At 02:25 PM 10/1/98 -0600, listuserat_private wrote: >> ---> Problem >> Users with write access to a customized folder can replace the customized >> folder settings inserting their own "evil" files to execute code. I'd amend this to point out that users with write access to ANY directory can possibly trojan ANY user with Active Desktop enabled. >I'm not 100% sure what you can change these settings to, to lock the >machine down, nor do I have any Windows95/98 machines to play on. The best >advice would be to disable active desktop which is dog slow anyways. >Impliment system policies, and distribute a custom version of MSIE 4.01 >(via the IEAK) with this stuff turned off by default. In other words round >up the usuall suspects. Under NT, you've got a few more options - you can use the file system permissions to fix this - just create a desktop.ini file with nothing in it, and give only admins the right to change it - administrators:F, everyone:R ought to do it. Also be sure that everyone doesn't have full control on the parent directory. This is somewhat annoying, as you are allowed to customize remote folders, but there is no provision that I can see to keep users from conflicting with one another. In fact, the only safe work-around I see for this one is to pre-create the desktop.ini files for _all_ public shared directories, and set the ACL on it. Obviously, using the command line to deal with directories will keep you safe from this. IMHO, asking everyone to disable active desktop won't be effective. Tightening the security settings for the local zone would also be useful. With respect to disabling this attack on Win95, your only options are (in personal order of preference): 1) Install NT, precreate desktop.ini files and lock them down 2) Don't share anything 3) Disable active desktop I'd urge people not to dismiss this attack, as it would be fairly easy to use it to install all sorts of interesting trojans. I think the fix I'd like to see out of MS for this would be to not display any customization for any remote file system. This also gets a little interesting with NT 5.0 having the capability to mount a remote file system and map it to a directory which appears to be local. Another possible fix would be to give me the option of disabling customized directory display without disabling the desktop (which is basically how I prefer to use it). David LeBlanc dleblancat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:18:33 PDT