Bay 12 Games Forum

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1] 2

Author Topic: Facepalm for Microsoft  (Read 3135 times)

¿

  • Bay Watcher
    • View Profile
Facepalm for Microsoft
« on: April 24, 2009, 05:23:27 pm »

Windows 7 has an "unfixable" security hole. Or at least they claim it's unfixable. If it is though, residential customers don't even have to worry as the hacker would need to be physically at their computer. Business clients however may just decide to keep using XP.

Discuss windows, microsoft, windows 7, and fail.
Logged

qwertyuiopas

  • Bay Watcher
  • Photoshop is for elves who cannot use MSPaint.
    • View Profile
    • uristqwerty.ca, my current (barren) site.
Re: Facepalm for Microsoft
« Reply #1 on: April 24, 2009, 05:48:00 pm »

I think I heard somewhere(Xkcd windows 7 comic thread, I think) that wondows 7 used vista's kernel.

I'm sticking with XP too.
Logged
Eh?
Eh!

G-Flex

  • Bay Watcher
    • View Profile
Re: Facepalm for Microsoft
« Reply #2 on: April 24, 2009, 10:45:54 pm »

It doesn't "use vista's kernel" any more than Vista uses XP's kernel, as far as I know. I'm not sure what the development is like on it, but it sure isn't identical, to say the least.
Logged
There are 2 types of people in the world: Those who understand hexadecimal, and those who don't.
Visit the #Bay12Games IRC channel on NewNet
== Human Renovation: My Deus Ex mod/fan patch (v1.30, updated 5/31/2012) ==

Tormy

  • Bay Watcher
  • I shall not pass?
    • View Profile
Re: Facepalm for Microsoft
« Reply #3 on: April 25, 2009, 05:36:29 am »

"The one fairly big drawback to the hack, however, and upside for most users, is that it can't be performed remotely, so it'll likely only be a significant concern for businesses or other folks using computers in public places."

Well, some good news at least..anyways, if it's really "unfixable"..... I am speechless in that case... :o
Logged

Yanlin

  • Bay Watcher
  • Legendary comedian.
    • View Profile
Re: Facepalm for Microsoft
« Reply #4 on: April 25, 2009, 06:40:23 am »

You'd think it would be as simple as simply... NOT ALLOWING FILES TO DO THAT?!
Logged
WE NEED A SLOGAN!

qwertyuiopas

  • Bay Watcher
  • Photoshop is for elves who cannot use MSPaint.
    • View Profile
    • uristqwerty.ca, my current (barren) site.
Re: Facepalm for Microsoft
« Reply #5 on: April 25, 2009, 07:43:54 am »

It sounds like a BIOS or hardware issue, where the computer would load it off a disk and then it would load the OS while inserting it's exploits.
Logged
Eh?
Eh!

RAM

  • Bay Watcher
    • View Profile
Re: Facepalm for Microsoft
« Reply #6 on: April 25, 2009, 08:24:06 am »

It probably is fixable, but not without compromising the integrity of the copy protection...
Logged
Vote (1) for the Urist scale!
I shall be eternally happy. I shall be able to construct elf hunting giant mecha. Which can pour magma.
Urist has been forced to use a friend as fertilizer lately.
Read the First Post!

G-Flex

  • Bay Watcher
    • View Profile
Re: Facepalm for Microsoft
« Reply #7 on: April 25, 2009, 11:36:47 am »

You'd think it would be as simple as simply... NOT ALLOWING FILES TO DO THAT?!

It seems like this doesn't involve booting Windows at all, so... yeah.
Logged
There are 2 types of people in the world: Those who understand hexadecimal, and those who don't.
Visit the #Bay12Games IRC channel on NewNet
== Human Renovation: My Deus Ex mod/fan patch (v1.30, updated 5/31/2012) ==

Yanlin

  • Bay Watcher
  • Legendary comedian.
    • View Profile
Re: Facepalm for Microsoft
« Reply #8 on: April 25, 2009, 11:57:19 am »

Don't common AV programs make sure these kind of stuff can't do that? As in, stuff can't just put itself on the boot or whatever. I know Avast! does.

Then again, it's just a click confirmation. Like they said, it can't be done remotely. So crisis averted. XP is still quite good. Offices don't need to upgrade. It's us gamers and shite that need to upgrade.
Logged
WE NEED A SLOGAN!

umiman

  • Bay Watcher
  • Voice Fetishist
    • View Profile
Re: Facepalm for Microsoft
« Reply #9 on: April 25, 2009, 01:29:59 pm »

Yeah, why are you guys so worried? Do you live with people constantly attempting to change your passwords and steal your data? This can't be done remotely and really isn't a cause of concern for casual users.

Quote
> "I find it very scary, and if you would know what you're talking about so would you, unless you use your PCs just to play Doom of course."

I'm fairly certain that you don't actually understand the nature of the attack. It certainly has concerns, but is not outright scary. Assuming a semblance to the vbootkit I can guess at the process this employs. It requires the computer to boot off of removable media (CD-ROM, USB, etc), at which point the program reads the master boot record and begins launching the OS, while it is still running. In many ways it is similar to a hypervisor, executing at a layer below the OS. It then modifies files the OS loads into memory, so that compromised code can be executed within the context of the OS.

Now this certainly has concerning implications. I suspect it can actually be detected in a similar manner that the Bluepill exploit is detected (look for operations that take too many clock cycles because something else is executing), but the OS is not in a position to do this. If the system is compromised before your own code executes, there is no way to regain integrity at that point. Pre-boot integrity controls are the only feasible countermeasure. Why this is labeled a Windows 7 hack is confusing, since it actually targets the weak integrity checks prior to OS code running (yes, the payload is OS specific, but the attack is not).

Now, why this isn't scary- this attack requires the boot process to be physically compromised. The attack code must execute prior to the bootloader, which means it needs to execute off of removable media and requires physical access. If a person simply maintained their boot order to load from hard disk first, and password protected their BIOS so that the boot order couldn't be changed this isn't going to be even a driveby attack (though overloading the keyboard buffer does work on some machines, to bypass the password most machines are going to require the person to take the case off and reset the cmos via jumper or pulling the battery- neither are going to be quick drive by attacks at a company). Really, it is easy to restrict this to people who have flat out stolen a machine. The open question I have is whether increased boot integrity controls (TPM for example) mitigate this attack.

By the way, the whitepaper for the original v1 attack is here: http://www.nvlabs.in/uploads/projects/vbootkit/vbootkit_nitin_vipin_whitepaper.pdf

qwertyuiopas

  • Bay Watcher
  • Photoshop is for elves who cannot use MSPaint.
    • View Profile
    • uristqwerty.ca, my current (barren) site.
Re: Facepalm for Microsoft
« Reply #10 on: April 25, 2009, 04:25:22 pm »

Don't common AV programs make sure these kind of stuff can't do that? As in, stuff can't just put itself on the boot or whatever. I know Avast! does.

Then again, it's just a click confirmation. Like they said, it can't be done remotely. So crisis averted. XP is still quite good. Offices don't need to upgrade. It's us gamers and shite that need to upgrade.

The issue is that it does NOT put itself in boot or whatever.
It forces it's way i without ever being on your drive before windows even can know it's there then takes control of windows.

I don't know for sure, but I think that you can compare it to an emulator.
The game doesn't know the diffrence and can't do a thing about it, and you don't have to change a ROM to run it on an emulator.

Of course, it isn't an emulator, but something in the vista/win7 boot process leaves a gap where it can take over somehow without windows noticing and without leaving a trace when the computer is shut down.
Logged
Eh?
Eh!

Maggarg - Eater of chicke

  • Bay Watcher
  • His Maleficent Magnificence of Nur
    • View Profile
Re: Facepalm for Microsoft
« Reply #11 on: April 26, 2009, 06:35:40 am »

Faicplam.
Logged
...I keep searching for my family's raw files, for modding them.

Tormy

  • Bay Watcher
  • I shall not pass?
    • View Profile
Re: Facepalm for Microsoft
« Reply #12 on: April 26, 2009, 07:25:32 am »

Yeah, why are you guys so worried?

I am not worried actually...I will surely stick to my Vlited x64 Vista. It's faster than XP and very stable. I've installed it 1 year ago, and never ever had any problems with it.
Logged

Yanlin

  • Bay Watcher
  • Legendary comedian.
    • View Profile
Re: Facepalm for Microsoft
« Reply #13 on: April 27, 2009, 01:18:15 pm »

Logged
WE NEED A SLOGAN!

Zaranthan

  • Bay Watcher
  • Plump Helmet Smelter
    • View Profile
Re: Facepalm for Microsoft
« Reply #14 on: April 28, 2009, 01:09:08 pm »

Wait, people are worried because you can boot from removable media? How can any software PREVENT that? It's pretty much a given that if you have physical access to a machine, it's yours (not in the legal property sense, more in the "you are able to do whatever you want to it" sense).
Logged
Quote from: Howard, Nerf This, by Scott D. Ferguson
Villains sleep with hookers, heroes sleep with destiny.
Pages: [1] 2