Re: Basic Windows Security Question
From: Ansgar -59cobalt- Wiechers (bugtraq_at_planetcobalt.net)
Date: 04/05/05
- Previous message: C. Francis Pineda: "Re: Basic Windows Security Question"
- In reply to: David Gillett: "RE: Basic Windows Security Question"
- Next in thread: Dante Mercurio: "RE: Basic Windows Security Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 5 Apr 2005 12:13:14 +0200 To: security-basics@securityfocus.com
On 2005-03-31 David Gillett wrote:
> I think we're overdue for a "don't permit code execution from
> removable R/W devices" OS security policy entry. Doesn't matter
> whether it's a floppy, a thumb drive, a USB/firewire hard drive....
> (The 'R/W' qualifier is to allow autorun CDs to be handled
> separately.)
I have to disagree with that. There is (almost) no point in preventing
execution of files on removable media since a user could copy the
executable file to his %USERPROFILE% (or someplace else he can write to)
and execute it from there. Plus I don't see why one would want to handle
CD-R differently from other media. Malware may just as well reside on a
user-burnt CD as it may on a USB stick or something else. What you
really want (from a security point of view) is to prevent autoplay in
general. Automatic execution of code is evil. You may also want to
whitelist the executables users are allowed to run.
For Windows 2000/XP there is a policy to prevent autoplay all drives
(both user and computer configuration: administrative templates\system).
Also you have Software Restriction Policies that allow for whitelisting
of executables.
Regards
Ansgar Wiechers
-- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq --------------------------------------------------------------------------- Earn your MS in Information Security ONLINE Organizations worldwide are in need of highly qualified information security professionals. Norwich University is fulfilling this demand with its MS in Information Security offered online. Recognized by the NSA as an academically excellent program, NU offers you the opportunity to earn your degree without disrupting your home or work life. http://www.msia.norwich.edu/secfocus_en ----------------------------------------------------------------------------
- Previous message: C. Francis Pineda: "Re: Basic Windows Security Question"
- In reply to: David Gillett: "RE: Basic Windows Security Question"
- Next in thread: Dante Mercurio: "RE: Basic Windows Security Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
