Main Area and Open Discussion > General Software Discussion

Windows 7 — first impressions

<< < (11/18) > >>

MilesAhead:
MilesAhead: you might not be able to directly read the password in plaintext, but since it's an automated method, what stops you from simply copying the encrypted password and using the sudo tool to launch other stuff?
-f0dder (December 03, 2009, 04:11 AM)
--- End quote ---

What stops you is the algorithm isn't that simple.  Your password as well as the program/batch commands executed are calculated into a string that's unique for each shortcut created(unless perhaps you created identical shortcuts.)  The server decrypts the password and the info about the command and matches them up.  If you made a batch file with "del c:\windows\temp\*.tmp"  and then used the password string generated with a shortcut that used the command "del c:\windows\system32\*.dll" it would not work.

The author said it's not bullet-proof but it's something.  If we really want to get into it, typing in the password by hand you could have a key logger or even a listener for electronic noise that would know which keys are pressed.  Depends how paranoid you are.  Don't use the automated method for anything really critical. It's just a convenience.  Back then there weren't a lot of utilities such as CCleaner as I recall.  You pretty much did it manually.  There's exponentially more freeware available these days.


Anyway, I'm just going from memory back in the 1990s. I think the programmer gave up on it around 2005 or so. On most machines the gaping whole in security is the computer case.  Rip it open.  Take HD.  Info gone.

f0dder:
Ah, hashing the command and using that as part of the encryption key at least makes the very-trivial attack impossible - at least that's something.

MilesAhead:
Ah, hashing the command and using that as part of the encryption key at least makes the very-trivial attack impossible - at least that's something.
-f0dder (December 03, 2009, 01:16 PM)
--- End quote ---

Like I said, it's a convenience for taking out the trash.  Not something to connect to your bank account. :)

J-Mac:
OK - only three days on Windows 7 and already I am turning UAC off. It does NOT only pop when an installer is started; it pops every time I open Everything, and many times again when I simply try to maximize Everything from the system tray. Same thing for Chameleon Startup Manager, and a few others. I tried setting them as opening with admin rights, didn't help w/the popups.

There is no reason for me to be irritated in this way. Sorry folks, I've read about as much as I can on UAC, but it's getting the fourth option here.

Jim

4wd:
OK - only three days on Windows 7 and already I am turning UAC off.-J-Mac (December 10, 2009, 11:10 PM)
--- End quote ---

Wow, you really stuck it out....it lasted all of 60 minutes on my machine.

And it's extremely annoying how things just do not want to work under Win7, whereas they work fine under XP with a minimum of fuss.

eg. I have a G15 keyboard, I run LCDMisc, (Run As Admin), to provide feedback as to what a daemon is doing on another machine on the LAN - it also uses the multimedia keys to control the daemon.  Works fine under XP, push a key the daemon stops, push it again it resumes.

On W7 it just happily ignores the keys, I don't use the default firewall and LCDMisc has full access through Outpost - I'm sure this will turn out to be something really simple under W7, I just have to have the patience and time to work out what but in the meantime it's just really annoying.

Navigation

[0] Message Index

[#] Next page

[*] Previous page