- Related Stories
-
Group delivers definition of spyware
July 11, 2005 -
Microsoft launches anti-spyware beta
January 6, 2005
These keys are stored in the Windows Registry, a core part of the operating system that stores PC settings. Some antivirus and anti-spyware products scan the registry for malicious programs, but this new weakness allows hackers to hide the presence of their applications, according to security vendor StillSecure.
"It can be used to hide malicious programs on a system that would go undetected by security software or registry scanning tools," said Mitchell Ashley, chief technology officer at StillSecure, which is based in Louisville, Colo. Detection and cleanup could be difficult to impossible, according to StillSecure.
The SANS Internet Storm Center, which tracks Internet threats, on Thursday listed some applications that, according to reports it received, can be tricked by the longer registry keys. The list includes AdAware, Microsoft's Windows AntiSpyware, HijackThis, Norton SystemWorks 2003 Pro, Microsoft's Windows Registry Editor and WinDoctor.
"It is important for users to know if they may have a blind spot in their local system security," SANS associate Robert Danford wrote on the SANS ISC Web site. "The take-home here is that...it will be important to many to watch for product updates in the coming weeks." Danford also works for the security alert team at StillSecure.
Of most concern are the so-called "run" keys in the registry. These keys are used to start applications when a Windows PC boots. Microsoft's Registry Editor and several popular security programs won't detect the overly long entries in the Windows Registry, yet the applications will still start, according to StillSecure's Ashley.
"It would be very easy for a spyware programmer to hide a keystroke logger on your machine using this technique," he said.
Microsoft is investigating the issue, a company representative said in a statement e-mailed on Friday. The software maker notes that an attacker can't hide anything without first breaking into a system.
"This issue could not allow an attacker to remotely or locally attack a user's computer," the Microsoft representative said. "Rather, the attacker would already have to have compromised the computer or convinced the computer user to run malicious software."
According to Microsoft, the issue is not a security vulnerability, but a function within the operating system that could be misused. Microsoft said it is not aware of the trick being employed to hide software.
However, SANS on Thursday said it started to see "some possible reports of malware which utilizes this concealment technique." The organization said it expects to see that continue over the next few weeks as software makers fix their products to allow these keys to be visible.
Security monitoring company Secunia rates the Windows Registry issue "not critical." The French Security Incident Response Team also labels it "low risk."
See more CNET content tagged:
StillSecure,
malicious software,
Windows registry,
malicious program,
Registry Editor
OK, so the news states XP SP1 may be affected. You jump up and down shouting that this is proof of how bad it is. Anyone heard about any problems? The worm that never was.
Now we hear about the possibility of an issue that no one has seen, and you once again jump up and down like it is news.
Lame man. If you don?t like Windows, don?t use it. Leave the rest of us alone. Windows has 90% of the market because they make a product that fits the needs of the users; stop wallowing in sorrow because others chose an option you did not like.
OK, so the news states XP SP1 may be affected. You jump up and down shouting that this is proof of how bad it is. Anyone heard about any problems? The worm that never was.
Now we hear about the possibility of an issue that no one has seen, and you once again jump up and down like it is news.
Lame man. If you don?t like Windows, don?t use it. Leave the rest of us alone. Windows has 90% of the market because they make a product that fits the needs of the users; stop wallowing in sorrow because others chose an option you did not like.
OS off of the market. No other company in this country would be
allowed to sell such a vulnerable, faulty piece of merchandise
without suffering serious repercussions. Windows should be
recalled until such a time as it can insure better security to the
massive amounts of clientele it is responsible to.
After just last weeks Zotob fiasco, there are far too many civil,
government and corporate clients that are susceptible to attacks
from the repeated exploits of the massive amounts of
vulnerabilities found regularly in Windows.
How you can accuse Microsoft of being responsible for bugs in products they didn't even create is beyond me but of course, there was no reasoning behind it for you. You just wanted to blurt out random nonsense to show how cool you are for hating Microsoft.
Blame a company when it makes a mistake but don't just go running around like a headless chicken because it reduces the value of other people who do have actual legitimate complaints.
OS off of the market. No other company in this country would be
allowed to sell such a vulnerable, faulty piece of merchandise
without suffering serious repercussions. Windows should be
recalled until such a time as it can insure better security to the
massive amounts of clientele it is responsible to.
After just last weeks Zotob fiasco, there are far too many civil,
government and corporate clients that are susceptible to attacks
from the repeated exploits of the massive amounts of
vulnerabilities found regularly in Windows.
How you can accuse Microsoft of being responsible for bugs in products they didn't even create is beyond me but of course, there was no reasoning behind it for you. You just wanted to blurt out random nonsense to show how cool you are for hating Microsoft.
Blame a company when it makes a mistake but don't just go running around like a headless chicken because it reduces the value of other people who do have actual legitimate complaints.
(Admin) to add a Run key to the Registry?
Oh yeah, the solution is to keep running as Admin, and purchase
additional anti-Apyware software.
Morons.
(Admin) to add a Run key to the Registry?
Oh yeah, the solution is to keep running as Admin, and purchase
additional anti-Apyware software.
Morons.
said in a statement e-mailed on Friday. The software maker
notes that an attacker can't hide anything without first breaking
into a system."
Another laugh out loud statement from the inept people at
Microsoft. 'Breaking into" their crummy OS doesn't appear to be
a big problem for hackers. What makes this story even more
amusing is that MS that is designed to detect attacks are part of
the problem.
The shear volume of security issues and almost weekly alerts
makes me think that MS employees are either really poor
programmers, building in back doors on purpose, or just don't
care.
I don't remember MS being on a list of great places to work.
According to Microsoft, the issue is not a security vulnerability, but a function within the operating system that could be misused.
just read it out loud for a little chuckle.
said in a statement e-mailed on Friday. The software maker
notes that an attacker can't hide anything without first breaking
into a system."
Another laugh out loud statement from the inept people at
Microsoft. 'Breaking into" their crummy OS doesn't appear to be
a big problem for hackers. What makes this story even more
amusing is that MS that is designed to detect attacks are part of
the problem.
The shear volume of security issues and almost weekly alerts
makes me think that MS employees are either really poor
programmers, building in back doors on purpose, or just don't
care.
I don't remember MS being on a list of great places to work.
According to Microsoft, the issue is not a security vulnerability, but a function within the operating system that could be misused.
just read it out loud for a little chuckle.
Mr. AT Alishtari, POA and Founder EDI Secure LLLP, sees the corruption in software as endemic to the IT and he hears programmers call for any IT companies to be liable for flaws or misuse of benign aspects of software programming.
At the same time, IT giants may not intentionally cause damage, the question remains should they somehow be liable for damages understanding that the cyber mafias though transparent to inspection are clearly here to stay and they offer patches that keep failing.
Our company solution is to keep as much public and private ID offline obeying US Dept of Commerce NIST level 4 authentication standards that sets two factor authentication with an offline device as top US policy standard last month. This does not affect all other viruses on extant IT software systems so the problems persist.
intact under just about any circumstance. It is reasonable to
assume that that they will do little or nothing that would affect
their livelihoods. Hence, they will keep secrets no matter what
from the general public. It is a very human response and I don't
fault them for it. It does, however, anger me.
But what is troubling about IT personnel worldwide is the almost
maniacal behavior they exhibit when confronted with obviously
true facts about Windows security issues. I fear that these more
"hard core" MS IT personnel will literally sell out the rest of the
online population just to prove that Microsoft products are safe
and secure. Which, I think we all know by now after years of
repeated problems, they are most definitely not.
MS systems that harbor data about our lives are managed by IT
staffers that have a vested interested in not upsetting their
Microsoft apple carts (no pun intended). I think we all have a
vested interest, no matter what platform we may work on, in
holding IT and the Microsoft company responsible for doing
EVERYTHING possible to keep our digital livelihoods safe. To
date, the record indicates that IT personnel and MS do not hold
that trust very seriously.
A year ago, January 2006, EDI Secure LLLP was purchased by IDPixie LLC which owns the patent US 6,598,031 B1 granted on July 22, 2003 for APPARATUS AND METHOD FOR ROUTING ENCRYPTED TRANSACTION CARD IDENTIFYING DATA THROUGH A PUBLIC TELEPHONE NETWORK from inventor Jeffrey Ice. So to update EDI Secure LLLP's place in the marketplace, I add the above and below data.
My Pledge
I, Mr. Abdul Tawala Ibn Ali Alishtari, pledge my Foundation to halt child slavery activities including his Global Peace Film Festival, Inc., at www.peacefilmfest.org. I pledge moral support of legal, peaceful activities and my non-profit gifts offshore, onshore and globally, primarily with philantrophy from my personal investment to help halt all fraud, violence and scams hurting innocent children, women and families so help me God.
Mr. AT Alishtari, POA and Founder EDI Secure LLLP, sees the corruption in software as endemic to the IT and he hears programmers call for any IT companies to be liable for flaws or misuse of benign aspects of software programming.
At the same time, IT giants may not intentionally cause damage, the question remains should they somehow be liable for damages understanding that the cyber mafias though transparent to inspection are clearly here to stay and they offer patches that keep failing.
Our company solution is to keep as much public and private ID offline obeying US Dept of Commerce NIST level 4 authentication standards that sets two factor authentication with an offline device as top US policy standard last month. This does not affect all other viruses on extant IT software systems so the problems persist.
intact under just about any circumstance. It is reasonable to
assume that that they will do little or nothing that would affect
their livelihoods. Hence, they will keep secrets no matter what
from the general public. It is a very human response and I don't
fault them for it. It does, however, anger me.
But what is troubling about IT personnel worldwide is the almost
maniacal behavior they exhibit when confronted with obviously
true facts about Windows security issues. I fear that these more
"hard core" MS IT personnel will literally sell out the rest of the
online population just to prove that Microsoft products are safe
and secure. Which, I think we all know by now after years of
repeated problems, they are most definitely not.
MS systems that harbor data about our lives are managed by IT
staffers that have a vested interested in not upsetting their
Microsoft apple carts (no pun intended). I think we all have a
vested interest, no matter what platform we may work on, in
holding IT and the Microsoft company responsible for doing
EVERYTHING possible to keep our digital livelihoods safe. To
date, the record indicates that IT personnel and MS do not hold
that trust very seriously.
A year ago, January 2006, EDI Secure LLLP was purchased by IDPixie LLC which owns the patent US 6,598,031 B1 granted on July 22, 2003 for APPARATUS AND METHOD FOR ROUTING ENCRYPTED TRANSACTION CARD IDENTIFYING DATA THROUGH A PUBLIC TELEPHONE NETWORK from inventor Jeffrey Ice. So to update EDI Secure LLLP's place in the marketplace, I add the above and below data.
My Pledge
I, Mr. Abdul Tawala Ibn Ali Alishtari, pledge my Foundation to halt child slavery activities including his Global Peace Film Festival, Inc., at www.peacefilmfest.org. I pledge moral support of legal, peaceful activities and my non-profit gifts offshore, onshore and globally, primarily with philantrophy from my personal investment to help halt all fraud, violence and scams hurting innocent children, women and families so help me God.
So the adware/spyware people have found another way to exploit people who click on any flashy thing they see on the internet or in their email? Who cares??
with this issue.
So the adware/spyware people have found another way to exploit people who click on any flashy thing they see on the internet or in their email? Who cares??
with this issue.
was feeling with this latest news. I find the internet full of
"weather" like we have with hiurricanes lately, interesting and
always changing. I realize that the tide is swayed by daily,
weekly mutations of attacks on Windows, its scary that we rely
on this software so much. God help us if there are any "more
mission critical systems" out there than DMV or banking. Air
traffic, Fire and Police Rescue spark the mind to wonder what the
"real cost" of a Blue Screen of Death really is. I would guess that
there are numerous instances of it happening already in our
world, but its suppressed, or left out of the news. To keep
letting Microsoft "off" with shoddy designs, blatant idea theft,
exclusive bundling, and poor business ethics is bordering on the
"Ford Pinto" debacle if their past, is any indication of the future. I
do think that many IT staff are hamstrung with the fact they use
it, and are required to go along with it, surely after years they
would have heard, or seen other options besides Windows. I can
see how they coan be "codependent" on their carrer worth a a
patch master for propping up Microsofts weakenesses, theres
certainly a future in it for them. Thanks Carl for the many
insightful posts.
- This was one of the best posts, funny too.
-
by educateme
August 29, 2005 5:36 PM PDT
- I had to read all the posts to get a feel for what the community
-
Reply to this comment
-
(62 Comments)was feeling with this latest news. I find the internet full of
"weather" like we have with hiurricanes lately, interesting and
always changing. I realize that the tide is swayed by daily,
weekly mutations of attacks on Windows, its scary that we rely
on this software so much. God help us if there are any "more
mission critical systems" out there than DMV or banking. Air
traffic, Fire and Police Rescue spark the mind to wonder what the
"real cost" of a Blue Screen of Death really is. I would guess that
there are numerous instances of it happening already in our
world, but its suppressed, or left out of the news. To keep
letting Microsoft "off" with shoddy designs, blatant idea theft,
exclusive bundling, and poor business ethics is bordering on the
"Ford Pinto" debacle if their past, is any indication of the future. I
do think that many IT staff are hamstrung with the fact they use
it, and are required to go along with it, surely after years they
would have heard, or seen other options besides Windows. I can
see how they coan be "codependent" on their carrer worth a a
patch master for propping up Microsofts weakenesses, theres
certainly a future in it for them. Thanks Carl for the many
insightful posts.