Re: Blokowanie programów

Użytkownik "Tristan Alder" <smiejek@poczta.onet.pl> napisał w
wiadomości news:cv1hkq$40r$1@serwus.bnet.pl...
> Michal Kawecki napisał(a):
>> To przypomina walkę z wiatrakami, nie da się zablokować
>> wszystkiego. Ja bym poznał przeciwnika i ubił go jego własną
>> bronią ;-) - tj. zabrałbym uprawnienia do tych kluczy w rejestrze,
>> do których ta gra się odwołuje,
>
> Raczej się nie odwołuje, bo działa bez instalacji, lokalnie. Więc
> conajwyżej do Currrent_user.

W takim razie przyjrzyj się temu drobiazgowi:

Trust-No-Exe - An executable filter for Windows NT/2000/XP
http://www.beyondlogic.org/solutions/trust-no-exe/trust-no-exe.htm

Trust-no-exe is a executable file filter. It attaches to the operating
system and filters all executable files, be it .exe .com .dll .drv .sys
.dpl etc from all drives and all network shares against a list of files
or paths, you, the administrator provide as trusted applications. If a
prohibited executable (one not in the allow list or one explicitly
defined in the deny list) is loaded, a popup box informs the user with
an intelligent message that can be customised to your site.

The Trust-No-Exe Dialog showing path, executable and switches. The text
in
the bottom line can be customised to your site, for example "Please
contact
Joe Blobs ext 16 if you require access"

As Trust-no-exe will only allow executables to load from your allow
list, enabling execution from files in c:\winnt\ (or c:\windows on XP),
and c:\program files\ and by using normal file permission to restrict
the write-ability of these folders, you can very quickly obtain a system
which only allows authorised programs which you have installed to be
executed, while still allowing normal access (all but execution) to
other files.

On the other hand perhaps you are worried about all these PE viruses,
executable Christmas/birthday cards, screen savers etc that are coming
in via email. While most of your users do not click on these programs
you are worried about security holes in your email client, either hiding
extensions or embedding files into html messages, or if the virus is so
new your virus scanner has not yet got a signature for it. By using
Trust-no-exe, you can prevent users from opening executable email
attachments. The popup message box can be customised to remind users
that it is company policy not to open executable files. But what happens
if the executable’s don’t have .exe or hidden extensions? How will
trust-no-exe know if they are executable or data files?

Trust-no-exe hooks into the operating systems routines for creating a
process and loading it into memory. If the operating system attempts to
load any compiled code into memory ready to give it execution as a
process or thread, trust-no-exe will jump on it and prevent the code
from being loaded into memory. Therefore trust-no-one doesn’t rely on
the file extension and can not be easily fooled.
[...]

-- 
M.     [MVP]                         "Use Google, stupid!"
/odpowiadając zmień px na pl/