Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Useless tidbit (MS AntiSpyware)
From: James Tucker <jftucker () gmail com>
Date: Wed, 11 May 2005 02:58:14 +0100

May I ask what web browser you use, if any?
What about mail client?
Do you read rich text and html mails in code?
Do you never have to update your software?
Can you reliably justify rolling out new software versions to
massively time-dependant and business critical systems potentially
causing as much damage as an infection?

These are the issues from the other side.

On 5/11/05, Nick FitzGerald <nick () virus-l demon co uk> wrote:
Steven Rakick wrote:

Interesting. Has this always been that way? While it's not a huge gaping
hole, it's definitely concerning. At least to me.

Well, yes, of course it's concerning...

If you have some unknown/unwanted/etc program running on one of your
machines you darn well should be concerned, regardless of whether its
called program.exe and located in the root directory of your Windows
install drive or not.

Of course, (assuming you are an IT admin) your boss should be even more
concerned in how in the heck you've allowed your IT system to be rolled
out such that arbitrary executables can actually get onto the machines
and be run so easily.

_THAT_ is a far larger problem you should have considered long before
you discovered that one (or more) of the many "band-aid" programs (like
MS AntiSpyware, most other anti-spywares, known virus scanning
"antivirus" programs, software firewalls, and so on) so commonly
advocated by lame (or hamstrung) system admins has this (and dozens of
other) trivial, stupid holes.

Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]