Qs about DropMyRights

Sadly true. Some experts today talk about the end of network security.
A workaround for this: don´t put the localhost on the trusted IPs of your firewall.

 

Yes indeed. I would actually say that the workaround is more to focus on having a well configured firewall than any one configuration. I think that focusing on single solutions for single problems is really where problems like these come from.

As an example of what I was talking about, however, someone could potentially conntect to your system anonymously and disable your security software and/or access your files without ever loading any code onto your system. At that point, your behavior blockers are useless. There are thousands of ways that an attack can happen, and behavior blockers only focus on a very limited set of them. This still leaves lots and lots of room for new threats to penetrate... and do so using means that were once considered very basic. If you managed to get a rootkit on your system, there's lots of things the attacker could do without ever tripping an alert from a behavior blocker. And there's lots they could do to make that rootkit look like something legitimate to anyone that's not a malware expert.

 

OK thanks for the feedback Notok, but how exactly can I access this "network redirector" tool in XP? And are there any tweaks that can fix this problem? Like for example this one?

 

It's not a tool as much as a service/resource

http://en.wikipedia.org/wiki/Network_redirector

Like I say, tighten up your firewall configuration and do some hardening. For hardening, gpedit.msc is an ideal place to start as it lets you control some of what can and cannot be accessed remotely, and whether null sessions can be established (and what can be accessed through a null session). And, of course, a good password... unless you have no physical security concerns, in which case a blank password may be better.

 

I don´t get it, according to the article you can "access the same directory via the network redirector", so is this possible or not? And are there any specific settings that I should "harden"? I do have my system hardened by tools like SafeXP, Samurai and XP-Antispy, is this enough?

 

Normally, your firewall puts 2 IPs in the trusted/safe zone: the localhost (127.0.0.1) and the IP assigned by your router (DHCP on). This means that all access to those IPs are unrestricted.
If you set your firewall to prompt you every time an application access the localhost by deleting 127.0.0.1/loopback from trusted IPs, you are protected. Create specific rules for the apps which need localhost communication (Proxomotron, webshields, etc)
BTW, GeSWall is not vulnerable to this trick