Eric Wise

Business & .NET

Slashdot cracks me up.

@10:10AM
from the watch-out-or-it'll-chew-you-up dept.
LostCluster writes "WinXP SP2 has just been released to the public via Automatic Update, but eWeek and PC Magazine are together reporting that Windows XP SP2's 'Windows Security Center' is just about as insecure as it could possibly be. According to them, any program (including ActiveX controls) can access and edit the Windows Management Instrumentation database, and therefore spoof the security status of an insecure box to report that it is properly secured."

So let me get this straight... It's possible to hack an insecure box. Really now? Are you sure? Gee I better go install linux.

Look for a real post, with code from me tonight. I promise!

Published Aug 26 2004, 07:37 AM by Eric Wise

Comments

General Protection Fault, MCSD for .NET said:

What part of this don't you understand? They're saying that a compromised machine can be tricked to report that it's intact.

The only thing worse than having a compromised machine is not knowing about it. Think about it. This is true for any operating system.

By putting these controls in WMI and trusting third parties to report on their status, Microsoft locked the door and made copies of the key for everyone.

# August 26, 2004 4:39 AM

Eric wise said:

Looking deeper, you have to be running as an administrator to affect this as well.

If someone has admin execute priviliges on your box, you have bigger things to worry about.

This also means that it's not a "Windows is less secure than X" issue. Any machine that has the admin privilige compromised is royally farked. Doesn't matter what OS you're running.

# August 26, 2004 6:08 AM

Eric Wise said:

In addition, you do control your ActiveX control usage. So the only way such a thing ever executes is if you allow it.

In further addition, if they lock out security center from 3rd party apps then they just locked out Nortan, McAfee, etc and they get slammed for monopolistic design.

# August 26, 2004 6:11 AM

Right said:

So basically, the only way to make sure the security center tells the truth is to be educated enough to understand securing your machine in the first place? And you still don't see the problem here?

Come on.

# August 26, 2004 12:45 PM

General Protection Fault, MCSD for .NET said:

First of all, the fact that users in XP Home are *by default* Administrators, Microsoft should have shelved the current design.

Second of all, WMI can be modified by ActiveX scripting, including JScript. You don't have to install and run an ActiveX control. The eWeek guys (or PC Magazine guys) have a WSH script to do it, and you can run that script in your browser to do the same thing.

Still, you haven't refuted this: the only thing worse than having a compromised machine is not knowing about it. And it's a *lot* worse.

# August 27, 2004 4:14 AM

Name (required)

Your URL (optional)

Comments (required)

Remember Me?