Slashdot Mirror
Vista DRM Prevents Kernel Tampering
mjdroner writes "A ZDNet blog reports on a new DRM feature for Vista that 'protects' the kernel from tampering. The blog quotes a Microsoft document: 'Code (CI) protects Windows Vista by verifying that system binaries haven't been tampered with by malicious code and by ensuring that there are no unsigned drivers running in kernel mode on the system.' The blog says that much of the DRM in Vista is simply a port from XP, but that this feature is new to the OS."
What makes Sony's legitimate but the ones from Rootkit.com not?
If anything I would argue that rootkit.com is a more legit distribution mechanism than Sony.
How exactly would it accomplish this properly though? Call home periodically to get a kernel hash? Have a built-in hash check? If you want to allow the kernel to be updatable (which at times, is necessary), then you are going to have to allow the kernel to be "tampered with" somehow. A crack, virus, or other program might just masquerade as a patch to allow the on-disk kernel to be modified.
MS can't win for losing. Clearly the subversion of the kernel through rootkitting is a growing problem. If MS doesn't fix it, they get knocked for having no security. If they fix it, it is called DRM. Myself, I find Vista less than compelling. 2003 works just fine, but it seems some of the haters in the Slashdot crowd will see anything MS does as bad. They are finally getting their act together on not running everything as root and they even get knocked for that.
It does contribute to fighting open source, any way you look at it. I'm using a tap driver from the openvpn project, it isn't signed, and I don't know for sure, but I don't remember openvpn being a commercial entity. However, I'm not current enough in vista to know if they couldn't just get out of the kernel, and move to user-space for the required features.
Cracking such a thing is trivial once you answer the question who watches the watchman?
As Apple just learned with their TPM kernel extension, all that hackers need to do is replace the binary that verifies all other binaries, and the "goodies" are up for grabs.
Obama likes poor people so much, he wants to make more of them.
Interesting.
Independant developers should sue. MS is completly locking them out of the platform.
Developers.Developers.developers. Indeed...
The Kruger Dunning explains most post on
Bullshit.
Anyone who has a need to write kernel-level drivers can almost certainly toss $500 a year at a certificate. Compared to the cost of, say, manufacturing hardware, this is noise.
You're special forces then? That's great! I just love your olympics!
The very idea of running software on my own equipment that considers me an enemy just doesn't sit at all well.
That, and I really like the Free Software TUN/TAP driver for Windows.
But aren't most spambot trojans business assets ? After all, spam makes money - that's why spammers bother - so rootkits are business assets for blackhat hackers, even more so than they are for Sony.
No, these poor hackers are simply trying to protect their right to profit - just like Sony. And if that means taking the control of the computer away from its owner, well, surely you agree that that's a small price to pay to ensure that those damn users aren't depriving them of those profits, right ? Sony certainly seems to...
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
I totally disagree. You are assuming they have a commercial application in mind. What about someone who wants to write drivers for their new hardware they just built by hand? They shouldn't be required to go through this.
It doesn't matter, though, because if you make it too hard to write software for Windows, people will stop. They'll find another platform that is more enticing to them. It won't happen immediately, of course. But it'll happen.
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
Bullshit and FUD. THere's plenty of reasons you'd need to write kernel level code. Just because you're writing a driver does not mean you are a hardware manufacturer- just doing a console controller conversion (like making an old NES controller hook up to a computer) requires a driver.
I still have more fans than freaks. WTF is wrong with you people?
It sounds to me like they've given hackers a reason to fake signing drivers, instead. They've never really had a reason to bother before.
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
Yeah, but it will also make it harder for people making tools to preserve Fair Use (DVD and HD-disc ripping programs, no-CD cracks for games, etc.). This is a Bad Thing.
I'll keep my Fair Use and take my chances with the rootkits, thankyouverymuch!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
This is not new (at least the concept) at all. We have been talking about this for years now. What do you think trusted computing (palladium) is? This has always been the "good" side of the TCPA coin, media DRM being the "bad" side.
Finkployd
DRM is impossiable without chip level hardware security. There is going to be a whole new product field of new software that disables and replaces windows code security. Programs which actually give control of your computer back to you. But while it's won't stop computer infection (where there is a bug hole there is a way) it certainly raises the security bar for the basic default windows setup I install on (non nerd) family and friends computers.
Even with chip level security I'd be drilling into chips and hot wiring them if needed or purchase pre hot wired hardware if the modification equipment was beyond my means. I will never stop striving for control of my own property even if control is an illusion.
What *I* wonder is "How long 'til they 'inadvertently' disable some company's cert for a product that just happens to compete with one of theirs?"
I think we've pushed this "anyone can grow up to be president" thing too far.
In XP, Sony was able to install a rootkit without the user being any the wiser.
If Vista can ensure kernel integrity, this is a good thing, and anything that can bypass the safeguards in Vista is a threat. If you want to fiddle with the kernel—get linux or XP. I expect MS to do everything to keep my copy of Windows secure, and the best way to do that is Default: Deny.
It's sad to see how the /. community blasts MS every time someone finds a security flaw, and now is blasting MS for putting strong security in Vista. It could lead one to think that a lot of you people are only pretending to be hard-core linuchim; why the concern about not being able to hack the Windows kernel?
Symantec and McAfee's claim that they need kernel access is not convincing. It's too bad that their business model involves riding on Window's success (an opportunity, not a right). Maybe they can live off of the linux market ;)
I'm a Programmer. That's one level above Software Engineer and one level below Engineer.
Because the target systems - even if in minority - only run Windows. For example, a small company writing drivers for an in-house server set. If they were concerned with security and cared about driver signing and such, then (a) they may not be able to afford getting the stuff from MS, and (b) they may not be able to turn off driver signing for the systems that will actually be using the drivers.
I wouldn't be surprised if domain policies were added to disable individual users from turning off driver signing - if that did happen, then there goes a lot of corporate R&D developers to the pot with not being able to develop drivers even for proof of concept stuff.
And yes, a lot of corporate companies won't buy something like this without first having some kind of proof of concept that what they are trying to accomplish with it works first. If their corporate governance decides they can't turn off driver signing - perhaps they are in the wrong division/etc but still need to do it - then they could be screwed. And the project won't happen.
Like it or not, there are valid reasons for removing this kind of DRM. It does cut out parties that could otherwise develop for you, and it can hurt pretty badly. This is undercutting a lot of the potential developers for MS. Now that might mean a greater groundswelling towards Linux, Mac, or something else, but it does hurt 3rd party developers and it does use their monopoly power in a wrong way that will disadvantage the industry.
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
> As a security-conscious programmer with a lot of corporate development history, I support Vista's blocking of non-signed drivers 100%. It's actually the first time I've agreed with Microsoft's plans and features since suffering the pains of Windows 3.1 development and support.
Then you're an idiot. Let's say I'm "SPAMMERS R US, Inc.", and I want to rootkit your system so I can make your machine a spam zombie. From this activity, I will profit, so $500 is nothing to me. MS signs the "driver", and bang, you're rooted.
The $500 does, however, ensure that there won't be any open source Windows drivers. That's fine with me, though, because the less that works on Windows, the fewer people there are that will use Windows. This is the beginning of the end, finally. In a few years, Microsoft will be irrelevant.
My other car is first.
In XP, Sony was able to install a rootkit without the user being any the wiser.
Now, for only the paltry sum of $500, Sony can have that rootkit certified.
Stop Global Warming!
Just say no to irreversible processes!
The end-user should always be in full control of the system. That doesn't mean that the system should let the end-user easily do stupid things, but if the end user wants to do it then they should be allowed to do it. This goes even more so for developers. And while one could easily argue that end-user's should have some limits - such as not being allowed to load unsigned drivers - that does not mean those same limits should be put in place in such a way that could potentially be to the detriment of developers.
Saying "oh you can turn this of by doing X" is not sufficient as that could still cut out a large number of small companies or start ups that are simply getting underway. How can they judge their true market if no one could run their drivers/software/etc? They can't. Putting in a "feature" <cough>bug</cough> like this is hurting developers. More over, what about a project - like OpenVPN, for example - that requires interaction in a certain level of the system but is not allowed to operate in that portion of the system because (a) the writer is not a "commercial entity" or (b) the writer is otherwise unable to get the appropriate key?
Moreover, what happens if someone breaks the system and manages to put malicious code into a signed driver without having actually gotten the key to sign with? Crackers will be all over it, and the system will still install it without telling the user. This only creates a false sense of security - that is all that Microsoft has ever done with Windows for security.
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
When the Windows DRM was cracked, how long did it take for Microsoft to issue a fix? A couple of days.
When there is an IE security issue, how long does it take for Microsoft to issue a fix? Weeks, months, sometimes not at all.
- The fee for the certificate is, apparently, $500/yr
- Presumably the certificate issued to the company expires or is revoked if they don't cough up next year (otherwise a cunning manufacturer could just buy one certificate, and then use that forever)
- Therefore, if your manufacturer goes belly-up, it's likely that your (100% genuine, legitimately-purchased) driver software—and the hardware that goes with it—will cease to work.
Either that, or MS will leave the certificate valid (to avoid annoying a huge number of customers), and the company's receivers will find that the certificate has a large value on the black market...Need to type accents and special characters in Windows? Use FrKeys
I also agree that Trusted Computing can be very good for security. But we should be allowed to install our own root certificates if desired. Self signed certs can be just as secure, but Vista only lets you use them if you boot in debug mode. This is about MS taking control of your computers, not about securing them.
No, an idiot is someone that thinks giving MS $500 and their rootkit-altering driver is a good way to make money. If MS doesn't find anything suspicious, your credit trail will certainly be easy enough to follow. Unless you think sending them $500 cash in an envelope with no return address will get the job done...
disclaimer: I've been known to store numbers in my ass for which to dig out when quantities are required.
Those statements are entirely consistent.
The OWNER of the system should have full control. Whomever has the root password should have full control of the entire system from top to bottom. Even with a corporate desktop,the ultimate user of the machine is the COMPANY and not the drone employee.
A Pirate and a Puritan look the same on a balance sheet.
>
You cannot, absolutely cannot, build a mass-market product to the needs of a tiny minority. The simple fact is that for 90% or more of Windows users this is a benefit. It is a huge step towards ensuring stability for those users. Yes, for a very small group of us it will be inconvenient, but we don't make up enough of the market to outweigh the benefit to the other 90%.
Far too many geeks forget that computers are only tools to most people. People who don't want to touch the thing any more than they need to. People whose biggest need from the computer, aside from work, is communicating and sharing pictures with their family. Face it, we are not representative of the computer-using community as a whole. It just doesn't make sense for MS to cater to such a small user base.
It's not that we "don't care" what happens to that small user base, it's that we're trying to point out that Windows is a mass-market product that will always cater to the needs of its largest/most profitable user group. The vast majority of Windows stability issues are caused by poor drivers and this will help to allieviate that. For the vast majority of the user base, it makes sense.
People are donating to open source projects so that the developers can buy hardware (or coffee), not so they can fork that cash over to Microsoft.
Besides, can you really call it open source software when some magic third party has to "approve" your software. No, you can't.
OSS on Windows is gone.
My other car is first.
Compare the two. If they match, then the file hasn't been tampered with... Tampering with this requires...
No, all that is required is to copy one key over the other in memory. Alternatively, one could modify a single comparison instruction in the loader. Then the match occurs, and the code will be allowed to load.
This is well within the range of an experienced hacker:
The society for a thought-free internet welcomes you.
Hear, hear. Just look at WHQL. The whole thing is a joke. It is common practice to submit drivers for testing that detect they are being run in a test environment and enable one code path in order to pass the tests; when they are run on an end-user's system they enable another code path which increases performance.
No, an idiot is someone that thinks giving MS $500 and their rootkit-altering driver is a good way to make money.
Hasn't stopped Sony.
But seriously, $500 is chump change to organized spammers, phishers, and malware authors and I'm sure they would spending an extra few bucks set up fake Last Vegas Limited Liability Corporations just to get access.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
It is not just money (but the $500 goes to verisign, not MS). They have to be a commercial entity with a Class 3 Commercial Software Publisher Certificate from Verisign--read the article pointed to by the ancestor poster.
It all depends on if we'll be allowed to install other certs as trusted sources. If we can then that is a great change and will improve the security of the OS at only a minor ease of use hit for some users. If we can't, then it will certainly stand in the way of a lot of valid use.
Unfortunately this seems like it will also put an end to binary patching of system files, which means we'll be stuck with acceleration. In XP the only way to remove acceleration involves patching win32.sys to JMP past the acceleration code (the registry edit floating around just minimizes accel). It will be a shame to not be able to do that anymore, although maybe if we're allowed to add our own trusted sources we could patch it and resign. We'll see how its done.
Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx