From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_013B_01C5B9DB.52876AF0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   Of course you don't need a specific scenario.  Specifics get in the =
way of your hand waving and silliness.

   Encryption when the keys to encrypt and decrypt are available is not =
encryption.  It is at best obfuscation.  It's also a red herring since =
your silly scenario begins with malware having administrative control of =
your machine.  Why waste time on pointless exercises?  Again you =
demonstrate that you are clueless.

Rich

  "Geo"  wrote in message
news:43294c93$1{at}w3.nls.net...
  I don't need a specific scenario, my point is the easier it is to =
defeat a firewall the more likely that it will be defeated and using =
clear text registry entries to allow programs to bypass the firewall is =
about as easy as I can imagine.

  What exactly is the problem with having the firewall encrypt those =
entries or at the least when it detects a change to request a password =
from the user as authorization for the change as an on by default =
feature?

  Or is it Microsoft needed a simple way to allow software vendors to =
phone home without the users permission?

  Geo.
    "Rich"  wrote in message news:4328dd69$1{at}w3.nls.net...
       Just to make this clear.  You are not changing your complicated =
scenario from one where adobe pdf javascript can run an arbitrary EXE to =
one where it can run only tftp plus whatever exe you use tftp to =
download.  Wow.  Can you make this even more silly and still keep a =
straight face?

    Rich

      "Geo"  wrote in message =
news:4328dbce$1{at}w3.nls.net...
      tftp.exe is not arbitrary, it's a known executable in a known =
location. If
      Windows installed in a arbitrary directory (ie if it picked a =
random string
      for the directory name during install) this would not be the case =
and so it
      would make hacking via this technique a whole lot tougher. =
Encrypting the
      registry entry data for the firewall, even if it's only =
complicated
      obfuscation can make it a whole lot tougher as well.

      Windows doesn't need to be hackproof, it just needs to be a =
nightmare to
      hack, once it's not any fun to hack the hackers will move to =
something else.
      But if you make it easy, well then the path of least resistance..

      Geo.

      "Rich"  wrote in message news:4328c2cf{at}w3.nls.net...
         If you have code running that can run an arbitrary EXE like =
tftp than you
      already own the machine.  You are trying to contrive something =
complicated
      only to try and show that your complicated scenario is a sham.

      Rich




------=_NextPart_000_013B_01C5B9DB.52876AF0
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   Of course
you don't need a =
specific=20
scenario.  Specifics get in the way of your hand waving and=20
silliness.
 
  
Encryption when the keys =
to encrypt=20
and decrypt are available is not encryption.  It is at best=20
obfuscation.  It's also a red herring since your silly scenario =
begins with=20
malware having administrative control of your machine.  Why waste
= time on=20
pointless exercises?  Again you demonstrate that you are=20
clueless.
 
Rich
 

  "Geo" <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net>
wrote=20
  in message news:43294c93$1{at}w3.nls.net...
  I don't need a specific scenario, my =
point is the=20
  easier it is to defeat a firewall the more likely that it will be =
defeated and=20
  using clear text registry entries to allow programs to bypass the =
firewall is=20
  about as easy as I can imagine.
   
  What exactly is the problem with =
having the=20
  firewall encrypt those entries or at the least when it detects a =
change to=20
  request a password from the user as authorization for the change as an =
on by=20
  default feature?
   
  Or is it Microsoft needed a =
simple way to=20
  allow software vendors to phone home without the users=20
permission?
   
  Geo.
  

    "Rich" <{at}> wrote in message news:4328dd69$1{at}w3.nls.net...
       Just
to make this =
clear.  You=20
    are not changing your complicated scenario from one where adobe pdf=20
    javascript can run an arbitrary EXE to one where it can run only =
tftp plus=20
    whatever exe you use tftp to download.  Wow.  Can you make =
this=20
    even more silly and still keep a straight face?
     
    Rich
     
    
      "Geo" <georger{at}nls.net>=20">mailto:georger{at}nls.net">georger{at}nls.net>=20
      wrote in message news:4328dbce$1{at}w3.nls.net...tftp.exe=20
      is not arbitrary, it's a known executable in a known location.=20
      IfWindows installed in a arbitrary directory (ie if it picked =
a random=20
      stringfor the directory name during install) this would not be =
the=20
      case and so itwould make hacking via this technique a whole =
lot=20
      tougher. Encrypting theregistry entry data for the firewall, =
even if=20
      it's only complicatedobfuscation can make it a whole lot =
tougher as=20
      well.Windows doesn't need to be hackproof, it just needs =
to be a=20
      nightmare tohack, once it's not any fun to hack the hackers =
will move=20
      to something else.But if you make it easy, well then the path =
of least=20
     
resistance..Geo."Rich"
<{at}> wrote in message =
news:4328c2cf{at}w3.nls.net...&nbs=
p; =20
      If you have code running that can run an arbitrary EXE like tftp =
than=20
      youalready own the machine.  You are trying to contrive =
something=20
      complicatedonly to try and show that your complicated scenario =
is a=20
      =
sham.Rich<=
/BODY>

------=_NextPart_000_013B_01C5B9DB.52876AF0--

--- BBBS/NT v4.01 Flag-5