does? Will it remain free?
Is "Mocrosoft" a mis-spelling or some joke?)
</snip>
You can use In Control 5 to isolate the changes made by a given application.
Especially good for running down registry entries. Start to end, it should
only take about 1/2 hour to download, monitor changes and generate a report.
It's available here:
http://www.devhood.com/tools/tool_details.aspx?tool_id=432
For a slightly broader look at evaluating untrusted software in a controlled
environment:
http://www.sans.org/rr/papers/5/79.pdf
Abstract:
"Tools and techniques of reverse engineering allow the professional analyst
to identify and
describe in detail the behavior of malicious software in a test lab
environment. However,
many users and organizations lack both the resources and time to subject
untrusted
software to such stringent tests. To address the key business concern of "is
this software
safe to download and use?", a lightweight filtering methodology is proposed
that will
yield a reasonably reliable answer with a very modest resource and time
investment."
This communication is intended solely for the use of the addressee and may
contain information that is legally privileged, confidential or exempt from
disclosure. If you are not the intended recipient, please note that any
dissemination, distribution, or copying of this communication is strictly
prohibited. Anyone who receives this message in error should notify the
sender immediately and delete it from his or her computer.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists