As has been replyed in bugtrack's mailing lists, this has actually been known for quite a while. By itself, this "mechanism" is not a bug. The problem comes from SERVICES RUNNING GUI FRONT ENDS AS LOCALSYSTEM. This is obviously bad design from the application vendors. Such application designs would be immidiately flagged as flawed if they were for linux/unix. Good design practices would have the GUI frontend running with the user permissions connect to the back end (through named pipes or wathever) running as deamon/root. The ironi in this is that many personnal firewalls, supposed to make the computer secure, are in such situations.


Ammo