Re: Hidden-code flaw in Windows renews worries over stealthly malware

From: Steve Welsh (sjw_at_stevew.net)
Date: 09/01/05


Date: Thu, 01 Sep 2005 01:52:55 +0100
To: Imhotep <Imhotep@nospam.com>

Well, the Windoze Registry has blossomed from an ill-conceived concept
in Win95 to the sprawling, totally out-of-control nightmare that it now
is. It is totally beyond redemption, and I would challenge anyone that
claims to know what every single entry in the Registry is, or does.

e.g. WTF? {2D18D25D-8E3D-F766-DF01-828AAC3A96F8} etc, etc

OK this is not code, but I think the quote still applies - Eric Raymond
"Elegant code is not only correct, but visibly, transparently correct."

I suppose Jim will disagree ;)

Imhotep wrote:
> "Last week, the Internet Storm Center, a group of security professionals
> that track threats on the Net, flagged a flaw in how a common Microsoft
> Windows utility and several anti-spyware utilities detect system changes
> made by malicious software. By using long names for registry keys, spyware
> programs could, in a simple way, hide from such utilities yet still force
> the system to run the malicious program every time the compromised computer
> starts up."
>
> http://www.securityfocus.com/news/11300
>
> Im