Re: CWS = Crummy Windows Security
From: Andrew Aronoff (ntbugtraq.sub_at_AARONOFF.COM)
Date: Thu, 7 Oct 2004 21:23:17 +0200 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
A Aronoff wrote:
>> AppInit_Dlls is a gaping security hole. Unfettered access to this
>> value should be removed ASAP from NT4/W2K/WXP.
Ron Parker replied:
> Unfettered? What's "unfettered" mean?
Unfettered means that if security permits, any app can write to this
value. In our opinion, even with Admin access, there should be special
vetting, perhaps against an MS-approved white list, before an app can
write there. On a hostile network (such as the Internet), the value is
simply too powerful for access to be left otherwise.
Mark Tassin pointed out:
> Why not simply use CoolWebShredder? Made by the author of Hijack
> This! It seems to nail all the CWS variants out there. And does it
> well I might add.
For two reasons:
1. As the download page you provided indicates, the CWShredder
project is "suspended"
2. On the CWS version we wrestled with, CWShredder didn't work.
(HijackThis didn't show anything in the AppInit_Dlls value,
Of course, if CWShredder works, so much the better. It's free, just
like the method we espouse.
-- ***** Want to know every program that starts up with Windows? Download "Silent Runners.vbs": http://www.silentrunners.org/ ***** -- NTBugtraq Editor's Note: Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field. --