MSFT Security and UAC: Huge Client US State Dept Hacked

[Chad Harris]

Kerry nice posts on UAC thread--I saved them all. I don't have a lot of
exploit knowledge, so I'll do some reading on "zero day exploits."

I'm on a dual boot of XP and Vista. So how do I set up ***monitoring** the
XP folder so that one rip can go to both WMP's on both boots. Both WMPs are
WMP11. I tried doing simple library export and it wouldn't work despite the
fact that it's frequently suggested?

I also find that simply ripping selectively since many CDs have filler music
that you might not want helps save a lot of space. They can add up and a
classical CD with lengthy cuts can be 60-100MB.

CH

 

[Mark D. VandenBerg]

Just make a third partition for your data storage accessible from any and
all O/S's, Chad. It avoids many permission issues and actually is a little
more secure, in that you can dump all your O/S's, reformat those partitions,
and your data is untouched.

 

[Kerry Brown]

Kerry nice posts on UAC thread--I saved them all. I don't have a lot
of exploit knowledge, so I'll do some reading on "zero day exploits."

Thanks, A zero day exploit is simply an exploit that takes advantage of a
security vulnerablility on the same day the exploit becomes known. All the
anti-malware vendors haven't had to time to figure out how to stop it yet so
all the protection in the world won't help.

I'm on a dual boot of XP and Vista. So how do I set up
***monitoring** the XP folder so that one rip can go to both WMP's on
both boots. Both WMPs are WMP11. I tried doing simple library export
and it wouldn't work despite the fact that it's frequently suggested?

I also find that simply ripping selectively since many CDs have
filler music that you might not want helps save a lot of space. They
can add up and a classical CD with lengthy cuts can be 60-100MB.

I keep all my mp3's on a share on a XP machine. The security on the folder
is to everyone having read permissions. On all my computers I go into the
library in wmp, pick add to the library, pick by monitoring folder and point
to the share. If you have a lot of mp3's it will take a while before they
all show up. The advantage is that you can add, delete, move files around
and the updates show up on all the computers as long as you keep them in the
tree under the shared folder.

 

[Chad Harris]

Or a company like MSFT holds on to the solution for months. Case In Point:
There was a PC Health file that could wipe out Windows. MSFT said not a word
about it but didn't fix it until November 2002 when it released Windows XP
SP1. A couple days before it did, Leo Laporte went public with the problem
and the file on Tech TV and that was the first time the vulnerablity was
announced.

I understand the dilemma between alerting people to do the vulnerability and
having malicious script writers reverse engineer an exploit for the hotfix.

CH

 

[Jeff]

Fellas;
There are now zero-day exploit anti stuff available;
One such program;which I beta tested recently;in xp; is Socketshield; nice
app.
Doesn't work in Vista yet;tho:-(
Because of the new kernel; I think; but theyre working on it.
Check it out at www.explabs.com
Jeff

 

[Kerry Brown]

Fellas;
There are now zero-day exploit anti stuff available;
One such program;which I beta tested recently;in xp; is Socketshield;
nice app.
Doesn't work in Vista yet;tho:-(
Because of the new kernel; I think; but theyre working on it.
Check it out at www.explabs.com

I tried Socketshield and it does what it says it will. It is still
vulnerable to zero day or unknown exploits. It can be updated faster than
other programs because it works more like a firewall than a malware scanner
but it is still vulnerable to an exploit it doesn't know about if the
exploit comes from a site it doesn't know about. I eventually stopped using
it because it slowed down my computer and caused intermittent glitches with
Exchange and intermittent lost connections on my internal network. When I
uninstalled it all the glitches went away.

 

[Jeff]

Kerry;
OK,
I didn't have any probs with it;myself,but guess ppl do.
Was just giving an fyi
Jeff

 

[Kerry Brown]

Kerry;
OK,
I didn't have any probs with it;myself,but guess ppl do.
Was just giving an fyi

It's actually a very good program. I like the idea of what they are trying
to do.It's just that it's still a beta and was causing me some problems. I
think this is the direction anti-malware programs will go in for the next
few years. Eventually I think programs that access the Internet will be run
in virtual environments but it will be a while before the OS and hardware
allows that conveniently. IE7 in Vista is a step in that direction.