Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Hidden-code flaw in Windows renews worries over stealthly malware

Reply
Thread Tools

Hidden-code flaw in Windows renews worries over stealthly malware

 
 
Imhotep
Guest
Posts: n/a
 
      09-01-2005
"Last week, the Internet Storm Center, a group of security professionals
that track threats on the Net, flagged a flaw in how a common Microsoft
Windows utility and several anti-spyware utilities detect system changes
made by malicious software. By using long names for registry keys, spyware
programs could, in a simple way, hide from such utilities yet still force
the system to run the malicious program every time the compromised computer
starts up."

http://www.securityfocus.com/news/11300

Im
 
Reply With Quote
 
 
 
 
Steve Welsh
Guest
Posts: n/a
 
      09-01-2005
Well, the Windoze Registry has blossomed from an ill-conceived concept
in Win95 to the sprawling, totally out-of-control nightmare that it now
is. It is totally beyond redemption, and I would challenge anyone that
claims to know what every single entry in the Registry is, or does.

e.g. WTF? {2D18D25D-8E3D-F766-DF01-828AAC3A96F8} etc, etc

OK this is not code, but I think the quote still applies - Eric Raymond
"Elegant code is not only correct, but visibly, transparently correct."

I suppose Jim will disagree

Imhotep wrote:
> "Last week, the Internet Storm Center, a group of security professionals
> that track threats on the Net, flagged a flaw in how a common Microsoft
> Windows utility and several anti-spyware utilities detect system changes
> made by malicious software. By using long names for registry keys, spyware
> programs could, in a simple way, hide from such utilities yet still force
> the system to run the malicious program every time the compromised computer
> starts up."
>
> http://www.securityfocus.com/news/11300
>
> Im

 
Reply With Quote
 
 
 
 
Imhotep
Guest
Posts: n/a
 
      09-01-2005
Steve Welsh wrote:

> Well, the Windoze Registry has blossomed from an ill-conceived concept
> in Win95 to the sprawling, totally out-of-control nightmare that it now
> is. It is totally beyond redemption, and I would challenge anyone that
> claims to know what every single entry in the Registry is, or does.
>
> e.g. WTF? {2D18D25D-8E3D-F766-DF01-828AAC3A96F8} etc, etc
>
> OK this is not code, but I think the quote still applies - Eric Raymond
> "Elegant code is not only correct, but visibly, transparently correct."
>
> I suppose Jim will disagree
>
> Imhotep wrote:
>> "Last week, the Internet Storm Center, a group of security professionals
>> that track threats on the Net, flagged a flaw in how a common Microsoft
>> Windows utility and several anti-spyware utilities detect system changes
>> made by malicious software. By using long names for registry keys,
>> spyware programs could, in a simple way, hide from such utilities yet
>> still force the system to run the malicious program every time the
>> compromised computer starts up."
>>
>> http://www.securityfocus.com/news/11300
>>
>> Im


Yes, I agree with you. The registry was intentionally made overly complex as
to force companies to become a "Microsoft partner". In doing so, it has
augmented into a sloppy beast ripe for hackers/crackers.

I still the the old Linux/Bsd way: A simple configuration file the you can
edit with any text processor. Clean and simple...

Imhotep
 
Reply With Quote
 
Jim Watt
Guest
Posts: n/a
 
      09-01-2005
On Thu, 01 Sep 2005 04:23:15 GMT, Imhotep <(E-Mail Removed)> wrote:

>Steve Welsh wrote:
>
>> Well, the Windoze Registry has blossomed from an ill-conceived concept
>> in Win95 to the sprawling, totally out-of-control nightmare that it now
>> is. It is totally beyond redemption, and I would challenge anyone that
>> claims to know what every single entry in the Registry is, or does.
>>
>> e.g. WTF? {2D18D25D-8E3D-F766-DF01-828AAC3A96F8} etc, etc
>>
>> OK this is not code, but I think the quote still applies - Eric Raymond
>> "Elegant code is not only correct, but visibly, transparently correct."
>>
>> I suppose Jim will disagree
>>
>> Imhotep wrote:
>>> "Last week, the Internet Storm Center, a group of security professionals
>>> that track threats on the Net, flagged a flaw in how a common Microsoft
>>> Windows utility and several anti-spyware utilities detect system changes
>>> made by malicious software. By using long names for registry keys,
>>> spyware programs could, in a simple way, hide from such utilities yet
>>> still force the system to run the malicious program every time the
>>> compromised computer starts up."
>>>
>>> http://www.securityfocus.com/news/11300
>>>
>>> Im

>
>Yes, I agree with you. The registry was intentionally made overly complex as
>to force companies to become a "Microsoft partner". In doing so, it has
>augmented into a sloppy beast ripe for hackers/crackers.
>
>I still the the old Linux/Bsd way: A simple configuration file the you can
>edit with any text processor. Clean and simple...


I agree with you that .ini files had a lot to be said for them
in terms of saving an individual program's settings in windows
although the registry is a powerful tool for the machine
environment.

But this is yet another bit of MS bashing which is getting tedious.

--
Jim Watt
http://www.gibnet.com
 
Reply With Quote
 
Moe Trin
Guest
Posts: n/a
 
      09-01-2005
In the Usenet newsgroup alt.computer.security, in article
<TmvRe.97175$(E-Mail Removed)>, Imhotep wrote:

>Yes, I agree with you. The registry was intentionally made overly complex
>as to force companies to become a "Microsoft partner". In doing so, it has
>augmented into a sloppy beast ripe for hackers/crackers.


It's also one massive single point of failure. If it gets trashed for any
reason, your box is setting there totally screwed. At least with the Mac
from that era, if it couldn't boot, it gave you an icon of a sick looking
computer and asked for a boot floppy.

>I still the the old Linux/Bsd way: A simple configuration file the you can


s/Linux\/Bsd/UNIX/

>edit with any text processor. Clean and simple...


Simple???

[compton ~]$ wc -l /etc/sendmail.cf
1490 /etc/sendmail.cf
[compton ~]$

When I started using Linux in 1994, I probably wasted a day or two trying
to read the stupid boot scripts. Miquel van Smoorenburg started that mess,
and others took it and ran with it. The guys REALLY knew the nitty-gritties
of Bourne shell scripting, but they absolutely flaunted it. Eric Raymond's
quote "Elegant code is not only correct, but visibly, transparently correct."
was NOT followed. And yes, I do know something about shell scripting, as
I've been using UNIX since 4.1BSD (and I _still_ hate csh).

As far as editing with "any text processor", you do have to be aware that
some "user friendly" editors (pico - the skript kiddiez friend is one
example) auto-wrap lines longer than 70-odd characters at a word break,
and that will screw up your day just fine.

Old guy

 
Reply With Quote
 
Shadus
Guest
Posts: n/a
 
      09-01-2005
>>edit with any text processor. Clean and simple...
>
> Simple???
>
> [compton ~]$ wc -l /etc/sendmail.cf
> 1490 /etc/sendmail.cf
> [compton ~]$


Bah, play fair, that's 90% comments.

[mail /root]# cat /etc/mail/sendmail.cf | wc -l
1127
[mail /root]# cat /etc/mail/sendmail.cf | grep -v # | wc -l
84
[mail /root]#

> example) auto-wrap lines longer than 70-odd characters at a word break,
> and that will screw up your day just fine.


and of course when it wraps you can back space and remove the wrapping
until you edit the line again... or convert to a real editor... like vim
or emacs or... ed (j/k)

--
Shadus
 
Reply With Quote
 
Jim Watt
Guest
Posts: n/a
 
      09-01-2005
On Thu, 01 Sep 2005 15:17:05 -0500, Shadus <(E-Mail Removed)> wrote:

>>>edit with any text processor. Clean and simple...

>>
>> Simple???

convert to a real editor... like vim
>or emacs or... ed (j/k)


I gave up on SCO because of editing in vi

All this cryptic stuff is very fine, but these days now
storage is cheap its utility is outweighed by the trouble
in learning it and getting it right.

My first job was maintaining programs written in machine
code without any documentation, it taught me that often
the readable version is better.
--
Jim Watt
http://www.gibnet.com
 
Reply With Quote
 
Shadus
Guest
Posts: n/a
 
      09-02-2005
On 2005-09-01, Jim Watt <(E-Mail Removed)_way> blabbed:
> I gave up on SCO because of editing in vi

Lol, vi (vim specifically) is my favorite editor. It's simple,
powerful, and does everything I could want out of an editor for source
code, text files, configs, etc. I can use emacs in a pinch, jed, jove,
pico, nano, whatever. I prefer vi, even use it in windows when I'm
forced to work there.

To give up an entire os because you don't like/can't grasp its default
editor seems... eh nevermind, it speaks for itself.

> All this cryptic stuff is very fine, but these days now
> storage is cheap its utility is outweighed by the trouble
> in learning it and getting it right.

I don't understand what you think is cryptic, especially since the
original thread regarded the registery if I remember right. The
original point if memory serves was that unix config files are much
simplier than the registry and safer too since a single change in one
value won't leave your machine in an unbootable state.

> My first job was maintaining programs written in machine
> code without any documentation, it taught me that often
> the readable version is better.

Which is why all the good commenting in most unix config files is really
nice... compared to the registry, especially when dealing with 3rd party
applications and programs which may or may not have a key there that is
required... shrug, I'll stick to configs.

--
Shadus
 
Reply With Quote
 
Moe Trin
Guest
Posts: n/a
 
      09-02-2005
In the Usenet newsgroup alt.computer.security, in article
<(E-Mail Removed)>, Shadus wrote:

>> Simple???
>>
>> [compton ~]$ wc -l /etc/sendmail.cf
>> 1490 /etc/sendmail.cf
>> [compton ~]$

>
>Bah, play fair, that's 90% comments.


Yet even sendmail.org doesn't recommend messing with the .cf file, wanting
you to use the sendmail.mc file - not that it's a whole lot easier to
understand.

>and of course when it wraps you can back space and remove the wrapping
>until you edit the line again...


man pico and look for the -w option

>or convert to a real editor... like vim or emacs or... ed (j/k)


or 'echo'

The problem with "real editors" other than "/bin/vi" (which given the
license problems is often a link to or a subset of a vi clone) is that they
are often not available when you need them. Yes, you should also have the
even more "user unfriendly" /bin/ed, and most vi users know enough of the
commands to get ed to do something useful. :wq!

Old guy
 
Reply With Quote
 
Jim Watt
Guest
Posts: n/a
 
      09-02-2005
On Fri, 02 Sep 2005 10:01:22 -0500, Shadus <(E-Mail Removed)> wrote:

>I don't understand what you think is cryptic,


[compton ~]$ wc -l /etc/sendmail.cf
1490 /etc/sendmail.cf
[compton ~]$

Explain in English
--
Jim Watt
http://www.gibnet.com
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VOIP over VPN over TCP over WAP over 3G Theo Markettos UK VOIP 2 02-14-2008 03:27 PM
Outlook TNEF flaw could be much worse than WMF flaw Au79 Computer Support 0 01-13-2006 10:48 PM
Wireless Network Worries =?Utf-8?B?Qm9i?= Wireless Networking 2 01-01-2006 08:34 PM
AGP Worries MELT Computer Support 5 01-05-2004 09:33 PM
i18n worries P@draigBrady.com Python 0 07-02-2003 03:01 PM



Advertisments