[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Re: Administrivia: Testing Emergency Virus Filter..

To: "Drew Copley" <dcopley@eeye.com>, <full-disclosure@lists.netsys.com>
Subject: Re: [Full-Disclosure] Re: Administrivia: Testing Emergency Virus Filter..
From: "Thor Larholm" <lists.netsys.com@jscript.dk>
Date: Thu, 21 Aug 2003 10:32:24 +0200

> From: "Drew Copley" <dcopley@eeye.com>
> Actually, quite a few don't, some still rely on piggy backing Outlook.
> But, yes, this trend should be dissapearing as people upgrade so their
> Outlook client will no longer be able to be remote controlled by another
> application. (Current versions not only block attachments but also the
> ability for applications to access the api framework, itself).

Specific parts of the API for Outlook is blocked completely (unless the enduser
manually approves otherwise), which has also had an effect on existing
mainstream applications such as tighly integrated antispam products (I had
problems using my favorite, www.spamfighter.com). Precisely because of this,
several solutions were devised almost immediately to circumvent these
restrictions by proxying through thirdparty COM objects such as Redemption (
http://www.dimastr.com/redemption/ ) so one could still reach the entire Outlook
object model.

"Outlook Redemption works around limitations imposed by the Outlook Security
Patch and Service Pack 2 of MS Office 2000 and Office XP (which includes
Security Patch) plus provides a number of functions to work with properties and
functionality not exposed through the Outlook object model."

I like Redemption, not as much for its ability to circumvent the complete API
block but for its utility functions which come quite handy when developing
Outlook extensions :)

> Even if email clients do start encrypting this information, it will
> still be easy to bypass because it is local. There is always a crack for
> local work. But, such a thing may deter some virus writers.

99% of virus writers would have problems understanding the concept of
Redemption. I'm still amazed at how many virii rely on enduser interaction when
they clearly need not to.



Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] Re: Administrivia: Testing Emergency Virus Filter..
  - From: "Drew Copley" <dcopley@eeye.com>

References:
- RE: [Full-Disclosure] Re: Administrivia: Testing Emergency Virus Filter..
  - From: "Drew Copley" <dcopley@eeye.com>

Prev by Date: Re: [Full-Disclosure] windowsupdate
Next by Date: RE: [Full-Disclosure] MSBlaster EXE file
Prev by thread: RE: [Full-Disclosure] Re: Administrivia: Testing Emergency Virus Filter..
Next by thread: RE: [Full-Disclosure] Re: Administrivia: Testing Emergency Virus Filter..
Index(es):
- Date
- Thread