AOH :: HP Unsorted C :: BU-1819.HTM

Windows XP Circumventing Critical Security



Circumventing Critical Security in Windows XP
Circumventing Critical Security in Windows XP



Hi,


I've detailed below just how easy (too easy) it is to circumvent the security of the following critical security services. Thus can't now become can!

It goes without saying that malware on entering a system by whichever means, and on detecting critical security services, can now even more easily (automated/scripted) disarm critical security services, just by modifying unprotected registry entries, for whatever malevolent purposes.

I've created registry entries (I can send these to you should you be interested) to demonstrate just how easy it is to circumvent the security of these critical security services, which unfortunately is all too easily a very effective way of immobilising critical security functions i.e. firewall, antivirus etc. This in my opinion is certainly not a vulnerability nor a flaw so to speak, but rather a functional design oversight?

I've verified this against the following with success. After these registry modifications have been effected and the system rebooted, these critical services will be disarmed.

BlackICE
McAfee
Pointsec
ISS Proventia
ZoneAlarm

On successfully disarming these security services, one could also use the following to then further manipulate the drivers & services, by reconfiguring their startup parameters to 'manual' and not 'automatic', or just disable them alltogether.

i.e. The following will reconfigure the startup parameters to 'manual' and not 'automatic' (default)
C:\>sc config VPatch start= demand
C:\>sc config BlackICE start= demand
C:\>sc config McShield start= demand
C:\>sc config McTaskManager start= demand
C:\>sc config McAfeeFramework start= demand
C:\>sc config Pointsec_start start= demand
C:\>sc config Pointsec start= demand


Cheers

Andrew Barkley
(-_-)

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.