RE: Microsoft XP/SP2 security
From: Geoff Van Brunt (gvanbrunt_at_dstgroup.com)
Date: 03/09/04
- Previous message: focus-ms_at_securityfocus.com: "^_^ meay-meay!"
- Maybe in reply to: Steve Friedl: "Microsoft XP/SP2 security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Thor Larholm'" <thor@pivx.com>, "'Steve Friedl'" <steve@unixwiz.net>, <focus-ms@securityfocus.com> Date: Tue, 9 Mar 2004 13:49:29 -0500
Hi all,
If anyone has an MSDN Universal Subscription I believe the beta is available
in subscriber downloads.
And from Steve's analysis:
>>One minor area of concern:
>>the Changes document
>>--------------------------------------------------------------------------
>>------
>>Applications should get user consent before adding themselves to the
>>AuthorizedApplications collection.
>>--------------------------------------------------------------------------
>>------
>>"Should" ?
>>A rogue application running as Administrator could easily add itself to
>>the list with a "friendly name" of Internet Explorer or the like and fool.
>>the user.
>>This could only happen if the user ran some badware, and I'm not sure if
>>there is any way to get around this beyond simply forcing some kind of GUI
>>dialog box entry for every update to the Firewall API.
I don't think there is any "direct" why of notifying the user. A kernel
thread should not "call up" to the gui. However, if there were some
notification api that notifies of the changes, a client (such as MS's new
firewall client or third party) should notify the user of the change by
"subscribing" to the notification event.
Thanks,
Geoff Van Brunt
Information Technology Manager
DST Consulting Engineers
-----Original Message-----
From: Thor Larholm [mailto:thor@pivx.com]
Sent: March 9, 2004 1:29 PM
To: Steve Friedl; focus-ms@securityfocus.com
Subject: RE: Microsoft XP/SP2 security
Very nice analysis, I wonder how much more you could have written with
access to XP/SP2 (nudge nudge, give the man a beta).
The IE security zone changes involve locking down the My Computer zone
(http://tinyurl.com/3atog). Together with the NX CPU flag, this will
definitely cause a lot of applications to malfunction, including:
Microsoft Management Console
Norton Internet Security / Norton Antivirus
Mcafee Antivirus
Visual Studio.NET/2003
The .NET Framework
MSDN Help
Regards
Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor@pivx.com
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569
PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net>
-----Original Message-----
From: Steve Friedl [mailto:steve@unixwiz.net]
Sent: Tuesday, March 09, 2004 7:31 AM
To: focus-ms@securityfocus.com
Subject: Microsoft XP/SP2 security
Hello listmates,
XP Service Pack 2 has been in beta test for some months, and it looks
like this is primarily about adding security features. A few are minor,
but some look quite far-reaching. I don't believe I've ever seen a
single bigger security push from Microsoft, and I'm very encouraged.
I've written an analysis of XP/SP2's security aspects:
http://www.unixwiz.net/techtips/xp-sp2.html
Corrections/feedback welcome.
Steve
-- Stephen J Friedl | Software Consultant | Tustin, CA | +1 714 544-6561 www.unixwiz.net | I speak for me only | KA8CMY | steve@unixwiz.net ------------------------------------------------------------------------ --- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301 ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301 --------------------------------------------------------------------------- --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301 ---------------------------------------------------------------------------
- Previous message: focus-ms_at_securityfocus.com: "^_^ meay-meay!"
- Maybe in reply to: Steve Friedl: "Microsoft XP/SP2 security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
