Okay, can you please explain to me exactly what this thing is doing that a user couldn't do himself/herself? How do you expect the operating system to differentiate a user opening a socket and joining an IRC channel from an automated file doing the same thing?
You note that there is no virus protection on the machine and then criticize that your virus-like theoretical activity wasn't prevented. Second, you say that you would send this to a "galoot" via e-mail. Have you actually attached this thing to an e-mail and sent it? You know, of course, that many e-mail clients would strip such an attachment, as would many servers if the file contained an actual virus. I also note that you're not identifying anything that is happening that should be prevented by the operating system. The OS should allow a user to write to his/her own profile and HKCU (and it's Microsoft, not Mircosoft. ;-) ). You tested on a build that has been superceded not once, but twice now (Vista is at RC1 and you tested on B2), but still, I'm not getting exactly what you think the issue here is. Your testing didn't include any actual compromise of the operating system, nor did you perform any testing of code/commands that should have been *blocked*. You simply did the equivalent of what a user could do in the course of normal activity. Saying that this could be "exploited" is not the same as proving that it could, and I don't see anything indicating that you proved such. Why don't you put this in an isolated environment and attempt to construct a DoS attack based on your "pseudo-trojan"? You might find yourself surprised. :-) Laura > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] > Sent: Thursday, September 28, 2006 3:53 PM > To: [email protected] > Subject: How can this happen with Windows Vista? > > Hello, > > > I wrote a little article about how easy it was for me to > create a "pseudo trojan" which uses a fresh installed Windows > Vista with all recommended Security Essentials turned on and > a User Account without administrative privileges as a part of > a botnet for Spam or even DDoS attacks. I would like to > discuss why it is still so easy to exploit a Vista system > like this and what you think about it. > > > Best Regards > > Gerrit > > > http://www.texo-design.de/Vista.pdf > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > ------------- > --------------------------------------------------------------------------- ---------------------------------------------------------------------------
