RBL's Profile

Member since March 30, 2007

  • Name

    RBL

Favorite Files

Recent Posts

  1. Comment - Vista Can Be Taken Down by an Animated Cursor

    (Mar 31, 2007 - 10:58 AM)

    BWWWAAAAA!!!!!

    Completely overblown. Read the comments on the post.

    Yes, it's an issue that should be fixed. No, it doesn't crash the OS, but rather, the shell. Anyone can crash Explorer without malware.

    Heck, I can simply load some commercial apps -- like McAfee's own bloated antivirus -- and crash Explorer.

    It's also not clear if UAC was disabled, and if it was, how Explorer would behave with UAC enabled.

    Lastly, if you run Explorer as a separate process -- which is not the default -- an Explorer crash will not destabilize the system.

    From a rational comment on the blog:
    >>>
    While the core vulnerability exists in Vista, it is mitigated by several factors; IE7 Protected Mode (via the MIC model wherein IE7 runs with low integrity, and communicates with higher integrity components through a broker process, thus protecting the shell and other processes from this attack) and by UAC which, even if IE Protected Mode is disabled, will only allow the exploit the privileges of a standard user, making it far easier to recover from an attack.

    Also, this video is not showing an OS crash-restart as is claimed but is showing a shell (explorer.exe) crash restart. Launch taskmanager from the winlogon desktop, starting a command prompt and delete the offending file from the profile desktop folder. If a trojan was installed, provided UAC is enabled, and this attack was instigated from a non-elevated process, the scope would be limited to user profile autostart entries in the registry and AV/anti-malware would easily mitigate (or one could easily manually remove the malware via autoruns or similar tool).

    On XP this is a far more serious issue as those protection mechanisms don’t exist and the user is likely running with unrestricted admin privileges. In short, highlighting Vista may make for more dramatic coverage, but ultimately Vista’s default security settings and mechanisms work to mitigate this vulnerability exactly as advertised.