Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Hidden-code flaw in Windows renews worries over stealthly malware
Robert Lemos, SecurityFocus 2005-08-31

A flaw in the way that several security programs and systems utilities detect system changes could allow spyware to spread surreptitiously and have renewed worries about stealthier attack code.

Comments Mode:
Please explain... 2005-08-31
Brian M. Thomas (5 replies)
I've only been in the business for about 22 years, so some of the finer distinctions escape me on occasion. Perhaps you can explain this one:

"not a software security vulnerability, but a function within the operating system that could be misused"...

...

[ more ]  [ reply ]
Re: Please explain... 2005-08-31
Anonymous (1 replies)
My interpretation was that these programs are using standard windows APIs to detect what is going in/out of the Windows registry, and that the problem lies with how a certain API might deal with long strings in the registry. If that's true, then Microsoft can fix the underlying issue, and it will b...

[ more ]  [ reply ]
All-Seeing Eye handles this trick without any problem 2005-09-07
Richard T. (1 replies)
Just like most other incidents like this lately, the free and completely awesome software All-Seeing Eye (http://www.fortego.com/ase) handles this issue without any problem. I've never seen a more complete and easy-to-use HIDS for Windows, and it's getting more and more needed to use one for every d...

[ more ]  [ reply ]
Re: All-Seeing Eye handles this trick without any problem 2005-10-25
Anonymous (1 replies)
How do you know that the new tool you are proposing does not have any spyware itself?

Let me know if anyone else has any comments about the authenticity of this tool. I am really concerned when ppl praise such tools which look very much unauthentic....

[ more ]  [ reply ]
Re: Re: All-Seeing Eye handles this trick without any problem 2006-06-24
Anonymous
I thought All Seeing Eye was a game program used to poll game servers for games installed on your pc....

[ more ]  [ reply ]
Re: Please explain... 2005-08-31
Anonymous (1 replies)
I Don't have 22 years experience, but did you also happen to read the writeup yesterday? And catch this in today's article as well?

<i>"The technique works against Microsoft's RegEdit utility, but other system utilities, such as Reg.exe and the Microsoft Configuration Editor, are not affected, th...

[ more ]  [ reply ]
Re: Re: Please explain... 2005-09-02
Anonymous
You have to remember that registry keys are not the same as filenames. Even if they were, the length of file names are not limited by the OS, but by the file system. The registry is a binary file, of which the format was chosen at design time.

Anyway, it sounds to me the issue is with certain c...

[ more ]  [ reply ]
Re: Please explain... 2005-08-31
Anonymous (1 replies)
Its not a bug, its a feature....

[ more ]  [ reply ]
Re: Re: Please explain... 2005-09-12
Anonymous
Hey, I agree with that and the implication that Windows (and everyother OS) is loaded with features. The bigger issue is how to turn off features we don't want. Maybe we should ask Bill?...

[ more ]  [ reply ]
Re: Please explain... 2005-08-31
Anonymous
Well it's simple really, it goes like this:

'It's not a software security vulnerability, it's another name we've dreamed up, it means the same thing but sounds less threatening...'

Hope that clears it up for you!...

[ more ]  [ reply ]
Re: Please explain... 2005-09-05
Anonymous
The explanation is very simple:

It's a bug, as everyone else said, and they do not want to admit it.

The "do not want to admit" part is very important. Although it looks like the usual denial, what is probably happening is that a legacy interface (used by regedit and others) has a limitation whi...

[ more ]  [ reply ]
Hidden-code flaw in Windows renews worries over stealthly malware 2005-09-01
Anonymous (1 replies)
Go Linux =)...

[ more ]  [ reply ]
Re: Hidden-code flaw in Windows renews worries over stealthly malware 2005-09-07
Anonymous
DOnt get me wronge I love my Linux! But seriosuly, it has an equal amount of flaws and security vulns. The only differance is with Linux, I can fix the problem. With Windows, ya gotta wait for the patch/update/hotfix. If you try to fix it they will sue the crap out of you....

[ more ]  [ reply ]
Uhm you guys need to take a look at unix... 2005-09-04
x86
rootkits that "hide" processes and just about anything "files/directoryies/anything" is nothing new guys... so why would it be so impossible for windows nt/xp/03 kernels be so much harder, most users are logged in with admin privlages, besides the fact windows kernels arent open source i guess that...

[ more ]  [ reply ]
Flypaper? 2005-09-05
Anonymous (1 replies)


Doesn't Windows seem like it's becoming more and more like flypaper for spyware and virus? whoever

is making this stuff is getting much better at

making it stick like gum and harder to detect.

Honestly I think there is going to come a point

soon when the majority of users are going to say

en...

[ more ]  [ reply ]
Re: Flypaper? 2005-09-08
Anonymous
Yeah - Let's all switch to Mac OS! That's the solution - besides there are so many business and management apps for it that it can easily replace Winders!!! Oh then there's always Linux - that's even a better choice caus' it free!!! You're brilliant! ...

[ more ]  [ reply ]
About long named registry key... 2005-09-13
DgtlScrm
This techniquie is alredy described. But autorun will be ignored when key name is too long...

(rus) http://www.xakep.ru/post/21789/default.asp 3th section...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus