lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20100301190552.GA7403@mail.planetcobalt.net>
Date: Mon, 1 Mar 2010 20:05:52 +0100
From: Ansgar Wiechers <bugtraq@...netcobalt.net>
To: bugtraq@...urityfocus.com
Subject: Re: Circumventing Critical Security in Windows XP

On 2010-02-28 anonym@...nym.com wrote:
> administrator level doesnt matter much when we talk about
> antivirus/firewall softwares because nowadays they have a builtin
> protection that will try to prevent they get disabled, no matter what
> is the user access rights over the system. if the software can be
> disabled, then the flaw is in the software itself, and is indeed a
> vulnerability.

They're using rootkit techniques to prevent the administrator from doing
what - by design and definition - he is *supposed* to be able to do.
Since this is not desireable, failing to do so certainly is not a
vulnerability. And no, there is no such thing as a "good" rootkit.

Any administrator who willingly allows this kind of crap withing arm's
length of their systems needs a good beating with a cluestick. Badly.

> ps: on Windows XP users by default have admin rights when created, the
> standard user is member of the administrators group. On Windows Vista
> and later the standard user is admin too but the UAC forces the user
> to have "user level" rights. but demonstration code has been published
> to bypass this protection, then again that kind of modification (the
> modification did by the sc command reflects in the registry in the
> HKEY_LOCAL_MACHINE in which only admins can write data) will be
> possible.

Just shows what a big load of bullshit UAC is. I've been successfully
using LUA for years, and I don't see any reason at all to switch to UAC.

You cannot protect a system from its administrator without demoting him
from being administrator. Period. And if you are going to demote him:
who is going to fix your system when things go wrong?

Regards
Ansgar Wiechers
-- 
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ