How About a Hardended Win2K Image to Bash?

From: Gordon Fecyk (gordonf_at_pan-am.ca)
Date: 01/25/05


Date: Mon, 24 Jan 2005 19:41:10 -0600

A lot of folks have come up to me saying, "this is crazy. You can't rely
solely on ACLs to prevent viruses."

Well, they're right. Preventing viruses before the fact on Win2K and XP
requires a combination of approaches. However, I argue that a combination
of protections applied before the fact can do more than conventional
anti-virus software can after the fact. In fact, I believe you can use
what's included in the system to prevent most, if not all, problems before
the fact.

To this end, I'm prepared to make the same offer to everyone that I made to
Stefan and Karl. If you have legitimate product keys for Win2K Pro or XP
Home, and Office XP[1] or later, I'm prepared to supply a Norton Ghost 2003
image of a bare-bones installation that uses just the drivers it needs to
boot, to see if you can infect it with a virus or somehow install spyware on
it.

Here's the catch though:

* You won't get the administrator password. You'll be able to restore the
image, provide a valid product key and log on as one of the included limited
users. Sysprep (at least on Win2K SP4) does not actually let you change the
administrator password during setup if it's already set, so, that won't
work. No cheating!

* If you have a net card without a driver included for 2K or XP, I can see
to installing that on the image. But beyond that, only drivers included
with 2K or XP will load. (sysprep -pnp will be used)

* You have to infect or corrupt the system itself, not just one of the
limited user accounts.

It will take some time to prepare the image as I also have a day job in
consulting. I also need to check the legalities of this sort of thing -
while I'm not going to supply product keys, I don't know yet if supplying a
pre-installed OS to several people is kosher, even if those people already
have their own keys. I suppose it wouldn't be any different than if I
showed up at your door and reinstalled your OS with your own CD-ROMs and
product keys, but I'd like to make sure first.

So, who's up for it? Want to help me find more holes in Windows? Want to
laugh at me for being a flaming idiot? Or maybe break your addiction to
anti-virus updates and laugh at the anti-virus vendors you've grown addicted
to?

[1] Office 2000 does not seem to get past "Preparing to Install..." for a
first-time limited user, even if you have the Office 2000 CD-ROM inserted.
That was fixed in Office XP. Office 2000 works fine from an administrative
installation on a network, however. Go figure.

-- 
PGP key (0x0AFA039E): <http://www.pan-am.ca/consulting@pan-am.ca.asc>
What's a PGP Key?  See <http://www.pan-am.ca/free.html>
GOD BLESS AMER, er, THE INTERNET. <http://vmyths.com/rant.cfm?id=401&page=4>