From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_0960_01C5180E.BDAD57F0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   This isn't new.  How long has malware disabled firewalls, antivirus, =
and the like?  All these keep malware out.  They don't protect you once =
you let it in particularly if you are running as root or administrator.  =
This guy claims that he believes he didn't remove it until after it was =
already installed and running.  Do you use any that claim that they do?

Rich


  "Geo."  wrote in message =
news:421a36cd$1{at}w3.nls.net...
  I found this interesting because it appears to be something spyware is
  currently doing.

  Geo.

  http://habaneronetworks.com/viewArticle.php?ID=3D144


  Well, I actually have never seen any activity from rk.exe on my =
system, and
  infact, the file doesn't even exist. I must have cleaned it out with a
  spyware remover like, AdAware or Webroot's Spysweeper. The point of =
the
  matter is that this entry has found it's way into my Windows Internet
  Connection Firewall Exceptions list without my knowledge. And as it =
turns
  out, isn't that hard to do.

  As long as the person currently logged into the computer has =
Administrative
  privileges, an application can easily add an entry into the
  =
HKEY_LOCAL_MACHINE/SYSTEM/Services/.../FirewallPolicy/StandardProfile/Aut=
hor
  izedApplications/List/ key that will allow any application full rights =
to
  and from the computer without the user's interaction or knowledge.

------=_NextPart_000_0960_01C5180E.BDAD57F0
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   This
isn't new.  How =
long has=20
malware disabled firewalls, antivirus, and the like?  All these = keep=20
malware out.  They don't protect you once you let it in =
particularly if you=20
are running as root or administrator.  This guy claims that he =
believes he=20
didn't remove it until after it was already installed and
running.  = Do you=20
use any that claim that they do?
 
Rich
 
 

  "Geo." <fake{at}barkdom.com>=20">mailto:fake{at}barkdom.com">fake{at}barkdom.com>=20
  wrote in message news:421a36cd$1{at}w3.nls.net...I=20
  found this interesting because it appears to be something spyware=20
  iscurrently doing.Geo.http://haba" target="new">http://haba=">http://habaneronetworks.com/viewArticle.php?ID=3D144">http://haba=
neronetworks.com/viewArticle.php?ID=3D144Well,=20
  I actually have never seen any activity from rk.exe on my system,=20
  andinfact, the file doesn't even exist. I must have cleaned it out =
with=20
  aspyware remover like, AdAware or Webroot's Spysweeper. The point =
of=20
  thematter is that this entry has found it's way into my Windows=20
  InternetConnection Firewall Exceptions list without my knowledge. =
And as=20
  it turnsout, isn't that hard to do.As long
as the person =
currently=20
  logged into the computer has Administrativeprivileges, an =
application can=20
  easily add an entry into=20
  =
theHKEY_LOCAL_MACHINE/SYSTEM/Services/.../FirewallPolicy/StandardProf=
ile/AuthorizedApplications/List/=20
  key that will allow any application full rights toand from the =
computer=20
  without the user's interaction or =
knowledge.

------=_NextPart_000_0960_01C5180E.BDAD57F0--

--- BBBS/NT v4.01 Flag-5