[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Circumventing Critical Security in Windows XP
On 2010-02-17 barkley@xxxxxxx wrote:
> I've detailed below just how easy (too easy) it is to circumvent the
> security of the following critical security services. Thus can't now
> become can!
> It goes without saying that malware on entering a system by whichever
> means, and on detecting critical security services, can now even more
> easily (automated/scripted) disarm critical security services, just by
> modifying unprotected registry entries, for whatever malevolent
> I've created registry entries (I can send these to you should you be
> interested) to demonstrate just how easy it is to circumvent the
> security of these critical security services, which unfortunately is
> all too easily a very effective way of immobilising critical security
> functions i.e. firewall, antivirus etc. This in my opinion is
> certainly not a vulnerability nor a flaw so to speak, but rather a
> functional design oversight?
Unless you give details on what you actually did, any discussion is
rather futile. I do have a feeling, though, that the modifications you
made require administrator privileges. In which case there isn't any
kind of vulnerability or security flaw.
"All vulnerabilities deserve a public fear period prior to patches
--Jason Coombs on Bugtraq