why can malware writte in system32 folder?

[PL]

Hi guys
I have a question, why can malware writte in system32 folder if these is
read only?, someone know?

 

[David H. Lipman]

From: "PL" <[email protected]>

| Hi guys
| I have a question, why can malware writte in system32 folder if these is
| read only?, someone know?


| --
| Saludos
| PL


This isn't a anti malware group.

Please rewrite your query and fully express what you want to know in;
microsoft.public.security.virus

 

[R. McCarty]

It's not a matter of Folder attributes so much as it is the privileges of
the user or service making the change. Called ACL ( Access Control
List(s) ), it's the privilege table of what users can perform what actions.

 

[Bob I]

Simple, system32 folder ISN'T read only.

 

[PL]

Thanks Mr McCarty, I'll read about that.

It's not a matter of Folder attributes so much as it is the privileges of
the user or service making the change. Called ACL ( Access Control
List(s) ), it's the privilege table of what users can perform what
actions.

 

[PL]

Thanks David, I didn't know that these group.

 

[PL]

really??? I saw read only access in folder properties, I'll check, my goal
is try to never without administrative privileges can write in it.

Thanks bob, Sorry I'm starter user

 

[Bob I]

That "check box" means nothing as to the "attributes" of the folder
itself. It's only purpose in life is to allow a user to Set or UNset,
enmass, the read-only attributes of the files contained within the folder.

 

[PL]

Ok, I'll read more about that, thanks Bob.

That "check box" means nothing as to the "attributes" of the folder
itself. It's only purpose in life is to allow a user to Set or UNset,
enmass, the read-only attributes of the files contained within the folder.

 

[Bob I]

Sure, you can see it for yourself, make a temp folder to play with, and
then copy some files to it, then look in the folder and set the view to
Details and show attributes. Now close the folder, r-click it and
properties, click the readonly box until the black check shows and then
apply, Now go look at the attributes of the files in that folder.

 

[PL]

Sounds good, I'll do in my machine test...then will tray to write some
malware in that folder.
I work with 250 users running win xp and I want to reduce the risk to virus
attack.
thanks again bob

 

[Plato]

I have a question, why can malware writte in system32 folder if these is
read only?, someone know?

Perhaps that's why they call it malware. Best bet is NOT to download it
or install it for best results.

 

[Bob I]

Trust me the malware WILL write to that folder. As i said, that feature
has NO effect on the attributes of the folder itself.