"Matthew Murphy" <[EMAIL PROTECTED]> wrote: <<humungous snip>> > > Really simple change MS could do that would instantly make ALL their > > software more secure (not secure but more secure than it is). Have it > > install to random paths. So instead of everyone knowing right where the > > directories are, each program would install to a random named directory > like > > /program files/program88475 where the number is random. Now things like > > codered would have failed along with dozens of other exploits that rely on > > knowing the path. So simple yet this thought has escaped MS thus far.. > > Code Red wouldn't have failed -- possibly Nimda, but not Code Red. In > addition, this kind of thing inhibits the ability to quickly reproduce > changes on multiple machines -- essential for patching. And, if one was to > install in such a manner, the information about the paths would have to be > kept *somewhere* in order to locate the program again. Once again, the > system is exploitable.
True, but it is not being suggested as a panacea or fix-all. It is yet another simple way to raise the bar. Don't install the OS into (C:)\WINDOWS (or \WINNT or other "too obvious" things like WIN2000, WIN2K, WINXP, etc, etc, etc) and relocate "critical" install directories such as "Program Files and so on. Yes, that information has to be stored in the registry and thus can (and must) be returned by all manner of APIs available to all manner of code, BUT it still beats lots of exploits "abstracted" from those APIs. For example, an awful lot of IE vulns can only be easily (and thus "usefully") leveraged because it is (well, was -- this is a Win9x example) easy to assume that any kind of program code that could be dropped into c:\windows\start menu\programs\startup would be run next startup. Finding the actual location of the startup folder was beyond the exploit because it was running in an environment that could not query the registry or other system APIs that would reveal the location. In short, it's about hardening against exploitation rather than about making a machine exploit proof as the latter is an ideal rather than a realistic goal. Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
