Guest void.no.spam.com@gmail.com Posted July 9, 2007 Posted July 9, 2007 I read that the registry key SafeDllSearchMode was introduced in Windows 2000 SP3. It improves security by searching in the system directories for DLLs before searching in the current directory. But it was disabled by default in all versions of Windows until Windows XP SP2 because it could potentially break existing applications. Does anyone know what applications will break if you enable it?
Guest Kelly Posted July 9, 2007 Posted July 9, 2007 Re: Is it OK to enable SafeDllSearchMode? Is my Windows XP and Windows 2003 vulnerable since I do not see the SafeDllSearchMode registry key? No. On Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003 and Windows Server 2003 Service Pack1 SafeDllSearchMode is set to 1 by default within the operating system code and is therefore not vulnerable. Adding the registry key with a value other than 1 will change the default configuration. For more information about SafeDllSearchMode configuration options please read following MSDN article. http://msdn2.microsoft.com/en-us/library/ms682586.aspx -- All the Best, Kelly (MS-MVP/DTS&XP) Taskbar Repair Tool Plus! http://www.kellys-korner-xp.com/taskbarplus!.htm <void.no.spam.com@gmail.com> wrote in message news:1183991869.120092.19370@c77g2000hse.googlegroups.com... >I read that the registry key SafeDllSearchMode was introduced in > Windows 2000 SP3. It improves security by searching in the system > directories for DLLs before searching in the current directory. But > it was disabled by default in all versions of Windows until Windows XP > SP2 because it could potentially break existing applications. Does > anyone know what applications will break if you enable it? >
Guest nobuyout@gmail.com Posted July 9, 2007 Posted July 9, 2007 Re: Is it OK to enable SafeDllSearchMode? On Jul 9, 12:52 pm, "Kelly" <k...@mvps.org> wrote: > Is my Windows XP and Windows 2003 vulnerable since I do not see the > SafeDllSearchMode registry key? > > No. On Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server > 2003 and Windows Server 2003 Service Pack1 SafeDllSearchMode is set to 1 by > default within the operating system code and is therefore not vulnerable. > Adding the registry key with a value other than 1 will change the default > configuration. For more information about SafeDllSearchMode configuration > options please read following MSDN article. > > http://msdn2.microsoft.com/en-us/library/ms682586.aspx I am running Windows 2000, so my original question stands.
Guest void.no.spam.com@gmail.com Posted July 9, 2007 Posted July 9, 2007 Re: Is it OK to enable SafeDllSearchMode? On Jul 9, 12:52 pm, "Kelly" <k...@mvps.org> wrote: > Is my Windows XP and Windows 2003 vulnerable since I do not see the > SafeDllSearchMode registry key? > > No. On Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server > 2003 and Windows Server 2003 Service Pack1 SafeDllSearchMode is set to 1 by > default within the operating system code and is therefore not vulnerable. > Adding the registry key with a value other than 1 will change the default > configuration. For more information about SafeDllSearchMode configuration > options please read following MSDN article. > > http://msdn2.microsoft.com/en-us/library/ms682586.aspx I am running Windows 2000, so my original question stands.
Guest Gary S. Terhune Posted July 9, 2007 Posted July 9, 2007 Re: Is it OK to enable SafeDllSearchMode? Did you read this? http://support.microsoft.com/kb/306850/en-us (You might get better answers if you post to a WIn2000 newsgroup.) -- Gary S. Terhune MS-MVP Shell/User http://www.grystmill.com <nobuyout@gmail.com> wrote in message news:1184001585.494249.306330@57g2000hsv.googlegroups.com... > On Jul 9, 12:52 pm, "Kelly" <k...@mvps.org> wrote: >> Is my Windows XP and Windows 2003 vulnerable since I do not see the >> SafeDllSearchMode registry key? >> >> No. On Windows XP Service Pack 1, Windows XP Service Pack 2, Windows >> Server >> 2003 and Windows Server 2003 Service Pack1 SafeDllSearchMode is set to 1 >> by >> default within the operating system code and is therefore not vulnerable. >> Adding the registry key with a value other than 1 will change the default >> configuration. For more information about SafeDllSearchMode configuration >> options please read following MSDN article. >> >> http://msdn2.microsoft.com/en-us/library/ms682586.aspx > > I am running Windows 2000, so my original question stands. >
Guest Gary Smith Posted July 10, 2007 Posted July 10, 2007 Re: Is it OK to enable SafeDllSearchMode? In microsoft.public.win2000.general void.no.spam.com@gmail.com <void.no.spam.com@gmail.com> wrote: > I read that the registry key SafeDllSearchMode was introduced in > Windows 2000 SP3. It improves security by searching in the system > directories for DLLs before searching in the current directory. But > it was disabled by default in all versions of Windows until Windows XP > SP2 because it could potentially break existing applications. Does > anyone know what applications will break if you enable it? Assuming that I'm reading Knowledge Base article 306850 correctly -- and that's a big assumption because it's VERY badly written -- no reasonable appplication could be affected. The alleged security improvement is also pretty far-fetched, although the performance issue is plausible. There's no way to tell what applications might be affected except to try it and see if anything complains about being unable to find DLLs. I've made the registry change on my system just for the heck of it. We'll see what happens. -- Gary L. Smith Columbus, Ohio
Guest void.no.spam.com@gmail.com Posted July 10, 2007 Posted July 10, 2007 Re: Is it OK to enable SafeDllSearchMode? On Jul 9, 8:13 pm, Gary Smith <bitbuc...@example.com> wrote: > Assuming that I'm reading Knowledge Base article 306850 correctly -- and > that's a big assumption because it's VERY badly written -- no reasonable > appplication could be affected. The alleged security improvement is also > pretty far-fetched, although the performance issue is plausible. There's > no way to tell what applications might be affected except to try it and > see if anything complains about being unable to find DLLs. I've made the > registry change on my system just for the heck of it. We'll see what > happens. That article appears to describe a specific situation that requires the SafeDllSearchMode key to be enabled. From what I've read, the main reason to enable that key is for security, not performance. A better description is available here: http://www.microsoft.com/technet/security/prodtech/windows2000/win2khg/05sconfg.mspx "The fact that the current working directory is searched before the system directories can be used by someone with access to the file system to cause a program launched by a user to load a spoofed DLL. If a user launches a program by double-clicking a document, the current working directory is actually the location of the document. If a DLL in that directory has the same name as a system DLL in that location will then be loaded instead of the system DLL. This attack vector was actually used by the Nimda virus. To combat this, a new setting was created in Service Pack 3, which moves the current working directory to after the system directories in the search order. To avoid application compatibility issues, however, this switch was not turned on by default." And if an application does break with the enabling of that key, the error may not be an inability to find a DLL. See one scenario mentioned here: http://books.google.com/books?id=yZX2uAoAagwC&pg=PA381&lpg=PA381&dq=safedllsearchmode+sfc&source=web&ots=GR5YBhr-gG&sig=djOngoYEjBE1kxAjLLD25rxjuyQ Besides claiming that breakage is low (which might be true for him, but I'm sure I run some applications that he doesn't), the author says that SQL 2000 loaded SFC.dll (Starfighter Foundation Classes) from its working directory, but after enabling SafeDllSearchMode, it incorrectly loaded SFC.dll (system file checker) from the system directory. He also mentions that Outlook 2000 add-ins will break if the key is enabled. More subtle problems could occur too: http://www.microsoft.com/technet/security/guidance/serversecurity/tcg/tcgch10n.mspx "Applications will be forced to search for DLLs in the system path first. For applications that require unique versions of these DLLs that are included with the application, this entry could cause performance or stability problems." It's those potential subtle problems that worry me. And what about tools such as PartitionMagic? You can't really test those to see if they break. I probably won't enable it, and I'll just live with the security risk. One thing that might be helpful in determining whether an app might break or not is to see when the last update for it became available. If it was after August 2004 (the date that XP SP2 was released, in which the key became enabled by default), then the app is probably compatible with the enabling of the key. If it was before that date, then the app might not be compatible with it.
Guest Kelly Posted July 15, 2007 Posted July 15, 2007 Re: Is it OK to enable SafeDllSearchMode? How would I have known that? -- All the Best, Kelly (MS-MVP/DTS&XP) Taskbar Repair Tool Plus! http://www.kellys-korner-xp.com/taskbarplus!.htm <nobuyout@gmail.com> wrote in message news:1184001585.494249.306330@57g2000hsv.googlegroups.com... > On Jul 9, 12:52 pm, "Kelly" <k...@mvps.org> wrote: >> Is my Windows XP and Windows 2003 vulnerable since I do not see the >> SafeDllSearchMode registry key? >> >> No. On Windows XP Service Pack 1, Windows XP Service Pack 2, Windows >> Server >> 2003 and Windows Server 2003 Service Pack1 SafeDllSearchMode is set to 1 >> by >> default within the operating system code and is therefore not vulnerable. >> Adding the registry key with a value other than 1 will change the default >> configuration. For more information about SafeDllSearchMode configuration >> options please read following MSDN article. >> >> http://msdn2.microsoft.com/en-us/library/ms682586.aspx > > I am running Windows 2000, so my original question stands. >
Recommended Posts