• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "Latest Macro Virus Worm How Does It disable ...."

Collapse

  • Guest's Avatar
    Guest replied
    Re: re

    read/write rights to that file should be limited to Admin and internal system account.

    Leave a comment:


  • Guest's Avatar
    Guest replied
    re

    but isnt the registry just a huge text file? ie. system.dat or something?

    Leave a comment:


  • Guest's Avatar
    Guest replied
    Well I get that

    When I created a secure payments application
    the NT Server had reasons to use the registry.

    So as part of the code I put some very heavy security
    around certain values in the registry.

    The point was that in some cases the security was heaviest
    around dummy values entered into the registry.

    Thus any hacker would probably have been keen to get
    at these values since they were so well protected.

    What the article implied was not individual protection
    on certain keys ( in which your post is very correct )

    but the entire registry.

    I kind of concluded that they could somehow get at the
    administrators group on the local machine to actually
    stop access to the registry.

    Leave a comment:


  • Guest's Avatar
    Guest replied
    re

    not 100% sure what the question is here so if I'm way off, apologies now.

    Each registry key can have privileges assigned to it, ie. who can read it, who can edit it, who can delete it etc. etc. When a program writes a value to the registry (new or existing) it can specify the privileges required to read/edit/delete etc. normally the program is running within the context of a user (the person running the program) and so the default security requirements for the registry key include the users security info. If you wanted to make a special registry key *extra* secure your code just supplies another security identifier, ie one other than the current users. this method will ensure that no-one or thing can access the registry key except for your code. I use this method regularly to store sensitive data in the registry (database connection attributes etc.) the only way that anyone can change these values is via the supplied 'admin' tool. This ensures that 'fred bloggs' can't go messing around in the system registry and completely **** up the application. It also helps to ensure that the sensitive data is kept hidden from prying eyes.

    hope this explanation helps...

    D

    Leave a comment:


  • Guest's Avatar
    Guest replied
    re

    maybe something to do with the murky world of assembly code

    Leave a comment:


  • Guest's Avatar
    Guest started a topic Latest Macro Virus Worm How Does It disable ....

    Latest Macro Virus Worm How Does It disable ....

    Swen installs various files to ensure that it is launched every time the system boots up. It also disables the user's ability to edit the Registry.

    from silicon something or other

    Huh?
    How does it do that folks ?

    I mean I go to a dos prompt and type
    regedit or regedt32

    Does it roger the binary or damage the security
    on the actual registry.

    I want to know so I can create havoc around the globe.

    Cheers.

Working...
X