lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 24 May 2010 08:30:13 +0200
From: Christian Sciberras <>
To: "Thor (Hammer of God)" <>
Cc: "" <>
Subject: Re: denial-of-service vulnerability in
	theMicrosoft Malicious Software Removal Tool

Since I'm always for a coding challenge, here goes nothing:
It's in PHP though. The gist of it would be disk_total_space and/or
Don't "reinvent the wheel" is what I say :)


On Mon, May 24, 2010 at 3:40 AM, Thor (Hammer of God)

> I've been trying to get through to him Larry, but it's been hard ;)
> Stu, let's try this first...
> In XP, you don't have "built in" elevation features like you do with Vista
> and Windows 7.  While you can certainly run as a regular user and use
> "runas" when you must run something the requires administrative privileges,
> it's not exactly the easiest thing for people to do.  As such, they just run
> as admin.
> This is really, really bad.  It's like running as root for everything.
>  Whoever set up your client's systems did them a great disservice when they
> configured everyone to run as admin, as you are beginning to see.  While not
> all malware requires admin permissions, most do.
> The way your client got malware was by downloading something and installing
> it as admin.  You should not feel sorry for them.  *THEY* did it.  *THEY*
> are running as admin and THEY are getting infected.  If they choose to say
> with XP and not have AV properly installed, and to not run as a normal
> users, that is THEIR fault.  When they get infected, you bill them as you
> should.
> Create a normal user for them and see if their software works.  That's the
> simplest thing.  If it does, then have them run as that user and not admin -
> that's the least you can do and what I could consider "responsible" from a
> professional standpoint.   Other aspects of the user experience can be very
> easily controlled via GPO assuming they have a domain structure.   Of
> course, the recommendation is to move into Windows 7, which is just freaking
> awesome.   These are the things you need to be concentrating on.
> But saying they shouldn't be using Windows because they are running
> software released almost 10 years ago with inadequate AV and running under
> admin while downloading things they shouldn't honestly makes you look like a
> tool.  To focus your attention on MRT *maybe* causing your system to boot
> improperly is ludicrous.  Focus on the malware.  Focus on the user.
> We're trying to help here, but you are going to have to do your part too.
> T
> p.s.  Last time you were talking about your unreleased code being 1951
> bytes that gave you a drive tot, free, and % free.  I believe you said to me
> "to do better if you can."    Feel free to use the below code at your
> discretion.  I only spent about 15 minutes on it, so I apologize if it is
> rough.  However, it returns all local AND network drives on the system in a
> single command with total, free, and percentage free.   It's 886 bytes.  I'd
> call half the size with more than twice the capabilities "doing better."
>  :-p   Oh, don't mistake the "FreeBFD" part for something it's not.  That's
> just what I thought of it ;)
> using System;
> using System.Management;
> namespace FreeBFD
> {class Program{static void Main(string[] args){
> ManagementClass drivesClass = new ManagementClass("win32_logicaldisk");
> ManagementObjectCollection drives = drivesClass.GetInstances();
> foreach (ManagementObject drive in drives)
> {
> drive.Get();
> int type = Convert.ToInt32(drive["DriveType"]);
> if (type == 3 | type == 4)
> {
> double size = Convert.ToInt64(drive["Size"]);
> double free = Convert .ToInt64(drive["FreeSpace"]);
> Console.WriteLine("Drive " + drive["deviceid"] +"\nTotal:\t"+ size +
> "\nFree:\t " + free + "\n%Free:\t" +
> Convert.ToDouble((free/size)*100)+"\n");
> }}}}}
> >-----Original Message-----
> >From: [mailto:full-disclosure-
> >] On Behalf Of Larry Seltzer
> >Sent: Sunday, May 23, 2010 5:57 PM
> >To:;
> >Subject: Re: [Full-disclosure] denial-of-service vulnerability in
> theMicrosoft
> >Malicious Software Removal Tool
> >
> >Don't you get it? Your customers installed malware while logged in as
> >administrator on XP. MSRT isn't magic. From this you tell people "Don't
> run
> >Windows"?
> >
> >And if your customers' apps require admin privileges and they have to run
> on
> >XP then they really can't be properly secured.
> >
> >Larry Seltzer
> >Contributing Editor, PC Magazine
> >
> >
> >
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter:
> >Hosted and sponsored by Secunia -
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> Hosted and sponsored by Secunia -

Content of type "text/html" skipped

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists