Slashdot Mirror
Windows XP Flaw 'Extremely Serious'
scottott wrote to mention a Washington Post article with the news that the security hole we mentioned on Wednesday has widened. Computers can now be infected just by visiting infected web sites, or looking at images in the preview panel of older versions of Outlook. From the article: "At first, the vulnerability was exploited by just a few dozen Web sites. Programming code embedded in these pages would install a program that warned victims their machines were infested with spyware, then prompted them to pay $40 to remove the supposed pests. Since then, however, hundreds of sites have begun using the flaw to install a broad range of malicious software. SANS has received several reports of attackers blasting out spam e-mails containing links that lead to malicious sites exploiting the new flaw, Ullrich said."
Have you been touched by his noodly appendage?
I was lucky no root kits were installed
How can you tell?
...is brought to you by http://update.microsoft.com/
Programming code embedded in these pages would install a program that warned victims their machines were infested with spyware, then prompted them to pay $40 to remove the supposed pests.
Where do you send the money? And they aren't afraid of getting caught?
He who knows best knows how little he knows. - Thomas Jefferson
Those of us who use free operating systems shouldn't be too complacent. This exploit is serious because the WMF rendering library has full access to the user's data, and (at least on a 'home' setup where it's a single-user machine) access to the whole PC.
But it was really just bad luck that the bug happened to be found in the Windows WMF library and not, say, its Unix/X11 equivalent. Or libpng, or zlib, or whatever. Anyone who thinks otherwise is deluded. All software has bugs, and even if the quality of the free libraries is ten times higher (unlikely) there will still be plenty of memory tramplings and buffer overruns.
So, when the next vulnerability is found in a commonly used Unix library, will we be in any better position? Not really. Still the library is linked into the application and runs in the application's address space. It has access to all the files the app does, and traditionally on Unix that means everything the user has access too. Your email application may only need to read ~/.mail_settings and connect via IMAP to some host, but it runs with permission to overwrite any file owned by you and connect on any TCP/IP port it wants.
Why does the WMF rendering code need to run with any more permissions than: read a block of memory with the WMF file, and write a block with the rendered bitmap? (Or perhaps make display / GDI calls, if performance is a concern.)
What support is there in Unix operating systems for running common library code with only the privileges it needs? As far as I know Linux has no simple way to run a dynamically-linked library (.so file) in its own address space or without permitting it to make system calls. So when the next exploit is found in a common Linux library - and it will be found - the situation will be just as embarassing.
-- Ed Avis ed@membled.com
Well if you run a real OS, then the browser runs only with the permissions of a particular user. Windows which has some security is designed to bypass that secuirty to give users an edge. So your screwed.
Take the number of *Nix viruses (included, BSD's, Linux, Unix, etc) and compare that to the number of windows viruses that showed up in the past 2 years alone.
MSFT doesn't care about security. Vista is a step in the right direction but they are keep way to much of the old code base for it to be useful for this decade.
i thought once I was found, but it was only a dream.
My browser touches all sorts of things in the host OS, from the sound card to files that I upload and download. Luckily when I get AIM spam for foo.exe or some other sillyness I don't get far unless I type 'wine foo.exe', then even then ;-)
The true challenge is how to dial in the security to a reasonable level. Problem is getting all the millions of programmers to adopt more secure standards combined with the users, IT managers, etc.. that deploy the apps on desktops. Then, getting that out across the millions of home users too. Daunting task.
The problem with the WMF (Windows Metafile) file format turns out to be one of those careless things Microsoft did years ago with little or no consideration for the security consequences.
Almost all exploits you read about are buffer overflows of some kind, but not this one. WMF files are allowed to register a callback function, meaning that they are allowed to execute code, and this is what is being exploited in the WMF bug.
I find this mind-boggling to the point of absurdity. Regardless of any supposed benefit gained by this, allowing a data file to execute arbitrary code upon it being viewed is simply begging for an exploit like this. No matter whan spin Microsoft will try to put on this one, it makes them look bad. Extremely bad.
I hear there's rumors on the Slashdots
When you run Linux.
That would prove nothing as Unix OS's don't have near the Desktop marketshare of Windows, not do they have the same type of userbase.
Bull if that tired old BS was true then would you care to compare IIS to Apache?
Using the same criteria of course. Apache the market giant VS IIS the positions are almost reversed. But once again MS winds up with the lions share of the remote root exploits. Now how does that figure with the claim that market share = number of exploits?
You must be one of those people who dont believe that the outside world affects you. What you do doesnt make much difference, it is the other 10 billion idiots out there, having linux at home and in your business doesnt help you much when 80% of the world is down.
CS: It is all sink or swim...oh and did I mention there are sharks in that water?
FWIW, I think it would be a big mistake to force Microsoft or any other vendor to open source their product. Such a dangerous precedent would be akin to forcing OSS to be closed, which could then be attempted further down the road if political opinions shift against OSS.
That said, I agree that given time, it is plausible that the security of Windows would be better if it were open sourced rather than not.
Use
/user:root_user "Whatever command goes here"
... MS equivalent).
runas
- You really think Mr. Joe Computer Illiterate would do that? Or how about Ms. Soccer Mom? One of the biggest Windows security issues is that everyone and their mother is running with root privileges. Unfortunately zillions of programs have been written by clueless coders who assume everyone is root. Endresult: You can't run many things without being root. As soon as you dwell into technicalities of user security, 99.99% of computer illiterate people will tell you to f*** off and let them use their computers as they want to. Not to mention they won't have the patience, will, desire to learn this stuff. They just want stuff out of the box that works. They don't want to spend time entering commands that appear to them as pure gibberish.
Microsoft needs to do a few things:
- Copy Ubuntu security ideas: no one knows root password, use sudo (well
- Take out IE and crap from the kernel. There is no excuse for a virus running as an image with SYSTEM authority. None.
- Default user setting is very limited. Right now windows doesn't even warn you (SP2) if you put a blank password as administrator. W-T-F?
But they key is, never let a clueless user have full control over the system except for one single process that is needed to configure hardware. All this have to be done seamlessly or users will simply ditch these measures and go back using root.
Boy that's a tired old argument.
That doesn't make it false.
The first thing that would happen is that you'd have been told that a program was trying to execute for the first time. And you'd have to agree to explicitly allow it.
Interesting... I haven't used OSX much, but I have downloaded programs to friends' OSX boxes, and run them, and gotten no such prompt. In which cases does the OS ask you this?
Also, this example doesn't apply to Linux, so the argument isn't quite tired and old yet.
And then, even if you were that foolish, you'd still be forced to give administrative approval when that program tried to modify or install something outside the user space.
User space is all you need for most spyware/malware/worms. This is why sandboxing (the OP) should be more prevalent -- on all operating systems. Don't get too comfortable just because you don't run windows.
The following sentence is true. The preceding sentence was false.
I just love the fanboys rushing out of the woodwork whenever there is *another* bloody HUGE hole found in windows.
"Oh it could happen to any OS", but doesn't
"You should be using a virtual machine to browse the internet anyway", windows is *so* easy to use.
"It's only because Windows is popular", broken, braindead 'features' being exploited has something to do popularity
"All software is buggy", some software is much worse than others it would appear
In a few months we will be hearing from the same people how much better Windows is now all the probelms are fixed will and things like this will never happen again, that those 'lunix zealots just will never get over it, its not 1998 anymore l00Z3R$", that Windows is just as secure as anything, and on and on it goes...
It's time for a new soundbite...
Windows, only usable if your time is worthless.
What the hell are you talking about? If you're referring to the fact that default home users run as a Administrator or Poweruser by default, you're right, that's a mistake, but its a policy mistake, not a technology mistake. Windows lets you run as a lesser user, its just that by default you don't. Internet Explorer runs 100% in userland. There is no part of Internet Explorer which runs in the kernel. None. Although Internet Explorer certainly has more holes than Firefox, they are both limitted to the same order of magnitude of potential damage. The same as on other "real OSes".
It's the core security problem of Windows: the development culture doesn't respect security. Developers went for decades of DOS and Windows 3.1/9x without needing to worry about users and permissions. So they got used to assuming they could write whereever they wanted. When real user seperation and permissions became mainstream with Windows 2000 and XP, they weren't prepared to change. Because so much software required full access the easiest way to get stuff running is to run in an Administrator account. And since so many people (developers included) run as Administrator, why bother doing the right thing? Games are usually guilty, but there are piles of business and research software that is equally guilty. My brother is a sysadmin for a research lab. To keep Administrator access out of users hands, he has to bend of backwards to get the machines running the software his users need. A 2005 release of a $3,000 package that refuses to be placed in a directory with whitespace or a tilde, meaning it can't be installed in C:\Program Files. A $500 package that demands write access to a file in the C:\Windows directory.
This is one case where backward compatibility came at the expense of security. The development culture is moving too slowly. Bigger companies are starting to do the right thing and you get the occasional smaller development house following the rules. The killer is that huge mass of more specialized software. Apple bit the bullet when they cut over to Mac OS X; software had to do the right thing or it stopped working. Microsoft needs to make such a dramatic change or we'll be putting up with this bullshit for at least another five years.
Search 2010 Gen Con events
True. But it's false nonetheless, for reasons (among others) that I went on to explain.
but I have downloaded programs to friends' OSX boxes, and run them, and gotten no such prompt. In which cases does the OS ask you this?
Every time.
Also, this example doesn't apply to Linux, so the argument isn't quite tired and old yet.
I didn't address Linux because I personally don't know enough about it. I'm sure someone else could explain what would happen if a rogue app tried to modify the OS.
User space is all you need for most spyware/malware/worms.
Not for the Sony root kit, which was the example I used. And not for the ones that install proxy servers, etc. So there is an entire class that functions on Windows that wouldn't work elsewhere. And they tend to be the more malicious ones as well.
Don't get too comfortable just because you don't run windows.
Good point. I am, however, way less uncomfortable.
Have you ever actually tried to run Windows XP as a non-admin user? You can't install any new USB devices, and on about 1/2 of the devices I've tried, you need admin rights to plug them in whether or not the drivers have been previously installed. I tried to set my dad up that way, and after about a day we both agreed it was hopeless. He's got a digital camera, card reader, printer/scanner, and VoIP headset all of which need Admin rights *JUST TO BE PLUGGED IN*. It's not a policy mistake if the "correct" policy prevents the computer from being useful.
Causation can cause correlation
OR they could sit back and watch MS sweat
ah, no, that should not be the case. Because it uses it's own rendering and doesn't natively support wmf's, it will try to display the image as a jpg, and when that fails it would either not display the image at all, or ask to open it with a another program. I think the former is more likely. I'll have to test it out now.
No, but laughing their asses off at the misfortune of others when you warned them..... 5 years in advance?
That seems reasonable to me.
Fuck up once, blame someone else.
Fuck up three times, blame someone else.
Once you've fucked up dozens and dozens of time, its your own damn fault. Pay some attention. Take some responsibility.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
You are mistaken, or lying. I regularly plug in USB (and Firewire) devices as a non-Admin user and they work fine.
OK, your post contains no facts, just an assumption that everyone will go along with it. Yeah, sure, I'll believe you.