ll Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV]
Risk Level: Medium
Affected Product: (Should be) all Antivirus, Trojan, Spy ware scanners for windows.
Description:
------------
A malicious code can reside in a computer (with users privilage) bypassing "manual scans" of any
Antivirus, Trojan & Spy ware scanners by simply issuing this command to itself.
cacls hUNT.exe /T /C /P dumb_user:R
...this is only due to the design fault in Microsoft Windows, the way it handles NTFS permission.By this way... any software's with even Admin./SYSTEM privilege can't access this file (hUNT.exe) normally because the only person who has normal access to this file is "dumb_user"
No wonder, there are several false assumptions in windows security configuration as well, when a JOE administrator could permenantly lock himself up in his own machine.
regards,
Bipin Gautam
http://www.geocities.com/visitbipin
