|
|
|
|
|
|
| Author |
Message |
Z
*nix forums Guru Wannabe
Joined: 28 Jul 2005
Posts: 163
|
 Posted: Wed Feb 23, 2005 3:23 pm Post subject:
Re: Micro$oft warns of undetectable spyware security risk ...
|
|
|
bob@instantwhip.com wrote:
From SlashDot:
"In the wake of news that Microsoft is developing prototype software to
detect rootkits, SysInternals has released a free rootkit detection tool
named RootkitRevealer [1] for all Windows systems NT4+. RootkitRevealer
works by "comparing the results of a system scan at the highest level
with that at the lowest level," and detects every known rootkit at
rootkit.com.
They also report that it is impossible to know for sure that a given
system is clean from within it, but that defeating their tool would
require a level of sophistication not yet seen. You can download
RootkitRevealer. [2]"
[1] http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml
[2] http://www.sysinternals.com/files/rootkitrevealer.zip |
|
| Back to top |
|
 |
Nigel Barker
*nix forums addict
Joined: 05 Feb 2005
Posts: 59
|
| Posted: Mon Feb 21, 2005 7:34 am Post subject:
Re: Micro$oft warns of undetectable spyware security risk ...
|
|
|
On Mon, 21 Feb 2005 00:01:15 -0500, Dave Froble <davef@tsoft-inc.com> wrote:
| Quote: | What would be helpful with windows, since it's many times set up by the
user, not a system manager, is a wizard for setting up user accounts,
and an automatic running of it during installation of windows.
|
AFAICR you do get exactly this with Windows XP now.
--
Nigel Barker
Live from the sunny Cote d'Azur |
|
| Back to top |
|
|
Paul Sture
*nix forums Guru
Joined: 12 Feb 2005
Posts: 357
|
| Posted: Mon Feb 21, 2005 7:25 am Post subject:
Re: Micro$oft warns of undetectable spyware security risk ...
|
|
|
John Vottero wrote:
| Quote: | "Paul Sture" <paul.sture@decus.ch> wrote in message
news:37rvl9F5en1usU1@individual.net...
Z wrote:
Karsten Nyblad wrote:
I have heard of a tax calculation program for calcultating peoples
personal taxes that needed administrators rights. As far as I know, the
Sims 2 childrens game needs administrators rights, cannot run if anti
virus software is installed, and does not run on XP SP 2.
Microsoft in no way had anything to do with Sims or that tax calc
software or the fact that it needs admin privs to run.
Sorry, but it appears that M$ created the environment that encouraged
such, and for that they must take the blame.
Try running a debug session on NT without admin rights...
I do it almost every day. What problems are you having?
|
I had set of users complaining about it. Obviously more research is needed. |
|
| Back to top |
|
|
Z
*nix forums Guru Wannabe
Joined: 28 Jul 2005
Posts: 163
|
| Posted: Mon Feb 21, 2005 5:26 am Post subject:
Re: Micro$oft warns of undetectable spyware security risk ...
|
|
|
Dave Froble wrote:
| Quote: | What would be helpful with windows, since it's many times set up by the
user, not a system manager, is a wizard for setting up user accounts,
and an automatic running of it during installation of windows.
|
Windows XP has a user acct wizard.
It was not run automatically during o/s installation but it did ask me
for usernames (all of which were given full privs). |
|
| Back to top |
|
|
Dave Froble
*nix forums Guru
Joined: 21 Jul 2005
Posts: 1172
|
| Posted: Mon Feb 21, 2005 4:01 am Post subject:
Re: Micro$oft warns of undetectable spyware security risk ...
|
|
|
Karsten Nyblad wrote:
| Quote: | Z wrote:
Karsten Nyblad wrote:
I have heard of a tax calculation program for calcultating peoples
personal taxes that needed administrators rights. As far as I know,
the Sims 2 childrens game needs administrators rights, cannot run if
anti virus software is installed, and does not run on XP SP 2.
Microsoft in no way had anything to do with Sims or that tax calc
software or the fact that it needs admin privs to run.
True. Except that no one would have marketed products that needed
administrators rights unless necessary if the default setup of Windows
was that normal users accounts did not have administrators rights.
You are right that you do not need to run IE from an account with
administrators rights, but Microsoft is very much to blame for the
default setup of Windows.
What default setup are you talking about? Too loose or too tight?
Seems you're compalining about both.
In that case I have not been clear enough. I think the default set up
of Windows is too loose. Normal user accounts should not have
administrators rights, and Microsoft should have made it that way a very
long time ago.
|
Not that I disagree with you, but in fairness, what it the user account
when you first set up VMS? That's right, SYSTEM. It's up to the system
manager to set up additional user accounts. I know that there are VMS
systems where users run from prived accounts, including SYSTEM.
What would be helpful with windows, since it's many times set up by the
user, not a system manager, is a wizard for setting up user accounts,
and an automatic running of it during installation of windows.
Dave |
|
| Back to top |
|
|
John Vottero
*nix forums beginner
Joined: 14 Feb 2005
Posts: 38
|
| Posted: Mon Feb 21, 2005 12:24 am Post subject:
Re: Micro$oft warns of undetectable spyware security risk ...
|
|
|
"Paul Sture" <paul.sture@decus.ch> wrote in message
news:37rvl9F5en1usU1@individual.net...
| Quote: | Z wrote:
Karsten Nyblad wrote:
I have heard of a tax calculation program for calcultating peoples
personal taxes that needed administrators rights. As far as I know, the
Sims 2 childrens game needs administrators rights, cannot run if anti
virus software is installed, and does not run on XP SP 2.
Microsoft in no way had anything to do with Sims or that tax calc
software or the fact that it needs admin privs to run.
Sorry, but it appears that M$ created the environment that encouraged
such, and for that they must take the blame.
Try running a debug session on NT without admin rights...
|
I do it almost every day. What problems are you having? |
|
| Back to top |
|
|
Paul Sture
*nix forums Guru
Joined: 12 Feb 2005
Posts: 357
|
| Posted: Sun Feb 20, 2005 11:04 pm Post subject:
Re: Micro$oft warns of undetectable spyware security risk ...
|
|
|
Sorry, can't resist this folks...
Stephen Costigan wrote:
| Quote: | Many windwos admins are lazy
and will wait for a manual to come out on a new feature before they use
it..... not me and I enjoy the benefits of hardly ever getting a user
calling me up about spyware or any other crap associsted with a
"Normal" MS network>:)
|
Do you leave the phone off the hook, or do your users not call because
you cannot string a comprehensible sentence together?
<Much out of character for me, but this message is intended to offend> |
|
| Back to top |
|
|
cdf
*nix forums Guru
Joined: 25 Apr 2005
Posts: 303
|
| Posted: Sun Feb 20, 2005 9:34 pm Post subject:
Re: Micro$oft warns of undetectable spyware security risk ...
|
|
|
Main, Kerry wrote:
| Quote: | Many banks and financial institutions do have occasional outside
security audits completed by trusted external security companies that
specialize in this work.
That does not mean they have to release the bank building and vault
plans to the public in order to increase their overall security.
|
I think that security of banks cannot be directly compared to security
of software. An audit of a bank would include checking that there are
enough alarms and that these alarms are correctly placed. This has not
direct counterpart in review of software code. The counterparts to
alarms in banks are intrusion detection systems and alarms too many
login attempt, rejected attempts to open files, etc. I would not make
the set up of my intrusion detection system and alarms known to the public.
A public review of a banks security comparable to a security review of
software would be publishing the design of the lock, the thickness of
the vault doors and walls, etc. However, the design of these things are
so simple that a public review is not needed. In stead such a review
would leave valuable information that could be used by criminals even if
the design was right. If the design of software is right, then there is
no way of bypassing the authentication and security checks. Thus
hackers are not helped by the release the source of software without
security errors. |
|
| Back to top |
|
|
Main, Kerry
*nix forums Guru
Joined: 22 Jul 2005
Posts: 399
|
| Posted: Sun Feb 20, 2005 9:33 pm Post subject:
RE: Micro$oft warns of undetectable spyware security risk ...
|
|
|
| Quote: | -----Original Message-----
From: prep@prep.synonet.com [mailto:prep@prep.synonet.com]
Sent: February 20, 2005 5:09 PM
To: Info-VAX@Mvb.Saic.Com
Subject: Re: Micro$oft warns of undetectable spyware security risk ...
"Main, Kerry" <kerry.main@hp.com> writes:
There will always be reasonable arguments for and against making
sensitive code available for public review, but some additional
practical considerations for "open source makes for more secure
products" include:
But Kerry you have to ship the code. A binary is harder to
work with than the source, but that has never stopped the
crackers before.
DEC almost always shipped sources to at least the OS.
With VMS, it was the fiche up to 5.5, then CDs that had to
be bought from then on.
--
Paul Repacholi 1 Crescent Rd.,
+61 (0 9257-1001 Kalamunda.
West Australia 6076
comp.os.vms,- The Older, Grumpier Slashdot
Raw, Cooked or Well-done, it's all half baked.
EPIC, The Architecture of the future, always has been, always will be.
|
Paul,
Yep, OpenVMS does make a majority of the OS sources available, but not
*all* of the modules.
Re: fiche .. Ah yes, fond memories comes to mind of manually updating
the fiche when new releases came out.
:-)
Regards
Kerry Main
Senior Consultant
HP Services Canada
Voice: 613-592-4660
Fax: 613-591-4477
kerryDOTmainAThpDOTcom
(remove the DOT's and AT)
"OpenVMS has always had integrity ..
Now, Integrity has OpenVMS .." |
|
| Back to top |
|
|
Stephen Costigan
*nix forums beginner
Joined: 20 Feb 2005
Posts: 7
|
| Posted: Sun Feb 20, 2005 9:31 pm Post subject:
Re: Micro$oft warns of undetectable spyware security risk ...
|
|
|
microsoft has allowed for admins to put an end to kernel mode patching
with server 2003 the cool think is even if the workstations are sp1
they will listen to group policy objects released with sp2.adm files.
Alternatly if you are an admin who knows what you are doiing you can
just make sure that the user logging in is not part of the local admin
group on the workstation. This is done by default in win xp.......
Dont be so hard on em
ya they suck with security but hey they are listening to the open
source community when it comes to thier lack of security. As an it
admin i feel safe using ms products now.... The key is you just need to
know how to implement the new technology. Many windwos admins are lazy
and will wait for a manual to come out on a new feature before they use
it..... not me and I enjoy the benefits of hardly ever getting a user
calling me up about spyware or any other crap associsted with a
"Normal" MS network> |
|
| Back to top |
|
|
JF Mezei
*nix forums Guru
Joined: 21 Jul 2005
Posts: 2556
|
| Posted: Sun Feb 20, 2005 9:13 pm Post subject:
Re: Micro$oft warns of undetectable spyware security risk ...
|
|
|
I think the problem of requiring admin rights on Windows was made far
worse by that registry thing.
You used to be able to drop a .INI file in the right directory in a
server and that user was setup.
Now, you can't do that anymore. Windows was designed to be deployed.
Make one vanilla copy and copy it for each user. But Windows was not
designed for individual workstation maintenance.
Head office was going to come one weekend to upgrade all the hard drives
of the users in the regional office by simply zapping them with a new
disk image. Imagine their surprise when the users told them that they
couldn't do that because they had since installed additional software
(such as desktop publishing) which, due to licencing, could not be
installed on the server but had to be installed on the workstations.
That put a whole stop to their plans because they were at a loss on how
to actually upgrade a user without losing everything. |
|
| Back to top |
|
|
prep@prep.synonet.com
*nix forums Guru Wannabe
Joined: 28 Jul 2005
Posts: 190
|
| Posted: Sun Feb 20, 2005 9:09 pm Post subject:
Re: Micro$oft warns of undetectable spyware security risk ...
|
|
|
"Main, Kerry" <kerry.main@hp.com> writes:
| Quote: | There will always be reasonable arguments for and against making
sensitive code available for public review, but some additional
practical considerations for "open source makes for more secure
products" include:
|
But Kerry you have to ship the code. A binary is harder to
work with than the source, but that has never stopped the
crackers before.
DEC almost always shipped sources to at least the OS.
With VMS, it was the fiche up to 5.5, then CDs that had to
be bought from then on.
--
Paul Repacholi 1 Crescent Rd.,
+61 (0 9257-1001 Kalamunda.
West Australia 6076
comp.os.vms,- The Older, Grumpier Slashdot
Raw, Cooked or Well-done, it's all half baked.
EPIC, The Architecture of the future, always has been, always will be. |
|
| Back to top |
|
|
cdf
*nix forums Guru
Joined: 25 Apr 2005
Posts: 303
|
| Posted: Sun Feb 20, 2005 9:00 pm Post subject:
Re: Micro$oft warns of undetectable spyware security risk ...
|
|
|
Greg Cagle wrote:
| Quote: | Karsten Nyblad wrote:
I have heard of a tax calculation program for calcultating peoples
personal taxes that needed administrators rights. As far as I know,
the Sims 2 childrens game needs administrators rights, cannot run if
anti virus software is installed, and does not run on XP SP 2.
Sims 2 "children's program" runs just fine on my XP SP2 systems, which
has Ad-Aware, Spyboy, Norton Anti-Virus, and the beta MS Antispyware
running.
- Greg
|
Well my understanding was that the producers had used a copy protection
system with problems lists above. Fine if they do not. Or perhaps the
producers are now using a copy protection system without these problems. |
|
| Back to top |
|
|
cdf
*nix forums Guru
Joined: 25 Apr 2005
Posts: 303
|
| Posted: Sun Feb 20, 2005 8:54 pm Post subject:
Re: Micro$oft warns of undetectable spyware security risk ...
|
|
|
Z wrote:
| Quote: | Karsten Nyblad wrote:
I have heard of a tax calculation program for calcultating peoples
personal taxes that needed administrators rights. As far as I know,
the Sims 2 childrens game needs administrators rights, cannot run if
anti virus software is installed, and does not run on XP SP 2.
Microsoft in no way had anything to do with Sims or that tax calc
software or the fact that it needs admin privs to run.
|
True. Except that no one would have marketed products that needed
administrators rights unless necessary if the default setup of Windows
was that normal users accounts did not have administrators rights.
| Quote: | You are right that you do not need to run IE from an account with
administrators rights, but Microsoft is very much to blame for the
default setup of Windows.
What default setup are you talking about? Too loose or too tight? Seems
you're compalining about both.
|
In that case I have not been clear enough. I think the default set up
of Windows is too loose. Normal user accounts should not have
administrators rights, and Microsoft should have made it that way a very
long time ago. |
|
| Back to top |
|
|
Greg Cagle
*nix forums beginner
Joined: 23 Feb 2005
Posts: 6
|
| Posted: Sun Feb 20, 2005 5:41 pm Post subject:
Re: Micro$oft warns of undetectable spyware security risk ...
|
|
|
Greg Cagle wrote:
| Quote: | Sims 2 "children's program" runs just fine on my XP SP2 systems, which
has Ad-Aware, Spyboy, Norton Anti-Virus, and the beta MS Antispyware
running.
|
I'm pretty sure I meant to say "Spybot" there 8^).
- Greg
--
Greg Cagle
gregc at gregcagle dot com |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Thu Jan 08, 2009 4:03 am | All times are GMT
|
|
Loans | Watch Naruto Online | Credit Cards | Credit Card Consolidation | Money News
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
Not Unix
»
VMS
