lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: yossarian at planet.nl (yossarian) Subject: Microsoft plans tighter security measures in Windows XP SP2 Most of it appears to be tighten the defaults. Usefull, yes, but not very new.. New is: "Interface restriction (exposed to developers, for example, through a new registry key called RestrictRemoteClients) modifies the behavior of all remote procedure call interfaces on the system and will, by default, eliminate remote anonymous access to RPC interfaces on the system, with some exceptions.". All I can say is better late than never, this should have existed ages ago - this is not XP specific. In 2001 when the first RPC issues appeared on NT4 and W2k, I had expected such a step. The introduction of an ACL on DCOM: well, why not just disable DCOM? Most users don't need it, it does not solve problems that could not be solved in another way. The possibility for 'more granular control' for admins on DCOM means that more things can be tightened, if you now what they are and have time to do so in a few thousand or more PC's. Never had much trouble with PC's that had DCOM completely disabled anyway. Not more security in this SP2 thingie, unless a raise in the TCO is acceptable - things can be secured. ICF will be enabled by default but will no longer block RPC. Yeah, great. Oh, it will have a 'shielded mode', to block all RPC till a fix for a new vulnerability is found. Yeah, same as with previous remark - who really needs RPC? Many admins have no time to use remote management and/or registry features and just put a ghosts disk in a faulty machine - quick and effective. IMHO most admins would not know what to do with the features anyway, since the insight in what the machine is doing, and what might be wrong, is completely lacking. Usually they can't be bothered, anyway. As far s I can see, this feature will make systems more vulnerable (i.e. the ones using ICF) since RPC will be open unless it is closed on ICF protected boxes. The application white list is an extension for ICF that has the same problem, who knows what apps are valid, who is to manage the list of 'known to be good' etc. Usually admins consider the Firewall a thing that just is, and often it is managed by a specialized admin. Now every NT-admin will have to know the working of an application firewall, and generally, of all the installed software. This will raise the TCO, and if companies do not employ more and more skilled support staff, the feature will just be in the way, and ICF probably disabled. My 0.02 cents: nice try, but next time go for less is more - less features is more security, this is just another featuritis. ----- Original Message ----- From: "Helmut Hauser" <helmut.hauser@...raplan.de> To: <full-disclosure@...ts.netsys.com> Sent: Friday, October 31, 2003 2:26 PM Subject: [Full-Disclosure] Microsoft plans tighter security measures in Windows XP SP2 > Very interesting MSDN Article: > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwxp/html/ securityinxpsp2.asp > > > Helmut Hauser > Systemadministration EDV > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists