Re: Infected Through Shares?

From: cquirke (MVP Windows shell/user) (cquirkenews_at_nospam.mvps.org)
Date: 05/04/05 

Date: Wed, 04 May 2005 10:45:05 +0200

On Mon, 2 May 2005 22:16:23 -0700, "Kerry Brown"
>"Allan C" <proven_solutions@hotmail.com> wrote in message

>The admin shares are only available with an administrator level account. If
>all the accounts had strong passwords that were different on each computer
>you should be safe.

If the world was free of malware, you should be safe, too.

Passwords and account rights are band-aids, not hard scopes.

http://cquirke.mvps.org/pwdssuck.htm refers on pwds ;-)

>The virus would have to authenticate to get access. With
>simple file sharing the virus could drop files in the shared documents
>folder and possibly others via the guest account. If the pc's have XP Pro
>you should turn off simple file sharing and disable the guest account on all
>the pc's. With XP Home you have to be very careful what shares are set up.
>Never share the root directory of a drive.

Which is exactly what admin shares do; they share root for write
access. You can kill these via a .REG, but the hidden RPC share
remains. But that's OK, because the RPC subsystem has always been
utterly safe and structurally immune to exploits <withering sarcasm>

If you practice data hygiene, then arbitrary drops are less threat:
  - set the system to show file name extensions and all files, DUH
  - don't tolerate code file types within data locations
  - don't full-share anything except data-only locations
  - never full-share C:\ or any part of a startup axis
  - set NoDriveTypeAutoRun = 9D if full-sharing any \
  - kill "View As Web Page" if sharing any dirs at all

Obviously that's at odds with MS practice, which is to have IE
downloads and incoming IM attachments dumped in "My Docs".

You can enforce such a policy with a Task that periodically sweeps for
code file types. A .bat or script can do this; when such files are
found in data locations, they can be removed and an alert can be made.

>---------- ----- ---- --- -- - - - -
   Gone to bloggery: http://cquirke.blogspot.com
>---------- ----- ---- --- -- - - - -

Relevant Pages

  • RE: Is FUNCRES.XLA always safe?
    ... Is it ALWAYS safe? ... operate the system with an account with Administrator privileges. ... Precaution #3 - Get yourself a good anti-virus program and use it and keep ... The "funcres" project does disappear when I unselect the ATP from the ...
    (microsoft.public.excel.misc)
  • Re: Access to Outlook.pst Folder Denied
    ... >necessary in Safe Mode)... ... >Under the Folder Option => View menu in Explorer, ... >Add your user account to the permissions for the object ... and that I don't have permission. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Lost Admin PW in XP home
    ... No joy means that I could not create a new Administrator PW in the safe ... Windows logon screen comes up with the Administrator name already loaded and ... another window also pops up saying "account not accessable" or something ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Mark Probert the LIAR
    ... >>> Hi Vashti, if you're there, you seem to know everything about ... Not even close to everything and this problem is a google one. ... >> your account will be overwritten. ... >> password just to be safe... ...
    (misc.health.alternative)
  • Re: Problems with user account - HELP
    ... When I ran it in Safe Mode, ... Most were tracking cookies (and I had done the ... so Windows made him the "temporary" user account (the one with the ... and delete the folder with the computer name. ...
    (microsoft.public.windowsxp.general)
Quantcast