Check or Attack Name: Posix Enabled

The POSIX subsystem is enabled. Enabling the POSIX subsystem can subject a host to Trojan Horse attacks, since it is possible to create a file with a lowercase name that will be detected in a search prior to a file with an uppercase name.

Change the registry to remove access to the POSIX subsystem and remove the file that controls the POSIX subsystem.

WARNING: Incorrectly using Registry Editor may cause severe and irreparable damage and may require you to reinstall your operating system. Internet Security Systems cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

To remove the POSIX subsystem from Windows NT, follow these steps:

1. Open Registry Editor. From the Windows NT Start menu, select Run, type regedt32, and click OK.
2. Go to the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems key.
3. Locate the Posix value.
4. Write down the file name that is referenced by the value's data.
5. Delete the registry value.

To remove the files associated with the POSIX subsystem, follow these steps:

1. Open Windows NT Explorer or My Computer.
2. Using the path and file name you noted in step 4 above, delete the file that used to be referenced by the registry.

Microsoft Knowledge Base Article Q101270, Disabling the POSIX Subsystem, http://support.microsoft.com/support/kb/articles/q101/2/70.asp