Jump to content

svchost.exe?


Ari
 Share

Recommended Posts

It happened to me yesterday too. This is caused by a recent RPC exploit that microsoft has actually owned up to.. This problem can be solved by a quick patch and reboot.. THIS EXPLOIT AFFECTS ALL MICROSOFT OPERATING SYSTEMS THAT CAME OUT AFTER WINDOWS ME. (and windows 2000, even tho it came out prior to ME) so.. that includes, some versions of NT, win2K, winXP home and pro and gold and 2003..

You might wish to get yourself a firewall too.

The fix for this:

http://support.microsoft.com/default.aspx?scid=kb;en-us;823980

Link to comment
Share on other sites

Much as it's nice to worry people unduly fuck_scott.gif before anyone panics TOO much... svchost is a perfectly normal file to be running on a windows box!

I'm most certainly uninfected (errr or was this morning) and don't have msblast.exe but do have a couple of svchost's running.

See here!

I've noticed that an instance seems to start up alongside every COM+ or DCOM server object that's running on your box... though I'm sure that helps noone jump.gif

Link to comment
Share on other sites

Don't mean to bore you non - techys, but this security hole was *huge* and its lucky its been exploited with a virus with minimal payload.

To put it into perspective you can put code into a system that runs in privileged mode, I.e. access to bloody everything. If te guy who wrote this code was malicious instead of shutting down your pc he could have quite easily f*cked the data for ya instead.

Link to comment
Share on other sites

[ QUOTE ]

To put it into perspective you can put code into a system that runs in privileged mode, I.e. access to bloody everything. If te guy who wrote this code was malicious instead of shutting down your pc he could have quite easily f*cked the data for ya instead.

[/ QUOTE ]

I'm sure it's only a matter of time, and I really wish someone would do this to make more people sit up and notice that security is not something that you can take for granted. By people, I mean manufacturers, techies and non-technical users - all have a role to play in security.

Oh, and besides that it'd give M$FT a fecking big headache too smile.gif

Link to comment
Share on other sites

Virus writing as well as spam are the scourge of the internet these days. I wish ISP's would club together and go on a witch hunt. I reckon there are probably a maximum of 50-100 people in the world that are up to this and a few high profile beheadings would soon bring it to a halt (look at the Kazaa writs as an example).

If I physically broke into a firm and damaged something cost them the same amount as even spam alone does, I could expect a custodial sentence. About time MS and ISP's got on top of this instead of turning their blind eye.

Link to comment
Share on other sites

Yeah too true. One of the problems though with having a very flexible operating system though is lack of restriction isn't it? People don't help themselves!!

Having your normal user as an admin for example on your own machine - a simple thing but if malicious code gets run you run it as an admin and therefore it can do far more damage.

Now the other option is to lock down what users cna do with their machines, I.e. remove items that can prove malicious, but doing this removes some flexibility smile.gif

Link to comment
Share on other sites

[ QUOTE ]

Having your normal user as an admin for example on your own machine - a simple thing but if malicious code gets run you run it as an admin and therefore it can do far more damage.

Now the other option is to lock down what users cna do with their machines, I.e. remove items that can prove malicious, but doing this removes some flexibility smile.gif

[/ QUOTE ]

Or perhaps have more than one level of user on the system - admin that owns all of the binaries etc and normal users who can't change files that aren't owned by them. Obviously this is a bit too complicated for M$FT though, or perhaps they think that it is too complicated an arrangement for non-techies to understand (they may be right, but that shouldn't stop them figuring out a way to fix the issue).

I know Unix (Linux) isn't without its problems, but it does have reasonable protection against stupid virii built in.

Link to comment
Share on other sites

On most of the systems I implement I use code lock down such as AppSense. Basically this works on the idea of trusted ownership. You decide which groups are allowed to own apps that users can run, and if a user tries to run an app that isn't 'owned' by that trusted owner then they can't run it.

Works well smile.gif

Link to comment
Share on other sites

I was more talking about the AppSense range of products for commercial use - more often then not in thin client (Ie Citrix/Terminal Services environments).

As to using XP at home, I think there's very few other options except maybe 2000 Professional. Depends on what you use it for though doesn't it? I've heard 98/ME are better for games, but I don't play games on there so I prefer the stability and security of 2k and XP.

XP is vastly more secure than any 9x or ME based system. With a little bit of knowledge you can secure it quite well.

Link to comment
Share on other sites

[ QUOTE ]

Does it prevent users from "accidentally" overwriting system binaries by reading infected mail (for example) ?

[/ QUOTE ]

Sorry missed this bit blush.gif

It does protect against this *a bit* but not very well IMHO. You should protect every entry and exit point on your PC - decent *updated* anti virus and a decent *updated* & *well configured* firewall.

I don't think the default Windows firewall is worth the effort as its not difficult to get around at all - whereas something like Zone alarm or the McAfee products are pretty secure. Ok they're not quite Firewall-1 but they're pretty good for your average user.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...