From: "Geo" 

This is a multi-part message in MIME format.

------=_NextPart_000_0091_01C5B9BE.8B7E1D30
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I don't need a specific scenario, my point is the easier it is to defeat =
a firewall the more likely that it will be defeated and using clear text =
registry entries to allow programs to bypass the firewall is about as =
easy as I can imagine.

What exactly is the problem with having the firewall encrypt those =
entries or at the least when it detects a change to request a password =
from the user as authorization for the change as an on by default =
feature?

Or is it Microsoft needed a simple way to allow software vendors to = phone
home without the users permission?

Geo.
  "Rich"  wrote in message news:4328dd69$1{at}w3.nls.net...
     Just to make this clear.  You are not changing your complicated =
scenario from one where adobe pdf javascript can run an arbitrary EXE to =
one where it can run only tftp plus whatever exe you use tftp to =
download.  Wow.  Can you make this even more silly and still keep a =
straight face?

  Rich

    "Geo"  wrote in message =
news:4328dbce$1{at}w3.nls.net...
    tftp.exe is not arbitrary, it's a known executable in a known =
location. If
    Windows installed in a arbitrary directory (ie if it picked a random =
string
    for the directory name during install) this would not be the case =
and so it
    would make hacking via this technique a whole lot tougher. =
Encrypting the
    registry entry data for the firewall, even if it's only complicated
    obfuscation can make it a whole lot tougher as well.

    Windows doesn't need to be hackproof, it just needs to be a =
nightmare to
    hack, once it's not any fun to hack the hackers will move to =
something else.
    But if you make it easy, well then the path of least resistance..

    Geo.

    "Rich"  wrote in message news:4328c2cf{at}w3.nls.net...
       If you have code running that can run an arbitrary EXE like tftp =
than you
    already own the machine.  You are trying to contrive something =
complicated
    only to try and show that your complicated scenario is a sham.

    Rich




------=_NextPart_000_0091_01C5B9BE.8B7E1D30
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








I don't need a specific scenario, my =
point is the=20
easier it is to defeat a firewall the more likely that it will be = defeated and=20
using clear text registry entries to allow programs to bypass the = firewall is=20
about as easy as I can imagine.
 
What exactly is the problem
with having =
the=20
firewall encrypt those entries or at the least when it detects a change = to=20
request a password from the user as authorization for the change as an = on by=20
default feature?
 
Or is it Microsoft needed a =
simple way to=20
allow software vendors to phone home without the users =
permission?
 
Geo.

  "Rich" <{at}> wrote in message news:4328dd69$1{at}w3.nls.net...
     Just to
make this =
clear.  You=20
  are not changing your complicated scenario from one where adobe pdf =
javascript=20
  can run an arbitrary EXE to one where it can run only tftp plus =
whatever exe=20
  you use tftp to download.  Wow.  Can you make this even more =
silly=20
  and still keep a straight face?
   
  Rich
   
  
    "Geo" <georger{at}nls.net>=20">mailto:georger{at}nls.net">georger{at}nls.net>=20
    wrote in message news:4328dbce$1{at}w3.nls.net...tftp.exe=20
    is not arbitrary, it's a known executable in a known location. =
IfWindows=20
    installed in a arbitrary directory (ie if it picked a random =
stringfor=20
    the directory name during install) this would not be the case and so =

    itwould make hacking via this technique a whole lot tougher. =
Encrypting=20
    theregistry entry data for the firewall, even if it's only=20
    complicatedobfuscation can make it a whole lot tougher as=20
    well.Windows doesn't need to be hackproof, it just needs to =
be a=20
    nightmare tohack, once it's not any fun to hack the hackers will =
move to=20
    something else.But if you make it easy, well then the path of =
least=20
   
resistance..Geo."Rich"
<{at}> wrote in message news:4328c2cf{at}w3.nls.net...&nbs=
p; =20
    If you have code running that can run an arbitrary EXE like tftp =
than=20
    youalready own the machine.  You are trying to contrive =
something=20
    complicatedonly to try and show that your complicated scenario =
is a=20
    =
sham.Rich=


------=_NextPart_000_0091_01C5B9BE.8B7E1D30--

--- BBBS/NT v4.01 Flag-5