On 2010-02-17 barkley@xxxxxxx wrote: > I've detailed below just how easy (too easy) it is to circumvent the > security of the following critical security services. Thus can't now > become can! > > It goes without saying that malware on entering a system by whichever > means, and on detecting critical security services, can now even more > easily (automated/scripted) disarm critical security services, just by > modifying unprotected registry entries, for whatever malevolent > purposes. > > I've created registry entries (I can send these to you should you be > interested) to demonstrate just how easy it is to circumvent the > security of these critical security services, which unfortunately is > all too easily a very effective way of immobilising critical security > functions i.e. firewall, antivirus etc. This in my opinion is > certainly not a vulnerability nor a flaw so to speak, but rather a > functional design oversight? Unless you give details on what you actually did, any discussion is rather futile. I do have a feeling, though, that the modifications you made require administrator privileges. In which case there isn't any kind of vulnerability or security flaw. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
