On 2010-03-08 Andrew Barkley wrote:
> The following illustrates how one can easily disable ZoneAlarm's
> security for whatever malevolent purposes. This "vector" so to speak,
> is merely "abusing" a particular branch of the Windows registry, by
> registering this security service as disabled. When "exploiting" this
> "vector" (administrative privileges are assumed
Anything starting with "a user with administrative privileges can ..."
is neither a vulnerability nor a design flaw. Administrators can by
design do anything they want on the system. Period.
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
> The following illustrates how one can easily disable ZoneAlarm's
> security for whatever malevolent purposes. This "vector" so to speak,
> is merely "abusing" a particular branch of the Windows registry, by
> registering this security service as disabled. When "exploiting" this
> "vector" (administrative privileges are assumed
Anything starting with "a user with administrative privileges can ..."
is neither a vulnerability nor a design flaw. Administrators can by
design do anything they want on the system. Period.
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
[ reply ]