Bugtraq mailing list archives
Re: Circumventing Critical Security in Windows XP
From: Ansgar Wiechers <bugtraq () planetcobalt net>
Date: Mon, 1 Mar 2010 20:05:52 +0100
On 2010-02-28 anonym () anonym com wrote:
administrator level doesnt matter much when we talk about antivirus/firewall softwares because nowadays they have a builtin protection that will try to prevent they get disabled, no matter what is the user access rights over the system. if the software can be disabled, then the flaw is in the software itself, and is indeed a vulnerability.
They're using rootkit techniques to prevent the administrator from doing what - by design and definition - he is *supposed* to be able to do. Since this is not desireable, failing to do so certainly is not a vulnerability. And no, there is no such thing as a "good" rootkit. Any administrator who willingly allows this kind of crap withing arm's length of their systems needs a good beating with a cluestick. Badly.
ps: on Windows XP users by default have admin rights when created, the standard user is member of the administrators group. On Windows Vista and later the standard user is admin too but the UAC forces the user to have "user level" rights. but demonstration code has been published to bypass this protection, then again that kind of modification (the modification did by the sc command reflects in the registry in the HKEY_LOCAL_MACHINE in which only admins can write data) will be possible.
Just shows what a big load of bullshit UAC is. I've been successfully using LUA for years, and I don't see any reason at all to switch to UAC. You cannot protect a system from its administrator without demoting him from being administrator. Period. And if you are going to demote him: who is going to fix your system when things go wrong? Regards Ansgar Wiechers -- "If a software developer ever believes a rootkit is a necessary part of their architecture they should go back and re-architect their solution." --Mark Russinovich
Current thread:
- Re: Re: Circumventing Critical Security in Windows XP anonym (Mar 01)
- Re: Re: Circumventing Critical Security in Windows XP Jann Horn (Mar 02)
- Re: Circumventing Critical Security in Windows XP Ansgar Wiechers (Mar 02)