Slashdot Mirror


Vista Protected Processes Bypassed

Anonymous Hero writes "Security Researcher Alex Ionescu strikes again, this time with a proof of concept program that will arbitrarily enable and foremost disable the protection of so-called 'protected processes' in Windows Vista. Not only threatening Vista DRM and friends, it's also another step towards hardened and even more annoying malware. Normally, only specially signed processes made by special companies (decided by Microsoft) can be protected, but now the bad guys can protect any evil process they want, including the latest version of their own keylogger, spambot, or worm, as well as unprotect any 'good' one."

6 of 221 comments (clear)

  1. Wait, wait... by kripkenstein · · Score: 4, Interesting

    A typical process cannot perform operations such as the following on a protected process:
    [...]
    Access the virtual memory of a protected process
    It's been a while since I knew squat about operating system internals, but aren't processes supposed to not be able to access other processes' memory anyhow? I assume, then, that this means that 'protected processes' are special in that they are also protected from any 'supervisor'-type processes, not just run-of-the-mill? In that case, are 'protected processes' meant to protect the kernel from itself, in some sense?

    Most likely I am missing the point here, and can't understand TFA accordingly. Somebody please set me straight.
  2. possible silver lining by Trailer+Trash · · Score: 3, Interesting

    Could this technology be used to make a file copy command for Vista that isn't dog slow? Just wondering...

  3. Looks like 32-bit by figleaf · · Score: 3, Interesting

    I would like to see him do this in 64-bit.
    32-bit allows unsigned code in kernel mode for legacy reasons so its much more easier to inject into 32-bit processes.

  4. Re:Can't beat em, join em? by sjames · · Score: 3, Interesting

    That's MS's big problem. A LOT of people WANT them to fail because they're MS. Because fundamentally, a computer and it's OS is supposed to do what the user wants, not what Bill Gates, the RIAA and the MPAA want it to do. There are enough people out there who know how to hack it up so it actually does do what they want. The more pragmatic ones WANT MS to fail because that's how to crack the content they want.

    Once the hacking is accomplished, a significant number of people will then abuse that code to get other people's computers to do what THEY want rather than what Bill wants (doing what the user wants is simply not up for discussion).

    The real beauty here is that the "bad guys" are turning the OS's own features against the creator (the other bad guys). The divine appropriatness of that is simply irresistable.

  5. Re:In related news by cduffy · · Score: 4, Interesting

    The only infection my home Windows system has ever had came from a MySpace page my wife was browsing. Both of us appreciate good porn, and use that system for viewing it -- and, as I said, the only infection we've ever had was from MySpace.

    The parent is not necessarily too uptight to admit surfing porn.

  6. Re:In related news by erroneus · · Score: 5, Interesting

    I rather liken Vista to WinME. But every time I say so, someone chimes in saying Vista is the best thing Microsoft ever did or that Vista sales have set new records here or there or somewhere.

    Vista goes way ot of its way to reduce functionality for the user in order to make content providers happy. Think of what that really means. Company A sells something to Consumer A but that something is disabled in order to make Company B happy. Company B is happy because they can continue their old business model and maintain their dominance if and when they finally move into new business models when they feel ready. Meanwhile, companies C, D and E through M move to create, innovate and design new things only to be prevented by both Company A and Company B. Depending on how this is done and how much evidence can be produced, this is illegal behavior.