| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4281E99B.30795.2011AE43@localhost> Date: Wed May 11 00:17:15 2005 From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Useless tidbit (MS AntiSpyware) Steven Rakick wrote: > Interesting. Has this always been that way? While it's not a huge gaping > hole, it's definitely concerning. At least to me. Well, yes, of course it's concerning... If you have some unknown/unwanted/etc program running on one of your machines you darn well should be concerned, regardless of whether its called program.exe and located in the root directory of your Windows install drive or not. Of course, (assuming you are an IT admin) your boss should be even more concerned in how in the heck you've allowed your IT system to be rolled out such that arbitrary executables can actually get onto the machines and be run so easily. _THAT_ is a far larger problem you should have considered long before you discovered that one (or more) of the many "band-aid" programs (like MS AntiSpyware, most other anti-spywares, known virus scanning "antivirus" programs, software firewalls, and so on) so commonly advocated by lame (or hamstrung) system admins has this (and dozens of other) trivial, stupid holes. Regards, Nick FitzGerald
Powered by blists - more mailing lists