On 2010-02-28 anonym@xxxxxxxxxx wrote: > administrator level doesnt matter much when we talk about > antivirus/firewall softwares because nowadays they have a builtin > protection that will try to prevent they get disabled, no matter what > is the user access rights over the system. if the software can be > disabled, then the flaw is in the software itself, and is indeed a > vulnerability. They're using rootkit techniques to prevent the administrator from doing what - by design and definition - he is *supposed* to be able to do. Since this is not desireable, failing to do so certainly is not a vulnerability. And no, there is no such thing as a "good" rootkit. Any administrator who willingly allows this kind of crap withing arm's length of their systems needs a good beating with a cluestick. Badly. > ps: on Windows XP users by default have admin rights when created, the > standard user is member of the administrators group. On Windows Vista > and later the standard user is admin too but the UAC forces the user > to have "user level" rights. but demonstration code has been published > to bypass this protection, then again that kind of modification (the > modification did by the sc command reflects in the registry in the > HKEY_LOCAL_MACHINE in which only admins can write data) will be > possible. Just shows what a big load of bullshit UAC is. I've been successfully using LUA for years, and I don't see any reason at all to switch to UAC. You cannot protect a system from its administrator without demoting him from being administrator. Period. And if you are going to demote him: who is going to fix your system when things go wrong? Regards Ansgar Wiechers -- "If a software developer ever believes a rootkit is a necessary part of their architecture they should go back and re-architect their solution." --Mark Russinovich
