Re: Escalation of privileges

[Adam Richard <adam.richard2 () SYMPATICO CA>]

> > Hmm... Interesting, but needs an idiot admin to exploit.
Not necessarily a stupid admin, but stupid management who won't listen to
admins and then hire rent-a-techs to do botchy deployments.  I have seen as
a company policy for a company-wide NT roll out on desktops, that the local
admin password is left blank upon deployement.  Six months later they
decided to have a standardized password because it was such a mess.  But
the passwords were to be standardized only when a tech happens to work on a
machine, so it will take ages before they have a uniform admin password.
Right now it's chaos.  So it's not always the admin's fault.

> I beg to differ.  I don't have the time to minutely examine
> every file that every app installs.  I think it is reasonable
> to expect reputable companies (such as Symantec) to ship
> their apps in a secure state.
I found a nice freeware product recently called InstallWatch
(www.epsilonsquared.com) which does just that.  They also have a software
called InstallRite that will extract the information from InstallWatch to
create self-extract install kit to facilitate software deployment.  As a
bonus, I also wrote a paper about how to use InstallWatch as a
Tripwire-like IDS system. www.geocities.com/floydian_99

Hope that helps.

Adam