Subj : Re: killing processes in win2k To : Rich From : matt Date : Thu Mar 29 2001 06:18 pm From: "matt" you hardly ever see people on irc as root@host , know why? 1 because irc = servers have it klined, and 2, its unsafe if you wanna use your machine as admin, go ahead, i do, but here is a = reason not to: F:\>tlist Access is denied. F:\>kill Access is denied. dont bitch about security when your doing something unsmart, and = dangerous "Rich" <@> wrote in message news:3ac40f36@w3.nls.net... This is silly. If a trojan wants to make it appear that AV = software that was killed is still running it could add an identical icon = to the notification area that didn't disappear when moused over. =20 Rich "tom" wrote in message = news:3AC2513D.574E@tcgweb.com... They are there until you mouse_over. How often do you mouse_over them? It only takes seconds, or minutes at the most, for very bad things = to happen. Do you want to spend your day mousing over icons? The point is the processes they represent appear to be active even though they are not. A dangerous thing when dealing with security software. I wonder how much cpu time could be set aside to give the app a = chance to pop a warning or something before the kernel whacks it? matt wrote: >=20 > the icons in the tool bar staying there, isnt true, when you move = the mouse > over it, and it refreshes, itll disapear > "tom" wrote in message = news:3AC21A3D.425E@tcgweb.com... > > One recent variation of a trojan uses this to kill firewalls, = ids's and > > av software. > > Really slick. > > TerminateProcess even leaves icons on the task tray so you think = you're > > still safe. Apps don't know they've bit the big bit bucket, so = to speak. > > --- XP Toss HTML Stripper v0.3.5 * Origin: Barktopia Gating Project (1:379/45) .