SecurityFocus Article


Thor Larholm from PivX Solutions has an article on SecurityFocus
that is a response to a previous
article
that claimed Linux was inherently less prone to viruses than
Windows.

My security tip for the evening
(morning): Create a program called Program.exe
and place it in the root of your C:
drive. This program should take its command-line arguments and the name of the
logged-in user, and write this info to the event log. Then if it is running
under an interactive account, it should display this information in a dialog.
The file should be ACLed so only Administrators can change it. In JScript, the
core code is as easy as:

    var
args : String[] = Environment.GetCommandLineArgs()

    var command : String = args.join(” “)

    var e : EventLog = new EventLog(“Application”)

    e.Source = “Insecure CreateProcess call”

    var name : String = WindowsIdentity.GetCurrent().Name

    e.WriteEntry(command + “rnrnRunning as: ”
+ name)

What’s the purpose of this file? Well, anytime
you run some software that has an insecure
CreateProcess
call (page 677), you will get notified and can send a bug
report to the vendor.

Comments (0)