I
imhotep
Gerry said:
Be careful of complementing me. The zombies will attack you!
-- Imhotep
Be careful of complementing me. The zombies will attack you!
-- Imhotep
I
imhotep
Sorry but you are wrong. Did you not read what I wrote. In theory you are
correct. In the real World you are wrong. So, let's go over the logic one
more tiring time:
The technique ***REQUIRES*** elevated user privileges. All of the "other"
OSes no not run users in elevated privileges (admin group, etc). ONLY
MICROSOFT DOES THIS. Get it now?????
Seems Joanna said they SAME THING WE ARE SAYING. Why don't you try to argue
with her...
"She also admitted that she had to perform the hack in higher privileged
administrator mode rather than the lower privileged user account control."
How many times does someone have to say the same thing before you can
comprehend it?
It was until you got involved.....
-- Imhotep
--Imhotep
I
imhotep
Roger said:
Roger, you do not need to be a professional web surfer to see the link in
the paragraph. Just typing that sentence reminds me of how useless this
conversation is. Please, stick to topics related to the post...I think we
all would benefit...I think we all should.
-Im
S
S. Pidgorny
G'day:
I do not consider users total idiots: I know for sure that some do pay
attention to warnings- evry so often they call me to confirm their action.
And what is your plan? Please enlighten us.
Yep, persistently ignoring facts is indeed required in such a quality
argument.
I do not consider users total idiots: I know for sure that some do pay
attention to warnings- evry so often they call me to confirm their action.
And what is your plan? Please enlighten us.
Yep, persistently ignoring facts is indeed required in such a quality
argument.
G
Guest
imhotep said:
If you had read my post, you would know that I saw the link, clicked on it,
and said it wasn't a very good article either. You know very well that not
everyone would follow a link in your link to read the original news source,
because we just had this same Slashdot argument with you last week.
But you're not responding. Why would you post a link to Slashdot instead of
posting a link to the original news source? The Slashdot post didn't do a
great job of summarizing the news source, and the news source itself was
terribly inaccurate. There are way better news stories discussing this
issue. I have to think you and Slashdot intentionally chose the worst
written article because it supported your anti-Microsoft preconceptions.
Vista is at least as well thought out as other OSes. With Solaris 10, it's
difficult or impossible to install the OS unless the computer is plugged into
the network during the install. But then your unpatched, unfirewalled OS is
potentially vulnerable to attacks, especially if you forget to unplug the
network cable before the last reboot. With the past two FreeBSD installs,
the installer can't predict whether you're going to run out of free space
when the install is 95% finished. It also doesn't tell you to insert the
Ports CD, instead it just gives you ambiguous error messages. There are some
good articles on the Internet about some poor practices in the way Firefox
installs and checks security on plugin files. These are things you would
think would be resolved years ago, but they haven't been. If Microsoft made
any of these kind of huge, easy to correct mistakes, you'd be all over them,
but somehow these things are forgivable in Solaris and BSD.
Yes, like you I'm hoping the final release of Vista will force users to
create a non-Admin account. I'm not sure that hasn't been their intention
all along. If it isn't their intention, I'm sure that complaints from users
(including you) about UAP being annoying has something to do with it.
G
Gerry Hickman
Hi Karl,
What I'm saying is that he's right about the user accounts in general, I
snipped that part from what he wrote. I was not making a comment on the
Blue Pill.
What I'm saying is that he's right about the user accounts in general, I
snipped that part from what he wrote. I was not making a comment on the
Blue Pill.
A
Alun Jones [MS-MVP - Windows Security]
Kerry Brown said:
I think Karl's referring to this:
http://msmvps.com/blogs/alunj/archive/2006/03/30/88550.aspx
[Okay, so it's a blatant plug for my blog, but it links to the Vista UAC
blog article on making all user accounts after the first one as restricted.]
Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
K
Kerry Brown
Alun said:
I have also heard this elsewhere earlier today but it's always good to plug
your blog
I still think the install process is wrong and needs to be changed. There
should be a real administrator account created with a screen that says
something like "This is the administrator account and shouldn't be used for
everyday use". Then there should be another screen where you create user
accounts and specify one of the user accounts as the default logon.
K
karl levinson, mvp
I hadn't read that, but thanks, it's interesting.
So that sounds like good and bad news. Good that Microsoft has already
decided to change the installer to create non-admin accounts by default.
Bad that Microsoft didn't realize the need for this on their own. It
totally defeats much of their hard work on UAP to create nothing but Admins
during install.
G
Guest
Hello,
I am not an expert; rather, I am a novice and would like to add my thoughts.
When I first began to "realize" that I had been "hacked", I attempted to use
my basic knowledge about computers and figure out if I could find out where
that little bugger was hiding. I eventually found sysinternals.com and
quickly downloaded all their cool tools (and they were freee!!!!). I quickly
ran the programs and was soon looking into the "registry???" at names like
"lanman", "gina", and such. Man, I thought, who, other than a hacker, would
name a file "lanman" or "gina". These HAVE TO GO...OUCH...MY COMPUTER IS
ACTING FUNNY....DARN HACKERS....
Reinstall....Download sysinternals tools....read a little bit...ohhhh!!
"lanman" is meant for LAN Manager..... gina is a MS file also... OK, all I
have to do is figure out which files are MS, which are the normal programs,
and which are that term...."Maleware".... I quickly discovered this was a
very difficult, if not impossible, task for a novice.... OK, new
direction.... read about security and learn programming.... Wow, there is a
"built-in" admin account with a default password of ""..... What is this
"local security policy" ? Hmmm...what would happen if I remove the everyone
group from the "Bypass traverse checking".... OUCH.....
Read some more, problem....much of the documentation is geared towards IT
professionals or developers.....what about us ignorant home users???? Not
much out there.... OK...read and try to understand.... What is "mmc",
"snap-ins", "security templates", NTLMv2 ?, Response only?, etc....
Ok, I think I have it somewhat figured out..... Strong and complex
passwords, remove all "users" from the admin group and place them in the
"limited user" group, be weary of fast switching and log-in screen, use
strong and complex password for admin account and good passwords for user
accounts.... Wait...better use strong passwords for user accounts also since
privialge escalation to "NT Authority/System" can be accomplished in some
instances....
Now enter Family Members (who I love dearly) who only want to use the
computer for what it is suppose to be used for....Entertainment!!!!!!!!!!
WHAT? That password is to tough.... Has to be that long????
Man, by posting this message I have violated another golden rule....NEVER
LET PEOPLE IN DISCUSSION GROUPS KNOW HOW IGNORANT YOU ARE ABOUT COMPUTER
SECURITY.....
I might as well clean my drive now, wipe it according to DOD specs, and
reinstall my usual OS....Can I use any of my old files???? Have they been
corrupted???? Can I only use my encrypted files???? Was my encryption
strong???? Let me go to a TECH site and ask their opinion.....
I am not an expert; rather, I am a novice and would like to add my thoughts.
When I first began to "realize" that I had been "hacked", I attempted to use
my basic knowledge about computers and figure out if I could find out where
that little bugger was hiding. I eventually found sysinternals.com and
quickly downloaded all their cool tools (and they were freee!!!!). I quickly
ran the programs and was soon looking into the "registry???" at names like
"lanman", "gina", and such. Man, I thought, who, other than a hacker, would
name a file "lanman" or "gina". These HAVE TO GO...OUCH...MY COMPUTER IS
ACTING FUNNY....DARN HACKERS....
Reinstall....Download sysinternals tools....read a little bit...ohhhh!!
"lanman" is meant for LAN Manager..... gina is a MS file also... OK, all I
have to do is figure out which files are MS, which are the normal programs,
and which are that term...."Maleware".... I quickly discovered this was a
very difficult, if not impossible, task for a novice.... OK, new
direction.... read about security and learn programming.... Wow, there is a
"built-in" admin account with a default password of ""..... What is this
"local security policy" ? Hmmm...what would happen if I remove the everyone
group from the "Bypass traverse checking".... OUCH.....
Read some more, problem....much of the documentation is geared towards IT
professionals or developers.....what about us ignorant home users???? Not
much out there.... OK...read and try to understand.... What is "mmc",
"snap-ins", "security templates", NTLMv2 ?, Response only?, etc....
Ok, I think I have it somewhat figured out..... Strong and complex
passwords, remove all "users" from the admin group and place them in the
"limited user" group, be weary of fast switching and log-in screen, use
strong and complex password for admin account and good passwords for user
accounts.... Wait...better use strong passwords for user accounts also since
privialge escalation to "NT Authority/System" can be accomplished in some
instances....
Now enter Family Members (who I love dearly) who only want to use the
computer for what it is suppose to be used for....Entertainment!!!!!!!!!!
WHAT? That password is to tough.... Has to be that long????
Man, by posting this message I have violated another golden rule....NEVER
LET PEOPLE IN DISCUSSION GROUPS KNOW HOW IGNORANT YOU ARE ABOUT COMPUTER
SECURITY.....
I might as well clean my drive now, wipe it according to DOD specs, and
reinstall my usual OS....Can I use any of my old files???? Have they been
corrupted???? Can I only use my encrypted files???? Was my encryption
strong???? Let me go to a TECH site and ask their opinion.....
R
Roger Abell [MVP]
imhotep said:
Once again illustrating that you do not read, or at best read what
you wish to see, or that you cannot communicate what you intend.
You quoted, then claimed it was munged.
You certainly cannot believe or expect that everyone will follow a
link just because you have indicated you believe it worthwhile.
I
imhotep
Roger said:
Roger, yet again you are wrong but refuse to admit it....You claimed there
was not a link, there was....
You just do not like the source, but are not brave enough to be honest. I
pity you.
Im