DonationCoder.com Software > Post New Requests Here
Patch to Disable ACL access-control-lists
mraeryceos:
Any takers? Want to run with this?
Stoic Joker:
I don't think the viral problem is that bad. Most viruses are spread through social engineering. Only 3 in a decade were spread through Windows vulnerabilities, and then only if you weren't behind a NAT router.-mraeryceos (April 24, 2013, 02:32 PM)
--- End quote ---
I'm not sure on the exact numbers, but there were definitely (many) more than 3 exploited holes in Windows. Not to mention that drivebys (infected banner/ad servers) are and have been quite common for a while. To the point where there really aren't any "safe" sites ...Everybody gets a turn in the barrel as the saying goes.
Also, viruses spread through a land of fully ACL'd computers.-mraeryceos (April 24, 2013, 02:32 PM)
--- End quote ---
Yes, but those are the ones which have users with administrative rights, UAC turned off, and some pathetic attempt at a babysitter security suite AV program running (and failing) at full tilt. The bugg, when encountered executes in the context of the current user...with all of the rights and privileges that said user has. These scenario never end well...but they do pay well. ;) ...We had two customers that actually called the FBI when that screen popped up, a third called me first to see if they should call the Feds.
On the other hand...Reduced permissions work perfectly, if the user doesn't have permission to break the machine...then neither does the bugg. I just doesn't get any simpler.
mraeryceos:
I don't think the viral problem is that bad. Most viruses are spread through social engineering. Only 3 in a decade were spread through Windows vulnerabilities, and then only if you weren't behind a NAT router.-mraeryceos (April 24, 2013, 02:32 PM)
--- End quote ---
I'm not sure on the exact numbers, but there were definitely (many) more than 3 exploited holes in Windows.-Stoic Joker (April 25, 2013, 06:42 PM)
--- End quote ---
Between 2004 and 2011, there was Bifrost, Conficker, and Stuxnet. You know of other successful viruses that exploited holes in Windows? The others required social engineering.
But this is besides the point. Leave this thread for people that want ACL disabled. Obviously you are not one of them. There may be some others, so don't crowd them out. If you want to continue this off-topic conversation, send me a private message, or start a new thread where we can discuss this.
Stoic Joker:
But this is besides the point. Leave this thread for people that want ACL disabled. Obviously you are not one of them-mraeryceos (April 25, 2013, 06:52 PM)
--- End quote ---
That's true, I'm not. However I am a systems guy, programmer, and quite capable of effecting a solution if I feel that there is a legitimate (e.g. non malicious) need/use for it. Enjoy you thread...I'm done.
mraeryceos:
Reasons I gave before:
I would love a system patch to disable Access Control Lists. The patch would make the system ACE agnostic, both for files and the registry. I don't mind using a patched system file, if that is what it takes.
"why on earth would you want something like that on a live system?"
Because I like the simplicity of not having ACLs. I don't like having to wrestle with TrustedInstaller or other files or registry entries I don't have access to. Even if you use SetACL to change ACE's to allow "Everyone" with a null SID owner, the system can still change ACE's in the future.
--- End quote ---
I run with no security whatsoever (all my ACL's are set to allow Everyone), and the last virus I had was given to me on a CD in 1998 (chernobyl, which I took off before the payload went off). No malicious intent here.
Look at this guy: http://answers.yahoo.com/question/index?qid=20100328131102AA9hUGA
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version