[Dshield] Windoze Questions..

Kenneth Coney superc at visuallink.com
Thu Feb 12 20:13:02 GMT 2004

Zone Alarm was never considered the best firewall, rather instead it was
considered the best FREE firewall.  Lots of "you have to buy it" firewalls
are available that do more.  Some keystroke loggers are transparent
hardware devices and thus not detectable by software.  Others are very well
written and are not likely to be detected.  Some are junk and can be
detected by simply listing running processes by hitting Ctrl Alt Del.  A
good system will have several different up to date AV, anti Trojan, and
anti spyware routines available as no one program detects everything.  Of
course a full Admin privelege grants access.  Whether or not the individual
chooses to disclose information is up to them.  I think what you meant was
can they read an encrypted file.  It depends.  Do they have access to the
program used to create the file?  Do they know the password?  Can they copy
the file(s) and study it (them) at leisure on another machine?  If so, then
eventually they will have what's in it.  Remember one does not have to
decrypt an entire file.  Calculations of 10^80 years to figure out a
message are garbage.  Once the encryption program used is identified and a
specimen found, all that is needed is to hack the password.  Copy an
encrypted file and examine the bytes.  Cheaper (and some not so cheap)
encryption routines have a brand name/version number stuck in the file.
Others follow certain patterns.  This is especially true with MS
encryption/lock routines.  See
for 1800 or so programs anyone can buy.  If the link didn't survive word 
wrapping, try http://www.lostpassword.com/kit.htm for one of the routines.
The required program will do the rest once you input the password.  Can we
say dictionary attack?  A common English word?  Less than a minute and open
sesame.  Are the passwords apha-numeric?  That'll add a few minutes (maybe
4) on slower machines. More than one word?  Add another couple of minutes.
  Say 10 minutes total.   Amazing how many people use 4 to 6 character
passwords.  More amazing is how many supposedly secure programs limit
passwords to not more than 8 characters.  Your best solution is to be very 
careful who you give the admin access to.

> Greetings,
> As I have said several times before, I am not a windows expert and we 
> use few windows machines in our shop. Thus, I have a few questions about
>  Windows security from a Unix perspective.
> Questions: 1) Are there programs equivalent to COPS and TripWire that 
> run on Windows? 2) Anyone running SNORT under Windows? Any comparison to
>  how it runs under *nix? 3) Does the most common AV software (Symantec, 
> NAI, etc.) catch keystroke loggers and other spyware (not Adware!) that 
> may be present and running or a Windows system? 4) About the Windows 
> encrypted file system... if someone gets Admin privilege on a system 
> using the encrypted file system, can they disclose or compromise data 
> that would normally be protected? 5) When I search for products that 
> detect adware installed on a Windows box, I get dozens of hits... is any
>  given product better than another, or do you really need a combination 
> of products to detect and stop all the various adware downloads in use?
>  6) Finally, windows firewalls... Is Zone Alarm still considered the
> best for Windows? What are the strengths and weaknesses of the firewall
> built into Win/XP?
> TIA for all answers!

More information about the list mailing list