Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Is explorer.exe (XP) a high risk process

from [Miha Pihler] Network Security [Permanent Link]
Subject: RE: Is explorer.exe (XP) a high risk process
Date: Fri, 15 Dec 2006 11:53:14 +0100 
If users runs a virus or a rootkit this executable will run in security
context of a user. If user is not a local administrator virus or rootkit
will fail to deliver its payload (depending on what the virus tries to
do). 
If you check default NTFS permissions on explorer.exe file you will see
that users only have read and execute permission on the file. They can't
even delete or replace the file... 

There are some exceptions to this -- e.g. worms that exploit buffer
overflows where they can gain elevated privileges. This should be fixed
by applying appropriate patches. 

If I am local administrator -- it doesn't matter what security measures
you throw at me; I (or virus or rootkit) can bypass all of them... ;-).

Mike

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Gurpreet Singh
Sent: Thursday, December 14, 2006 7:25 PM
To: sergelessard76@hotmail.com; focus-ms@securityfocus.com
Subject: RE: Is explorer.exe (XP) a high risk process

Of course u should consider explorer.exe a high risk process. Not only
viruses attack it but rootkits also. They modify the existing
explorer.exe. 

See also,
http://www.security.nnov.ru/docs4852.html
http://securitydot.net/vuln/exploits/vulnerabilities/articles/17949/vuln
.htm
l


-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of sergelessard76@hotmail.com
Sent: Thursday, December 14, 2006 7:21 PM
To: focus-ms@securityfocus.com
Subject: Is explorer.exe (XP) a high risk process

Quick questions for the IT security community. We have a 2000
workstation being centrally managed by McAfee ePO. All of those stations
are being scanned / protected based on a single predefined policy. In
that policy we have a list of highrisk processes which we want to ensure
are clean and some we want to block instantly from running. One of those
processes is explorer.exe . Alot of viruses are targeting thise process
therefore we wanted to eleviate our level of pretection by doing so. But
for 2 individuals it is causing a considerable slowdown when accessing
local drive where large zip and iso files reside. Of course our first
recommendation was to move those files on a network share but to back
this recommendation I wanted to get your opinion of our strategy. Should
explorer.exe be considered a highrisk process or not?? thank you

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: U3 TEchnology was RE: strange new virus, Henry Troup
Next by Date:  Re: strange new virus, badz
Previous by Thread:  RE: Is explorer.exe (XP) a high risk process, Gurpreet Singh
Next by Thread:  RES: [SPAM] RE: Is explorer.exe (XP) a high risk process, Charbel Chalala Issa
Indexes:  [Date] [Thread] [Top] [All Lists]