Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: when will AV vendors fix this???
From: Bipin Gautam (gautam.bipingmail.com)
Date: Mon Aug 07 2006 - 21:09:13 CDT
> This is similar to the problem of alternative data streams.
> Essentially, the work needed to solve this problem isn't worth the
> expenditure of time and effort, because the file, in order to infect the
> system, has to be executed. Once the file is executed "normal"
> on-access scanning will catch the exploit *if* it is known. (If it's
> unknown, it doesn't matter anyway.) Yes, on-demand scanning won't "see"
> the file, but even malicious files are benign until they are run.
i still insist, it might be a minor glitch to NOT ALLOW even admins to
access a private file directly, but it isn't an issue with windows at
I thought the the files should be accessed via "SeTcbPrivilege" BUT it
but hey, most of "the file undelete utilities" already do this.....
if you try reading/copying a EXISTING file (via sys admin privilage)
using (say Restorer2000 Demo) it effectively bypasses file permission
regardless if it...... & can read the file! there must be another
undocumented? API doing this???
another note, even WINDOWS ONECAIR is pron to this bug.