If anyone has an MSDN Universal Subscription I believe the beta is available
in subscriber downloads.
And from Steve's analysis:
>>One minor area of concern:
>>the Changes document
>>----------------------------------------------------------------------
----
>>------
>>Applications should get user consent before adding themselves to the
>>AuthorizedApplications collection.
>>----------------------------------------------------------------------
----
>>------
>>"Should" ?
>>A rogue application running as Administrator could easily add itself to
>>the list with a "friendly name" of Internet Explorer or the like and fool.
>>the user.
>>This could only happen if the user ran some badware, and I'm not sure if
>>there is any way to get around this beyond simply forcing some kind of GUI
>>dialog box entry for every update to the Firewall API.
I don't think there is any "direct" why of notifying the user. A kernel
thread should not "call up" to the gui. However, if there were some
notification api that notifies of the changes, a client (such as MS's new
firewall client or third party) should notify the user of the change by
"subscribing" to the notification event.
Thanks,
Geoff Van Brunt
Information Technology Manager
DST Consulting Engineers
-----Original Message-----
From: Thor Larholm [mailto:thor (at) pivx (dot) com [email concealed]]
Sent: March 9, 2004 1:29 PM
To: Steve Friedl; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Microsoft XP/SP2 security
Very nice analysis, I wonder how much more you could have written with
access to XP/SP2 (nudge nudge, give the man a beta).
The IE security zone changes involve locking down the My Computer zone
(http://tinyurl.com/3atog). Together with the NX CPU flag, this will
definitely cause a lot of applications to malfunction, including:
Microsoft Management Console
Norton Internet Security / Norton Antivirus
Mcafee Antivirus
Visual Studio.NET/2003
The .NET Framework
MSDN Help
Regards
Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor (at) pivx (dot) com [email concealed]
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569
PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net>
-----Original Message-----
From: Steve Friedl [mailto:steve (at) unixwiz (dot) net [email concealed]]
Sent: Tuesday, March 09, 2004 7:31 AM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Microsoft XP/SP2 security
Hello listmates,
XP Service Pack 2 has been in beta test for some months, and it looks
like this is primarily about adding security features. A few are minor,
but some look quite far-reaching. I don't believe I've ever seen a
single bigger security push from Microsoft, and I'm very encouraged.
I've written an analysis of XP/SP2's security aspects:
http://www.unixwiz.net/techtips/xp-sp2.html
Corrections/feedback welcome.
Steve
--
Stephen J Friedl | Software Consultant | Tustin, CA | +1 714 544-6561
www.unixwiz.net | I speak for me only | KA8CMY | steve (at) unixwiz (dot) net [email concealed]
Protect your network against hackers, viruses, spam and other risks with
Astaro Security Linux, the comprehensive security solution that combines
six
applications in one software solution for ease of use and lower total
cost
of ownership.
Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301
------------------------------------------------------------------------
Protect your network against hackers, viruses, spam and other risks with
Astaro Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost
of ownership.
Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301
------------------------------------------------------------------------
---
Protect your network against hackers, viruses, spam and other risks with
Astaro Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost
of ownership.
Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301
------------------------------------------------------------------------
---
If anyone has an MSDN Universal Subscription I believe the beta is available
in subscriber downloads.
And from Steve's analysis:
>>One minor area of concern:
>>the Changes document
>>----------------------------------------------------------------------
----
>>------
>>Applications should get user consent before adding themselves to the
>>AuthorizedApplications collection.
>>----------------------------------------------------------------------
----
>>------
>>"Should" ?
>>A rogue application running as Administrator could easily add itself to
>>the list with a "friendly name" of Internet Explorer or the like and fool.
>>the user.
>>This could only happen if the user ran some badware, and I'm not sure if
>>there is any way to get around this beyond simply forcing some kind of GUI
>>dialog box entry for every update to the Firewall API.
I don't think there is any "direct" why of notifying the user. A kernel
thread should not "call up" to the gui. However, if there were some
notification api that notifies of the changes, a client (such as MS's new
firewall client or third party) should notify the user of the change by
"subscribing" to the notification event.
Thanks,
Geoff Van Brunt
Information Technology Manager
DST Consulting Engineers
-----Original Message-----
From: Thor Larholm [mailto:thor (at) pivx (dot) com [email concealed]]
Sent: March 9, 2004 1:29 PM
To: Steve Friedl; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Microsoft XP/SP2 security
Very nice analysis, I wonder how much more you could have written with
access to XP/SP2 (nudge nudge, give the man a beta).
The IE security zone changes involve locking down the My Computer zone
(http://tinyurl.com/3atog). Together with the NX CPU flag, this will
definitely cause a lot of applications to malfunction, including:
Microsoft Management Console
Norton Internet Security / Norton Antivirus
Mcafee Antivirus
Visual Studio.NET/2003
The .NET Framework
MSDN Help
Regards
Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor (at) pivx (dot) com [email concealed]
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569
PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net>
-----Original Message-----
From: Steve Friedl [mailto:steve (at) unixwiz (dot) net [email concealed]]
Sent: Tuesday, March 09, 2004 7:31 AM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Microsoft XP/SP2 security
Hello listmates,
XP Service Pack 2 has been in beta test for some months, and it looks
like this is primarily about adding security features. A few are minor,
but some look quite far-reaching. I don't believe I've ever seen a
single bigger security push from Microsoft, and I'm very encouraged.
I've written an analysis of XP/SP2's security aspects:
http://www.unixwiz.net/techtips/xp-sp2.html
Corrections/feedback welcome.
Steve
--
Stephen J Friedl | Software Consultant | Tustin, CA | +1 714 544-6561
www.unixwiz.net | I speak for me only | KA8CMY | steve (at) unixwiz (dot) net [email concealed]
------------------------------------------------------------------------
---
Free 30-day trial: firewall with virus/spam protection, URL filtering,
VPN,
wireless security
Protect your network against hackers, viruses, spam and other risks with
Astaro Security Linux, the comprehensive security solution that combines
six
applications in one software solution for ease of use and lower total
cost
of ownership.
Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security
Protect your network against hackers, viruses, spam and other risks with
Astaro Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost
of ownership.
Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security
Protect your network against hackers, viruses, spam and other risks with
Astaro Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost
of ownership.
Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301
------------------------------------------------------------------------
---
[ reply ]