Bloatware = h@x0rdware

Rant, Security

This is one example of why software can be so vulnerable. Below is output from a HIPS log on one our laptops:

The process ‘C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE’ (as user SCRUBBED\joe.soap) attempted to initiate a connection as a client on TCP port 21 to XX.XX.XX.XX. The process was added to the application class FTP Client Software.

Why does MS Word have to be the FTP Client? Why doesn’t Word call an FTP client (like IE) and pass it the URL to fetch?

Adding FTP functionality to word-processing software adds additional attack vectors at the cost of convenience.

posted by Michael on 10.22.07 @ 4:21 pm |

I bet it saves those credentials too, right? ;)

By LonerVamp on 10.23.07 10:27 am

Here’s another example of programs doing more than they should;

The process ‘C:\WINDOWS\explorer.exe’ (as user SCRUBBED\joe.soap) attempted to initiate a connection as a client on TCP port 80 to 207.46.248.249. The operation was denied.

Why does the shell need to access a web page? Isn’t that the job of the browser? Bash can’t access the web, it needs curl or wget or some other tool.

By Michael on 10.23.07 1:14 pm

RSS feed for comments on this post. TrackBack URI