Update Exploits
Results 1 to 9 of 9

Thread: Update Exploits

  1. #1
    Senior Member
    Join Date
    Feb 2002
    Posts
    856

    Update Exploits

    Microsoft (Windows Update) and Symantec (Virus definitions updates) provide services that allow their products on your computer to be automatically updated. Does anyone know of any way to exploit these services, and especially how to defend against these exploits? If there are already threads dealing with these issues please point me to them. Thanks.
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  2. #2
    Senior Member
    Join Date
    Feb 2002
    Posts
    856

    Update Exploits

    Microsoft (Windows Update) and Symantec (Virus definitions updates) provide services that allow their products on your computer to be automatically updated. Does anyone know of any way to exploit these services, and especially how to defend against these exploits? If there are already threads dealing with these issues please point me to them. Thanks.
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  3. #3
    Well I suppose you could setup a fake update server, and use the hosts file to point that software to it, but if you can do that, why not just install a backdoor on the box instead of waiting for the guy to auto update his box?

  4. #4
    Well I suppose you could setup a fake update server, and use the hosts file to point that software to it, but if you can do that, why not just install a backdoor on the box instead of waiting for the guy to auto update his box?

  5. #5
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    If you want to defend against these exploits don't use the auto-update feature or use those update services. It's that simple.

    From my experience it seems to be that the more convenient you get the less secure you are.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  6. #6
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    I'm with KorpDeath on this. All the apps should be on manual updates.
    Trappedagainbyperfectlogic.

  7. #7
    Member
    Join Date
    Mar 2002
    Posts
    85
    yep, same here.
    LATER-
    __________________________
    Computers make sense people
    DON\'T.

  8. #8
    AntiOnline Senior Member
    Join Date
    Oct 2001
    Posts
    514
    Yep. As said above, normally, the easier it is, the less secure it is. When I update my AV dat files, I go to the website and download the update file, then update.
    [shadow]uraloony, Founder of Loony Services[/shadow]
    Visit us at
    [gloworange]http://www.loonyservices.com/[/gloworange]

  9. #9

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides