Slashdot Mirror
Security Vulnerabilities Discovered in WinXP SP2
SoTuA writes "Few months after SP2 hit windowsupdate.com, Finjan Software reports that security flaws have been found in WinXP SP2, including malicous code execution without user intervention. Finjian has turned over the findings, along with proof-of-concept, to Microsoft."
Just upgrade to Windows XP SP2.
Oh... wait...
It was only a matter of time until a major vuneribility was found in SP2. I'm sure there will be others, but at least they are being found before they are taken advantage of.
waves his hand mysteriously and says "These are not the exploits you are looking for."
"Browsing a web page" can cause you to lose the machine to a malicious hacker.
What - they just discovered Gator?
_ _ _ Go for the eyes Boo! GO FOR THE EYES!
Security vulnerabilities in a 250MB update? Never would have guessed!
A fine is a tax you pay for doing wrong and a tax is a fine you pay for doing all right.
"Security vulnerability discovered in Windows" has become as common as "Britney Spears gets married".
At what point does a story become so routine that it no longer counts as news?
Technology, the cause of and solution to all of life's problems.
"I see you are looking for an exploit..."
from the article:
"By exploiting all vulnerabilities discovered in SP2 by Finjan, attackers can silently and remotely take over an SP2 machine when the user simply browses a Web page,"
gee... why am i not surprised that Internet Explorer once again introduces huge security problems?
in the meantime, a patch can be downloaded here
allthough i must admit... SP2 has had a good run... most of the recent security problems in XP/IE were non-issues in SP2. Too bad it couldn't last longer.
What they said: By exploiting all vulnerabilities discovered in SP2 by Finjan, attackers can silently and remotely take over an SP2 machine when the user simply browses a Web page"
What they meant: By exploiting all vulnerabilities discovered in SP2 by Finjan, attackers can silently and remotely take over an SP2 machine when the user simply browses a Web page with Internet Explorer
Using these vulnerabilities to shill it's products.
This isn't to say that the vulnerabilities aren't real, they might be.
But this is a marketing ploy for Finjan
It's that time of the month already?
I tend to find that extremely competent programmers, with a lot of experience, tend to make nearly bug-free software...
:), the vast majority of programmers out there simply suck, bad. Judging by most faults I've seen, and despite what so many people say: MS programmers suck.
Unfortunatly (or fortunatly for some of us
...to express my suprise and dismay at this unprecedented event.
:-)
*re-reads story*
Oh, *this* counts as news?
I say companies can make a good name for themselves dealing with M$ and patches, and then use his name to consult security to companies.
but M$ will start thier own company, find thier own holes, and consult security out...
erm... shiiiiiit you know they will do this, or already have!!!
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
Yeah, and of course we all criticize MS for releasing buggy software. The counter-argument always that of course MS can't fix every single bug. Supporting that, people point to vulnerabilities in apache, mysql, etc.
The problem with the latter is that most Linux-based software is open-source, nonfunded. Whereas Microsoft is the largest business this side of Alpha Centauri.
I'd like to say pshaw, no big deal, but the amount and severity of MS bugs/exploits is deplorable considering that Windows is the flagship product of one the largest corporations in the world. Stop entering new markets and release a stable, secure product in the next millenium please.
Flame on.
P.S. I'm going to establish a charity for those who believe using a dollar sign in Microsofts name does anything other than diminish one's argument.
-- I have fans? Wow.
Finjan is not a disinterested party, since it is selling security solutions to the home and enterprise markets, and it profits by being the first --- and so far --- only source to make the claim.
I hate to rant, but this type of poor security checking is pathetic. Surely they should have known that all they would have needed to do was check the evil bit on the remote transfers to see if the data was safe or not. Someone in the OS community would have done this.
You do have to hand it to Microsoft though, the code is very easy to implement and quite elegant if you ask me.
I don't think MS developers suck; as a matter of fact, if anyone can afford to hire the best, it's Microsoft.
Microsofts' software issues came by design. Too many features, too many pieces of code interfacing with each other, endless hacks and patches (most of them to ensure backwards compatibility), and, as most major software producers expect, usually rushed deadlines. It's just bound to happen. Every soft has bugs, but Microsoft doesn't seem able to catch a break.
The more complex the plumbing, the easier it is to stop up the works!
My rights don't need management.
I believe that with Linux's usability improving each and every year, and Mac OS X's increasing appeal to computer users, sooner or later, Microsoft will be in deep trouble. No OS is completely secure, but Linux and Mac OS X doesn't suffer from the one main problem that faces Windows security: the integration of web browsers (Internet Exploder), media players (Windows Media Player), and e-mail clients (Outlook Express). Windows has a lot of other security issues too, due to huge amounts of legacy code, a horrible system of user management (why must a user be logged in as Administrator to play a game?), insecure services running, and more.
Windows needs a rewrite. The kernel is fine, but there should be a new set of APIs (get rid of legacy stuff), a better command line (with the option of booting into it), disintegration of IE, WMA, and OE (make them separate programs that can be uninstalled), better user management (similar to Unix's user management), and finally, a secure "blue box" that runs "classic" Win32 and Win16 programs (similar to Mac OS X's classic mode). If Microsoft does this, they'll finally have a secure and stable OS, and who knows, I might even recommend Windows to users. But until then, I'm sticking with FreeBSD.
I say prove it. Show me a list of ten non-trivial programs in widespread use that have never reported a significant bug. To make the problem realistic, let's assume that the programmers operated under significant constraints of time and money.
It has become as predictable as day-break.
Great! I get my Windows problems solved and there is no more sun!!!
Oh... wait...
Get your Unix fortune now!
They should learn from the Duke Development Team... Don't send anything out until you're absolutely, positively, unwaveringly sure that there's nothing that needs fixin'...
And neither do you!
http://os.amiga.com/
Whereas Microsoft is the largest business this side of Alpha Centauri.
2 -fortune-500-list_x.htm
Hardly. Walgreens is "bigger" than MSFT, based on year 2003 revenue.
http://www.usatoday.com/money/companies/2004-03-2
Wal-Mart's revenue is 8x larger than MSFT's.
IBM's is 2.75x larger, HP's is 2.24x larger. AT&T's revenue is US$2.4B larger than MSFT's.
"I don't know, therefore Aliens" Wafflebox1
Finjan are a dodgy company, and always overhype securtiy "vulnerabilities" such as "a user is able to downloan an .exe and run it, thanks to Windows".. etc.
Its funny, not long ago their site was vulnerable to an old cold fusion exploit. I didnt do anything about it, 'cause frankly they are a two bit company and there seemed no point.
Believe me, when the details of this "exploit" are revealed, it will be pretty pathetic.
I.O.U One Sig.
This is almost as surprising as the revelation that, in fact, combat operations do NOT seem to be over in Iraq. What gives???
"Stop throwing the Constitution in my face, it's just a goddamned piece of paper!" - George W. Bush Nov. 2005
I have to hand it to Microsoft. I remember all those virus hoaxes I used to get in my email. "Don't even open this email or you'll get a virus!" Don't look at this image, or your machine will get hacked!" "Don't visit this web page, or your drive will get formatted!" And I used to think, "Gee, why *can't* I hose my machine by doing those things? That sounds like it would be so cool to see!"
Well, thanks to Microsoft and their brilliant innovation, tireless effort, and boundless resources, they finally made all those mid-to-late-90s virus hoaxes a reality. I raise my glass to them.
I did some searching and discovered this:r +scarin g+up+business/2100-1002_3-5449269.html
http://news.com.com/Finjan+Warning+users+o
And this quote by the Finjan CEO pretty much sums up what I thought this was:
"By using Finjan's proactive security solutions...users can enjoy a secure environment that protects them from such vulnerabilities."
Its just a ploy to scare up buisness for this security company. But lets not jump to conclusions, those 10 errors may exist, but the truth is that this security company may not have followed the industry guidelines.
That is the key question, did Finjan give MS these errors 30 days ago like traditionally is done? If they did, then they have every right to publicize the problem, but if not, they are engaging in questionable buisness practices.
"Stuff that matters?"
Do I get my charity money now?
I find it disgusting that Microsoft has plans to sell anti-virus software to plug up the holes they stupidly left in their OS. Shouldn't developers be forced to make secure products?
If it's discovered my model of car has a set of brakes that have a chance of not working after a certain gear shift combination, the car company issues a recall - they don't tell everyone "oh it's not a big deal, if you want go to a mechanic and buy a new set of brakes."
We get patches for free (well kinda...after paying for the software) but they only seem to fix one problem *at best) for a hole found in the wild by people outside MS anyway. That doesn't even begin to cover spyware and viruses.
Granted that Linux might have more vulnerabilities if it had the user base of Windows, those vulnerabilities would be lessened because Linux (and *BSD) takes many security precautions that Windows doesn't by default. Such as not running as root (unless you are talking about Linspire).
Powered by caffeine and sugar; BSD
As far as you know.. We really wont know if somone has taken advantage of something 'secret', unless they either get caught, or boast about it..
THOSE are the scary ones..
---- Booth was a patriot ----
Oh, that would explain why Linux and BSDs are commonly found installed on servers, right?
Its an interseting dillema, because they very likely would _not_ be a $40bil if they didt release awfull software .
If they were to follow a very strict engineering process similar to what defense, nasa, and energy depts follow, their software would cost more then it already does, be years behind on "features", and make it very difficult to have the knee-jerk reactions to market desires it currently does.
I would argue that their success, aside from their edgy, sometimes illegal business practices, came from focussing more on UI and integration (or lock in depending on perspective) then on things people didnt understand at the time (security, stability, standards, interoperability, etc.).
Software has thus far been treated and behaved very differently from traditional engineering and manufacturing as there is no entity like UL (Underwriters Lab), FDA, FCC, DOT, etc. enforcing standrds of safety and allowing users to sue them for selling sub-par products. MS could move quick with a shoddy product and say they clicked "agree" on the EULA, security or stability be damned.
...but the amount and severity of MS bugs/exploits is deplorable considering that Windows is the flagship product of one the largest corporations in the world.
I'm not a fan nor a hater of Microsoft products (just hate their business practices), but for anyone to be surprised that an OS designed to be run for a single user in a non-networked environment loaded with legacy code to fully (and successfully) port to a multi-user, networked environment shows a lack of understanding about the increasing inertia software products have as they age. (That's not a swipe at the parent, but a comment about the public at large).
The point is, Microsoft is actually trapped by how large they are (!). To "fix" all these issues would require a complete re-write of Windows. But then if they re-write Windows, what they'd be selling the public is not the product that helped make them a mega-corp, but a new and untested one that is only trying to leverage the brand name. Ironically, there's a significant chance that if Microsoft wandered too far from their "flagship" product too quickly, they'd both alienate and lose their customers.
Hate to say it, but they need to take the slow, steady approach to these updates/repairs.
The real question is, will they still be able to change fast enough to stay viable.
Diplomacy is the art of saying, "Nice doggie!" until you can find a rock.
can afford to hire the best and not highering the best to save money go hand in hand. It would be fiscaly irespncable for microsoft not to look into saving money by hireing less qualified programers for certain tasks. Un fortunatly even a competant programer can open a hole when he recieves shotty code form somwere else. He/she may not be able to fix what they get to work with.
It is really very very simple. My Win XP machine has been totally 100% protected from virii, et al. I will let my secret out, which I have withheld from the whole world for years, and unlike the software companies selling protection software and services, I am going to give the solution away for free! Here goes... I NEVER LET MY WINTEL BOX ON THE INTERNET! I didn't have to listenup much to understand early on that my Mac did all the internet work I needed without the constant worry and hassle of the MS OS problems. Life is so simple this way.
I was just wondering if you saw the implicit contradiction in your statements.
and
I'm going to establish a charity for those who believe using a dollar sign in Microsofts name does anything other than diminish one's argument.
Your whole post drives at the point that Microsoft is in the business of making money and not making good software, yet you come along and decry those who would say the same thing in a much more concise form, "M$".
< Mode flaming = "off" >
-- The morphemes of your disquisition are ascertainable, but they have eschewed an ambit of transpicuous exposition.
I agree, even the best programmers are prone to making massive mistakes once in a while.
I was once working with one of the best, if not the best, programmer I have known. It was a few years back when XP was starting to make itself heard. We had an understanding boss at the time that was willing to give new ideas a try so we decided to try and pair program a particularly difficult bit of code.
Well it all seemed fine. When we were done we both looked at it and thought it was one of the nicest bits of code we had ever seen. It fair brought a tear to the eye. It passed every unit test we through at it. It passed normal systems testing. It even passed a full code review.
Two months later it brought a production server to its knees! It took us a month of sundays to figure out what was wrong as well. I understood at that point that software development is hard.
I used to have a better sig but it broke.
So how exposed is a Firefox user with javacsript enabled, running zonealarm, with a hardware stateful firewall/nat device?
I only use Windows for a particular printer driver, visio and a couple of games.
Just wondering how exposed I am when popping out to the web for a quick Doom hint..
Thank you! That struck a chord with me. It blows my mind how the OpenOffice.org suite (in particular OOo Writer) has painstakingly reproduced the frustration in using MS Word. Spelling "corrections" are automatically made, tables contents are automatically assigned different fonts and line spacing, and that bloody lightbulb keeps popping up like some Web ad.
And that splash screen when it starts up, subbornly staying on top and covering the other windows --is Sun *trying* to advertise how bloody long it takes to start up the program?
But you know what the clincher is? I bought the "OpenOffice.org 1.0 Resource Kit", a manual written by Solveig Haugland, and there was this fairly common feature (I forget which one --maybe inserting a static date as text?) that she COULDN'T FIGURE OUT how to do. She basically says, "So far we haven't figured out how to do this yet." This is from someone who's writing a manual for the software.
Good God, Sun, why don't you just get bought out by Microsoft already. Maybe it's time to take another look at AbiWord, see how they're doing on their tables support, and break out the GNOME libraries...
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
The sky is blue!
Film at 11!
Seriously... this is "news"?
Be a PATRIOT--because the only thing we have to fear is the lack thereof.
Whereas Microsoft is the largest business this side of Alpha Centauri.
It's a funny one, I give it to you. But for information sake, in the computer world (not Alpha Centauri), IBM and HP are at least two times larger than Microsoft.
"Such as not running as root (unless you are talking about Linspire)."
There you go - that's the problem. Think about why people do that.
I don't run windows as an admin by default. Nor do savvy users.
But neither do I open dubious attachments, enter the numeric password supplied in the email, and then run the executable.
There's no big difference between Linux/BSD and Windows NT/2K/XP in security, architecturally.
If you had an O/S that by default ran user programs in a sandbox - sound, graphics, write access to certain places only (or rollbackable), that would be more secure for most users.
That's what I did after feeling for the n'th time the problems you mention. AbiWord isn't perfect, but it loads in a fraction of a second and handles well about 99% of my MS-Word documents.
What's the problem with Star/OpenOffice taking so long to load, anyhow? Is it Java, or is it just badly written software?
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
"By exploiting all vulnerabilities discovered in SP2 by Finjan, attackers can silently and remotely take over an SP2 machine when the user simply browses a Web page..."
So if you're silly enough to surf with will administrator access, you can let someone else take over your machine. No mention if the exploits work as limited users... probably because they don't.
No mention of flaws in background services, but even if there were, what effect would they have with the firewall turned on?
Sounds like a simple enough fix to me: Create a limited user account for yourself and do your work there.
Use Evolution instead of Outlook? Bewa
Per its usual policy, Finjan has no plans to go public with details of the flaws until Microsoft has patches available for them
and
Our early analysis indicates that Finjan's claims are potentially misleading and possibly erroneous regarding the breadth and severity of the alleged vulnerabilities in Windows XP SP2
Why should people who are trying to help just get insulated? It's time to release the exploits to all of us after all, so that we can decide for ourselves who is making erroneous statements.
Microsoft, OTOH, is more like an economic black hole. Huge chunks of the revenue they collect just accumulates in their bank account. They don't seem to be able to figure out what to do with it, even though it's obvious that over the years they should have been investing more of it in improving the quality of their software.
Can you create limited accounts in XP Home?
Seriously, everything as large as 'windows' will have holes in it.
Its a fact of life, its time to stop blaming and start adusjsting how to minimize the risks.
Same goes for OSS stuff too, instead of worrying about 'what hole is next' lets figure out a ways that the holes will not really matter...
---- Booth was a patriot ----
Nobody expects MS to produce totally bug free code.
What we do expect is an operating system that does NOT allow the execution of programs or scripts supplied by an external source with high priviledges.
Thing with XP home is that there is no real scalable or tiered security levels like in 2k Pro, its either limited or administrator. Not sure about XP Pro's capabilities in that respect.
Our diversity is our strength
A flawed OS can only be pushed so far before patching becomes too painful.
now it seems viruses are being relaced to confound microsofts patch schedule, AND botnets are communicating. What will we see next.
Microsoft
...
McDonalds
Same out-of-the-factory quality, same style of customer base. Sure, sometimes the filliet-o-fish has maggots in, but hey. I'll have an OS that fries please.
Dear slashdot.
Why must you post these stories on the weekend? You have just ruined the saturday of the whole MS marketing department. Now everyone of them has to cancel their plans, log on slashdot and start making posts about how "no OS is secure" and "it is all the users' fault" and "these guys are just trying to scare up some business". And the ever favourite "if Linux was that popular it would have just as many security flaws".
Well that is their job and they do it well, but why must you force them to do it on the weekend? Why can't they be with their families. Even marketoids have lives (I hear).
Windows pocket pc 2003 was re-reitten from scratch, and it's shit.
a te)
As an example, by default is saves documents in volitile ram so you loose them when the battery goes flat.
It keeps applications running but can only display one at once and has no way to efficiently switch between them (menu/settings/memorytab/runningapplication/activ
It installs appliations in vram.
Basicly, it's crap.
If it were running linux I could make sure everything (except tmp) was stored on nvram and I could evens swapon to give me more ram if Iwanted to.
thank God the internet isn't a human right.
I found this url hidden in the source code, it says "Warez copy by warezhole.org". That's a security hole right?
I like muppets.
Firstly, the system created, default user in Windows XP is considered a "computer administrator." Trying to install many applications or games will fail if not logged in as a computer administrator.
.dll, .exe, etc. in the system. Then windows runs slow, sends spam, keylogs, crashes frequently, etc.
Secondly, I'm glad you're a savvy user, but the other 99% of the internet aren't so lucky. They're logged in as a computer administrator and could care less.
When logged in as a 'power user' or 'computer administrator' (which, again, will apply to almost any situation except for companies with smart IT depts.), a virus can overwrite and taint any
Saying that UNIX and NT security are architecturally equivelent is insanity. If I were logged into a UNIX workstation and opened a virus the worst that can happen is my home directory will get deleted. The system will remain stable and uncorruped because the virus doesn't have access to the rest of the system.
The main problem with Windows is that core system files can be compromised. A popup box telling a user to insert their windows cd to repair modified files isn't the proper way to fix that problem. And if you get that popup, don't even think of inserting your XP SP1 (or the original XP with no service pack) cd after upgrading to SP2!
I guess I'm done ranting for now...
Common sense is not so common.
Has anyone actually received a free iPod from any of the sheister snake oil peddlers that have cropped up recently? I probably know the answer to this but it never hurts to ask.
Windows apologists are really dumb, they are mentally not able to distinguish between "better" and "perfect".
Linux isn't perfect, but a lot more secure than Windows just like a 00's Volvo is a lot more safe than a 50's chevy.
...but I run FreeBSD! that excludes me from being a turd (or...is that Turd to you M$-basher-bashers).
Doesn't it seem logical to you that the biggest OS on the consumer market gets the most attention?
SURPRISE! SURPRISE! SURPRISE!
This is my sig. There are many like it but this one is mine.
"Tools">""Options">"OpenOffice.org">"General">"H elp Agent">"Activate" (uncheck the little box)
Simple, really.
Slashdot is my Mercer Box.
I must say that there is reason for Microsoft's operating system keeps breaking down...
Remember, IBM wanted make OS/2 bullet proof because OS market wasn't their main source of profit for the big blue. For a microsoft, it makes sense to have keep putting out the half rotten fish on the plate. If restaurant were right next hospital where owners of both restaurant and hospitals were good pals.
Operating system seldom has real reason for going from verion 1.x to 2.x, and usually companies don't charge for going from version x.1 to x.2(ie. um...patch or service pack - that's something companies put out for it's own good because they've messed up somehow), because innovations which requires entire facelift of the operating system does not happen that often. I would say from dos to windows95 were big milestone and from windows95 to windows 2000. Everything else should have been free...except bill needed more money to burn in his research lab(Whatever happened to Cairo?).
Also, there were unexpected positive side effect from putting out half rotten fish. Often people got problem with windowsblue screen of death or some clever - more or less obvious hack to the huge hole hackers often drove train through), which made microsoft in the public view(headline of lots of media)...got unexpected media coverage. Under the normal business circumstances, this kind of follies would have surly sent company dead in the water for good, but like someone else in the slashdot community porinted, that people just don't care about the security flow or the ever slowing down / memory hungry deranged monster operating system of today's era. Other side effect would be that OS had so much problem that tech support firms and microsoft support actually profit from taking tech support calls from its customer and companies who's often found working together to create stuffs which works with windows.
Bottome line is that microsoft is doing it in purpose so people can keep waiting for that perfect OS which will not break down under normal circumstances like just browsing the web and checking e-mail. That's all my dad does and why did his computer break down with error message the other day? i don't see my father's VCR or Radio stop working with blue screen of death!!!
Um..not to menstion that they must willfully bloat it's os with so much stuffs that eventually their friend intel will be able to happly sell new upcoming pentium 5 running at 6Ghz. First time I bought my ps, standard memory size was at 4MB. Today's standard memory size is something like 256MB and it's on it's way to becoming 512MB... I wonder if 4GB memroy will ever become standard on consumer pc....
Oktokie
PS: can someone tell me why my windows swap when I have 1GB of memory onboard and my windows 2000 things my 750MB or physical memory not being used isn't good for any use....so it goes and merrily creates 200-300MB of virtual memory. This is just too funny.
One big problem with running under a limited user account is that a lot of common Windows programs will not run under a limited users account. One such program is QuickBooks. This is even true with W2K.
hyperbole A figure of speech in which exaggeration is used for emphasis or effect, as in I could sleep for a year or This book weighs a ton. [Latin hyperbol, from Greek huperbol, excess, from huperballein, to exceed : huper, beyond; see hyper- + ballein, to throw; see gwel- in Indo-European Roots.]
Every Windows Update link to a bug report I've seen lately has included a plain English explanation of the bug and a thank you to those who reported it. I remain suspicious of alarmist reports published before Microsoft (or anyone else, for that matter) has had a reasonable chance to look at a potential problem.
LOL.
You think you can compare business by their revenue between markets?
You can't. The profit margins are completely different.
Last year, Walgreens had a profit margin of 3.6%. Microsoft had a profit margin of 21%. That's a 6-fold difference.
Microsoft has 37 times the cash on hand that Walgreens has.
IBM has a profit margin of 8%.
And so on. Sure there are bigger businesses than MSFT. But not very many richer ones. Get hte picture?
Where do people get the impresssion that application load time has anything to do with well/badly written software?
It's too bad there's not a free licensed version of a Linux system that can successfully be run on most personal computers with a Windows-like interface (idiot-proofing, in other words) and enhanced security. It would most definitely be a good system.
With the security there and the Windows interface there, what more could you ask for? Everything would be easy and compatible (though this suggests a whole new set of programs would spawn) and in working order. Maybe not 100% security, as suggested before, but close enough to keep potential harm away from the "Windows" system.
The huge cube advertisement for the article is for Microsoft...and the copy is:
"Windows XP Service Pack 2 can help. Download and evaluate it for free TODAY."
Right.
Linux is not Windows
Where do people get the impresssion that application load time has anything to do with well/badly written software?
:)
Because even though there are many ways to do something, generally speaking the better way is also the most efficient way.
Normally smaller, efficient, cleaner code tends to execute faster unless the task being performed includes extensive calculations. Exceptions exist of course, but we're talking about Star/Openoffice.
I think it's pretty reasonable to assume that if an application of this type were written efficiently it would load up much faster. However, even this statement is pure speculation since as far as I know no such application has ever been written.
"Everything you know is wrong. (And stupid.)"
Moderation Totals: Wrong=2, Stupid=3, Total=5.
[quote], but for anyone to be surprised that an OS designed to be run for a single user in a non-networked environment loaded with legacy code to fully (and successfully) port to a multi-user, networked environment shows a lack of understanding about the increasing inertia software products have as they age.[/quote] Windows 3x/9x/ME were single user OS's. They had network support. NT/2000/XP/2000 are also single user OS's. Terminal services allows the NT-based OS's to be multiple user OS's. Windows whether it be 9x or NT-based was never by design, a multi-user system. 9x has all kinds of 16-bit compatibility. NT and up has a 16-bit emulation subsystem and a Win32 layer. Windows 2000 SP3 and up has a registerable DLL known as slayerui.dll. It provides the user a GUI for compatibility layers to allow older apps to run. But that compatibility is optional. Plus NT-based OS's were designed for networking.
Bullshit. There's plenty of software that loads rapidly and operates terribly. The two are not connected.
I have. You can @gmail.com me with cbenard before the @ if you want me to email you video proof.
Also, here's my auction where I sold my free iPod.
If you want one, just follow the link in my sig. So if the "answer" that you knew was "yes", then you were correct!
Chris
How come we all know we should run pine as root to read our mail
s/should/shouldn't
"Long run is a misleading guide to current affairs. In the long run we are all dead." (John Maynard Keynes)
http://www.wired.com/news/mac/0,2125,64614,00.html
also... lots of staff at TechTV has recieved theirs, plus, if google "free ipod guide" you'll find plenty of websites desribing the process (w/ pictures)
P.S. I'm going to establish a charity for those who believe using a dollar sign in Microsofts name does anything other than diminish one's argument.
Will your charity establish that they truly do believe that and then bludgeon them to death?
If so, I'm in for a buck.
What's historically been Apple's ready cash v. market share/net profit/other measures?
Comparisons across industries are always dodgy but certainly Wal*Mart is a better choice than Walgreens. Wal*Mart effects the economies of nations, Walgreens effects the economies of counties.
Feeling so good natured I could drool
"To "fix" all these issues would require a complete re-write of Windows. But then if they re-write Windows, what they'd be selling the public is not the product that helped make them a mega-corp, but a new and untested one that is only trying to leverage the brand name."
But somehow Apple managed to do this very successfully. Go figure.
...then carefully remove as much Microsoft software from your machine as possible.
Start with MSIE and MS Outlook, then MS-Office (replace them with FireFox, ThunderBird and OpenOffice, respectively). Really dig in and make sure every trace of them has been removed, don't stop at believing what the MS uninstaller tells you about MS Outlook.
Don't offer any shares, even to the LAN (get people to dump stuff elsewhere on the LAN and you pick it up from there), connect to the minimum number of shares (zero if possible) and for the shortest reasonable time.
Run a good firewall.
Pray a lot.
One more option: if you have a modern Linux box around, throw LogicWave at WINE on that and see how far it gets. If it doesn't work outright, maybe you can hack up an interface to the actual analyser in WINE. That'd be a lot of effort for one workstation, but if you have 20 or so it might be worthwhile.
Got time? Spend some of it coding or testing
Is it Java, or is it just badly written software?
What's the difference?
*ducks*
NT's architecture used to be reasonably secure, when it was a blatant "spelling error compatible" ripoff of Digital Equipment Corporation's MICA derivative of VMS. However, once it fell into Microsoft's hands it left those glory days far, far behind it.
Got time? Spend some of it coding or testing
I agree too about OpenOffice features being so annoying. My gripe is the autosave feature, which prompts you each time to confirm the save - hence defeating the purpose of this feature.
Although, I'll say this in their favour, Open office is a brilliant Microsoft document *reader* - Abiword can't open half as much docuements and crashes easier.
I prefer to write all my documents in HTML anyways, so I don't need OpenOffice for writing documents.
Microsoft doesn't need to spend that money improving their software when they can use it obliterate competing products.
----
"Ours was a free culture. It is becoming much less so."-Lawrence Lessig
not running as root is just part of it. Even if you're not running as root, a virus can still trash your system or be used to proxy spam or attacks over the Internet.
The big difference with Windows is in the first stage, the infection. There are entire classes of security holes on Windows that don't exist on any other widely used operating system. Yes, any system can have a buffer overflow, but only Windows can suffer from a "cross zone attack", because only Windows tries to reconstruct the rights an object should have based only on its URL.
So, like what happens to the writers of the code when a vulnerability is found? Is it someting along the lines of 'oops, better luck next time' or do heads roll?
...
If I were logged into a UNIX workstation and opened a virus the worst that can happen is my home directory will get deleted.
.login that lets someone piggyback in any time you're logged in, install a rootkit, and replace your kernel with one that contains an invisible backdoor they use to do something like attack other systems...
No, the worst thing that could happen is that nothing in your home directory is obviously damaged, but a backdoor is created and hidden in your
What you mean to say is that there's another layer of security that has to be bypassed after your account is 0wned before the system is 0wned. It's harder to break in if you hav eto do it twice.
The REAL problem in Windows is that it's so much easier to get infected by a virus. On most platforms you're pretty much restricted to social engineering attacks... I mean, until Melissa hit the idea of a mail program that even included a mechanism for a message to run scripts as the local user was a bad joke...
NT's security architecture is at least as secure as standard UNIX's.
The NT kernel's design has all kinds of wonderful possibilities for building a secure OS around. I really wish Microsoft would do it.
The Win32 subsystem, however, is inherently insecure. And without the Win32 subsystem, NT is not a complete OS. Win32, includes not just the GUI but the equivalent of all the UNIX daemons and system services, and large parts of what in UNIX would be kernel modules. Take that out and you're left with less than the UNIX kernel.
If I were logged onto a NT workstation as a normal user and opened a virus the worst thing that can happen is my home directory will get deleted.
If you were logged on to an NT workstation as a normal user, first of all, you're more likely to be infected by a virus in the first place because the design of the Win32 subsystem practically invites them in. Secondly, there's a lot more opportunities for an application to boost security to Administrator or even LOCALSYSTEM: not only is the security model very complex, but you have to have all the rights any application you run is ever going to need. To top it all off, there's no hard "system call" interface between different security domains.
And UNIX has mechanisms to establish even stronger borders between protection domains. Even something as simple as chroot() provides a lot of protection, and there are UNIX systems with enhanced chroot()-like tools where it's possible for me to give you a shell account with root access and be confident that you can't compromise anything outside the hosted environment... or run a sniffer on my local LAN... and do it efficiently, without having to run a second copy of the kernel inside an emulator.
The technology world was not born with microsoft in its mouth. They did get there somehow and I dont think it was only through illegal and unethical business practices otherwise SCO would have been the monopoly.
I do agree with you that software can be built for security, stability, and interoperability. I don't think, however, that you can do that quickly _and_ have lots of bells and whistles _and_ be cheap.
Open source is not immune to this. The laws of scarcity still apply. We usually have the luxury of doing things right and not being driven by sales (unlike a business which _has_ to sell to survive).
POSIX and unix in general has had 30 years and huge R&D budgets and companies behind it (AT+T, IBM, XEROX, SUN, Bell, SGI, etc. etc.). MS started with DOS and a floppy and consumer grade equipment and market (and some R&D from IBM and Apple). Very different focusses and very different products.
I dont think the market is entirely ignorant in their decisions, either. When PCs first arrived the key obstacles were "user friendliness", design, and accessibility. These design criteria are often at odds with concepts like security and stability under the best of circumstances. When you face constraints of time and money (like a business does) those two classes are very much in conflict.
Now, fast forward 10 cycles of Moores Law and presto, you have a cheap piece of consumer grade equipment that can run POSIX code and an entrenched monopoly with a trained market and semi-disgruntled user acceptance.
I am not making excuses for MS and I have always refused to work with their crap, but I also am not ready to make excuses for the POSIX world and say that there is no reason why we face a battle in the market now.
to install all those things. Just install Windows, surf around like you normally would, and by the end of the week you'll have IRC, web, proxy and all sorts of servers running, with little or no user intervention. With other solutions, it can take weeks to set all that up!
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Golly. There's a security hole in a Microsoft product. Go figure. ... I mean, has that ever happened before?
*cough*
"[F]or anyone to be surprised that an OS designed to be run for a single user in a non-networked environment loaded with legacy code to fully (and successfully) port to a multi-user, networked environment shows a lack of understanding about the increasing inertia software products have as they age."
Amen, brother!
I mean, when was the last time we heard of some dusty old professor writing a toy OS for the edification of his students, only to have some graduate student study it for a bit, then get together with a bunch of pals and create one of the best OSes in the world?
*blink*
Crumb's Corollary: Never bring a knife to a bun fight.
So do I. Maybe Reactos?
Yes, Win32 IS insecure, to a point. Window station, desktop and job objects are securable objects that NT adds that can be used to partition Win32 into sandboxes. They just aren't used much.
Most built in services are written for the Win32 subsystem since the user mode service control manager's interface is part of win32, but several have only superficial dependencies. The SMB client and server come to mind.
I thought that the NT had more, not less things running in kernel mode. Nothing in kernel mode depends on win32, ever. The only thing related to win32 that runs in kernel mode is win32k.sys, the server part of win32. Nothing in the kernel depends on win32, or can even use win32. Moving win32 into kernel mode didn't change that.
What, specifically, in Windows is implemented as a user-mode win32 dependent service that would normally be a kernel module in UNIX?
Also, there is no such thing as THE UNIX kernel. There are UNIX kernels such as Linux or OpenBSD's kernel, but no one 'true' UNIX kernel.
Compared to Linux, the NT kernel and executive services (ntoskrnl.exe) do a couple of things that Linux doesn't: the Configuration Manager AKA the Registry; a database for configuration info, the extensible Object Manager (althought the VFS comes close), and a dedicated local proceduce call facility (you can use pipes under either, but only NT has LPC) If you include all the modules that run in kernel mode (besides win32), there is more: SMB: the client is in mrxsmb.sys and the server is in srv.sys, MUP (mup.sys), CD burning support (as a filesystem), audio processing, the mailslot filesystem (msfs.sys), the named pipe filesystem (npfs.sys), plus all the things you'd expect: filesystems, bus drivers, USB drivers, and network stuff.
Invites? How's that?
NT isn't any more vulnerable to privilege escilation than UNIX is. Just because the security model is complex, doesn't mean it is broken. It may be harder to use, but it also provides much granularity (if you use it). For the last part, I don't understand what you are trying to say; how is this different from any other security model? Define a user's permissions so that they can do everything they need to. ACLs can be changed, but you should be able to set them up once.
Sure there is. It's called the Native API. The only way to request services of the kernel is through the system call interrupt, and all those functions are exported by ntdll.dll. Win32k adds an extra function table, though; it exports the services that used to be in us
There's no big difference between Linux/BSD and Windows NT/2K/XP in security, architecturally.
Windows NT: Large complex API with security boundary crossings scattered throughout, mediated by the callee.
UNIX: Small simple API with security boundary crossings all at the system call interface, mediated by a uniform calling mechanism with basic boundary and argument validity checks performed in one place.
Windows NT: Finely grained rights system associated with the logged in user. A user must have all rights required for any operation all the time.
UNIX: Simple rights system associated with the user, or the application. Applications may be configured to automaticaly run with a different efective user ID, temporarily, to avoid having to grant a user all possible rights they may need.
Windows: Loose boundaries between applications and other components, libraries frequently have considerable state that can be shared between applications, even under different user IDs.
UNIX: Tight boundaries between applications, simple shared libraries that rarely maintain state out of sight of the application.
There are advantages to the Windows model. A lot of operations can be performed much more efficiently if there's no strong security boundary between components. The tradeoff is that applications come to depend on low overhead high performance communications channels.
A few years back, before Microsoft bought into Citrix technology, there was another Windows virtualization product called NTerprise. Under NTerprise, GDI calls were translated into X11 calls, with appropriate message bundling to provide decent performance. It was a lot more responsive than Citrix, and for most apps it was at least as fast over a local LAN. A few apps, however, performed very badly. Microsoft Project, for example, seemed to require a round-trip to the display for every cell, and repainted the entire page for just about any change... so you'd add a new deadline, and then sit back as the whole workspace was repainted, slowly, three times.
I recently upgraded a client site to WinXP SP2 with a Win2k3 server and they're quite upset at me for giving users non-administrative accounts.
They thought it was a great idea until they found out that many of their standard software packages (mostly financial) don't work properly with limited privileges *or* with "Run As..." and choosing an administrative account either.
- Michael T. Babcock (Yes, I blog)
Won't compile unless you're admin. I haven't even tried running 7.0 (2003) under normal user privileges - don't have the time to waste. MS is *hardly* spotless.
Just do "Help">"Help Agent" (there will be a check next to it, clicking it will disable it).
I've always been happy that it's been two clicks away for me to kill it (as opposed to my mother who actually likes the damn thing).
Microsoft OSes (and other software) hosts a horde of bugs. What's new? Slashdot is NEWS for nerds, stuff that matters. Bugs in Microsoft products... that's OLDs not NEWs.
There are lies, damned lies, and statistics.
Seriously, this wouldn't be news if it werent for the fact that the cash-entropy cost of Microsoft Windows is sucking the GNP of this country dry.
I know Windows costs *my* employer money bcause every time the expensive tool-chain that lets me work on our product jams-up against a windows issue, I lose my train of thought and waste ten minutes rebooting.
Might as well just at three weeks of paid vacation to my schedule and get us some shite that works. It'd make me happer too.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
Age of Mythology needs admin rights to start. Even power user won't cut it. The older Age* games also needed admin rights, and if Dungeon Seige is working in user mode, then it is the exception, not the rule.
Yet Socrates himself is particularly missed.
A lovely little thinker but a bugger when he's pissed.
Yep and then they wonder why they have such a big bill for you cleaning out the trash (worms) in their system32 folder!
This is my biggest complaint about MS and companies the develop software for MS that must run as admin.
Makes you wonder why and WHAT are they writing to the system files anyway.
...the Registry was and is a big hole, but as a peer-poster says, "big dobs of stupid". Lots of compromise architecting to make WOW work, etc.
VMS was (is) able to be secured to genuine high military levels with one configuration change. NT and children, with much work, can be certifiably secured only at the lowest levels and with ridiculous hardware configurations. The details in between are arguable, the results are not.
Similar story with MS SQL Server. Jim Gray from Digital Equipment Corporation (and I think the leaders at the Cotton Mill kind of lost the plot about 5 years before this) boosted a very lackluster corruption of Sybase to quite resonable performance, and it's been struggling to maintain that ever since. The wonder technology was not Microsoft's; their contribution was to ship it, including embedded, with a *NULL* administrator password and to leave FoxPro to whither on the vine.
Ditto again for MS Access - the wonder technology that made JET usable was bought from (with) Fox Software, not home grown. Despite leaving it to whither while they strapped and bolted evey turbo technology they could lay hand on to Access, despite an archaic underlying table format (a legacy of dBase compatibility) FoxPro still eats Access's lunch.
In each case, Microsoft took a good technology and tried to make it suck, with varying degrees of success.
Got time? Spend some of it coding or testing
P.S. I'm going to establish a charity for those who believe using a dollar sign in Microsofts name does anything other than diminish one's argument.
Well said. Point taken. But I'm still guilty. I just can't help it! {Takes a deep breat before trying} Micro...
Wait, wait. Let me try again.
Mirco........uuuuuughhh........aaaaaarrrrggggh.
I'm sorry, but that "$" is more addictive than nicotine.
"God is dead." - Frederik Nietzsche
"Win32 includes [...] large parts of what in UNIX would be kernel modules. Take that out and you're left with less than the UNIX kernel.
I thought that the NT had more, not less things running in kernel mode.
I'm not saying that NT components have dependencies on Win32 components, I'm saying that the division of responsibilities between applications, Win32 modules, and the NT kernel are such that where a UNIX application would make a system call to the kernel and back out, an NT application may end up with the same operation implemented in Win32.
One thing in particular that I believe is largely a Win32 construct is the application-visible filesystem forest. It's built from bits of the much larger NT namespace hierarchy.
Also, I'm not talking specifically about services, some of these components are almost certainly going to be implemented as ahared libraries. But here's a few services that would I believe would be kernel components in UNIX.
Plug and Play.
Server, Workstation.
HID Input service, et al.
there is no such thing as THE UNIX kernel.
That's a bit of a red herring. There are multiple implementations of the UNIX operating system, but with few exceptions they all (even most of the so-called microkernels) share the same basic design of a single process structure that switches between user and kernel mode using a common system-call interface, with a fairly small collection of fairly abstract system calls with comparatively tightly defined behaviour.
"the design of the Win32 subsystem practically invites them in."
Invites? How's that?
ActiveX, the MS HTML control, "security zones", the complex networking model, the low level APIs, the uncoordinated layering, the unvalidated context switches.
Just because the security model is complex, doesn't mean it is broken.
The complex security policy makes it much harder to keep it from being broken. This is true for UNIX as well: where security decisions are put in applications (either explicitly, with setuid/setgid, or implicitly because they're being performed by daemons on behalf of users) there tend to be more problems. The UNIX equivalent of these privilege-boosting attacks is applications running with more privileges than are really needed, such as mail or printing software running as root instead of a unique user-ID.
The difference is that I can go in and replace sendmail or lpd with a newer version, or with a different implementation. In Windows I still have to let people who want to be able to print write to the spool directory.
For the last part, I don't understand what you are trying to say; how is this different from any other security model?
In UNIX, I don't have to grant anyone any greater OS level privileges to allow them to print. They don't have to be able to write into a spool directory, instead the application they call to perform the operation is granted that right.
The only way to request services of the kernel is through the system call interrupt, and all those functions are exported by ntdll.dll.
I'm not talking about requesting services of the kernel explicitly, I'm talking about passing information in general between components (kernel or not) inside different security boundaries. Some of these security boundaries aren't even things the kernel is aware of, like the one between a web browser and the desktop. In UNIX there's a system call interface, and that interface knows the sizes and locations of everything that's passed to it. It's very simple, and in some areas there's more overhead than there is in Windows as a result, but the result is a system with few dar corners that are hard to understand.
In Windows there's some very high level and commonly used APIs that pass complex objects into the kernel and out again, where they get unpacked and referenced through (via shared memory or, unless I'm mistaken, via impersonation) back in user mode in a diffe
Apps cannot create under-the-table-magic communications pipes.
I wasn't suggesting they could. What I was talking about was the fact that the stuff that's passed THROUGH these pipes that Windows provides is far richer and exposes far more of the state of the objects on the far end.
it's the same way that RDP works.
As far as I know, RDP is based on Citrix technology. Citrix lets GDI write into a screen buffer and then transmits bitmaps (delta-ed and compressed, of course) of what's changed. NTerprise operated at the front end: the calls never hit a local screen buffer.
The difference is that NTerprise exposed the latency of the communications channel to the application, whereas Citrix hid it from the application (but exposed it to the user: what the user sees is no longer in sync with what the application thinks they see).
The result was that when an application performed lot of redundant lockstep operations, you got to see them happening. So you could see how applications came to depend on the high-performance low-latency communication channels that would be compromised if NT restricted them to UNIX's tightly controlled buffered stream.
Plug and Play is implemented in two parts: an executive service (in kernel mode) that communicates with drivers, enumerates busses and loads drivers for devices that are already installed, and a user mode service that installs new devices and communicates with other user mode processes, esp. the shell. Note that a device can be installed but not physically present; IE temporarily removed. See this page.
Server and Workstation actually mean SMB Server and SMB Workstation. Mostly all they do is load their kernel-mode counterpart (srv.sys and mrxsmb.sys, respectively) and provide some helper support. Last time I checked, Samba, both smbd and smbclient were user-mode, although smbfs is a kernel FSD.
The HID Input Service translates the special keys (like volume and internet) into actual events. Disable it and those keys won't work. I don't see why this should be in kernel mode.
Win32 has to use kernel syscalls to do things, too.
Win32 is an environment subsystem. It exists to provide an environment (and the services needed to implement it) that is different than the native environment (exported by ntdll). It is composed of two parts: 1. The client interface in the form of 4 main dlls: kernel32, gdi32, user32 and advapi. 2. The server, to arbitrate Win32 specific resources and implement proprietary communication; csrss.exe in winsrv.dll (win32k.sys post NT4). NT does not provide graphical output functions, so Win32 contains GDI. NT does not provide a window manager, so Win32 contains USER.
Other than communicating with the Win32 server, the Win32 client libraries exist to repackage requests so they can be understood by the kernel.
Let's say you open "C:\file.txt" using Win32's OpenFile from kernel32.dll. The kernel has no concept of drive letters, so Win32 maintains a directory in the Object Manager of symbolic links connecting those letters to actual devices. kernel32.dll will append it to the beginning of the requested path, producing "\DosDevices\C:\file.txt" and then make the syscall NtOpenFile in ntdll. Win32 is not involved at all past this point until it returns. The IO Manger asks the Object Manager to resolve the path. The ObjMgr figures out that \DosDevices\C: is a symbolic link to \Device\HarddiskVolume1, a device object and passes the rest of the path "\file.txt" to the IO Mgr with an open IRP.
ws2_32.dll repackages socket open requests as a file operation to a protocol device such as \Device\Tcp.
Win32 named objects just get "\BaseNamedObjects" appended in the front of them.
A display driver talks to its port driver with a device object such as \Device\Video0.
Anyways, Win32 may provide the interfaces your application uses, but most of those services are actually provided by the kernel, once translated from Win32.
Note that no application is required to use Win32: you can certainly make syscalls directly. You could dispatch NtOpenFile for \Device\HarddiskVolume1\file.txt directly. You can even set your subsystem type in the PE header to 'native', which prevents any use of Win32.
Win32 has to use kernel syscalls to do things, too. Win32 is an environment subsystem. It exists to provide an environment (and the services needed to implement it) that is different than the native environment...
/usr/share/man/man2 (the usual way of counting) that includes multiple entries for most system calls... exec(), for example, is one system call but 8 entries. On Linux I've also seen things in section 2 because they've traditionally been there, after they've been made library routines.
/tmp; this is just a specialized temp directory.
/tmp or /usr/tmp instead of $TEMP (or the local equivalent) have to be ported.
By Win32 I mean everything that a Windows application calls or passes control to that isn't in the kernel.
Yes, I know it has to use kernel system calls to perform I/O and IPC and so on. It still maintains shared state that can lead to security violations if it's corrupted, so that internal state has to be considered part of the trust boundary.
Server and Workstation actually mean SMB Server and SMB Workstation.
The corresponding components in UNIX include the native UNIX network file systems as well as Samba: Most UNIX systems only use Samba for compatibility with Windows... like a kind of FTP, they use NFS (or occasionally RFS or AFS) to communicate with their peers. Apart from older Linux systems NFS is a kernel component.
Something like the mass of shared memory blocks and pipes that X uses?
X is commonly used on UNIX, but it's not really part of the OS. You can easily install a UNIX system with no X servers or even clients, and it works just as well as one with. My free UNIX of choice doesn't even have X in the basic install, it's an optional component.
Also, the shared memory extension to X is a performance enhancement. X will run over any communication channel that provides a single reliable buffered stream.
XP SP2 has 285 syscalls. Linux 2.6.7 has 268.
Linux is a particularly profligate implementation of UNIX, yes, but I suspect that count's significantly inflated. If it's based on listing the number of files in
If you were to count Windows XP system calls the same way they'd number in the thousands.
It's not about overhead, but about compatibility. Too many programs broke because they didn't know how to communicate with other sessions correctly.
It's all part of the same distinction. If your communication is over a buffered stream, you don't need to know what's at the other end.
Users are allowed to CREATE files only and the creator of a file has full access. [...] It's like giving a user access to
Except it's a specialised temp directory that's on the same filesystem as things that get very unhappy if they can't create files... and the temp directory on UNIX (which I usually set up as a separate filesystem) is an acknowledged historical dreg. There's UNIX systems with no writable shared temp, apps that write to
How are pipes on NT any different than pipes on UNIX? How is shared memory on NT any different than shared memory on UNIX?
Don't know about the pipes, but the difference in the shared memory is that interprocess-shared memory on UNIX is a scarce resource that's used reluctantly, usually within the same security domain. There's historical reasons for this, but sharing memory with a potentially hostile application is not something that's commonly done. The extra copies, as noted, produce some overhead that doesn't exist on NT, which is why there's optimizations like the shared memory extension in X.
From the docs for lsof, there seems to be an awefully large quantity of object types... 66?
Depends on the platform. These are internal object types, anyway... the distinctions between them aren't generally visible outside the kernel unless the application goes out of its way to figure them out.
The UNIX
This definition is over-reaching. There are user mode processes that do not depend on or are even aware of Win32. How about the Session Manager (init process)? It does not depend on Win32, does not run in kernel mode, and yet provides services from the "\SmApiPort" LPC port. What about other intrinisic subsystems like the Security Accounts Manager, the Local Security Authority, the Event Log, and user mode Plug & Play? There are many other services that use Win32 only for the service control interface, maintained by services.exe and the Win32 library interface. They don't care about the Win32 server's internal state, and so cannot be corrupted from it. These are services that have zero windows, the only Win32 specific message destination; they only link to advapi.dll and kernel32.dll, whose functions are handled by the kernel, not the Win32 server. In fact, according to Microsoft guidelines services are never supposed to create windows, exactly because it could be a security problem.
Since the Win32 server is a trusted component, taking control of it would mean control of the system.
Are you saying that corruption of Win32's state is unavoidable due to its design, or that Win32 adds too much attack area?
Looking through \BaseNamedObjects, there are exactly 0 shared memory "section" objects that are world-writable. There are 5 that only me personally can read and write to, 3 accessable to SYSTEM and Administrators, and several read-only to everyone. (excluding the sections made by Cygwin; insecure sections made by it to maintain state are a long-known problem) It's possible that there are some insecure sections that are being duplicated among processes (I doubt it as shared objects almost always have names, so they can be found easily: some process has to personally duplicate a handle for you otherwise), but I'm not about to check every unnamed section; perfmon tells me that there are 4171 section objects, more than any other type.
I get the feeling that sections are either used to advertise public information, exchange state between processes in the same security context (like the sections accessible only to me), as a private channel between two processes (I assume data there is checked like any other source), or to memory-map files. They aren't used to store common state information, far as I can tell. That's done in private memory in the service's server process.
In the kernel source, under include/linux/syscalls.h, I counted the number of asmlinkage functions, and got 268. From the filename and contents, I assume this defines the syscall entrypoints. To get XP's syscall count, I counted the number of Nt* functions exported from ntdll.dll, which is 285. If you have a better way to count them...
Windows has generic pipes, too. The console, pipes, sockets, anything you can use CreateFile on can all be accessed with the
The total number of syscalls on Linux 2.6.7, according to "arch/i386/kernel/entry.S", is 284: 1 less than XP. Woo!
I think I can close off a lot of side threads here by concentrating on this one question:
Are you saying that corruption of Win32's state is unavoidable due to its design, or that Win32 adds too much attack area?
This brings up two questions.
First, what part of the system are we talking about.
I'm talking about the components that provide the API that Windows applications call. While, technically, you could probably come up with an OS design that used Win32 but excluded everything outside it (COM, ActiveX, etcetera), that OS doesn't exist and is unlikely to exist: Microsoft targets that part of the market with Windows CE.
I don't think it's meaningful to talk about the security implications of Win32 without considering the rest of the shared software... the system software... that rides on it.
Secondly, what's inherent in the design, and what's an unavoidable outcome of the complexity of the design and the richness of the API? Again, I don't think it's meaningful to distinguish them. Microsoft isn't building back to a secure core, dropping functionality and rearranging the design to factor out potential attack paths: they're leaving the system largely untouched, lest they break an application, and adding new features. This is normal: all operating systems follow this path and only rarely do you get a significant non-backwards-compatible API change.
The result of all this is that there are hard security problems are inherent in the design of Windows: it's large and complex with a rich set of communication mechanisms that expose a lot more "surface area" to attack, and it's not practical to reduce this surface area unless you're Microsoft, or even if you're Microsoft.
So the answer to that question is "yes".
I don't have time to properly answer the rest of your comments, I've been waiting 10 minutes for the linux tarball you pointed me to to downnload and unpack, and I have to go to work.
My position is that Windows, espescially the shell, is quite bad at protecting a user from himself. But then again, how many operating systems targeted at consumer use are good at this by default? When strong security barriers are used (job objects, running as different users, sessions), a secure system is very attainable, although sometimes at the expense of compatibility.
From the massive size of the shell and mal-designed security features like security zones, the shell is not secure. The shell uses many different communication channels, most of which are securable (like COM over LPC) but there are just too many.
Beneath the shell is Win32: Win32 is dividable into neat little sandboxes. Each box has no security inside but is very well insulated from other boxes. These boxes are formed with desktop and window station objects and by jobs that use proper UI limits. Win32 can be secure if you use its security functions, which the shell and current apps do not.
To support Win32 there are a myriad of user mode services available across secure channels: LPC, with some RPC and SMB. Most of these services are optional: they can be turned off if not required to reduce attack area with a good amount of granularity, however a couple (RPC and remote LSA) can't be disabled; this is a problem. Also the fact that several insist that they muust be run as SYSTEM, even when there doesn't seem to be a good reason is a problem.
Beneath these are the kernel and executive services. They use a modular object oriented system coordinated from a single component (the Object Manager). This part of the OS is very well designed IMO; it's very rarely the source of security problems.
The bottom line: NT has a lot of security potential, more than capable of securing the system, that higher layers (the shell), poor defaults, and average users do not make use of. They can, however, be used manually.
And Windows XP Embedded; it uses the same binaries as normal XP but ALL the components are optional. Every component of the shell. Every driver. Even Win32 itself is optional.
.NET, etc...) do not make effective use of, and there's many components that simply can not be secured no matter how expert you are".
:)
Yeh, that's what you'd start with to build my fantasy "NT without Windows" platform.
My position is that Windows, espescially the shell, is quite bad at protecting a user from himself. But then again, how many operating systems targeted at consumer use are good at this by default?
Pretty much everything else is light-years better than Windows, now that classic Mac OS is out of the picture. Even Lindows (whoops, I mean Linspire), which logs you in as root by default (which is enough for me to reject it completely), doesn't give you a browser or shell that's as broken as Explorer.
NT has a lot of security potential, more than capable of securing the system, that higher layers (the shell), poor defaults, and average users do not make use of.
That's about where I started this side-thread, except that I would say "the higher layers (the shell, COM,
And it's not just the shell...
I recently asked one of Microsoft's security guys on his blog how I could lock just the networking down, to the point where no Windows services would be listening to the external interface even without a firewall. That is... the default situation on most other desktop operating systems these days. He suggested using IPSEC.