3. It ain't new. No, these are not revolutionary new ideas. A lot of these have been discussed before. However, for every email I've received claiming that these are well-known and well-documented ideas, I've received 20 from people who had no idea about them. New they may not be, but hitherto unkown to the general community they most definitely ARE.
4. It's unfixable. Well, kinda. The problem, fundamentally, is the Win32 API (People are gonna disagree with that one, I know, but trust me - I'll shoot down those arguments in a few paragraphs), much like the root cause of buffer overflows is the way that functions like strcat() and sprintf() work in the standard C library. Since the Win32 API can't really be changed without breaking a LOT of stuff, people could (and will have to) be aware of these things and work around them. It's never going to go away though, much like buffer overflows are still commonplace after they've been VERY well known and VERY widely documented for years. The root problem cannot be fixed, but a lot of the symptoms can be if developers put in extra work. Personally, I believe that the blame should ultimately lie with Microsoft; they designed Windows so that it was easy to use, easy to code for, and (as a consequence) easy to break into. Disagree if you will, but you won't change my mind on that one.
I've been in two minds as to whether or not to release a lot of this information. But, I figured that a) most people regard local security on Windows as utterly shite anyway, b) a lot of this stuff was suggested by other people on the internet, so people are already thinking along similar lines, and c) I'm getting hacked off waiting for CERT and Microsoft to respond to my emails. The whole US-UK time difference means we exchange one email every 24 hours, at best. In the case of MS, that's 24 hours for them to stall for time by saying "Please give us more detail", and in the case of CERT that's 24 hours for them to say, well, nothing at all. So here it is - enjoy.
LocalSystem desktop windows on a default installation of Win2K
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.