Found a very useful way of providing users the ability to run administrative tasks without providing passwords to the users. By using the runas command you can launch programs with different credentials, however you need to enter a password. If you provide the user with the password then they could use it to do a lot of other things. Providing a user with a batch file helps, but it doesn’t take much brainpower to read the batch file and obtain the password. However, thanks to techtarget they suggest the use of Microsoft Script Encoder. This takes an existing vbs batch file and encodes the output. Although not pgp strength encryption it would be strong enough to deter the casual browser of your hard disk/batch files. (the only downside is providing a new file when the password to the account changes.)
Incidentally I’ve had to investigate this as one of our users can not admin our iis server settings despite being listed on the operators tab.
when you open your first email after starting Outlook, you see the error message Error: “VPMSECE.DLL could not be installed or loaded. It may be missing or there may not be enough resources.” The error message may or may not reference a location, as in: “C:\Program Files\NavNT\vpmsece.dll could not be installed or loaded. It may be missing or there may not be enough resources.”
The documented solution is to uninstall the symantec security client, delete extend.dat (search your computer for this file) and start outlook. If this doesn’t work, reinstall outlook (in my case office). There is no way I was going to uninstall office and then reinstall it so I went hunting.
10 minutes later I had a solution.
A quick search on the registry for vpmsece.dll comes up with LDVP under hklm\software\microsoft\exchange\client\extensions. Disabling LDVP under tools/options/other/Advanced Options/AddInManager and restarting Outlook and everything was ok. Re-enabling the extension and the problem re-occurs.
Deleting the registry entry hklm\software\microsoft\exchange\client\extensions\LDVP and restarting outlook means I don’t get the error message and the LDVP addon is not listed in the registry.
I then installed Symantec Client Security again and all seems to be ok. The cryptic LDVP has been replaced with SavCorp810 in the extension manager which is a lot easier to work out what the extension is.
Did you know that if you shift-delete an item in outlook, although it doesn’t appear in the deleted items folder, it is still recoverable using the recovery feature, normally only seen on the deleted items folder. The guy who wrote this facility has the relevant writeup on how to enable deleted item recovery on other folders.
A result from Symantec:- “Submission # 3271252.The Trojan Horse detection was removed this morning and the correction is available in the 10/7/03 Intelligent Updater files.Submission # 3273288.We’ve corrected this detection. The fix will be available in the 10/8/03 virus definitions.”
Now all I have to do is work out why Outlook insists on not being able to find a dll even after I’ve deleted the extend.dat file.
Out of the Top 75 Network Security Tools listed on the page I have only NOT heard of 8 of the top 50. I’ve used probably half of the ones listed, the ones that I haven’t used are mainly the linux based ones but that will change over the next few months. (I’ve downloaded and played with Nmap recently – the front end to this makes light work of scanning a network although I still prefer GFI’s Scanner.
Anyone else have problems seeing more than one cartoon in their rss reader for My temporary Rose is Rose feed? Feed on Feed only shows one picture yet Awasu shows me 5
my firebird.dll was submitted to Norton’s SARC this afternoon so hopefully it will get removed as a false positive. Apparently you can only submit one file a day, so the pspv.zip file gets sent to them tomorrow. UpdateThe (automated) response came back in saying that the file is infected -“result: This file is infected with Trojan Horse.
Developer notes: X:\Program Files\MozillaFirebird\FireDLL.dll is non-repairable threat. NAV with the latest
beta definition detects this. Please delete this file and replace it if neccessary. Please follow the instruction at the end of this email message to install the latest beta definitions. ”
Nowhere have they said that oh sorry, this might be a false positive – grrrrr
Update 2Looking on google it looks like some other people have had the same problem with firedll.dll. It turns out that this is a tool that was available for download on grc.com which tests whether your personal firewall is subject to leaks, allowing utils access to the internet that you’ve specifically not authorised. Norton (and others) have now decided this is not acceptable to have on your pc. Related to this, you can see if your AV software acts in the same way by checking to see whether you can download these two files from the firehole site
According to my weekly scan of hard disk, firedll.dll from my mozillafirebird directory is a Trojan Horse (nice lot of detail there symantec!) and a password revealing program is backdoor.ciadoor. With the distinct lack of information that symantec are giving with these files that have been on my pc for weeks and haven’t changed – I am not impressed.
According to my weekly scan of hard disk, firedll.dll from my mozillafirebird directory is a Trojan Horse (nice lot of detail there symantec!) and a password revealing program is backdoor.ciadoor. With the distinct lack of information that symantec are giving with these files that have been on my pc for weeks and haven’t changed – I am not impressed.
I downloaded and installed SurfSecret’s Spamdrop the other day on the office pc, and so far out of the 217 messages received today, not one of them has been detected as spam. The interface is VERY similar to the cloudmark SpamNet software but a bit clunkier. It does provide whitelisting and blacklisting though which is good however in order to get to this functionality and to see the spam stats you need to go to Tools/Options/Spamdrop/Advanced/ – a one click button on the toolbar that gets installed would be a lot friendlier. The other thing is that their faq page says it works via a web proxy, but when I checked our firewall logs traffic on port 8600 was being blocked.