You do not need to overwrite system DLLs (which would be detectable). You merely need to inject/change code on a loaded shared code segment. Granted, you still need a privilege escalation exploit to be able to do so initially. This is not a common exploit because, while not particularly difficult (assuming you have a valid initial escalation method), it is not needed by the majority of miscreants who are merely trying to sell more Viagra or perform other trivial exploits such as blast spam or steal banking credentials -- the sort of people who write malicious code that anti-virus and IDS are designed to protect against and is very quickly upon arrival on a system because it is usually pretty badly written, obnoxious, noisy and creates -- as you so colourfully describe -- a shambles.
Using terminology such as "security barrier" indicates a deeper interest in the security of the system than merely protecting against such pests. People who write such exploits are not in the business of creating "shambles", and they are usually not detected for years or decades. Lately the detection response of these sorts of hackers has become one of scorched-earth, leaving the victim with nothing against which to perform forensic analysis and completely preventing the mounting of any sort of future defense, or discovery of what was stolen or modified. --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org > -----Original Message----- > From: sqlite-users-boun...@sqlite.org [mailto:sqlite-users- > boun...@sqlite.org] On Behalf Of Igor Tandetnik > Sent: Friday, 14 June, 2013 07:56 > To: sqlite-users@sqlite.org > Subject: Re: [sqlite] sqlite security > > On 6/14/2013 9:44 AM, Keith Medcalf wrote: > > Some Operating Systems (such as any version of Microsoft Windows) cannot > be protected from these sorts of attacks, so if you are running Windows, > then you probability of compromise is 100%, and the estimated lifetime of > your "security barrier" is zero. > > Citation needed. A low-privilege process cannot overwrite system DLLs on > Windows. How come microsoft.com and other Microsoft's web properties are > not lying in shambles? Windows is not nearly as bad as you make it out > to be. > -- > Igor Tandetnik > > _______________________________________________ > sqlite-users mailing list > sqlite-users@sqlite.org > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
