Re: [Full-Disclosure] .hta virus analysys
From: Nick FitzGerald (nick_at_virus-l.demon.co.uk)
Date: 11/21/03
- Previous message: Michael Gale: "Re: [Full-Disclosure] Sidewinder G2"
- In reply to: Jelmer: "Re: [Full-Disclosure] .hta virus analysys"
- Next in thread: Jelmer: "Re: [Full-Disclosure] .hta virus analysys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Fri, 21 Nov 2003 14:38:35 +1300
Jelmer <jkuperus@planet.nl> wrote:
> There's nothing wrong with .hta files, ...
As local content, agreed -- they are just as "safe" as such other
things as .EXE files, .VBS files and so on...
> ... but that it has an associated mime
> type boggles the mind
Agreed, but what boggles my mind even more is that I have been told
that in the past MS has said it will not remove support for this (and
related extreme stupidities) "because some major customers actually
_want_ _AND USE_ this functionality".
That's right folk -- TCI means that if a couple of pea-brained, slack-
arsed "system administrators" at a couple of major MS accounts (think
the "big three" (or is it still four?) accounting/consulting firms,
really large defense, aerospace, etc manufacturers to get an idea of
the size of operation your security is competing with here), who are
too stupid to work out a couple of registry tweaks to shoot off both
their feet in the pursuit of making their own lives marginally easier,
MS will roll the desired "feature" into the default install so as to
inflict several hundred million machines worldwide with the associated
problems should there be any flaws elsewhere in its products.
It's long past time Windows' attack surface was dramatically reduced
through the removal of all kinds of stupid and dangerous MIME type
mappings, CLSID as file extension tricks, and other such nonsenses.
I'm sure these gave wet dreams to the pimply-faced geeks that dreamed
them up as yet another cool way to "just make things work" if the only
"skill" some yokel user knows is "double-click it and see". However,
as those geeks were neither trained in, nor charged with having, the
vaguest clue about or concern for security, it's time that a lot of
those design decisions were re-considered. It's at least half-
pointless having better security-trained programmers (if you believe
Redmond's hype) if they are baby-sitting code that is still intended to
implement functionality dreamed up when "security-ignorant featuritis"
and "everything enabled by default so everything just works" were the
driving forces behind the design ideal...
> It's been the source of many an issue in the past. Microsoft would be better
> of disabling it entirely
Yep, couldn't agree more.
Maybe in XP SP2???
And if so, will they "back-port" it to the next W2K SP??
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Michael Gale: "Re: [Full-Disclosure] Sidewinder G2"
- In reply to: Jelmer: "Re: [Full-Disclosure] .hta virus analysys"
- Next in thread: Jelmer: "Re: [Full-Disclosure] .hta virus analysys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
