Re: Gigantic,catastrophic security flaw in Windows - no defense...

From: Rob Conklin (robconklin_at_worldnet.att.net)
Date: 06/23/04 

Date: Tue, 22 Jun 2004 23:16:07 -0400

Yeah, maybe I went off a little there -- but this particular trojan,
CWS.searchx (and I suppose, some of the variants) is particularly insidious.
I've been a long time web-surfer, and am quite cautious in my approach,
aware, I think, for the most part, how viruses and trojans spread, and I
have never had a problem in the past. The reason I feel inclined to "howl"
about this one is that the insertion of CWS.searchx seems to be extremely
invisible, and there is no defense against it, except for avoiding any site
that may be infected with it -- in other words, on some level, avoiding the
web altogether, except for sites that you completely trust. [which kind of
takes the fun out of the web].

This virus apparently makes edits to the system registry, and also inserts a
DLL into the /windows/system directory. I can't understand how IE could be
implemented in such a way as to allow these operations without warning bells
going off big time. That is to say, it shouldn't be possible for an
untrusted web site to play with the file system and its intregral data
registry without having special, explicit permission to do so. Perhaps
these compromises happen very indirectly, but I think MS should hire the guy
who works independently on CWShreader (pay him a million if they have to)
and get him to properly patch IE so that it has no vulnerability to this
thing!!!!

R