Q on AdAwareSE
in [Anti-Virus]
|
From: Robert Baer on 5 Jun 2006 00:42 Every once in a while i get at least one of these MRU flags: MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\windows media\wmsdk\general Description : windows media sdk ********* The question is: what causes these? i do not have any of the related applications, most especially *not* "DirectDraw" or "Windows Media SDK".
From: dify.ltd on 5 Jun 2006 06:21 Robert Baer wrote: > Every once in a while i get at least one of these MRU flags: > > MRU List Object Recognized! > Location: : > software\microsoft\directdraw\mostrecentapplication > Description : most recent application to use microsoft > directdraw > > MRU List Object Recognized! > Location: : > S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\microsoft > management console\recent file list > Description : list of recent snap-ins used in the microsoft > management console > > MRU List Object Recognized! > Location: : > S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\windows > media\wmsdk\general > Description : windows media sdk > > ********* > The question is: what causes these? i do not have any of the related > applications, most especially *not* "DirectDraw" or "Windows Media SDK". Well, you certainly have DirectDraw, since it's part of Windows. MRU stands for Most Recently Used and it means that some programs keep a list of most recently used documents (think Word, where you have a list of most recently opened documents). This feature allows to quickly open frequently accessed documents, but also can act as an information disclosure vulnerabilty, if someone comes on to your computer and can see that you edited a document with the name "how I will kill X", s/he can approximate the contents of the document even if s/he can't access it. That's why it's reported by AdAware. BTW, don't rely on AdAware, because they want to scare people that's why they detect many low risk items, and that's why the use techniques as described here: http://rootkit.com/newsread.php?newsid=471
From: Robert Baer on 6 Jun 2006 00:44 dify.ltd(a)gmail.com wrote: > Robert Baer wrote: > >>Every once in a while i get at least one of these MRU flags: >> >> MRU List Object Recognized! >> Location: : >>software\microsoft\directdraw\mostrecentapplication >> Description : most recent application to use microsoft >>directdraw >> >> MRU List Object Recognized! >> Location: : >>S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\microsoft >>management console\recent file list >> Description : list of recent snap-ins used in the microsoft >>management console >> >> MRU List Object Recognized! >> Location: : >>S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\windows >>media\wmsdk\general >> Description : windows media sdk >> >>********* >> The question is: what causes these? i do not have any of the related >>applications, most especially *not* "DirectDraw" or "Windows Media SDK". > > > Well, you certainly have DirectDraw, since it's part of Windows. MRU > stands for Most Recently Used and it means that some programs keep a > list of most recently used documents (think Word, where you have a list > of most recently opened documents). This feature allows to quickly open > frequently accessed documents, but also can act as an information > disclosure vulnerabilty, if someone comes on to your computer and can > see that you edited a document with the name "how I will kill X", s/he > can approximate the contents of the document even if s/he can't access > it. That's why it's reported by AdAware. BTW, don't rely on AdAware, > because they want to scare people that's why they detect many low risk > items, and that's why the use techniques as described here: > http://rootkit.com/newsread.php?newsid=471 > I certainly do not have DirectDraw; it does not exist as a program anywhere on the hard drive!
From: Ron Lopshire on 6 Jun 2006 01:27 Robert Baer wrote: > dify.ltd(a)gmail.com wrote: > >> Robert Baer wrote: >> >>> Every once in a while i get at least one of these MRU flags: >>> >>> MRU List Object Recognized! >>> Location: : >>> software\microsoft\directdraw\mostrecentapplication >>> Description : most recent application to use microsoft >>> directdraw >>> >>> MRU List Object Recognized! >>> Location: : >>> S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\microsoft >>> management console\recent file list >>> Description : list of recent snap-ins used in the microsoft >>> management console >>> >>> MRU List Object Recognized! >>> Location: : >>> S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\windows >>> media\wmsdk\general >>> Description : windows media sdk >>> >>> ********* >>> The question is: what causes these? i do not have any of the related >>> applications, most especially *not* "DirectDraw" or "Windows Media SDK". >> >> >> >> Well, you certainly have DirectDraw, since it's part of Windows. MRU >> stands for Most Recently Used and it means that some programs keep a >> list of most recently used documents (think Word, where you have a list >> of most recently opened documents). This feature allows to quickly open >> frequently accessed documents, but also can act as an information >> disclosure vulnerabilty, if someone comes on to your computer and can >> see that you edited a document with the name "how I will kill X", s/he >> can approximate the contents of the document even if s/he can't access >> it. That's why it's reported by AdAware. BTW, don't rely on AdAware, >> because they want to scare people that's why they detect many low risk >> items, and that's why the use techniques as described here: >> http://rootkit.com/newsread.php?newsid=471 >> > I certainly do not have DirectDraw; it does not exist as a program > anywhere on the hard drive! Robert, Direct Draw is part of DirectX, and DirectX (used for a/v content) is embedded in WinXP. Step One: Click Start, select Run Step Two: In the Run dialog box, type: dxdiag Step Three: Click Ok You should see the Direct Draw DLLs in the list of DirectX files. See this: DirectX Diagnostic Tool (http://www.updatexp.com/directx-diagnostic-tool.html) Ron :)
From: Phil Weldon on 6 Jun 2006 01:53
'Robert Baer' wrote: | I certainly do not have DirectDraw; it does not exist as a program | anywhere on the hard drive! _____ Yes, you do have the three FUNCTIONS ( Direct Draw, Management Console, Windows Media SDK). The three are not programs, but rather functions of the operating system. The flags you got from Ad-Aware are advisory, not an indication of a vulnerability. That is why you found them listed under 'negligible objects'. Use 'Help' in Ad-Aware for the meaning of 'negligible objects': "Objects shown here are not considered to be a threat. They consist of MRU (Most Recently Used items) lists. These can be removed if the user desires." All 'Most Recently Used' entries are stored to allow functions like 'My Most Recent Documents'. This information is available only to someone logged on to your computer account or to an account with administrator privledges. Use Google to obtain information about 'Direct Draw', 'Windows Management Console', and 'Windows Media SDK'. Phil Weldon "Robert Baer" <robertbaer(a)earthlink.net> wrote in message news:RK7hg.2060$lp.1320(a)newsread3.news.pas.earthlink.net... .. | I certainly do not have DirectDraw; it does not exist as a program | anywhere on the hard drive! |