Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vista Protected Processes Bypassed

Posted by CowboyNeal on from the falling-confidence-levels dept.

Anonymous Hero writes "Security Researcher Alex Ionescu strikes again, this time with a proof of concept program that will arbitrarily enable and foremost disable the protection of so-called 'protected processes' in Windows Vista. Not only threatening Vista DRM and friends, it's also another step towards hardened and even more annoying malware. Normally, only specially signed processes made by special companies (decided by Microsoft) can be protected, but now the bad guys can protect any evil process they want, including the latest version of their own keylogger, spambot, or worm, as well as unprotect any 'good' one."

16 of 221 comments (clear)

  1. In related news by tinkertim · · Score: 5, Funny
    A spokesperson for Microsoft was quoted as saying :

    This is only an issue if you're downloading and watching porn. You should be watching only wholesome media, like "What About Bob", instead.

    1. Re:In related news by StinkyGeek · · Score: 5, Funny

      I have to ask. If both you *and* your wife enjoy porn, how do you find time to post on /.?

      --
      Stay hopeful that the Crystalline Amoeba poops your car out soon
  2. Re:Other OSes by Anonymous Coward · · Score: 4, Funny

    No, this feature is available only in Windows Vista.

  3. this is just an another step by imbaczek · · Score: 4, Funny

    ...to start considering Vista as an usable OS.

  4. biting the hand that feeds you by kv9 · · Score: 5, Funny

    He [Alex Ionescu] is also a Microsoft Student Ambassador and is representing the company on campus as a Technical Rep.

    not for long, I bet.

    --
    Stop Computers/Cars Analogies on S
  5. Re:Source code by Original+Replica · · Score: 2, Funny

    yes, it would make a nice tool for you to administer your systems. or for anyone out there to "administer" for you.

    --
    We are all just people.
  6. Re:You think so? by sqlrob · · Score: 3, Funny

    Right, like those code scanners that preemptively found the second ANI bug after the first was found. Those code scanners?

  7. New Meaning for "Genuine Advantage" by BoRegardless · · Score: 2, Funny

    Genuine Advantage seems to now benefit the bastards too.

  8. Surprising really? by loconet · · Score: 3, Funny

    If you build a house out of hardened excrements, it is still a house built out of shit even if you paint it pink.

    --
    [alk]
  9. Re:Ever since DOS by Anonymous Coward · · Score: 5, Funny

    I miss the days when I gave my computer commands not suggestions.

    You are becoming nostalgic, Deny or Allow?

  10. It's really Melinda's fault by ColdWetDog · · Score: 5, Funny
    Want your missing is the higher social value of interacting with your computer on a more equal basis. Just like women, Computers are complex, pretty, expensive and inscrutable. Just like women, they are best handled with suggestions, not commands.

    So get off your old, tired, 20th Century horse and get with the new paradigm.

    Just a suggestion of course.

    --
    Faster! Faster! Faster would be better!
  11. Re:Didn't we see this before... by FutureDomain · · Score: 5, Funny

    I clearly remember being called to help a friend with a spyware/malware problem, discoverng he had ME, and going out to buy a copy of XP to replace it. Well, it looks like you might be doing it again. Helping a friend with a malware problem, finding out that he has Vista, and buying a copy of XP to replace it.
    --
    Hydraulic pizza oven!! Guided missile! Herring sandwich! Styrofoam! Jayne Mansfield! Aluminum siding! Borax!
  12. Re:Can't beat em, join em? by ultranova · · Score: 3, Funny

    You're little website is one thing, but if you're microsoft, you have a lot to lose. Maybe the hacker just wants to get on the inside to get better info for future illicit hacks... or worse, put in backdoors.

    Why would anyone bother putting in more backdoors to the OS equivalent of Goatse ?

    --

    Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

  13. Re:Why do they even bother? by cyphercell · · Score: 4, Funny

    after a $b investment over five years from the dominant player in operating systems, yes "The WOW starts Now!"

    --
    Under the influence of Post-Cyberpunk Gonzo Journalism
  14. Re:Ever since DOS by Udo+Schmitz · · Score: 3, Funny

    I miss the days when I gave my computer commands not suggestions. This whole "protected area" stuff just pisses me off. So, is using a Vista PC like talking to the bomb in Dark Star?
  15. Re:Ever since DOS by totally+bogus+dude · · Score: 2, Funny

    I had the opposite problem a week or two ago on a Windows 2003 server (or is it a Windows Server 2003 server? I can never remember). It actually amused me enough to take a screenshot of it, but for those who don't want to view ad-supported screenshots of Automatic Update dialog boxes:

    Updating your computer is almost complete. You must restart your computer for the updates to take effect.

    Do you want to restart your computer now?

    The two buttons, "Restart Now" and "Restart Later" are disabled. So is the close window ("X") button for the dialog itself.

    I'm pleased that it's not offering to let this non-privileged user reboot our server; but I can't help but think it would be better to check if they're able to reboot the system before displaying the dialog. Also, why was the "restart later" option disabled? Maybe unprivileged users aren't allowed to interact with the Windows Update dialog at all, but if that's the case, why is it being displayed on their screen?

    Full disclosure: I was setting up RDP access to the server for an external contractor, and logged in to add them to the "Remote Desktop" group. While I was there I installed updates from Windows Update, and it wanted a reboot - I deferred it for later and logged out so I could log in as the contractor's (non-admin) account to set up appropriate shortcuts on the desktop and make sure they had access to what they needed to access. The automatic updates dialog appeared immediately after I logged in as this unprivileged user. (I actually used Task Manager to close it.)