All Things Microsoft > Microsoft Software
MS Anti-Spyware: Norton Antivirus is a trojan!
Dark_Me:
I used Norton once. It was a system hog and ran scans at almost random intervals. The UI was also too complicated. Oviosly I uninstalled it.
Pathos:
I wouldn't be surprised if MS is right :P
mobrien_12:
I don't believe that running windows under a limited priveledge account is enough to protect you from virus infections. OSX, Linux, BSD, yeah. Windows, no.
You run Windows regularly in the manner that most users do, you pretty much have to have an antivirus program, because Windows is such a piece of junk.
Yes, Antivirus software is bloated. Yes, it is a resource hog. Yes, it slows your system down. Yes, it causes problems. All reasons to use a secure operating system that doesn't need AV.
Now most windows users need anti-spyware stuff too, again as a band aid for the Windows crappy security. It's inexcusable, and pathetic, for one security band-aid to disable another.
piratePenguin:
--- Quote from: mobrien_12 ---
Now most windows users need anti-spyware stuff too, again as a band aid for the Windows crappy security. It's inexcusable, and pathetic, for one security band-aid to disable another.
--- End quote ---
http://security.tombom.co.uk/shatter.html
--- Quote ---This paper presents a new generation of attacks against Microsoft Windows, and possibly other message-based windowing systems. The flaws presented in this paper are, at the time of writing, unfixable. The only reliable solution to these attacks requires functionality that is not present in Windows, as well as efforts on the part of every single Windows software vendor. Microsoft has known about these flaws for some time; when I alerted them to this attack, their response was that they do not class it as a flaw - the email can be found here. This research was sparked by comments made by Microsoft VP Jim Allchin who stated, under oath, that there were flaws in Windows so great that they would threaten national security if the Windows source code were to be disclosed. He mentioned Message Queueing, and immediately regretted it. However, given the quantity of research currently taking place around the world after Mr Allchin's comments, it is about time the white hat community saw what is actually possible.
This paper is a step-by-step walkthrough of how to exploit one example of this class of flaw. Several other attack methods are discussed, although examples are not given. There are many ways to exploit these flaws, and many variations on each of the stages presented. This is just one example.
--- End quote ---
Does anyone know if MS has fixed that exploit since?
muzzy:
The so called "Shatter" type of attack still works. It basically means that anything running on the same desktop can be owned. Windows isn't limited to single windowstation or single desktop, though, and I recall there's no similar vulnerability for jumping outside the desktop bounds.
There are more serious shatter-type attacks than described on the above paper, too. For example, common control header resize and size query can be used to write any data into target process memory without having VM privileges. Ouch!
So, this is an issue if you have gui applications running as admin on the user's desktop. For this reason, services nowadays run their GUI code with user privileges and communicate with the privileged code through pipes.
This issue is unfixable since the vulnerability exists by design, however it's contained to the software running in a single desktop. In multi-user windows environments different users have different desktops and even different windowstations and this isn't an issue. The secure desktop invoked through Ctrl-Alt-Del is unaffected and the gui stuff there cannot be taken over, same applies for screensavers. Except on w9x, ofcourse :)
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version