RE: Microsoft XP/SP2 security

From: Geoff Van Brunt (gvanbrunt_at_dstgroup.com)
Date: 03/09/04

  • Next message: Marc Fossi: "Article Announcement: Where to Turn?"
    To: "'Thor Larholm'" <thor@pivx.com>, "'Steve Friedl'" <steve@unixwiz.net>, <focus-ms@securityfocus.com>
    Date: Tue, 9 Mar 2004 13:49:29 -0500
    
    

    Hi all,

    If anyone has an MSDN Universal Subscription I believe the beta is available
    in subscriber downloads.

    And from Steve's analysis:
    >>One minor area of concern:

    >>the Changes document
    >>--------------------------------------------------------------------------
    >>------
    >>Applications should get user consent before adding themselves to the
    >>AuthorizedApplications collection.
    >>--------------------------------------------------------------------------
    >>------

    >>"Should" ?
    >>A rogue application running as Administrator could easily add itself to
    >>the list with a "friendly name" of Internet Explorer or the like and fool.
    >>the user.

    >>This could only happen if the user ran some badware, and I'm not sure if
    >>there is any way to get around this beyond simply forcing some kind of GUI
    >>dialog box entry for every update to the Firewall API.

    I don't think there is any "direct" why of notifying the user. A kernel
    thread should not "call up" to the gui. However, if there were some
    notification api that notifies of the changes, a client (such as MS's new
    firewall client or third party) should notify the user of the change by
    "subscribing" to the notification event.
     
    Thanks,
     
     
    Geoff Van Brunt
    Information Technology Manager
    DST Consulting Engineers
     
     

    -----Original Message-----
    From: Thor Larholm [mailto:thor@pivx.com]
    Sent: March 9, 2004 1:29 PM
    To: Steve Friedl; focus-ms@securityfocus.com
    Subject: RE: Microsoft XP/SP2 security

    Very nice analysis, I wonder how much more you could have written with
    access to XP/SP2 (nudge nudge, give the man a beta).

    The IE security zone changes involve locking down the My Computer zone
    (http://tinyurl.com/3atog). Together with the NX CPU flag, this will
    definitely cause a lot of applications to malfunction, including:

    Microsoft Management Console
    Norton Internet Security / Norton Antivirus
    Mcafee Antivirus
    Visual Studio.NET/2003
    The .NET Framework
    MSDN Help

    Regards

    Thor Larholm
    Senior Security Researcher
    PivX Solutions
    24 Corporate Plaza #180
    Newport Beach, CA 92660
    http://www.pivx.com
    thor@pivx.com
    Phone: +1 (949) 231-8496
    PGP: 0x5A276569
    6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569

    PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
    Qwik-Fix
    <http://www.qwik-fix.net>

    -----Original Message-----
    From: Steve Friedl [mailto:steve@unixwiz.net]
    Sent: Tuesday, March 09, 2004 7:31 AM
    To: focus-ms@securityfocus.com
    Subject: Microsoft XP/SP2 security

    Hello listmates,

    XP Service Pack 2 has been in beta test for some months, and it looks
    like this is primarily about adding security features. A few are minor,
    but some look quite far-reaching. I don't believe I've ever seen a
    single bigger security push from Microsoft, and I'm very encouraged.

    I've written an analysis of XP/SP2's security aspects:

            http://www.unixwiz.net/techtips/xp-sp2.html

    Corrections/feedback welcome.

    Steve

    -- 
    Stephen J Friedl | Software Consultant | Tustin, CA |   +1 714 544-6561
    www.unixwiz.net  | I speak for me only |   KA8CMY   | steve@unixwiz.net
    ------------------------------------------------------------------------
    ---
    Free 30-day trial: firewall with virus/spam protection, URL filtering,
    VPN, 
    wireless security
    Protect your network against hackers, viruses, spam and other risks with
    Astaro Security Linux, the comprehensive security solution that combines
    six 
    applications in one software solution for ease of use and lower total
    cost 
    of ownership. 
    Download your free trial at 
    http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301
    ------------------------------------------------------------------------
    ---
    ---------------------------------------------------------------------------
    Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, 
    wireless security
    Protect your network against hackers, viruses, spam and other risks with 
    Astaro Security Linux, the comprehensive security solution that combines six
    applications in one software solution for ease of use and lower total cost 
    of ownership. 
    Download your free trial at 
    http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, 
    wireless security
    Protect your network against hackers, viruses, spam and other risks with 
    Astaro Security Linux, the comprehensive security solution that combines six 
    applications in one software solution for ease of use and lower total cost 
    of ownership. 
    Download your free trial at 
    http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301
    ---------------------------------------------------------------------------
    

  • Next message: Marc Fossi: "Article Announcement: Where to Turn?"

    Relevant Pages

    • [NEWS] Advanced Application-Level OS Fingerprinting: Practical Approaches and Examples
      ... Get your security news from a reliable source. ... Dan presents an alternate approach to application-level OS fingerprinting. ... cross-platform applications which result in OS-dependant responses. ... As a part of a default Apache ...
      (Securiteam)
    • Re: Cannot use Microsoft or Office Update
      ... That utility is frequently updated so you might want to download the newest version anytime you need it. ... McAfee, which seemed to often become corrupted and required ... What's your opinion of McAfee applications now? ... My security software is Threat Fire, ...
      (microsoft.public.windowsupdate)
    • Re: Active Directory/HIPPA Question
      ... The client ... > roll out AD when their top priority this year is securing the applications ... Security is one of the biggest reasons. ... ESPECIALLY if you have 800 remote offices. ...
      (microsoft.public.win2000.general)
    • RE: New Whitepaper - "Second-order Code Injection Attacks"
      ... I make no claims that this a previously "undiscovered" security flaw. ... code injection into web applications. ... differentiate between the code injection attacks - and to explain their ...
      (Bugtraq)
    • Re: Testing MS Security Patches?
      ... >implementing MS security updates on production systems. ... be to test those applications on which your business depends. ... Download the patch. ...
      (microsoft.public.security)