RE: Unwanted programs on Win2K

["Mike Heitz" <mikeheitz () upshotmail com>]

I have to agree with Mr. Harris here as well... I go to great lengths to educate our user community on worms, viruses, 
hack possibilities... Now, obviously I'm not going to sit there and break it down for them with all the gory details. 
But, I've found over the past 2 years that giving a user community the important points, and how and why it affects 
them, goes a long way towards creating a secure and safe environment... That's everyone's desire whether they are a 
user or an admin.
 
Mike

        -----Original Message----- 
        From: Harris Samuel W PORT [mailto:HarrisSW () mail ports navy mil] 
        Sent: Tue 2/4/2003 3:54 PM 
        To: 'H C'; security-basics () securityfocus com 
        Cc: 
        Subject: RE: Unwanted programs on Win2K
        
        

        I disagree. Security is everybody's problem. The user can be a big help in
        notifying the IT department of things going on that might have escaped their
        eyes. The more eyes, the better.
        
        Amor Patriae
        
        Samuel Harris
        A+, MCP, Networking Certificate, Phi Theta Kappa
        Portsmouth Naval Shipyard
        Portsmouth , NH 03801
        (207) 438-4779
        
        
        
        -----Original Message-----
        From: H C [mailto:keydet89 () yahoo com]
        Sent: Tuesday, February 04, 2003 9:11 AM
        To: security-basics () securityfocus com
        Subject: re: Unwanted programs on Win2K
        
        
        > Question: How can someone bypass restrictions in
        Win2k
        > to install software when he doesn?t have proper
        > privileges?
        
        Privilege escalation is pretty trivial these
        days...assuming that the user doesn't already have
        local admin privileges on the system.  Not too long
        ago, a worm used the privilege escalation EXE from
        DebPloit to gain admin privileges on a system...if a
        worm can do it, it can't be too hard.
        
        Also, there's a Linux bootdisk available that allows
        the user to change any password on the system w/o
        knowing it ahead of time.
        
        While books like "Hacking Exposed" have a lot of good
        information in them, they also don't focus
        specifically on the types of things you're asking
        about.  After all, how would someone hack your
        workstation using a web server hack, if you're not
        running a web server?
        
        
        > Reason for asking question: If someone can install
        > Kazaa, someone can also install a keyreader or
        something
        > like that.
        
        Yeah, that's always possible...but it's not really
        your concern.  You're a user, so it's evident that
        you're talking about a corporate envirnment of some
        kind.  Since you're not asking as an admin...what are
        you worried about?  That someone will get on the
        network and do something using your account?  Do you
        feel as if you're being targetted specifically?  If
        something does happen, then the admins should be able
        to very easily exonerate you, if you didn't in fact
        do...whatever.  If not, that's what wrongful
        termination suits are for.
        
        > Maybe I am paranoid, but everytime I login, maybe I
        am
        > telling someone - hey, this is my passwrd.
        
        A little paranoia is a good thing, but since you're a
        user, it really isn't your concern.  After all, if
        your company has policies against such things as users
        installing software, then that's an HR/management
        issue. 
        
        
        
        
        
        __________________________________________________
        Do you Yahoo!?
        Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
        http://mailplus.yahoo.com