Re: backworm - way to keep safe
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Fri, 27 Jan 2006 16:32:01 -0700
It depends. There are a couple of technologies available through
group policy for limiting what software may run. The older, intoduced
in Windows 2000 will not be effective as it only controls what may be
run from within Explorer. The newer, introduced in the XP era is
Software Restriction Policy (aka SAFER). If used as completely
and effectively as you imply (which is not simple to do) then you may
have a chance that SAFER would protect your machines. Consider
though, if a virus is making use of a flaw in a component of the OS,
or of IE, it is likely that your definitions in SAFER would not stop it as
those OS or IE components are likely allowed to run. On the other
hand, if you have used SAFER to prevent all scripts from running
unless you have cryptographically signed them and the exploit does
depend on a script then you are likely protected.
In other words, your question is unanswerable in the abstract.
--
Roger Abell
Microsoft MVP (Windows Server : Security)
MCDBA, MCSE W2k3+W2k+Nt4
"kevin bailey" <kbailey@xxxxxxxxxxxxxxxxxxx> wrote in message
news:drdm02$l3u$1$830fa7a5@xxxxxxxxxxxxxxxxxxx
> if the domain policy means that users are only allowed to run programs
> from
> a limited list of programs (set up using the gpedit.msc) does this mean
> that we are safe(r) from the blackworm.
>
> indeed, does this mean that most viruses would fail to run?
>
> thanks,
>
> kevin
.
- Follow-Ups:
- Re: backworm - way to keep safe
- From: kevin bailey
- Re: backworm - way to keep safe
- References:
- backworm - way to keep safe
- From: kevin bailey
- backworm - way to keep safe
- Prev by Date: Re: Testing MS Security Patches?
- Next by Date: Re: Kama Sutra / W32.Blackmal.E worm questions
- Previous by thread: Re: backworm - way to keep safe
- Next by thread: Re: backworm - way to keep safe
- Index(es):
Relevant Pages
|
