• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Latest Macro Virus Worm How Does It disable ....

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    Latest Macro Virus Worm How Does It disable ....

    Swen installs various files to ensure that it is launched every time the system boots up. It also disables the user's ability to edit the Registry.

    from silicon something or other

    Huh?
    How does it do that folks ?

    I mean I go to a dos prompt and type
    regedit or regedt32

    Does it roger the binary or damage the security
    on the actual registry.

    I want to know so I can create havoc around the globe.

    Cheers.

    #2
    re

    maybe something to do with the murky world of assembly code

    Comment


      #3
      re

      not 100% sure what the question is here so if I'm way off, apologies now.

      Each registry key can have privileges assigned to it, ie. who can read it, who can edit it, who can delete it etc. etc. When a program writes a value to the registry (new or existing) it can specify the privileges required to read/edit/delete etc. normally the program is running within the context of a user (the person running the program) and so the default security requirements for the registry key include the users security info. If you wanted to make a special registry key *extra* secure your code just supplies another security identifier, ie one other than the current users. this method will ensure that no-one or thing can access the registry key except for your code. I use this method regularly to store sensitive data in the registry (database connection attributes etc.) the only way that anyone can change these values is via the supplied 'admin' tool. This ensures that 'fred bloggs' can't go messing around in the system registry and completely **** up the application. It also helps to ensure that the sensitive data is kept hidden from prying eyes.

      hope this explanation helps...

      D

      Comment


        #4
        Well I get that

        When I created a secure payments application
        the NT Server had reasons to use the registry.

        So as part of the code I put some very heavy security
        around certain values in the registry.

        The point was that in some cases the security was heaviest
        around dummy values entered into the registry.

        Thus any hacker would probably have been keen to get
        at these values since they were so well protected.

        What the article implied was not individual protection
        on certain keys ( in which your post is very correct )

        but the entire registry.

        I kind of concluded that they could somehow get at the
        administrators group on the local machine to actually
        stop access to the registry.

        Comment


          #5
          re

          but isnt the registry just a huge text file? ie. system.dat or something?

          Comment


            #6
            Re: re

            read/write rights to that file should be limited to Admin and internal system account.

            Comment

            Working...
            X