New .lnk type vulnerability

About 40 different Windows applications contain a critical flaw that can be used by attackers to hijack PCs and infect them with malware, a security researcher said Wednesday.

*
But although Microsoft was able to plug the shortcut hole with a patch for Windows, Moore was pessimistic that the company would be able to do the same with this vulnerability.

*

According to Moore, at least one Microsoft executable -- "explorer.exe," the Windows shell -- includes the flaw.

http://www.computerworld.com/s/arti...in_critical_bug_says_researcher?taxonomyId=85

 

Well that sucks ....

 

Applocker or Software Restriction Policy including libraries still defeats this from what I can gather from the article.

 

Good lord, who cares anymore. It seems like every week there's another damn flaw in Windows. You keep your eye on things until they patch it, and someone else comes along hollering "Found another!". I swear I'm sick of dealing with it, block this, deny that, blacklist, whitelist, anti this, proactive that. Freaking God almighty, I just want to download music, movies, games, see the sights, learn new things, you know, what the damned Internet was created for. I'm tired of manually updating on demand scanners, hearing that god forsaken "Antivirus definitions have been updated!" message 3 times a freaking day. I'm sick of hearing about how only LUA/SRP/Applocker is effective, tired of hearing about HIPs and anti-executables and...god, I'm getting a headache and becoming frustrated just writing all this.

I'd like to put the head honchos at Microsoft, Adobe, Google (for wanting so much of my damn data all the time), and who ever else has brought what used to be an enjoyable computing experience to worrying whether or not security will hold up and what vulnerabilities will be announced next week, in a single room and just backhand them all until my arm falls off from exhaustion.

 

Another one??

Wish Bill G was my uncle cause I would tell him to do sth bout it! or tell him to tell someone else to do sth about it cause it's about time folks..

Excited bout Windows 8? 8x more holes?

Life goes on...

 

serenity now, serenity now.....

 

It's likely not possible to make software without holes. The large companies are targeted because of the large user base. I think the blame everyone but the criminal attitude is a waste of energy. The problem is never going to go away. They need to crack down on the bad guys.

 

I actually view it the other way, I'm glad the bad guys keep cracking Windows, every time they patch it, it become more and more secure. Maybe one day we will live in the world of unbreakable Windows!

 

I by no means disagree with the fact that Windows is getting better because of the bad guys, I just dislike the idea that they (the bad guys) go unpunished while the software companies receive all of the hate. It's like blaming you that someone robs your house. It wouldn't matter what security you thought you had, someone could get in if they wanted.

 

I get that point, really. But, let's take Adobe for example. Exactly how many vulnerabilities should Adobe get away with having per year before the buck stops with them? Yes, punish the bad guys (that's a different topic I'll touch on in a moment), but eventually you have to realize that the bad guys aren't magicians. They can't attack holes that aren't there. It's not the fact that software is made with some holes that is the problem, no man has ever made anything 100% perfect, and never will. It's the fact that some of these holes, even after being patched, come back again, like the one in the original post. It's also the amount of holes that is the problem.

Now, the reason bad guys go unpunished so often, is simply because Congress and the court system has not caught up with the digital age. Most laws don't even mention computing or the Internet. Sure, you have the copyright police all over it, not making sure laws are truly followed, but just making sure they make a buck. And you of course have the FBI for child porn and the NSA/CIA for terrorism. But, for your "average" digital crime, like hacking, malware, even spam in a lot of ways, the laws just either aren't there, or are so simplistic and vague that loopholes ravage them into being worthless.

 

You make a good point, I don't disagree. I guess the fact is that there is no money in chasing the bad guys, which is why nobody is going to. The opportunity for money here is the software companies that want our business, and will have to make a better product to get it. Unless they want to fund the hunt for the bad guys, which their shareholders will likely not approve of.

 

No, its rather like us paying for a security system for the house; and then the house gets robbed because the security system is flawed.

The issue is that software companies have no liabilities.

Flawed software? No problemo --- ship it anyway to icrease profit. Can the software be made more secure by hiring more engineers? Sure, but lets not do that as that would reduce profit margins, if the users get screwed, thats OK as everyone is doing it and we have no liabilities.

 

LOL! Well, implement LUA/SRP just ONCE and you'll be able to sleep well as you'll be protected against most zero-day attacks. No need to bother about new vulnerabilities every other day.

 

You HAD to do that, didn't you? Lol In all seriousness, I'm on Win 7 64 Home Premium, so SRP, Applocker, all that is a no-go. LUA would screw me up so bad. For one I have TONS of personal files on my Admin account, and have no clue how I would access them from another LUA account. Also, I install and play with a lot of software, I mean, daily. I'll find new games, new apps to try out. I'm a serial downloader, I admit it. I have high doubts my P2P software would work, my security apps would work, and doubt installing things and running them would be as simple as inserting a password and away we go.

If I can be proven wrong, I'm all ears, seriously.

 

We cant help it man, SRP+LUA is like a wonderful drug, makes us feel all nice and fuzzy and secure and helpful

1. Personal files: Easy move to a different folder and add th LUA user to the list of people who can write/read that folder. Super easy.
2. P2P works flawlessly in LUA (I have used utorrent).
3. Installing software IS as easy just giving a password (eg using SuRun).
4. Security apps --- a large number of them should work, if they dont, you will still be more secure with LUA
5. SRP on home premium: That is a problem, but UAC & trustnoexe type programs can substitute.

 

So basically, move personal files I need access to out of the Admin personal folder and to a folder all its own? Also, I looked into TrustNoExe, no Win 7 support. I can't afford something like Anti-Executable at the moment as I have other places money needs to go. Any suggestions that don't involve TOO much HIPS-like decisions?

 

Regarding folders, that would be the best choice, eg, as admin creat a folder C:\MyData (or to C:\Documents and Settings\LUA\MyData where LUA is the LUA username); move all data to that folder, and then add the LUA as being able to read/write C:MyData.
At least thats how it works in XP Pro; I'd suggest you create a seperate thread for this problem where people more knowleageable in Windows 7 can answer on how to manipulate folder permissions.

Regarding TrustnoExe alternatives for Windows 7; again, please create a seperate thread so people more knowleageable in Windows 7 and SRP alternatves can answer.

 

If you're willing to install Comodo Internet Security, you can use Comodo Internet Security as an anti-executable, with few or no prompts from CIS Defense+. Personally, I use AppLocker, but I created that guide for people like dw426 who don't have access to SRP/AppLocker, or who do have access to SRP/AppLocker but prefer to be prompted for programs not on the whitelist or blacklist. The guide also shows how to optionally configure CIS for guaranteed zero prompts, exactly like SRP/AppLocker.

 

I gave up on it, Brian. I barely started following your article before Comodo started its inevitable pop-up fest. Then, once I shut it up, the entries you said to check off, to tweak, and so on, either didn't exist or the results of the tweaking weren't what you said they would be. Please don't take that as my saying YOU were wrong, any blame I have goes to Comodo. Even setting up a standard firewall in that stupid thing has given me a headache through every version.

I'm gonna look into it more, maybe just follow the post Lucy made here for Win 7 users to be able to use SRP.

 

There was a step missing in the original version of the guide that made a big difference. Other details have changed also. If set up correctly, everything in the Program Files and Windows folders should be whitelisted. I'm not sure why you'd be getting so many popups barely into the guide, since one of the early steps is to disable Defense+ until near the end of the guide. If there's something specifically wrong in the guide, feel free to post about it.

 

It was the firewall itself I think that was griping, not Def+ I THINK. I'll be honest, with Comodo, I've never been able to tell what it's saying, much less which component of the software was the one hollering at me. I followed the post word for word, but, as said, things weren't looking right. Especially when I got to the part about Allowed Files and it needing to look "just like the other two sections". Allowed Files was empty except for the * symbol you said to stick in there. Bah, I don't know Brian, maybe I screwed something up being so tired. I've been "prepping" my new LUA account for 2 hours and so far, between Prevx not working, this SRP thing making my head swim, and other things, I'm about to go back to being an Admin again. I'll hang in there a bit more.

 

The step that was originally missing did actually involve that area - it originally didn't instruct to put the * in there. The firewall is disabled in the guide early on also, so I'm not sure why it would be alerting? Hang in there....

 

Brian, in the following area:

"10a) If you want to monitor .exe, .com, .dll, and .bat files, then set the slider to Aggressive. Go to Files to Check. Delete all existing entries. Click Add -> Browse. Type * and then press Apply. Press Yes. Press OK. This step is stronger than step 10b because .dll and .bat files are monitored, but unfortunately sometimes results in "false positive" prompts - prompting when execution wouldn't truly occur.
10b) If you want to monitor .exe and .com files, then set the slider to Normal. Go to Files to Check. Delete all existing entries. Click Add -> Browse. Type * and then press Apply. Press Yes. Press OK. This step is weaker than step 10a because .dll and .bat files are not monitored, but unlike step 10a there aren't any "false positive" prompts, at least not that I've seen so far."


.DLL files are not shown in that list period, whether aggressive or normal settings are enabled. I know one place I screwed up, I kept looking for "Blocked Files" group, but neglected to ever make that group. Also, when you say "delete existing entries" do you mean the headers also, or just the grey entries underneath? I cleaned the the whole list whenever it called for deleting entries.

I've spent two hours trying to set LUA up, hopefully it'll work. For now though, it's near 4am and I was tired before I even got into this mess, lol. I'll check back later on.

 

By default, CIS has three entries in that list I believe - *.exe, *.bat, and *.com. What I intended is that the user deletes those three entries, and replaces it with one entry containing *. The * entry covers all extensions that CIS can monitor.

If you have further questions or comments, feel free to post in the separate topic that I created.