Microsoft: Hackers Wouldn't Bother To Spoof SP2's Security Center
According to one outside analysis, SP2's Windows Security Center, the dashboard-like console that monitors and reports on the status of various security defenses -- from firewalls to anti-virus software -- can be spoofed by hackers into displaying false information, such as an enabled firewall or a even a totally bogus anti-virus package supposedly protecting the PC.
Security status could be faked, said the researchers, by a number of possible exploit avenues, including the drag-and-drop vulnerability in Internet Explorer that was made public last week. The possible goal by hackers: disable defenses but at the same time remain under the radar.
Many in-the-wild worms intentionally disable long lists of firewalls and anti-virus products. Recent variations of the Bagle worm, for instance, target almost 300 different pieces of protective software for termination. By combining that trait with this spoof, worms could infect a PC and yet remain undetected by the user.
Microsoft denied that Windows Security Center has a vulnerability. "In order for an attacker to spoof the Windows Security Center, he or she would have to have local administrator rights on the computer," Microsoft said in an e-mailed statement.
True, but that may not be much of a defense, since home users in particular often run Windows in Administrator Mode. Enterprises, wary of the total control that mode gives end users, typically sets up PCs to run in Limited Mode.
The Redmond, Wash.-based developer also claimed that even if a system was compromised -- perhaps by other malicious code that gave attackers administrator rights -- any exploit of the console was the least of users' worries.
"Criminal actions the attacker could pursue include many that are far more interesting than spoofing the Windows Security Center," Microsoft said.
This defense -- that the bigger security holes in Windows are the real honeypots for hackers, and thus smaller flaws can be safely ignored -- is a new one from Microsoft.