D
Diwik
I have just donwloaded the autoruns program from
www.sysinternals.com, which allows me to view which
programs are loaded at startup and I noticed that MS-
Antispyware does not monitor the following registry keys
that are used by programs to load itself at windows
startup:
HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify
HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Userinit
HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell
Besides I have notices that MS-antispayware it does not
detect when Microsoft GINA is replaced by a other GINA
such as a Cytrix GINA.
GINA: is an acronym for "graphical identification and
authentication." In regular Windows systems, the GINA is a
DLL file called msgina.dll that's responsible for the bit
of code that displays the "Press CTRL+ALT+DEL to log on"
and that accepts your username and password.
In case the default GINA from Microsoft does not provide
all the functionality that a software vendor needs, the
default GINA can be replaced with one from the third-party
vendor. The most obvious example of this is probably from
Novell. When you install Novell's Client32 software,
Microsoft's default GINA is replaced by one from Novell
that adds functionality for authenticating to NDS trees.
Many screensavers and desptop themes replace the MS GINA
dll for others, and this can represent a new open door for
spyware.
I look forward for comments on this.
Diwik
<Microsoft Beta ID=460332 />
(e-mail address removed)
www.sysinternals.com, which allows me to view which
programs are loaded at startup and I noticed that MS-
Antispyware does not monitor the following registry keys
that are used by programs to load itself at windows
startup:
HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify
HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Userinit
HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell
Besides I have notices that MS-antispayware it does not
detect when Microsoft GINA is replaced by a other GINA
such as a Cytrix GINA.
GINA: is an acronym for "graphical identification and
authentication." In regular Windows systems, the GINA is a
DLL file called msgina.dll that's responsible for the bit
of code that displays the "Press CTRL+ALT+DEL to log on"
and that accepts your username and password.
In case the default GINA from Microsoft does not provide
all the functionality that a software vendor needs, the
default GINA can be replaced with one from the third-party
vendor. The most obvious example of this is probably from
Novell. When you install Novell's Client32 software,
Microsoft's default GINA is replaced by one from Novell
that adds functionality for authenticating to NDS trees.
Many screensavers and desptop themes replace the MS GINA
dll for others, and this can represent a new open door for
spyware.
I look forward for comments on this.
Diwik
<Microsoft Beta ID=460332 />
(e-mail address removed)