> It appears that the Processes tab is doing a simple filename-based > search, and the Applications tab isn't doing any search at all. > (After all, the 'critical system processes' like Winlogon would never > show up in the Applications tab in the first place, since they don't > have top-level windows associated with them.) Little mistake here. Winlogon _has_ top-level window, its just invisible. You may make it easilly visible with tools like showin.exe (you will find more such windows, most are in Explorer process). See Microsoft 01-007 security bulletin, how this can be exploited. > At the very, very least, the Task Manager should be making this check based > on the full pathname of the process, not just the filename; an > application running in C:\TEMP is highly unlikely to be a critical > system process... Agree. regards B.
This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 07:42:34 PDT