RE: [Full-disclosure] RE: when will AV vendors fix this???

["Dmitry Yu. Bolkhovityanov" <D.Yu.Bolkhovityanov@xxxxxxxxxx>]

On Mon, 7 Aug 2006, Thomas D. wrote:

> And even if you hide the file, if it hide the way you describe, you aren't
> able to execute the file, until you give access to yourself. If you do this,
> the anti-virus program will also have access....
> 
> 
> Keep in mind: If it is an unknown file (zero-day), you don't even think
> about hiding, because it isn't necessary. You have other problems...
> 
> => I don't think it is a security related problem nor a problem itself.

        Remember: some years ago "off by one" was treated as useless for 
exploits.

        Any type of data/file hiding (of course, alternate data streams in 
the first place) can become the last brick required for some new attack 
vector.

        So, while currently I can't present any workable scenario, I 
wouldn't consider such type of data hiding as "not a security-relate 
problem".

        _________________________________________
          Dmitry Yu. Bolkhovityanov
          The Budker Institute of Nuclear Physics
          Novosibirsk, Russia