Virus Guy <Virus@Guy.com> wrote in news:5078338A.DA47D3A9@Guy.com:

> FromTheRafters wrote:
>
>> > I took calc.exe, copied it to somewhere else outside of
>> > c:\windows, renamed it to mp3, and it took on the VLC icon.
>
> (and it doesn't execute as an exe file when renamed to .mp3)

on smarter OSes that know to check the file header and not assume by
extension alone, it runs. As it's an exe.

> So you think that from a vulnerability pov, that an OS can run an
> executable even when it's given some other extension is a "good
> thing" (tm) ?

The newer OSes are analyzing the internal file header and making
decisions based on that. That's not a vulnerability or an exploit in an
of itself. You can do the same with win98, just not as easily.

> This is another reason why the NT line of Windoze sucks.

For properly analyzing a file header? I'm sorry, you seem to be
confused here.

> When a malicious process or mechanism has deposited an executable
> file onto a system, and given the file some innocuous extention (like
> .txt or .jpg), I'll take win-98 any day over NT because win-98 will
> apparently NOT be tricked into running the malicious file.

Nope. You're wrong. Win98 won't run the "txt" exe, but the program that
dropped it can any time it likes. It can even include a start command
run line in your registry or a batch file and place it in one of several
locations. Then easily force you to reboot; your win98 box is crash
happy. I can force a blue screen in 6 lines of assembler.

All it really need do is call itself explorer.exe in root and it's
guaranteed! to run when you restart.

I haven't even touched on the hidden extensions trick. "calc.txt.exe"
then be sure to hide known file extensions is toggled in the registry.

Windows98 machines are so damn open, you can configure whatever you
want, and force the user to reboot when YOU want them to execute your
new additions and modifications. No user rights to deal with, no real
concept of file permissions.. Basically, nothing stopping a rogue
program from 0wning the place. Outright.

It'll appear to be calc.txt, but will execute if clicked.


> If you think it's a good idea that an OS can still know that a
> mis-named file is an executable file, and ->run the file when
> instructed to handle it<- - you should explain why you think that's a
> good idea from the pov of either the OS or the user.

I think the OS should treat the file as it's file header intended.
Proper file permissions and security policies in place can keep a
harmful file from doing much harm.




--
There ain't no rest for the wicked. Money don't grow on trees. I got
bills to pay. I got mouths to feed. Ain't nothing in this world for
free. Oh No. I can't slow down, I can't hold back though you know I
wish I could. Oh no there ain't no rest for the wicked, until we close
our eyes for good.