How About a Hardended Win2K Image to Bash?

From: Gordon Fecyk (gordonf_at_pan-am.ca)
Date: 01/25/05


Date: Mon, 24 Jan 2005 19:41:10 -0600

A lot of folks have come up to me saying, "this is crazy. You can't rely
solely on ACLs to prevent viruses."

Well, they're right. Preventing viruses before the fact on Win2K and XP
requires a combination of approaches. However, I argue that a combination
of protections applied before the fact can do more than conventional
anti-virus software can after the fact. In fact, I believe you can use
what's included in the system to prevent most, if not all, problems before
the fact.

To this end, I'm prepared to make the same offer to everyone that I made to
Stefan and Karl. If you have legitimate product keys for Win2K Pro or XP
Home, and Office XP[1] or later, I'm prepared to supply a Norton Ghost 2003
image of a bare-bones installation that uses just the drivers it needs to
boot, to see if you can infect it with a virus or somehow install spyware on
it.

Here's the catch though:

* You won't get the administrator password. You'll be able to restore the
image, provide a valid product key and log on as one of the included limited
users. Sysprep (at least on Win2K SP4) does not actually let you change the
administrator password during setup if it's already set, so, that won't
work. No cheating!

* If you have a net card without a driver included for 2K or XP, I can see
to installing that on the image. But beyond that, only drivers included
with 2K or XP will load. (sysprep -pnp will be used)

* You have to infect or corrupt the system itself, not just one of the
limited user accounts.

It will take some time to prepare the image as I also have a day job in
consulting. I also need to check the legalities of this sort of thing -
while I'm not going to supply product keys, I don't know yet if supplying a
pre-installed OS to several people is kosher, even if those people already
have their own keys. I suppose it wouldn't be any different than if I
showed up at your door and reinstalled your OS with your own CD-ROMs and
product keys, but I'd like to make sure first.

So, who's up for it? Want to help me find more holes in Windows? Want to
laugh at me for being a flaming idiot? Or maybe break your addiction to
anti-virus updates and laugh at the anti-virus vendors you've grown addicted
to?

[1] Office 2000 does not seem to get past "Preparing to Install..." for a
first-time limited user, even if you have the Office 2000 CD-ROM inserted.
That was fixed in Office XP. Office 2000 works fine from an administrative
installation on a network, however. Go figure.

-- 
PGP key (0x0AFA039E): <http://www.pan-am.ca/consulting@pan-am.ca.asc>
What's a PGP Key?  See <http://www.pan-am.ca/free.html>
GOD BLESS AMER, er, THE INTERNET. <http://vmyths.com/rant.cfm?id=401&page=4>


Relevant Pages

  • Re: XP Licenses and CD Images
    ... Yeah sorry - I suppose I should call them Product Keys! ... I've tried on a number of occasions to use these license keys in clean ... installation media for a modest fee. ... Although it's possible to find images for these CDs ...
    (microsoft.public.windowsxp.general)
  • Re: XP Licenses and CD Images
    ... Yeah sorry - I suppose I should call them Product Keys! ... I've tried on a number of occasions to use these license keys in ... It's possible to create your own installation CD, ... possible to find images for these CDs online (albeit not authorized ...
    (microsoft.public.windowsxp.general)
  • Re: recover product key
    ... a copy of belarc laying around, just forgot or didn't know that it would ... >> A recent aquisition we just did had an existing Exch2K installation on ... >> their product keys and CD's for both their server and their exchange. ...
    (microsoft.public.exchange.setup)
  • Re: Corrupted Files after Connector Install
    ... You know I really understand the issue about companies wanting to get paid ... submit that they should encourage everyone to download and redistribute their ... Sounds like you will be looking for two different product keys. ... if you still have the old Vista installation intact. ...
    (microsoft.public.outlook.installation)
  • Re: Invalid Product Key for Windows XP Pro, referred to newsgroup by MS Rep
    ... key that is already on the machines you are trying to install to. ... license that allows installation to multiple machines. ... > currently running Windows 2000. ... > product keys failed with the same error message. ...
    (microsoft.public.windowsxp.setup_deployment)