It's been on various tech news recently that the great SysInternals tools by Mark Russinovich have now been made available as live versions on http://live.sysinternals.com/ .
They're a great set of tools, very useful when hunting for problems, and I have to admit the Web 2.0 idea is quite tempting here. Web 2.0, or it seems to be called Live in Microsofts terms, surely is a tempting thing in general - having your applications wherever you go, right there on the Internet that's available everywhere.
But with standard Web 2.0 applications, you do run them in the relatively safe, more or less sandboxed, browser environment. Sure, you're probably one belonging to the majority of users running the browser from an adminstrator account, but still, malware on typo sites first needs to exploit a security hole, and furthermore, standard web applications need a logon on a page you visually check.
The SysInternals tools though are tools designed to be run under administrator accounts, and Microsoft advertises them now to be run without even having a visual check of the page around them. The only check you have is the Authenticode certificate, when Windows asks you whether you want to run software from Microsoft Corporation.
I'm not implying here that Microsofts SysInternals Live server could be hacked, but this live system is designed to be used on some machine where you don't have the tools yet, and want to be quick without checking a site, so you're actually going to type, from memory, \\live.sysinternals.com\Files\procexp.exe to run the application.
How long will it take until malware appears on the first typo domains like szsinternals.com or sysinternal.com? And contrary to a regular download, you won't be able to notice until the code has already executed (exception being to be very careful about the certificate).
And another topic of course is that Microsoft is acting as an example for others, showing users that it is OK and hip to run executables directly from the net.
So, that's my first blog entry in the new blog here at the forums, created for news that might not exactly be worth Safer Networkings main news list because it gets a bit techy. Sorry for it's length, and let's hope I'll continue it
They're a great set of tools, very useful when hunting for problems, and I have to admit the Web 2.0 idea is quite tempting here. Web 2.0, or it seems to be called Live in Microsofts terms, surely is a tempting thing in general - having your applications wherever you go, right there on the Internet that's available everywhere.
But with standard Web 2.0 applications, you do run them in the relatively safe, more or less sandboxed, browser environment. Sure, you're probably one belonging to the majority of users running the browser from an adminstrator account, but still, malware on typo sites first needs to exploit a security hole, and furthermore, standard web applications need a logon on a page you visually check.
The SysInternals tools though are tools designed to be run under administrator accounts, and Microsoft advertises them now to be run without even having a visual check of the page around them. The only check you have is the Authenticode certificate, when Windows asks you whether you want to run software from Microsoft Corporation.
I'm not implying here that Microsofts SysInternals Live server could be hacked, but this live system is designed to be used on some machine where you don't have the tools yet, and want to be quick without checking a site, so you're actually going to type, from memory, \\live.sysinternals.com\Files\procexp.exe to run the application.
How long will it take until malware appears on the first typo domains like szsinternals.com or sysinternal.com? And contrary to a regular download, you won't be able to notice until the code has already executed (exception being to be very careful about the certificate).
And another topic of course is that Microsoft is acting as an example for others, showing users that it is OK and hip to run executables directly from the net.
So, that's my first blog entry in the new blog here at the forums, created for news that might not exactly be worth Safer Networkings main news list because it gets a bit techy. Sorry for it's length, and let's hope I'll continue it
