Re: Blaster: will it spread without tftp?

[Gregory Steuck <greg-fulldisclosure () nest cx>]

> > > > > "Nick" == Nick FitzGerald <nick () virus-l demon co uk> writes:

    Nick> "Least privilege" and "minimized services" are standard
    Nick> security mantra, right?  If so, WTF do so many Windows boxes
    Nick> even have TFTP client executables installed?  What proportion
    Nick> of "normal users" has _any_ real need for TFTP these days?  In
    Nick> fact, who in their right mind would use it at all??  Ditto RCP
    Nick> and RSH amongst much other archaic and/or arcane crap that MS
    Nick> seems to feel "needs" to be on every box under the sun.

Last I heard "Secure by default" is not in Microsoft's repertoire. How
big is minimal install of Win2K? How much of that does not comply with
"least privilege" and "minimized services" security mantra?

    Nick> Sure, removing these tools does not completely fix your boxes,
    Nick> but by setting the bar higher you should be increasing the
    Nick> average complexity needed for any possible attack scenario to
    Nick> be successfully exploited _on your boxes_.

Nah, that's only a marginal difference. Once adversary code executes on
your system (with SYSTEM privs, giggle), you are screwed, period. Just
check out how they uudecoded executables on those highly stripped
systems. And I bet uudecode can be even written in shell. So, in our
general purpose OSes we cannot do anything but "hard cover - chewy
core".

Bye
Greg
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html