BOClean, WMF and Limited User Accounts?

You have to spell it out more for me Controller. What exactly does your rant have to do with

1) This thread

and now

2) The link to the keylogger.

 

DA

Was this thread about limited user account? I thought that was the same as usermode.

The link to the new keylogger source code and story shows that you do not need to use a DLL in kernel mode.

He was talking about the new MS flaw and a limited account. I only mentioned
while I kept saying you were not safe in usermode, everyone was saying you were just fine. I may have even said a kernel mode rootkit can be installed via usermode.

I don't know, maybe I just like to argue

 

Well i dont think the concept of usermode maps perfectly to limited user. Ditto for mapping for kernel to admin. Your statement for example about DLL in 'kernel mode' only makes no sense to me.

I'm hardly the biggest defender of limited accounts on this forum but i think even the most zealous defender would hardly dare claim 100% security in limited user accounts, just a limitation of exposure and migiation of damge if exposed.

For example without even testing it was clear to me the wmf exploit was not stopped by using LUA per se. I tested it just to be sure of course. Still when using LUA the damge is largely mitigated for most payloads. And even if the payload was customised for LUA , damage is easily contained within the account. Compromising an admin account, however would compromise the whole system.

Controller, Methinks you need to get more education on what exactly limited accounts entail rather than some vague idea about user mode versus kernel....

 

Well DA I don't think I need any more education then you have my friend.

I do know a bit about limited user accounts and usermode compared to Kernel mode and know I have been talking about it long for you came here unless you are
someone registered here that only like to argue as you do or shall we say debate?
Looks like you and I got a long going fued ey? LOL

Oh heck I may give in but not likely.

Those here should look at all my posts from the past and then look at yours.

Shall we duel at noon? sun in ur face?

Or shall we sit by a warm fire drinking burbone and chat about world issues? OR women?

 

That isn't saying much. since i need a lot of education...

Yes i have being here a while. Your join date predates me by about 3-4 months. I think. I may have being here earlier, i misremember...

I do enjoy reading about how you forecast some trend (rootkits in windows, Limited user accounts, etc) way back in 2002, before anyone else even noticed them. You have great vision indeed, I never did have such a skill.

So any predictions for 2006? That you can astonish us with by your accuracy and insight?

Feud? I consider you one of my 'bestest' friends. If there is any perception of a feud, i submit it mostly one sided

I wouldn't dare. After all i'm talking to one of the wise old ones, one of the shakers and movers of Wilders, not merely a simple opinion leader, but one who is steeped with forbidden knowledge about the hacker world (how else would one know Regrun Plat can beat all known versions of Hackedefender?).

Compared to your knowledge and skill i'm but a noob.

 

Thanks DA

But just cause I knew how to use netstat in the 90's doesn't make me a pro

I am guessing I cam here for a while before registering also.
I can not believe we now have over 40,000 registered users.

You aks for predictions? I can only do that after a half bottle a burbon installing my Karnak hat.

I knew you were not one of the original controler haters because I hosted a download site for LockDown2000 and said it was ok to use Norton.

Gee I wonder what Paris is doing these days?

Hasn't it been a wild ride?

con