W2k: Unkillable Applications

From: Thomas Zehetbauer (thomaszat_private)
Date: Mon Jul 16 2001 - 09:59:21 PDT

Next message: Pavel Kankovsky: "Re: SECURITY.NNOV: directory traversal and path globing in multiple archivers"

Previous message: Michael Wojcik: "RE: Messenger/Hotmail passwords at risk"
Next in thread: Snow, Corey: "RE: W2k: Unkillable Applications"
Reply: Snow, Corey: "RE: W2k: Unkillable Applications"
Reply: Chad Loder: "Re: W2k: Unkillable Applications"
Reply: Frank Breedijk: "RE: W2k: Unkillable Applications"
Reply: Kaido Karner: "RE: W2k: Unkillable Applications"
Reply: Wannemacher, Eric: "RE: W2k: Unkillable Applications"
Reply: Snow, Corey: "RE: W2k: Unkillable Applications"
Reply: Red Wolf: "RE: W2k: Unkillable Applications"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Task Manager in Windows 2000 refuses to kill any process named
- winlogon.exe
- csrss.exe
- smss.exe
- services.exe
showing a message box stating that this is a critical system process and
cannot be ended by task manager.

Although these processes were and are still protected by their ACL (Access
Control List) Microsoft is now using case-insensitive string comparison to
determine whether a process belongs to the operating system.

You can now call you favorite trojan winlogon.exe and task manager will not
only refuse to terminate it but will also incorrectly state that it is a
critical system process.

Regards
Tom

-- 
  T h o m a s   Z e h e t b a u e r   ( TZ251 )
  PGP encrypted mail preferred - KeyID 96FFCB89
       mail pgp-key-requestat_private

application/pgp-signature attachment: stored

Next message: Pavel Kankovsky: "Re: SECURITY.NNOV: directory traversal and path globing in multiple archivers"
Previous message: Michael Wojcik: "RE: Messenger/Hotmail passwords at risk"
Next in thread: Snow, Corey: "RE: W2k: Unkillable Applications"
Reply: Snow, Corey: "RE: W2k: Unkillable Applications"
Reply: Chad Loder: "Re: W2k: Unkillable Applications"
Reply: Frank Breedijk: "RE: W2k: Unkillable Applications"
Reply: Kaido Karner: "RE: W2k: Unkillable Applications"
Reply: Wannemacher, Eric: "RE: W2k: Unkillable Applications"
Reply: Snow, Corey: "RE: W2k: Unkillable Applications"
Reply: Red Wolf: "RE: W2k: Unkillable Applications"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 16 2001 - 13:48:10 PDT