There are a lot of XP users using this version, so we need to take a look at this article. Thanks to the author for posting:
This post will be divided into three parts: The first part: discovery, Analysis and Prevention of vulnerabilities in the tomato garden edition; the second part, by the way, the problems and Analysis of the computer company edition of donghai; the third part, the resulting Security teaching. OK.
(1) discovery, Analysis and Prevention of tomato garden edition Vulnerabilities
The analyzed versions are "tomato garden Windows XP Pro SP2 free activation V 2.8", "tomato garden Windows XP Pro SP2 free activation V2.9", and "tomato garden Windows XP Pro SP2 free activation V 2.7". other versions are unknown.
1. discovery process:
I am responsible for maintaining the security of my network, so I often scan for the security of my network segment and whether there are any vulnerabilities. during routine scans over the past few days, we found that some IP addresses have only the Administrator user's username. This phenomenon does not exist. I just tried it and found that the user can access it, but the original version is impossible, so I want to find out what version of the system is.
Use the net use command to establish an empty Connection with the user name Administrator (without a password, you can successfully connect), and then use the at command to schedule a task to close Windows Firewall/Internet Connection Sharing (ICS) service (in order to Disable Windows Firewall), and then enable the peer telnet with opentelnet, so far, get the Administrator privilege shell. then run net share C $ = C: Taobao and oeminfo.iniin telnet to copy the file to zookeeper. Open oemlogo.bmp and find that it is tomato garden v2.8.
2. Analysis Process
After I found the problem, I went to the official tomato garden website to download v2.8 and the latest v2.9 for analysis. for more responsible test results, the three operating systems of tomato garden, V2.7, V2.8, and V2.9, have been installed more than 20 times in a few days.
Install a VM without any modification, and then perform intrusion tests on the VM in the real environment. this proves that the problem lies not in the user, but in the system itself. OK. Start to find the system problem. check the account. After installation, only the Administrator is enabled and the password is blank. By default, only IPC $ is enabled for sharing, and all other Admin $ and default shares of each drive letter are disabled; remote Desktop is disabled; Remote Registry is also disabled. it seems that the system is quite secure. but in fact, why can we easily break through the intrusion? The first thought was that the original system default settings were modified. open the registry and check the value of limitblankpassworduse. It is actually 0. The default value of this key value is 1, and it is manually changed to 0. if you are using Tomato Garden version v2.8 or v2.9, you can open registry editor regedit and check the key value limitblankpassworduse under HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa to check whether the key value is 0. Then, install the original xp sp2, take a look at this key value. finally, we downloaded the V2.7 test and found no similar security vulnerabilities in 2.7.
3. Summary
I am sorry for the problem. it can be said that big tomato is a top master. there may be several guesses about this problem: 1. Big tomatoes are indeed a master, and things are hidden too deep. 2. Big tomatoes are caused by "mistakes", but they are hard to understand, is such a technical mistake made by a top master like a big tomato? 3. Big tomatoes don't understand this key value, but if they really don't understand it, isn't it the level of big tomato's top master ......?
Okay, but no matter how you guess, I hope the big tomato will be responsible for giving you an explanation.
As for the binding of the latest V2.8 and V2.9, this is a matter of benevolence and wisdom. Without comments, everyone has their own views.
4. Solution
To prevent losses caused by the use of tomato garden V2.8 and V2.9. I will provide you with two types of patches at the end: one is the reg file, and the other is the batch processing, which works exactly the same. use one. if you have the hands-on ability, you can modify the key value of limitblankpassworduse to 1.
(2) Analysis of problems with the computer company edition in the East China Sea
1. Analysis of the 4.x series and 5.x series of the computer company in the East China Sea
The security of the computer company edition in the East China Sea has been criticized by everyone. among them, there are both advocates and advocates. the author argues that the New account with a blank password and the Remote Desktop is enabled. here, fans are supported. The argument is that the security problem is caused by the user's absence of a password. OK. Let's start to analyze the problem.
I think many people have the original XP SP2 system. After the original XP SP2 system is installed, the Administrator password is left blank, or the newly added account is left empty, the default sharing of each drive letter is also enabled, and the Remote Registry service is also enabled. I don't know if you have tested whether the original system can normally intrude into the firewall after the firewall is disabled without a password set? I should know that even if I create a New account with an empty password for the Administrators permission, the New account cannot be infiltrated. Even if the Remote Desktop is enabled at this time, the connection cannot be established normally. Why? Why can only the computer company edition in the East China Sea intrude into the company? Obviously, the problem lies not only in the New account with a blank password, but also in the enabling of Remote Desktop. What is the key? Obviously, some default settings of the system have been modified. no one has yet found the key points for the CIDR region. Many advocates obviously have no opinions, cloud, or cloud, and are precisely the reason why the CIDR region can return to the rest of the masses, the explanation provided by the East China Sea is that you have not set a password for your account. The East China Sea does not explain why the Administrator account of the original XP SP2 system is empty, but there is no intrusion report?
OK. The problem is that the default setting is modified somewhere in the system. Where is the Setting Modified? In fact, the security vulnerabilities of tomato garden edition are similar to those of the computer company edition in the East China Sea. the same point is that the key value of limitblankpassworduse is modified. in addition to modifying the key value, the New account with an empty password also opens the Remote Desktop. that is to say, the computer company edition has opened the door before the invasion, and the V2.8 and V2.9 of tomato garden need to intrude into the door before opening these backdoors, but in essence they are the same. but it is precisely because the tomato garden system disables almost all the security settings, but it opens a crucial key setting hidden in the registry, because the settings are quite hidden, this is why no security vulnerability has been reported in tomato garden.
2. Analysis of the China East 1 computer company version 6.0
It can be said that the version 6.0 system is going to another extreme, or the default is another extreme, but it provides another extreme setting. OK, and check the 6.0 settings. 6.0 close almost all network access settings based on the original settings. disable default sharing of disks, and disable IPC $. A friend of version 6.0 does not know whether he has provided such a script in his system: Enable LAN sharing. it is a mine. when I use 6.0 of my friends, I think many people have run this script for sharing? As you may not know, after running this script, the security of the entire system is the same as that of the 5.x, 4.x series of previous versions.
(3) Teaching on such security issues
I believe that winzheng has many experts who do not show up, and it is estimated that there are many security aspects at the expert level. This article serves as a reference, and many experts are expected to give some advice.
Security issues include: first, whether the system's policy settings are secure enough to prevent unauthorized access; second, virus and Trojan Horse problems, the most important thing is to have good surfing habits. for anti-virus software, there is indeed no satisfactory anti-virus software. It is also said that anti-virus software is used for post-event prevention, and no one can be recognized before the virus signature is included. Of course, to be truly realized, it will be a major revolution in the anti-virus industry. Everything in the anti-virus industry has to be overturned and re-launched. 3. rogue software problems and rogue software over the past few years, I have been playing a side ball in the blank area of national laws, and it is in the gray area. Anti-Virus Software is a commercial company. It is a deterrent to the absence of legal provisions for support, and I am afraid to scan and kill rogue software.
OK. Today we will talk about system settings. since Microsoft's release of SP2, security issues have been relatively well done. so far, XP SP2 systems, whether in terms of security or stability, are better than Microsoft operating systems of earlier versions. for Windows 2000, I think you should discard it. In addition to the low system usage, 2000 has no advantages over XP SP2 in other places. In addition, XP can also use the Classic topic to reduce system usage, windows 2000, whether in terms of security, compatibility, or disk reading, has a large gap with XP. some people say that the 2000 system has been set up, and the security is as good as it is. Of course, it is safe to use Windows 98 and Windows 95, not to mention 2000, the problem is that the default setting of 2000 is quite insecure compared with XP. You can easily enable telnet remotely and easily obtain the shell with the administrator privilege. to ensure security of 2000, you must disable all UDP, TCP, and 445 ports between and. Although these ports are secure, lan sharing is not allowed, however, for LAN sharing, these risks must be addressed. however, XP SP2 can achieve LAN sharing while ensuring security. among them, 2000 of the security issues must be due to some reasons that Microsoft does not want to support 2000 any more due to interest issues. from the user's point of view, 2000 is definitely a classic system, and we certainly cannot refuse to change the operating system because of our feelings for 2000, in reality, there are indeed many such friends.
I just talked about the problem of selecting a system. Now I will talk about the problem of system configuration optimization. I have also said that the security of XP SP2 has been greatly improved. it can be said that some problems depend on what Microsoft does not want to do. There is no doubt about Microsoft's strength. Of course, Microsoft's system settings are clearer than outsiders, the details of each setting are also clearer. for XP sp2, after security is completed, you only need to upgrade all security patches as soon as possible to ensure security. if you do not need LAN sharing, you can also disable the default sharing, Remote Registry Service, and server service. for optimization problems, remember not to perform optimization in disorder. Every configuration of Microsoft is well-thought-out and all situations are taken into account. Microsoft must be more familiar with its own systems than outsiders. system optimization is not universal. optimization is aimed at individual usage habits, hobbies, and needs. You need to know what to do for each optimization step, what are the effects and consequences of my optimization? Is the impact and consequence as expected by myself. okay. These questions are not just about the user's use, including the CD producer. A responsible Disc Creator should not make a public publishing disk with his hobby. in addition, the security issues caused by disorderly optimization are unacceptable to responsible disc makers, unless the Disc Creator is not responsible. finally, I would like to advise you again. Please do not conduct optimization unless you know the details of the optimization, this is because the security and compatibility issues in the original settings of XP SP2 are sufficient. the problems related to the security vulnerabilities in Tomato Garden and the security vulnerabilities in the computer company edition in the East China Sea are also caused by modifying the default settings of the system.
Time is tight. Let's talk about it first.