-
September 18th, 2004, 12:55 PM
#1
SP2 vulnerability ?
hi all,
i was browsing through my registry when i've found the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\
the values in this key are:
REG_DWORD AntiVirusDisableNotify 0 or 1
REG_DWORD AntiVirusOverride 0 or 1
REG_DWORD FirewallDisableNotify 0 or 1
REG_DWORD FirewallOverride 0 or 1
REG_DWORD UpdatesDisableNotify 0 or 1
i think this might be interesting to people who want to disable a firewall remotely without the target owner knowing it
better keep this key in mind!
-
September 18th, 2004, 01:23 PM
#2
lol, MS Security Center is a joke anyway. the name itself is an irony. i disabled mine, and stuck wid Norton. atleast i have more control with my Norton systems.
-
September 18th, 2004, 01:50 PM
#3
You can't disable a firewall by changing those registry values... all it does is turn off the Security Center notifications that you don't have a firewall, not turn off the actual firewall.
Those keys come in handy if you have a firewall or AV installed that isn't recognized by the Security Center.
-
September 18th, 2004, 04:28 PM
#4
You can't disable a firewall by changing those registry values... all it does is turn off the Security Center notifications that you don't have a firewall, not turn off the actual firewall.
Those keys come in handy if you have a firewall or AV installed that isn't recognized by the Security Center
i know, you have the option to turn off the alert in the security-center yourself, but this is a bit hard if your on a remote system, and what i meant, since there are other ways to turn of the firewall through the registry, this keys allows you to make sure the user didn't get notified...
p.s. the link in "other ways" will only work if you have a login..
-
September 18th, 2004, 04:33 PM
#5
Hah... I thought you were thinking you could turn off the firewall itself by changing those values.
I don't know if that's really a vulnerability, though... I don't see any other way to "fix" this, unless MS would make it impossible to turn off the Security Center (which would have to mean that unsupported firewalls/AV wouldn't run anymore without constant pop-ups).
And wouldn't that also mean that every firewall out there is vulnerable because you have the option to shut it down?
And it's still an extra step to take compared to XP without the Security Center...
Just some thoughts
-
September 18th, 2004, 05:07 PM
#6
You can turn the fireall by registry key! I have the registry key at job but not on this PC... I'm looking at my registry now..
5 Mins later! Here we go! This is for Xp Home... Might be different for XP Pro
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
-
September 18th, 2004, 05:25 PM
#7
SDK > The question was how is being able to turn off the Security Center's warnings a vulnerability?
Your registry key doesn't do anything on my machine, btw... is this to turn off the internal firewall?
-
September 18th, 2004, 06:49 PM
#8
Well, the biggest vulnerability in security-center is that it makes people believe that it is save, while at the same time you have this kind of options..
if you would run just a firewall from a third party vendor, you would be a lot safer, since they don't usually have registry settings turning the firewall on or off...
Negative> can you speak dutch? that's nice to know
-
September 18th, 2004, 07:10 PM
#9
Lepricaun > I'm Belgian
-
September 18th, 2004, 07:18 PM
#10
that explains a lot!
and i thought you came from texas, i don't believe they have a place called "texas" in belgium
Well, it's nice to know...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|