New Windows Kernel Vulnerability Bypasses UAC

xsee writes "A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users."

Bad omen?

[ScrewMaster]

this could be a very bad omen for Windows users.

Only if Microsoft doesn't fix it. Of course, somebody sharp could submit a patch ... oh wait.

Re:Bad omen?

[Dolphinzilla]

so if you read the story and watch the video - there is a very simple registry mod which will disable the exploit - so its something that can be deployed on a large scale (like at my company) pretty easily

Re:Bad omen?

[ColdWetDog]

Only if Microsoft doesn't fix it. Of course, somebody sharp could submit a patch ... oh wait.

The traditional method of bypassing the UAC has been the average user mindlessly clicking "OK". Have you got a patch for that which does not involve firearms, poisons or BDSM stuff?

Re:Bad omen?

[ToasterMonkey]

Of course, somebody sharp could submit a patch ... oh wait.

I made a 3rd party patch already, it's available for download at http://fileservz.it:8080/sd.kfg?freetard=true

You can trust me, I'm an open source community member.

T. Monkey

Re:Bad omen?

What about the clueless home users?

Re:Bad omen?

I made a 3rd party patch already, it's available for download at http://fileservz.it:8080/sd.kfg?freetard=true

You can trust me, I'm an open source community member.

Oh great, thanks for the tip - now i just 'click' hmm that's strange, what's happen... CARRIER LOST

Re:Bad omen?

I had a different take on that line:

Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users.

Yeah, but aren't they used to that? Don't they secretly like it, or think they deserve it, like the battered woman who keeps going back to her abusive boyfriend because "he's really just misunderstood" and because "he can change, really!" since "he's turning over a new leaf" and "this time he really means it".

What blows my mind is experiencing that AND paying for the privilege. Microsoft: the alpha male providing proof that nice guys finish last.

Re:Bad omen?

[ScrewMaster]

Don't they secretly like it, or think they deserve it

I think it's the personal satisfaction they receive for helping out the members of their local Geek Squad.

Re:Bad omen?

[K.+S.+Kyosuke]

Well, we have natural selection for that. ;-)

Re:Bad omen?

[ScrewMaster]

What about the clueless home users?

When has anyone, especially Microsoft, ever cared about them? Even the anti-malware outfits are just exploiting the fundamentally insecure nature of Windows to extract money from those clueless users. It's a sick ecosystem, and I'm hard pressed to decide if Microsoft is unwilling, or just unable, to ever fix it.

Re:Bad omen?

[ScrewMaster]

Linux kids aren't smart enough to know shit about the NT kernel. How can they patch something they literally know nothing about?

Hate feeding trolls, but just for clarity's sake, I was making a joke based upon the closed-source nature of Windows, and its inability to utilize outside developer resources for maintenance.

Re:Bad omen?

[michelcolman]

At least he immediately associates "somebody sharp" with Linux.

Re:Bad omen?

this could be a very bad omen for Windows users.

Only if Microsoft doesn't fix it. Of course, somebody sharp could submit a patch ... oh wait.

lol almost triple as many sploits for Linux and even more for osux .. imagine that ..

Re:Bad omen?

[Yvan256]

Yep. Their computers turn into zombies.

Re:Bad omen?

[ScrewMaster]

What about the clueless home users?

And I spent five hours last night cleaning up friend's Vista machine. Her husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free. The last time around I installed Firefox and Chrome (so if some site wouldn't work in one, they could try in the other) and, at her request, removed all their file-sharing software.

So, of course, when I looked it at last night I found that they had gone back to Explorer (Firefox "didn't look the same") and the thing had a couple of Trojan downloaders running and at least a dozen other bits of active malware, plus two different browser hijackers. They were competing with each other for control of Explorer, and as a consequence Explorer wouldn't load anything at all.

I ran three different scanners and got rid of everything that I could. Tedious process. So, my friend asked if I could just disable Internet Explorer (she's had just about enough of this as well, since they don't live near us, and she's always the one that has to drive the computer over.)

After talking with this lady about what they actually need a computer for, and looking over their selection of installed applications, I think they may be a candidate for a Linux upgrade. They don't have any Windows-specific apps that would preclude trying another OS, and most of what they do is Web-based anyway (Yahoo Mail, Facebook, etc.) We tried all the major sites they use on an Ubuntu box, just to make sure they work well in Firefox and Chrome.

If I do wean them off of Windows, I want them to be as happy as possible with the new OS. Just replacing the operating system and expecting people to just adapt is unrealistic, so there will be some training involved, but it will be worth the investment since once it's done I won't hear from them very often about computer problems. Oh, they'll be irked that they won't be able to run the latest trojan, but that's the price they're going to have to pay.

This wasn't the worst-infected machine I've encountered by any means. I'm not an IT guy by profession, but people do ask me to help on occasion. I had a co-worker a couple of years ago who had (and I counted them) thirty five pieces of active malware, plus an even dozen Trojan downloaders. The hard disk in that box wouldn't stop, ever, and it would take ten seconds to respond to a keystroke. I had to pull the drive and install it in another system just to scan it.

Probably in the next couple of weeks she'll bring their system back and I'll remove Windows for her.

Re:Bad omen?

[Yvan256]

I always upgrade my Linux distro by sharpening the edge of the DVD-R it's burned on. That's how I stay on the cutting edge.

Re:Bad omen?

[michelcolman]

You could occasionally give them a box like "Do you want to allow the following program etc...", program name "wipeharddisk.exe", File origin "compromised internet site" and then give them a big red box with "You stupid idiot!" if they click "Yes" anyway. At least one out of every three boxes should be of this kind, and of course various program names, publishers and origins should be used. After three of those "idiot" boxes, next time show them a progress bar with "wiping hard disk...".

Re:Bad omen?

[ScrewMaster]

Yeah, cause I'm gonna install a patch made by a random "sharp" dude.

Oh, wait, we were not supposed to question your claim. I'm really sorry, yeah, Windows should be open source

Well, you do understand that the kernel maintainers actually vet patches before including them, don't you?

Re:Bad omen?

[ScrewMaster]

Of course, somebody sharp could submit a patch ... oh wait.

I made a 3rd party patch already, it's available for download at http://fileservz.it:8080/sd.kfg?freetard=true

You can trust me, I'm an open source community member.

T. Monkey

"freetard=true"

Thanks, I needed that.

Re:Bad omen?

[ScrewMaster]

Yep. Their computers turn into zombies.

And what do zombies do? They suck out your brains. It's a vicious circle.

Re:Bad omen?

[icebraining]

No, you'd install a patch by someone with a good track record. Which shouldn't require much, since you already trust Microsoft.

Re:Bad omen?

[ScrewMaster]

I always upgrade my Linux distro by sharpening the edge of the DVD-R it's burned on. That's how I stay on the cutting edge.

That's nothing. I use that sharpened DVD to cut myself to pieces. That's how I stay on the bleeding edge.

Re:Bad omen?

[WrongSizeGlass]

And I spent five hours last night cleaning up friend's Vista machine. Her husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free.

I have neighbors like that. After cleaning up after them a few times I charged them my normal rate to clean up their computer. It hasn't been infected since.

Re:Bad omen?

[Yvan256]

Fortunately for us, it works in a different way in computer-land. They only seek out other Windows computers to turn them in zombies.

Re:Bad omen?

[Wingsy]

Your lady friend sounds like my sister. Only I convinced her to get a Mac. And now, 2 years later, she's a soccer-mom geek. Doing all kinds of stuff with her computer that she never thought she would be doing ... except calling me for help.

Re:Bad omen?

[Rary]

I found that they had gone back to Explorer (Firefox "didn't look the same")

Get them this.

Seriously though, if they couldn't even handle a switch from IE to Firefox, you think they're not going to raise holy hell if you swap out the entire OS?

Re:Bad omen?

Show me a random schmoe who fixes a major security vulnerability in Linux and actually gets the change accepted. You can't. Important fixes like this come from main line trusted devs who either have been in the source for years or is employed at one of the for profit Linux shops like Red Hat. Somebody 'sharp' isn't going to just wake up and fix a problem and have it roll out to the world. Knowing that, how is that a superior model for fixing critical security problems over the closed source model? Answer- it isn't.

Re:Bad omen?

Only I convinced her to get a Mac.

Wow, why not just perform a full-frontal lobotomy on her instead?

I mean, you've basically done the computer-realm equivalent of that to her anyway...

Re:Bad omen?

[ScrewMaster]

I found that they had gone back to Explorer (Firefox "didn't look the same")

Get them this.

Seriously though, if they couldn't even handle a switch from IE to Firefox, you think they're not going to raise holy hell if you swap out the entire OS?

Doesn't matter. So far as she's concerned, they're going to get told. We'll try to make the transition as easy as possible, but sometimes you just have to bite the bullet. It's her computer, and those are her kids, and they'll do as they're told. Her husband couldn't care less so long as he can get his email and go to a few Web sites he needs. The kids are the big problem. I also told her we could just get them their own computer, and when they break it ... tough. Maybe then they'll start to learn a little respect. They've wasted enough of their mother's time, not to mention mine.

Re:Bad omen?

[ScrewMaster]

And I spent five hours last night cleaning up friend's Vista machine. Her husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free.

I have neighbors like that. After cleaning up after them a few times I charged them my normal rate to clean up their computer. It hasn't been infected since.

Or it's just as infected but they're just dealing with it since they're too cheap to pay you what you're worth. Which is just the same so far as you're concerned, I agree.

Re:Bad omen?

[Gadget_Guy]

When has anyone, especially Microsoft, ever cared about them?

What a completely uncalled for comment. When did Microsoft care for clueless home users? When half their market share was with clueless home users. When they implemented the UAC (the corporate world already knew to setup limited domain user accounts). When they came out with the free Microsoft Security Essentials, which was designed for home users. When they implemented automatic updates because clueless home users never applied service packs. Or maybe when they did a better job of locking down the default settings in the latest Windows/Internet Explorer.

Sure, they don't do a perfect job, as this case shows. But you will find privilege escalation bugs on most operating systems and Microsoft WILL come out with a patch to fix the bug. All the clueless home users have to do is wait for it to be automatically downloaded and applied.

Re:Bad omen?

Linux kids are smart enough to not give a shit about the nt kernel.

There, fify...

Re:Bad omen?

[ScrewMaster]

What a completely uncalled for comment.

Not at all. Microsoft got caught flat footed when the Internet went public. Windows was never able to be used safely on anything but a trusted network, and after almost twenty years it still isn't. If it were, why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?

Stop making excuses. All operating systems are vulnerable, to varying degrees, when connected to the global network. Only one OS, however, stands out as a shining example of how not to do it.

Re:Bad omen?

why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?

Probably because you're too retarded to know how to use a hardware firewall, the Windows built in software firewall, and MSE?

*Posted via Windows 7 Professional behind a hardware firewall with the software firewall turned off*

Re:Bad omen?

why do I have to install a third-party firewall and run third-party anti-malware software

All currently known operating systems have vulnerabilities, except that Windows (by virtue of marketshare and risk vs reward dynamics) is targetted by 99.9% of malware. Therefore, Windows requires significantly greater measures of protection.

Monopoly rules make it VERY difficult for MS to bundle additional software with their product, especially when companies with existing products that would be obviated by it will sue (under Monopoly rules) if MS did such a thing (Illegal bundling/tying, perhaps you've heard of rulings under this heading before?).

So Microsoft is essentially PREVENTED from giving you a serious firewall or anti-malware application with their OS.

So, to answer your question, you have to install third-party firewall and anti-malware software because (a) Windows is targetted 1000:1 (or more) by malware producers and (b) Microsoft is prevented by rules governing monopolists from including such software (other than rudimentarily) with their operating system.

-AC

Re:Bad omen?

[Metal_Militia]

So Microsoft is essentially PREVENTED from giving you a serious firewall or anti-malware application with their OS.

It's not prevented from writing good code :-)

Re:Bad omen?

[Culture20]

Make no mistake; it's been infected, but they sponge off of someone else.

Re:Bad omen?

[Realm+Lord]

What a completely uncalled for comment.

Not at all. Microsoft got caught flat footed when the Internet went public. Windows was never able to be used safely on anything but a trusted network, and after almost twenty years it still isn't. If it were, why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?

Stop making excuses. All operating systems are vulnerable, to varying degrees, when connected to the global network. Only one OS, however, stands out as a shining example of how not to do it.

Every time Microsoft includes a new tool, they get sued for bundling or something.

Re:Bad omen?

And then they band together and make the rest of suffer when they start spewing out spam (which filtering does not fix - it only creates a SEP (Somebody's Else's Problem) field which nicely hides the problem, just like the proverbial ostrich with its head in the sand) and gobbling up loads of network bandwidth.

Re:Bad omen?

[Gadget_Guy]

Nothing you said there has ANYTHING to do with Microsoft not caring about "clueless home users". I called you on that comment and you just changed the subject.

You say Microsoft misread the importance of the Internet. Absolutely, although it was 15 years ago! But what has that got to do with them not caring about home users?

You claim Windows can't be used safely on an untrusted network? That is false, the current version ships with the firewall turned on and most of the useless network services turned off. Gone are the days when you would be infected within 15 minutes of connecting to the Internet with a vanilla install.

Despite what you say, you don't have to install a third party firewall and run third party anti-malware software. My original post to you linked to the free Microsoft supplied anti-malware software. Why did you just ignore that? All the reports that I have seen about it have been quite positive.

And I still don't see any evidence of Microsoft ignoring the plight of clueless home users.

Re:Bad omen?

Anyone else wonder how this lady friend "pays" for the IT help desk service at this guys house a long ways away?

Nope? Only me?

Back to mom's basement for me.

Re:Bad omen?

You can't write good enough code to fix something fundamentally flawed. Part of the function of WF is stopping outgoing connections made from usermode programs. If a program is untrusted (downloaded or vulnerable) then it shouldn't be running as the user in the first place. But it does, and it always will do so until we abandon all legacy PC programs, so the only solution is an outgoing-blocking firewall. (Hardware f/w -- NAT+uPnP excluded -- OFC is far superior but the avg. user isn't going to dick with that.)

Re:Bad omen?

Malware authors won't even need to see that much market share to convince them to target those machines. They would only need to see some incentive in the target. Linux is deployed on many internet facing servers. They get compromised all the time, especially when a clueless admin is involved. If a linux distro were to ever have a significant desktop market share, I would suspect many of those machines could be zombies.

Re:Bad omen?

[Monkeedude1212]

And then proceed to wipe the hard disk, right?

Re:Bad omen?

[grcumb]

And if linux or osx ever exceed microsofts marketshare you'll see the malware flood onto them too.

Okay, I'm going to go all scientific on this and say: Prove it.

Don't just speculate based on false equivalence; don't just make shit up. Prove to me that Linux and Mac OS are not only equally susceptible to malware infection, but that a flood of exploits is the inevitable result of widespread adoption.

While you're doing that, perhaps you could explain at what point this becomes inevitable. After a million installations? Two million? Ten million?

Is it necessary that these installations happen only on personal computers? Would dominance of the server market suffice? Of the mobile market? How about tablets? Hand-helds? Home media servers? Surely any significant penetration into markets that enable the use and transmission of personal data would be ripe for the picking?

And then perhaps you could refute the contention that neither Linux nor Mac OS will ever recreate the monoculture we're seeing currently with Windows, that this heterogeneity is by design and that it's an innate strength in the development culture.

Until you do that, I'm going to assume that what you mean is, "When Mac OS or Linux become just like Windows, they will be just like Windows." And I'll treat your statement as the childish, simplistic tautology that it is.

HTH, HAND.

Re:Bad omen?

[flowwolf]

Well, you do understand that the kernel maintainers actually vet patches before including them, don't you?

Well, you do understand that open source means anyone can download a patch and actually apply it, don't you?

Re:Bad omen?

Sure thing buddy. I mean an app can't call gsudo rm -rf / or anything.

Oh wait, you mention repositories? Yeah, like that's ever stopped malware on Android, which has far less of a developer presence than Windows does, and a virtual machine doing most of the security.

Oh wait, you mention open source? Yeah, like people are going to review tens of millions of OSS applications when everyone switches to Linux. Oh, and I'm sure that all the developers in the world actually WILL switch to a distro which requires code release. Nope, it won't only be 1-2% of them.

Re:Bad omen?

[Myopic]

You did them this favor more than once? Masochist.

Re:Bad omen?

[LO0G]

Normally I don't feed the trolls, but...

Every measurement I've seen indicates that malware authors are profit driven. The reason they find exploits is to drive revenue (in the past this wasn't the case, but for the past 10 or so years it is). Let's take this as a given (if you can find evidence that malware authors aren't profit driven, we can reconsider this, but I suspect you won't).

Finding an exploit costs money - you need to spend your time to find it or you need to pay someone to find it. Either way, you're out cash money - that's an expense for the malware author.

Assuming that the malware author has a limited budget for exploits (which is likely to be true), the malware author is going to want to maximize their return on investment.

Further, let's assume that the cost of finding an exploit is the same on all platforms (that's not true btw - Charlie Miller has said that it's far easier to find exploits on OS X than it is on Windows, but let's just assume that the cost is the same).

If I pay $10000 for a Windows exploit (the amoun of the pwn2own prize), I can target 90% of the computer users out there. If I pay for an OSX exploit, I can target about 6% of the computer users out there, and if I pay for a Linux exploit, I can target about 4% of the users out there (the market share numbers are roughly accurate, but obviously vary by country - for instance OSX has about a 10% share in the US but only 4% worldwide).

So how does the malware author maximize the return on their investment? Obviously they want to chose the one that gets them the most victims for their money. And that choice is Windows - 90% vs 6% vs 4% means that for a given amount of effort, the OS with 90% market share will always return a higher ROI than the OS with 6% or 4%.

The only thing that will change this dynamic is if either the cost for exploits for OSX and Linux goes dramatically down OR if the market share for OSX and Linux dramatically increases.

All software has bugs. Anyone who works in software engineering knows that. It doesn't matter what operating system you're running, they all have bugs. And some percentage of those bugs will result in an EoP. It doesn't matter what operating system - every OS I've known has had EoP bugs in them.

As long as an operating system can run arbitrary applications (in other words, it's not locked down like iOS is), the very nature that allows you to run arbitrary programs allows you to exploit EoP vulnerabilities in the OS.

Re:Bad omen?

[LO0G]

Actually the windows firewall *doesn't* block outgoing connections by default (it does have that capability and it's used to block system services). It's purpose is primarily to prevent worms from propogating via open ports.

Re:Bad omen?

rm -dumbass parent

Re:Bad omen?

[Nyder]

When has anyone, especially Microsoft, ever cared about them?

What a completely uncalled for comment. When did Microsoft care for clueless home users? When half their market share was with clueless home users. When they implemented the UAC (the corporate world already knew to setup limited domain user accounts). When they came out with the free Microsoft Security Essentials, which was designed for home users. When they implemented automatic updates because clueless home users never applied service packs. Or maybe when they did a better job of locking down the default settings in the latest Windows/Internet Explorer.

Sure, they don't do a perfect job, as this case shows. But you will find privilege escalation bugs on most operating systems and Microsoft WILL come out with a patch to fix the bug. All the clueless home users have to do is wait for it to be automatically downloaded and applied.

MS only cares when something affects their bottom line. They, like most corporations, only care about profit.

Wake up and smell reality.

Re:Bad omen?

[alchemy101]

Yes, it's called Linux.

parent said not BDSM

...I kid I kid

Re:Bad omen?

[mcneely.mike]

It'd be like watching "Weekend at Ballmers!"

Re:Bad omen?

[muyla]

If it is all about the cash, then let's think this another way.

How much money can you make by compromising the computer of millions of home users, so you can send billions of spam mail hoping a few thousand idiots will give you some credit card information, and not being able to use the cloned cards to buy shit without being profiled and probably arrested at some point?

Now how much money can you make by compromising a big company's server (a market segment dominated by linux) to steal some industrial secrets and sell that to competitors?

I doubt any serious companies would use a windows machine as a router / firewall to protect it's network. what we can see is that about 99% of all the firewalls installed in the internet to protect windows machines from the outside world are running linux... what does that tell us about the security flaws in windows and linux?

Re:Bad omen?

[caluml]

There was a .exe - I can't remember what that rebooted a Windows box with no warning. We were trying to educate people about not clicking attachments blindly (this was around the Melissa/Iloveyou time), so I renamed it to do-not-run-this.exe or something equally similar, attached it to an email, wrote in the email NOT to run it, and sent it to the company (about 70 people).

I then had to put up with people complaining that their computer rebooted, and they lost work they were working on.

Re:Bad omen?

[Gadget_Guy]

MS only cares when something affects their bottom line. They, like most corporations, only care about profit.

I addressed that when I pointed out that half their market share was with clueless home users. It would be exceedingly unprofitable to ignore a massive part of their user base. Having people use their software at home also helps their market penetration with the businesses. A large factor in choosing the Windows platform at work is that the training costs are reduced because most people use Windows at home and will be familiar with how it works.

And that feeds back to their market share with home users because people will buy the product that they already know how to use at work. The cycle continues. This is the reason why Microsoft offers the Office 2010 Starter edition for only $2 per licence (for OEMs). They can't make a profit out of that, but it keeps home users familiar with Microsoft's products.

So you can see that while their motives may be profit driven, they certainly care about the user experience of the home user market (clueless or otherwise).

Re:Bad omen?

You accuse the software of not fixing social problems. In your own words, your friend's "husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free." This has nothing to do with Windows. Mac or Linux are just as vulnerable in this scenario.

You are a moron.

Re:Bad omen?

[The+MAZZTer]

Remember the Windows Tutorial from Windows 3.1? We need something like that. An environment that throws common scenarios at a user in the form of a fake/simulated Windows desktop, and then grades them based on how they handled it and told them what they did right/wrong and why.

Re:Bad omen?

[g4b]

So hacking personal computers is more lucrative, than, e.g. the servers on the internet?

You mention this malware author, who wants profit. Back in the days, so I thought, most of the hackers did it more for personal challenge, or fame, than for profit. I also thought, the first bright minds of this sector came out from people who actually built the software, they protected or hacked. They worked at universities and had all crazy ideas, were joining together in some kind of devotion to computers - it was not always a socially lucrative thing to be a geek. Engineers, mathematicians, and stuff.

So which kind of profit lies in unprotected Windows Systems, which have enough stuff installed, which easily and legally could undermine them? Like Flash? Skype? Stealing data can't really be the reason why there is so much money behind it.

Most Workstations in big networks are secured not only by hardware firewalls, but also by unix systems. If accessing those Workstations is so crucial to get profit, accessing the network via a unix virus would be very easy. And from there, malware could be easily spread.

However I turn it in my mind, I don't think the no. 1 OS for the Desktop marketshare is any more profitable, than the no. 1 OS type in any other sector, which stores the same crucial data, or any other thing, that could be very profitable.
Either those securing systems are just harder to overtake, or profit is not the key factor in the overall hackers motivation.

For me, people who do that kind of coding either just do it for curiousity or because of paranoia. Or because of the thrill. Some of them maybe for profit, but I hardly think, they would post it on the internet, anyway.

But I sincerely ask which aspects I just don't know yet, since I am young, maybe I am too historic to be a realist.

Re:Bad omen?

[mrcleaver]

Wait, so they went back to internet explorer because Firefox doesn't look the same, why would they be accepting of Linux?

They sound like exactly the kind of people that will start complaining in a few days about how they need their itunes.

Re:Bad omen?

[mrcleaver]

Yes except it's probably harder to find malicious software written for mac and linux. It's very unlikely that they'd bump into it normally, whereas windows malware is much more prevalent. (Security through obscurity ho!)

Re:Bad omen?

[vux984]

How much money can you make by compromising the computer of millions of home users, so you can send billions of spam mail hoping a few thousand idiots will give you some credit card information...

Quite a bit of money by all accounts. And the fruit is low hanging, you cast your net wide, and just take what comes.

Now how much money can you make by compromising a big company's server (a market segment dominated by linux) to steal some industrial secrets and sell that to competitors?

Maybe a lot. Maybe not much. Lets say I gave you the blueprints to an upcoming Boeing product. You have a buyer for that? You think airbus is really going to deposit some money into a swiss bank account ... ??

And if you actually steal anything REALLY valuable; you'll attract real attention.

I doubt any serious companies would use a windows machine as a router / firewall to protect it's network. what we can see is that about 99% of all the firewalls installed in the internet to protect windows machines from the outside world are running linux...

I also doubt any major coporations store their industrial secrets on the linux router. So even if you compromise it undetected, you are just one step towards your goal. Then you penetrate another layer and all you've got for your time is access to the department that overseeing developing a commercial, and coordinating some marketing material. Then you crack the department that is handling channell distribution... and you maybe get a few random supplier pricelists, maybe a few clients that are being courted, the fact that one of the resllers is complaining about the returns/restock policies.

You might eventually hit paydirt. You might not. All the while you'll be wondering why you aren't harvesting credit card numbers from idiots. Sure you only make a few bucks a head... but you'd have sweet thousand bucks already, instead of sweet fuck all.

---------------

As a second independant response...

The reason we know about malware is that it gets in our face, slows us to a crawl, and hits millions of people. The rootkits are widely deployed, and rapidly are deconstructed by security researchers.

Whose to say people aren't successfully conducting
industrial espionage?

If I were in that game I'd take a contract to steal X, rather than randomly steal something and hope to find a buyer. No point in going to the trouble to get the goods without a buyer lined up.

It would be a silent penentration; a silent exit, and I'd wipe out a many traces that I'd been there.

The odds symantec/mcafee will ever get a copy of the exploits I use are pretty much zilch. Assuming the intrusion is even detected the odds the companies will talk about it publicly is pretty much zilch.

Its not a case of malware targeting windows and people targeting industrial secrets... both can co-exist. But the fact remains that you would hear a lot about the former and nothing about the latter.

Although to be fair... I expect it will usually be cheaper and simpler to just bribe/blackmail somebody who works for the company... or send someone to apply for a job with the company and be an insider.

Re:Bad omen?

Here is an interesting point for you to ponder on. Most of the servers are running Linux and there are far less exploits and malware for them which debunks your theory that market share is proportional to exploits. One can say that this has to do with System Administrators that are responsible for these servers but it is a generally accepted view among SA's that Linux is a better OS than Windows.

Re:Bad omen?

And I spent five hours last night cleaning up friend's Vista machine. Her husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free.

I have neighbors like that. After cleaning up after them a few times I charged them my normal rate to clean up their computer. It hasn't been infected since.

Or it's just as infected but they're just dealing with it since they're too cheap to pay you what you're worth. Which is just the same so far as you're concerned, I agree.

I wish. Now it's a command and control system for a 100,000 node botnet.

And they can't figure out why it's so slow and the lights on their router neveer blink off anymore.

Re:Bad omen?

[metrix007]

That's just idiocy. Linux has more vulnerabilities per quater all in all, but simply isn't popular enough for malware authors to target. Windows has been decently secure for a very long time, and this vulnerability is no worse than the recent kernel vulnerability, that was know about for *weeks* and went unpatched.

Re:Bad omen?

[ScrewMaster]

Wait, so they went back to internet explorer because Firefox doesn't look the same, why would they be accepting of Linux?

They sound like exactly the kind of people that will start complaining in a few days about how they need their itunes.

Well, if you read my comment you'd note that we went over the applications and Web sites they use, and I'm trying to make sure that the new software will, in fact, do what they want. It's not that KDE or Gnome or the Mac can't do just as well as a Windows system in this context, it's just that you have to account for what a person is actually doing with his or her computer, rather than just throwing something else at them (as so many geeks are wont to do) and saying "This is better. Now go away." It may be that there is some app or feature that is an absolute must have, and that will prevent us from switching them away from Windows. If so, oh well, but that's why I'm doing a requirements analysis first.

Re:Bad omen?

[drsmithy]

When has anyone, especially Microsoft, ever cared about them? Even the anti-malware outfits are just exploiting the fundamentally insecure nature of Windows to extract money from those clueless users.

How is it fundamentally insecure ? What features and capabilities are missing ?

It's a sick ecosystem, and I'm hard pressed to decide if Microsoft is unwilling, or just unable, to ever fix it.

How do you propose they fix it ?

Re:Bad omen?

[ScrewMaster]

Anyone else wonder how this lady friend "pays" for the IT help desk service at this guys house a long ways away?

Nope? Only me?

Back to mom's basement for me.

Yep. Only you. She's my girlfriend's best friend, actually, and she and her husband have done us some favors in the past, so I'm just reciprocating. Even so, the woman is tired of having her computer be damn near unusable half the time, and doesn't want to be inconveniencing other people on a regular basis. So she's willing to listen when I tell her that there are some other options.

What I'll probably do is just image their drive onto my server, once we decide to go ahead with a switch to Linux, say. Then, if they decide they can't handle it, I'll just flash them back to where they were. But I won't be so inclined to kill off an evening every month. They won't lose anything by the attempt anyway.

Re:Bad omen?

[drsmithy]

If it were, why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?

You don't. I certainly never have.

Re:Bad omen?

[ScrewMaster]

You accuse the software of not fixing social problems. In your own words, your friend's "husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free." This has nothing to do with Windows. Mac or Linux are just as vulnerable in this scenario.

You are a moron.

And you missed the point entirely. And no, the Mac and Linux are not just as vulnerable in that scenario, which you would know if you knew much about Unix-level security. But I won't call you a moron, even though I believe you deserve to be.

Re:Bad omen?

[drsmithy]

How much money can you make by compromising the computer of millions of home users, so you can send billions of spam mail hoping a few thousand idiots will give you some credit card information, and not being able to use the cloned cards to buy shit without being profiled and probably arrested at some point?

Considering your chances of getting caught or prevented are basically zero, due to an overwhelmingly large proportion of ignorant users, quite a lot.

Now how much money can you make by compromising a big company's server (a market segment dominated by linux) to steal some industrial secrets and sell that to competitors?

Considering your chances of getting caught or prevented are quite high, due an overwhelmingly large proportion of skilled and knowledgeable users, quite high.

I doubt any serious companies would use a windows machine as a router / firewall to protect it's network. what we can see is that about 99% of all the firewalls installed in the internet to protect windows machines from the outside world are running linux... what does that tell us about the security flaws in windows and linux?

Ignoring the ludicrous assertion that "about 99% of all the firewalls installed in the internet [are running linux]", absolutely nothing, because the risk profile for a router and the risk profile for an end user desktop are nothing alike.

Re:Bad omen?

[drsmithy]

So hacking personal computers is more lucrative, than, e.g. the servers on the internet?

Yes. By far. In no small part because pretty much everything on the server is also accessible from the clients, but more importantly because the clients are not being managed and protected by trained, responsive professionals, but by ignorant end users.

Obligatory car analogy: Imagine you have to steal 50 cars. Which plan do you think is most likely to succeed:

1. Get 50 guys and break into a car dealership or holding yard with 50 vehicles and drive them all away ?
2. Get 50 guys to go out on the streets and each steal a single car ?

Re:Bad omen?

[drsmithy]

Don't just speculate based on false equivalence; don't just make shit up. Prove to me that Linux and Mac OS are not only equally susceptible to malware infection, but that a flood of exploits is the inevitable result of widespread adoption.

Because it's quite possible, and not especially difficult, to run a Windows PC without problems. Clearly, the issues are *not* inherent to the system, otherwise that would be impossible.

This means we need to look elsewhere for the key factors, the two biggest of which are ignorant end users, and buggy third party software. Neither of these are going to change if Linux and/or OS X become dominant.

Re:Bad omen?

[ScrewMaster]

And I still don't see any evidence of Microsoft ignoring the plight of clueless home users.

{sigh} Time to come down from the ivory tower, dude. The proof is in the pudding: even if you're right, and Microsoft is truly doing all that it can in this regard (and, let's be clear here, it is not) whatever they are doing is not enough. Not nearly enough.

If you've ever spent an evening cleaning malware from a badly infected Windows system, you will understand exactly what I'm talking about. I don't give a single God DAMN if Microsoft has released some free tool, or if they ship machines with the firewall turned on by default, or turned off unnecessary services. Those are just basic, simple steps that every other OS pretty much did by default (or that any clueful user would have done for himself) and are not, in and of themselves, particularly significant. It also does not explain why an operating system that is specifically marketed to those "clueless home users" doesn't do squat to protect them in the real world (not the world you live in, by the way.)

Yes, we all know that Internet Explorer might as well be Swiss cheese insofar as its ability to block drive-bys and other malware infections is concerned. That's why most of us that have a clue recommend that our friends and family use anything but Explorer. But, in truth, a properly-designed and implemented operating system would never allow an incoming attack to do anything more than see files owned by the current user. But I've seen many Windows systems (XP, Vista and 7, fully-patched) with multiple infections, all of which appeared to have the run of the filesystem. If Windows security has improved so much, that shouldn't be possible ... but it's an everyday occurrence. So whatever Microsoft is doing is empirically, emphatically and obviously insufficient.

So it's nice that you linked to some free Microsoft-supplied anti-malware software. You know what? Of the dozen infections that I had to clean from a friend's computer last night, you know how many that free Microsoft package found? One guess. That's right. ZERO. I had to run several different scanners to get rid of most of them (a couple I had to remove the hard way, removing entries from the registry and manually deleting executables.) Hell, good old Spybot found six infections. So ... tell me again, this time with perhaps a few facts at your command, how Microsoft is protecting its users? Please.

The reality is what it is. Windows boxes are pwned by the millions, and if you consider the token consideration that Microsoft gives those users to be adequate, you just aren't seeing the big picture. Frankly, it's hard to believe that you are naive enough to think that jacking a Windows box (pick any version) onto the Internet without something running a little interference for you is safe. Tell you what: give me your current IP and we'll see just how "secure" your Windows 7 box really is.

Re:Bad omen?

[ScrewMaster]

why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?

Probably because you're too retarded to know how to use a hardware firewall, the Windows built in software firewall, and MSE?

*Posted via Windows 7 Professional behind a hardware firewall with the software firewall turned off*

"Retarded", huh. That's nice. We were discussing "clueless users" here, not senior engineers who have been playing with networks for a long time, probably from before you were born. My point is that, if an operating system were truly well-designed from a security perspective such nonsense would be neither necessary nor useful. But, for millions of people, it is and worse yet, is largely ineffective.

Nor, I suspect, is that "hardware firewall" exactly what you think it is. You would get the same benefit from a small Linux PC and a couple of NICs. In fact, what you probably have there is a little plastic box with a ARM processor running a Linux core with an IPTables firewall and a browser-based front-end. It's just software, and it has vulnerabilities of its own, and the primary benefit is that it doesn't depend upon the TCP stack in your operating system. But it isn't foolproof.

Ultimately, if an exploit is found that allows malware to run on your computer (and that hardware firewall won't help you when it comes to a browser-based or Trojan exploit) the last and best line of defense is an operating system that won't allow the attacker to access anything but the current user's files. The big problem with Windows is that it's relatively easy to gain privileged access: once that happens the game is lost. Yes, other OSes have similar vulnerabilities but it's a higher bar in most cases.

Re:Bad omen?

[ScrewMaster]

You accuse the software of not fixing social problems. In your own words, your friend's "husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free." This has nothing to do with Windows. Mac or Linux are just as vulnerable in this scenario.

You are a moron.

Bzzt. Wrong. Unix-style security is a hell of a lot better in that regard than Windows. The assumption has to be made that a rogue program will, at some point, be allowed to run (clueless user, worm, trojan, whatever.) The goal of a good, secure operating system is to then limit the damage by keeping that program (and, indeed, any user-space applications running under that user account) from accessing anything but files and directories owned by that user. Yet I've seen many, many infections on Windows machines (any version) that were initially executed under limited accounts but still managed to overrun the system. Is that as easy to accomplish on a Linux or Unix machine? You tell me. I haven't seen it happen yet.

You do realize that very, very few people posting here on Slashdot truly are morons. You might also want to consider that you don't know everything, because then you might appear to be a jackass.

Re:Bad omen?

[ScrewMaster]

If it were, why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?

You don't. I certainly never have.

Gagh. I was referring to the millions of "clueless users" that this thread is about. Sure, you don't have to take such precautions if you know what you're doing: but Windows is marketed to people that don't. So ... I'm sorry, what was your point again?

Re:Bad omen?

[ScrewMaster]

Windows has been decently secure for a very long time

I disagree. And in fact, if I were in the business of cleaning Windows machines, I could make a lot of money disagreeing with you.

Re:Bad omen?

I had to clean up my girlfriend's PC a couple of times. She likes to play free games from those games websites and installed anything that took her fancy. I explained she should not download just anything...

When she started complaining about the downtime (!) I explained again and asked if I could revoke her admin rights (it's running XP Pro, which is overkill, but sometimes comes in handy like this instance). She reluctantly agreed. So I have to be there when she wants to install new stuff. We check that stuff out first.

No trojans / viruses / spyware / adware since.

- Bertus

P.S. I guess my recommendation would be to skip any edition of any OS that doesn't have limited accounts support

Re:Bad omen?

[EnderDom]

Stop calling us clueless! I'm a pretty clued up user, I changed my desktop background to a picture of a cat.

Re:Bad omen?

[Gadget_Guy]

The proof is in the pudding: even if you're right, and Microsoft is truly doing all that it can in this regard (and, let's be clear here, it is not) whatever they are doing is not enough. Not nearly enough.

So let's see. You originally tried to prove your original ascertian that Microsoft ignores home users by saying that they made a mistake about the Internet over 15 years ago, then misrepresented the current state of Windows security to be like it was 6 years ago, and now you say that while they might not be ignoring those user's needs, what they are doing for them is not enough. I am sure that if we wait long enough, you will try to prove your original statement by saying that 8.3 filename limits are user-unfriendly! Go on! I would love to reminisce about the 80s.

If you've ever spent an evening cleaning malware from a badly infected Windows system, you will understand exactly what I'm talking about.

Yes, I have done that. But I haven't had to do that in quite a while. These days, I can set up a system using pretty much the default configuration (but with non-administrator accounts plus MSE). I don't remember the last time I had to fix up a virused system. It does help my that my family and friends have heard my nags enough times that they don't run random executables that are sent to them.

Of the dozen infections that I had to clean from a friend's computer last night, you know how many that free Microsoft package found? One guess. That's right. ZERO. I had to run several different scanners to get rid of most of them (a couple I had to remove the hard way, removing entries from the registry and manually deleting executables.)

I can't speak about a setup that I hadn't seen - perhaps this friend was one of those people who turns off UAC and runs as administrator because otherwise it is annoying. But in general, no antivirus solution will catch everything. You yourself said that you had to use several different scanners to catch the infections. I do wonder how many of those infections were false positives or "dangerous" advertiser cookies. And maybe that computer already ran MSE so that it had already blocked the malware that it could handle. Or maybe the friend and his computer didn't exist. I'm sorry, but the way you are wildly and desperately throwing around unrelated and out-of-date Microsoft complaints to justify your original statement, I just can't completely trust your story.

However, if you google "microsoft security essential review" then you will find quite a number of reviews that all tend to conclude that while MSE doesn't catch everything, it is lightweight and a good free solution. My google of "anti virus comparison" gave me http://www.av-comparatives.org/ as the first match. The first PDF of results I found there showed MSE had a 97.6% detection rate. Not the top of the list, but not the bottom either. Does that result really warrant your vitriol about this product? No.

The fact that there are security holes in Windows doesn't prove that Microsoft doesn't care. The only thing that would is if they hadn't made any improvements to the operating system over the years. Do you really believe that Windows 7 is a bad a XP when it was first released? How about Windows ME?

Re:Bad omen?

[BenoitRen]

Not at all. Microsoft got caught flat footed when the Internet went public. Windows was never able to be used safely on anything but a trusted network, and after almost twenty years it still isn't.

Depends on the version. Windows versions that don't expose services to the Internet have been as good as trouble-free.

Re:Bad omen?

[antdude]

How about blocking outbound connections and incoming connections from other infected computers on the local network at work?

Re:Bad omen?

[sproot]

By running an exe you found on the 'net, that asked you for your password.................

Re:Bad omen?

[g4b]

your analogy in all respect, i would go for the first one. :)

if your team consists of 50 people you can get the new cars. Of course normally you would be more or less like 3 people and get 50 cars. But I get the point.

I still dont believe the big profit thing, though. I think thats just an illusion. Most malware has no primarily profit intentions. At least, its not the only motivation. Everybody knows, how you feel if you know you have control over something you should not. Everybody knows the dark side of coding. The competition between each other in adolescense. Or later on, simply being a jerk and wanting to delete files on a coworkers lap (nah I wouldnt but I know people who thought about stuff like that).
And everybody knows how easy you can infect computers of end users anyway.
I think our daily imagination of hacker / malware author stereotypes is just influenced by media depictions or extreme cases.

I still think, it's harder to break unix oses by design, and thats the simple thing about windows being more targeted.

Also, most people in the scene go for games cracking, and many who target Windows and expose the security holes, either hate that piece of software, or work in that field and would never use it for doing harm.

I mean come on. We could take over Windows machines for years with an End Of Tape signal across the network, or spreading subnet clients. At least that was the thing when I was in school and win95 got out. Most of us moved on. And every generation had its tools and bots and viruskits :)

Re:Bad omen?

[metrix007]

No, you couldnt. Linux is horribly insecure when compared to Windows, they don't even have a proper disclosure policy treating security bugs the same as normal bugs. Recall that recent root exploit that went ignored for 2 weeks? Yeah.

Re:Bad omen?

[master_p]

Not true. A firewall cannot prevent from a virus taking over your computer, it only protects from accessing specific ports. If you install Windows 7 and then visit a malicious site, your computer will be a spam transmitter almost instantly.

Re:Bad omen?

[TheRaven64]

So the botnet that keeps trying to brute force my sshd must be running on a *nix botnet then?

Re:Bad omen?

[drsmithy]

I still think, it's harder to break unix oses by design, [...]

Why ?

I mean come on. We could take over Windows machines for years with an End Of Tape signal across the network, or spreading subnet clients. At least that was the thing when I was in school and win95 got out. Most of us moved on. And every generation had its tools and bots and viruskits :)

I can't say that particular vulnerability rings any bells, but Windows 95 is a completely different animal anyway.

Re:Bad omen?

[TheRaven64]

So hacking personal computers is more lucrative, than, e.g. the servers on the internet?

Quite often, yes. You see, most servers are either run by a competent admin, or at least hosted in a data centre containing a competent admin. You compromise one and start using it for nefarious purposes and someone will spot it, clean it, and contact anyone else who was infected. Meanwhile, a home user probably won't notice for months.

Maybe you can do more with the server's big pipe? Probably not. Every day, my server gets a load of connections from machines trying to guess ssh passwords (not a great use of anyone's CPU time, since password login is disabled). After a few attempts, each IP is blocked for a few minutes. After another few attempts, they are blocked for a few hours. Some of the software that blocks this kind of attack also shares the attacker's IP address, so after a few attacks the machine is unable to attack anyone else. No matter how big the pipe is, a single machine could only do so much - and the more you try to do, the more likely that someone will spot the unusual traffic. The same is true with spam. If a zombie sends one piece of spam per day, then it may pass under the radar for spam filters. If it sends a million, not so likely. A lot of machines doing a small amount each can be more valuable than a few that can do a lot.

That's not to say that people don't attack servers. Take a look at the various PHP worms that have attacked Linux servers in the past, for example. Most of the time, these are then used to distribute malware to clients, to make a much larger botnet.

Re:Bad omen?

[VortexCortex]

Now how much money can you make by compromising a big company's server (a market segment dominated by linux) to steal some industrial secrets and sell that to competitors?

Ask the Chinese that hacked into Google via IE vulnerabilities.

Note: Shortly after, Google stopped offering the option of using a Windows OS internally (New employees can choose Mac or Linux).

Honestly, can we just stop the "Well, Windows is full of viruses right now, and Linux and Mac aren't, but stop hating on MS, because some day Linux & Mac will get all the viruses too," bullshit arguments.

Look, it's simple. Windows is susceptible to a shit ton of malware right now. The same is not true for Linux & Mac, right now. Right Now Windows is a stupid choice if security is your primary deciding factor.

Note: We live in the present (AKA Right Now); If you live in the future then argue all you want, but I won't care because I live and work in the present.

Some people must use Windows because of their amazing Vendor Lock In strategy. I get it, it sucks, but stop with the "MS is just as secure as ___", because realistically it isn't.

Re:Bad omen?

[VortexCortex]

You accuse the software of not fixing social problems. In your own words, your friend's "husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free." This has nothing to do with Windows. Mac or Linux are just as vulnerable in this scenario.

You are a moron.

Uh, no, he's not a moron. My neighbors kept doing the same thing. I kept cleaning their PC until the day Windows 7 came out and they wanted to upgrade away from XP.

Realizing that they would likely just infect Win7 all to hell too, I installed Ubuntu for them instead. I told them to try this new OS for a while, and if they still wanted to I would install Windows 7 later.

They spent the next 3 weeks blissfully installing tons of "anything that's shiny and free" from the Ubuntu Software Center (repository). They couldn't believe that all of the software was actually free; It took some convincing to get them to realize that all the stuff isn't pirated...

Sometimes I get a phone call asking where to find this or that (these folk will not RTFM), but none of the regular, "Help, it's crashed" calls anymore.

Look, people want to install free stuff. On Windows there is no centralized "This stuff has no viruses" repository, so people end up with viruses. (Windows will probably have an app store soon -- everyone will, repositories are awesome).

You are the moron if you think that it's impossible to allow people to install anything they want and still remain secure.

Re:Bad omen?

[g4b]

I still think, it's harder to break unix oses by design, [...]

Why ?

Well let me think of examples.

• drivers are not installed from CDs or various internet sites. Most linux systems e.g. use repositories. Drivers are allowed into kernel space, applications are not.
• there is no need for a graphical environment.
• usually, the filesystem does not hide extensions to the user. nor does any executable have the rights to promote itself to administrator without explicit allowance, easily identified by a bit, not by some Resource imported into the exe. (I do code a lot cross platform, I did have to create binaries which run themselves as administrator)
• admistration and users are clearly separated by design.
• groups/users play an important role in unix systems. they are used through and through. there are more than 3+some hidden groups by default.
• there are no workaround patches in the OS to get APPLICATIONS running again in a new version. microsoft did adapt their system to partners. the one i remember was sim city.
• configuration is mostly very well documented. it is commonly accessible on the machine even offline via manpages or info.
• I never saw my system autostarting something after mounting a CD or USB drive, just because there was a hidden autorun.inf there.

And if I would have a lot of time, I would find more. OF COURSE, that does not mean, a linux box or a bsd box or a macosx box is not breakable, infestable, controllable by malware, virii, hacks, whatever.

Also I can agree, that in many layers of perspective microsoft did even a better job with their OS (customer oriented (well not the user, but the other companies creating apps for you), configurable via common tools, and also security has improved a lot with the last reincarnations of NT)

I mean come on. We could take over Windows machines for years with an End Of Tape signal across the network...

I can't say that particular vulnerability rings any bells, but Windows 95 is a completely different animal anyway.

True. Windows95 was the kind of OS which you never plugged into a direct internet connection at ANY TIME because of the EOT bug. I think it was called winnuke. you would have also been instantly infected. Also true, linux was not quite there yet either. I still had this issues with win2k, until my internet got NATed.

However, I am just assuming unix would be harder to break. I can think of many ways controlling a linux user without the users knowledge just by hacking his account. From there I could of course get the entrypoint to anything he does after login.

(I am mixing linux and unix on purpose here)

If any OS gets desktop and customer oriented, you have to deal with people downloading stuff, installing it and running it. The greatest security leak is always the user itself. No OS can fix that if it wants be used as a desktop or any sort of "personal device". I think thats inevit.. inevitbl... uncircumventable. :)

Re:Bad omen?

[g4b]

I see your point.

But I still dont see the profit behind it. Maybe I dont really get the money to be taken there.

But there must be some. Somebody pays you money for doing that stuff, this somebody must have intentions or profit for themselves.

So where does the profit lie?

(interesting, how do you share the IP with others? I should look this up, could come in handy to secure my servers further)

Re:Bad omen?

[drsmithy]

drivers are not installed from CDs or various internet sites.

Yes they are. Even on Linux systems. It happens often enough on Enterprise servers (and is often required to get meaningful support from the hardware vendor), and would most certainly happen more frequently as Linux became more popular.

Drivers are allowed into kernel space, applications are not.

So, just like Windows then ?

there is no need for a graphical environment.

Irrelevant.

usually, the filesystem does not hide extensions to the user.

This is a function of the shell, not the filesystem, and is basically irrelevant since 99% of people either don't know, or are happy to ignore/change, what the file extension specifies.

nor does any executable have the rights to promote itself to administrator without explicit allowance

Yes they do - SUID and GID bits. Note that Windows has no direct equivalent to this gaping and designed-in security hole, the closest being a UAC whitelist that can be secured by setting UAC to the highest level.

admistration and users are clearly separated by design.

How are they not in Windows ?

groups/users play an important role in unix systems. they are used through and through. there are more than 3+some hidden groups by default.

Not sure what your point is here. Groups are used in Windows as well, but unlike (traditional) UNIX the security model is not fundamentally based on them - and this is a GOOD thing, because it make permissions applicable per-user, rather than per-group.

there are no workaround patches in the OS to get APPLICATIONS running again in a new version. microsoft did adapt their system to partners. the one i remember was sim city.

That was Windows 95. You might want to be a bit clearer as to why this is inherently a problem, as well.

configuration is mostly very well documented. it is commonly accessible on the machine even offline via manpages or info.

Documentation in Linux and most open source applications is, as a general rule, awful. This is especially true if you don't already know what you're doing (since most documentation assumes that and is written as a reference, rather than a guide) and/or cannot read source code (as the typical response to outdated and/or nonexistent documentation is "look at the source").

I never saw my system autostarting something after mounting a CD or USB drive, just because there was a hidden autorun.inf there.

This hasn't been true in Windows for two releases now (at least not by design).

True. Windows95 was the kind of OS which you never plugged into a direct internet connection at ANY TIME because of the EOT bug. I think it was called winnuke. you would have also been instantly infected. Also true, linux was not quite there yet either. I still had this issues with win2k, until my internet got NATed.

Zillions of people happily ran Windows 95 plugged directly into the internet. Also, winnuke was a DoS attack. It crashed the machine, but it didn't allow any remote exploit.

If any OS gets desktop and customer oriented, you have to deal with people downloading stuff, installing it and running it. The greatest security leak is always the user itself.

Correct. The platform itself - particularly for the last decade - has been largely irrelevant. Most security problems occur due to end-user ignorance (and this is as true for professionally run systems as it is for home desktops).

Re:Bad omen?

[drsmithy]

And no, the Mac and Linux are not just as vulnerable in that scenario, which you would know if you knew much about Unix-level security.

I know about "Unix-level security" and I fail to see how it's any better in this regard. Please elaborate.

Re:Bad omen?

[ScrewMaster]

No, you couldnt. Linux is horribly insecure when compared to Windows, they don't even have a proper disclosure policy treating security bugs the same as normal bugs. Recall that recent root exploit that went ignored for 2 weeks? Yeah.

Yes, I could. Just ask any PC repair shop how much of their income is derived from malware infected PCs. Fact is, computer hardware is pretty damn reliable nowadays, so physical maintenance is less of an issue than it once was. For that matter, you might want to ask Dell or HP just how much of their new-system sales come from people whose computers are so badly infected that they believe that their machines are "broken", and go buy a new one. I guarantee you they track those numbers.

All this discussion about who is the most "secure" is irrelevant, and belies the fact that the burden of better security is on Microsoft, simply because of the number of installations out there. You can argue about whether Unix-style security is better or worse than Microsoft's, from a technical perspective, 'til your blue in the face but it won't make any difference. Windows machines are infected by the hundreds of millions, which means that Windows cannot be merely equivalent to Linux, or the Mac, or anything else. It has to be sufficiently capable to make a real dent in the sheer quantity of malware running on it.

But it's not. Not even close. You may be anti-Linux, anti-Unix, anti-Mac, anti-anything-that-isn't-Windows, but if you're at all reasonable, you will admit that Windows is the bigger threat, if nothing else by it's own success. That leaves Microsoft in the unenviable position of desperately needing better security, and yes, I will agree, they've made inroads ... but they have a long way to go.

Re:Bad omen?

[ScrewMaster]

P.S. I guess my recommendation would be to skip any edition of any OS that doesn't have limited accounts support

Yes. That eliminates the bulk of malware except, of course, those capable of privilege escalation. But you're absolutely right, giving any program that runs full access to your system by default is just stupid, and the first line of defense is to keep that from happening.

Most of us know exactly why Microsoft didn't do this a long time ago. It's because their target market was and is clusers (and, for that matter, clueless network administrators) and Microsoft wanted Windows to be as painless to install, configure and use as possible. Now, that actually is a worthy goal, and it's why a lot of services were enabled by default that, from a security perspective, should not have been (and are not now.) But the real world is a lot more dangerous than it used to be, so the potential inconvenience of added security is something that we're all just going to have to deal with, if we're at all responsible.

What I find interesting is how accepting most Unix/Linux people are of UAC. I mean, it's basically a Unix security technique applied to Window, so to them, it was kind of a "what took you so long" thing, rather than an inconvenience, because they were already used to it.

Re:Bad omen?

[ScrewMaster]

Well, you do understand that the kernel maintainers actually vet patches before including them, don't you?

Well, you do understand that open source means anyone can download a patch and actually apply it, don't you?

Yeees, and anyone who can do that is probably capable of making an intelligent decision as to whether to do it or not. My point is that if you are concerned about a timely response to security issues, it helps if you have a lot of people, and a lot of eyeballs, going over your code looking for problems. Either way, there have to be gatekeepers, people who verify that submitted patches do the job and aren't, in themselves, vulnerabilities.

Open source doesn't mean that every single patch or modification that is submitted is instantly made available for download. Only those that have been approved make it into the CVS. You should know that too.

Re:Bad omen?

[ScrewMaster]

Not true. A firewall cannot prevent from a virus taking over your computer, it only protects from accessing specific ports. If you install Windows 7 and then visit a malicious site, your computer will be a spam transmitter almost instantly.

Thank you. I'm not going to reply to Gadget Guy anymore ... he's about the only guy I've seen on Slashdot recently that I'm pretty sure is a Microsoft troll. I've never seen anyone so completely unwilling to admit that Windows still has real problems with security, even now with Windows 7.

Re:Bad omen?

[ScrewMaster]

Stop calling us clueless! I'm a pretty clued up user, I changed my desktop background to a picture of a cat.

What kind of cat?

Re:Bad omen?

Despite what you say, you don't have to install a third party firewall and run third party anti-malware software. My original post to you linked to the free Microsoft supplied anti-malware software.

Question: so why is it that MS's OS is the only operating system that NEEDS anti-virus and anti-malware products? Why is it that "Other" operating systems are secure by design?

Lets face it there are too many people including MS that are making money off of a broken system and the common person expects it to be broken because it has always been broken and this is the only system they have ever used.

Like several posters have talked about MS makes money off of people throwing away perfectly good computers because of an infected OS or tried of crap from a broken on release OS (Windows ME, Vista).

Really why wasn't Windows7 free to those who bought Vista? After all Vista is broken by design.

No you should still NEVER run a Windows box on a un-trusted network. Read any book on network security and it will tell you that.

Re:Bad omen?

[metrix007]

Sorry, but you couldn't. Your claims come from either ignorance or zealotry.

There is absolutely nothing particular insecure about Windows, and for the last 5 years or so they have been excellent towards security, certainly more proactive than OS X or Linux. The fact that their OS is a target for attacks says nothing about the OS security. It is just one more example of a dancing pigs problem in action.

FWIW, I'm not anti-linux. I don't have an alliance to anyone platform. I just get tired of people denying that Linux would have the same problems if it were as popular, when it would probably have more.

Re:Bad omen?

[drsmithy]

So ... I'm sorry, what was your point again?

The source of the problem isn't the system, it's the people and, to a lesser extent, the third party software developers.

Re:Bad omen?

[Bill,+Shooter+of+Bul]

Good rehashing of a classic argument, but its not really one you can win. Its like arguing what the world would be like if the united states didn't enter WW1. You can argue all you want, but you can't prove something that hasn't happened. In case you are wondering, I am agnostic to the current argument. I see he valid points on both sides. I think you'd see an increase in zombies, but I think the general zombie rate would be lower than it is with windows ( if linux were the top dog, for macs I'd imagine it would be higher than linux but slightly lower than windows).

Re:Bad omen?

[Gadget_Guy]

Not true. A firewall cannot prevent from a virus taking over your computer, it only protects from accessing specific ports.

The big problem that Windows had prior to XP Service Pack 2 was that it had numerous, unnecessary ports open by default that were riddled with security holes. It was so bad that you just had to connect to the Internet without going to ANY sites and you would get infected. It was that problem to which I referred in my original post.

But you are quite right that once you start actually going to sites that you will need some antivirus software, like the Microsoft Security Essentials that I wrote about earlier. Although, I found that if you disable ActiveX then you hugely diminish the need for antivirus software just for general web browsing. I used to do that and use ClamWin so I could scan files I downloaded. It didn't have realtime protection that slowed down the computer.

Re:Bad omen?

[ScrewMaster]

You claim Windows can't be used safely on an untrusted network? That is false.

The GP lost his credibility the instant he said that, so far as I'm concerned. "Windows can be trusted on an untrusted network". That's dangerous misinformation. I hope he doesn't work IT at a power plant.

No you should still NEVER run a Windows box on a un-trusted network. Read any book on network security and it will tell you that.

That is absolutely correct. My own point of view is that nothing can be trusted on an untrusted network. That's why it's an untrusted network, and no operating system is perfect. This is not rocket science, but here's the thing: good security is a process, not something that you just buy, it's not a fire-and-forget scenario. But the truth is that some operating systems are just better at security than others, and that Windows is not at the top of that list.

I will say this: regardless of your preference in an operating system, you should always take steps. But that doesn't alter the fact that you have to take a lot more steps with Windows, to have even a hope of security.

Re:Bad omen?

[ScrewMaster]

Sorry, but you couldn't. Your claims come from either ignorance or zealotry.

It comes from experience. I started out as a personal computer tech thirty years ago (before there even was an IBM PC), before the rise of malware (back then it was mostly boot-sector infectors and the occasional trojan.) In that time I've dealt with a lot of different hardware, lots of different operating systems ... and it's always been Microsoft who's been at the bottom of the heap when it comes to network and filesystem security. They've made improvements, yes, but they are hampered by a design that makes security difficult. The Windows Messaging System alone is a throwback that until recently had no security features at all, and is still a liability.

I just get tired of people denying that Linux would have the same problems if it were as popular, when it would probably have more.

Probably it wouldn't, but if you'd read my previous post again you'll see that I didn't make that claim. I just said that Microsoft needs to work harder, and that's a fact. The fact that they don't (because they have no real motivation to do so) is a major strike against Windows. We've all talked about the inherent evils of monopolies, well, this is one of them. When you reach 90+% market penetration, and have managed to keep all other desktop operating systems from reaching anything resembling a competitive status, you don't have to do squat when it comes to security. Too many other people to blame for it. Yes, they put out a lot of patches and fixes, and that's good so far as it goes, but when you get right down to it, the rate of infection of Windows boxes is still ungodly. Microsoft still has some work ahead of them.

Nor am I ignorant or a zealot (hell, I write Windows code for a living.) A couple of my home machines are Linux, as is my server, because for a lot of things Linux is better. One of those is, like it or not, security.

Maybe you don't know as much about Unix security methodology as you do about Windows', but honestly the Unix-derived OSes would be a much harder target than Windows. The underlying philosophy is very different from Windows: remember, Unix started out in life as a network operating system.

Re:Bad omen?

[Gadget_Guy]

Question: so why is it that MS's OS is the only operating system that NEEDS anti-virus and anti-malware products? Why is it that "Other" operating systems are secure by design?

Windows isn't the only OS that has security problems, otherwise competitions like Pwn2own would only successfully hack Windows.

The big failure of Microsoft was to not insist on creating two accounts during the Windows installation - one for administration and one for actual usage. I guess they thought that people were so used to being admin by default in Windows 9x that they had to continue it 2000 and XP. To some extent they were correct. Witness the complaints about Vista and the terrible inconvenience of having to jump through more hoops to changes system settings. People like me who have always run a restricted user account couldn't see what the fuss was about.

Really why wasn't Windows7 free to those who bought Vista? After all Vista is broken by design.

No, Vista was different by design, not broken. After all, Windows 7 is still quite similar to Vista and a lot of people rave about it. Vista's big problem was that it had all new driver designs requiring new 3rd party drivers to be written. Early Vista adopters had to use buggy, beta drivers (hello Nvidia) and so any instabilities were attributed to the operating system.

I never tried Windows ME, but I do wonder how much of its bad reputation was due to the same problem. ME got rid of real mode DOS, which caused havoc for driver developers.

No you should still NEVER run a Windows box on a un-trusted network. Read any book on network security and it will tell you that.

What book says that? In these days of public WiFi, more and more people are connecting to untrusted networks. Any modern Windows will cope fine with that.

Re:Bad omen?

[flowwolf]

I hear this out of OSS fans all the time. Lots of eyeballs = greater security. If that's the case then Microsoft is more secure. People aren't looking at the code for the kernel, okay, but hundreds of thousands of systems are monitored and tested regularly. Most security threats on Microsoft systems are found because there are lots of eyeballs looking for holes. I'd say even more than the Linux community has on their favorite flavor of distro. Why does the more eyeballs approach to security suddenly work so much better when it's whitebox instead of dark? It's also worth mentioning that in the past, the few times when Microsoft hasn't issued a patch in a timely manner another company has stepped in and provided a solution. So yes. To get back to the point of this entire thread, somebody else with vested interest in the system can provide solutions to security problems on a Microsoft system. There's more than one way to skin a cat sir.

I digress though. That wasn't the point of my post in the first place. You were condescending anon guy for stating that some random guy on the net providing a patch isn't always the best solution, and doing it in a completely inane fashion by telling him that the kernel team can veto a patch. This is contrary to the entire foundation of FOSS. People can change the code as they see fit. The kernel team can't veto any single user's changes. Are you honestly a supporter of FOSS? Or are you rather just someone who spites the majority?

Re:Bad omen?

[Gadget_Guy]

The GP lost his credibility the instant he said that, so far as I'm concerned. "Windows can be trusted on an untrusted network". That's dangerous misinformation. I hope he doesn't work IT at a power plant.

Prove it. What is the mechanism that is used to infect a Windows computer merely by plugging it into an untrusted network? Which port is attacked? Do you have a link to a security advisory describing a vulnerability?

I have had a look at the details of a few of the recent worms, and they wouldn't work on a Public network because it doesn't allow services like RPC. That is why the worms have multiple attack vectors like Autorun on flash drives so they can get access to Private or trusted networks. (Autorun is definitely a major security hole that Microsoft deserve to be blamed)

You can see what ports are allowed on a Public network by going into "Windows Firewall with Advanced Security" (Run as administrator). Under "Inbound Rules" set "Filter by Profile" to "Filter by Public Profile".

Personally, if I was going to attack a computer that had plugged into my network, I would intercept the traffic to and from the computer to inject malware. As a simplistic example, if an email message was being downloaded then you could append an attachment to it. But that sort of attack wouldn't be restricted to the Microsoft platform. Windows just isn't worse than any other operating system when connected to an untrusted network.

Re:Bad omen?

[metrix007]

It comes from experience. I started out as a personal computer tech thirty years ago (before there even was an IBM PC), before the rise of malware (back then it was mostly boot-sector infectors and the occasional trojan.) In that time I've dealt with a lot of different hardware, lots of different operating systems ... and it's always been Microsoft who's been at the bottom of the heap when it comes to network and filesystem security.

As much as I wish it were true, experience does not equate to having knowledge in an area.

Probably it wouldn't, but if you'd read my previous post again you'll see that I didn't make that claim. I just said that Microsoft needs to work harder, and that's a fact. The fact that they don't (because they have no real motivation to do so) is a major strike against Windows. We've all talked about the inherent evils of monopolies, well, this is one of them. When you reach 90+% market penetration, and have managed to keep all other desktop operating systems from reaching anything resembling a competitive status, you don't have to do squat when it comes to security. Too many other people to blame for it. Yes, they put out a lot of patches and fixes, and that's good so far as it goes, but when you get right down to it, the rate of infection of Windows boxes is still ungodly. Microsoft still has some work ahead of them.

No. Microsoft have done a great amount of work securing their OS. I haven't got an infection in years, the people who do get infected because of user stupidity and clicking yes to in stall dangerous software, something that affects every OS. Saying that Microsoft have not made any major improvements and still have a long way to go is just spreading FUD, because as of the moment they are the most secure desktop OS around.

Maybe you don't know as much about Unix security methodology as you do about Windows', but honestly the Unix-derived OSes would be a much harder target than Windows. The underlying philosophy is very different from Windows: remember, Unix started out in life as a network operating system.

I'm well versed in both. Unix has a horrible security methodology left over from its days from implicitly trusting everyone on the network. Windows NT Has *ALWAYS* been more secure than most versions of Linux, not per code quality but design. Recently, it has been much better by having less vulnerabilities also. Honestly, I am much happier to have a Microsoft OS at 90% of the market instead of Linux or OS X, both of which have atrocious security.

Re:Bad omen?

[ElderKorean]

There was a .exe - I can't remember what that rebooted a Windows box with no warning. We were trying to educate people about not clicking attachments blindly (this was around the Melissa/Iloveyou time), so I renamed it to do-not-run-this.exe or something equally similar, attached it to an email, wrote in the email NOT to run it, and sent it to the company (about 70 people).

I did a similar thing a few years ago, though the program did nothing at all other than add their name to a text file that I then sent to the directors (they had asked me to see how many people would do this) - I even left one of the directors names in there as well, and he knew it was going to happen.

Re:Bad omen?

[EnderDom]

Can't remember, since my first post, I've had to reinstall windows 3 times, bought a new computer, then attempted to 'overclock' it based on a web-log I found which ended up burning down my house. You know standard windows stuff. I think it was a Persian blue...

Re:Bad omen?

Who's not gonna click something that says "DON'T CLICK THIS"?
It's the most inviting you can get, you just have to push the big red button that says don't push.

Not with my cheese helmet!

[billcopc]

This virus can't scratch me, I run everything with Administrator privs... oh snap!

Re:Not with my cheese helmet!

[Monkeedude1212]

I run everything with Administrator privs... oh snap!

Well, as long as you know everything you run is malware free, there is absolutely nothing wrong with that.

Re:Not with my cheese helmet!

[dave562]

So basically just don't browse the web.

Re:Not with my cheese helmet!

No, don't connect to any network, web or not. Also don't insert any removable media. Just use the local computer and you're perfectly safe, oh, so long as you and anyone else with access to the system don't do any user-error mistakes that might cripple the OS.

Re:Not with my cheese helmet!

[TheGratefulNet]

sony, is that you?

Re:Not with my cheese helmet!

[0123456]

It's safer just to never turn the computer on, though with things like wake-on-LAN and wake-on-USB these days you'd probably better unplug it too.

Re:Not with my cheese helmet!

It's fairly easy to keep a developer box away from the Internet, although the network is a different matter... but still possible. I'm far less worried of my media/web PC becoming compromised than I am my actual workstation.

Re:Not with my cheese helmet!

[cbhacking]

As long as everything you run is *vulnerability* free, you mean. Actively running malware (Trojans) is certainly a major problem, but in general running Firefox as admin is more dangerous than running IE as a standard user (the fact that there's a local EoP vulnerability just announced notwithstanding).

Re:Not with my cheese helmet!

[Monkeedude1212]

No - Any browser, even with its vulnerabilities, are not prone to "just catching" things so long as you don't run across any malware. It's a fact. If there are trojans actively running on your machine, then you are running them - and thus you are not abiding by the rule I just stated.

Browsing a website in administratrive mode is not dangerous unless the website is compromised or some other kind of DNS poisoning or other malicious acts take place. There is no vulnerability in any browser that will get you infected if you do not come across Malware. Meaning, visitting an infected site, is one way of running malware.

Re:Not with my cheese helmet!

[cbhacking]

I think that's a little pedantic - "running" software of any kind, including malware, usually implies an intent to run it - but if you want to take that definition then go ahead.

However, it makes your post completely pointless, because there is absolutely no way to know ahead of time if the website you're visiting has been compromised. There's no way to know that the commercially-pressed CD you're inserting into your drive doesn't ahve malware installed (see Sony). There's no way of knowing whether I snuck into your office and installed auto-running malware while you were asleep, just to provide a back-door for later attacks.

Basically, if you include all of the unintentional ways that malicious code might execute on your system, then it's literally impossible to use a computer and "know everything you run is malware free."

Re:Not with my cheese helmet!

[Monkeedude1212]

Basically, if you include all of the unintentional ways that malicious code might execute on your system, then it's literally impossible to use a computer and "know everything you run is malware free."

With a bit of basic malware education, knowing how they operate, the only problem is the sneaking into your office one. I've run with admin priveledges at my job for years now, and I've never had a run in with Malware on my PC. Now I wonder how that works.

Re:Not with my cheese helmet!

[cbhacking]

Do you block ads and only allow whitelisted JavaScript? If not, I guarantee you've executed some malicious (if only to the "track your browsing history without your knowledge" extent) code. If you don't block ads and have Flash installed, there's an excellent chance you've executed a malicious applet that, on an insufficiently patched Flashplayer, would have compromised your system.

If your work computer only visits intranet sites, then maybe it hasn't been attacked yet. If it visits external sites, even completely legitimate ones that happen to use a third-party ad provider (nearly all sites do, which makes them conveniently easy to block) then the odds are against you unless you proactively block executable content (scripts, applets, etc.)

It's not the number of years you've been safe that count - it's what happens when you visit a site that somebody's injected a 0-day exploit into.

So..

what else is new?

Finally

UAC is such a hassle for us virus and trojan writers. I'm glad Microsoft helped us out once again.

UAC?

[Forrest+Kyle]

They bypassed the UAC? We're DOOMED!

Re:UAC?

[Yvan256]

As long as they don't infiltrate SGC, we're safe.

Re:UAC?

[syousef]

They bypassed the UAC? We're DOOMED!

Are you sure you want to bypass UAC? Allow or Cancel?

Backdoor?

[Ironchew]

What do you bet this was the result of some government agency/powerful private entity saying they want easier access into remote machines?

Re:Backdoor?

[fuzzyfuzzyfungus]

That's a bet I wouldn't take. Given the well-known existence of both more or less free-floating criminal elements and multiple nations with reasonably substantial CS capabilities more or less tightly integrated into their military and/or clandestine capabilities(and sometimes shading into the first category...) any one entity asking for a backdoor is making the (painfully stupid) bet that nobody else is going to find it. Obviously, virtually everyone would love to have a backdoor of their very own; but even unregenerate PNAC acolytes probably aren't stupid enough to assume that only they would ever find it...

An entity in the position to push Microsoft into giving them a backdoor would, one presumes, already possess formidable power, either legally or secretly(depending on whether the backdoor is inserted by NSA spooks or suspiciously cheap Chinese contractors). Such an entity would be foolish to use such power to push for a backdoor which, if discovered(and there is constant searching going on, even if you only count the guys who just want to send h3rb5l v15gra! spam...), would suddenly give every flea-bitten nonentity who can afford an internet connection considerable intelligence capabilities.

Any entity with substantial legal clout would, unless absurdly moronic, simply use instruments like CALEA, collaboration with Telcom entities, search and seizure procedures, and the like. If those weren't good enough, they would advance the theory that only even greater legal clout can possibly save America and The Children from the pedo-terrorist menace. If history is any guide, they should then receive an upgrade.

Any entity with substantial clandestine/illegal clout would, again unless absurdly moronic, be much better served by making use of vulnerabilities that happen anyway, along with HR/outsourcing based infiltration of relevant institutions. Pushing for a backdoor that puts them on par with dubiously pubescent script kiddies, when they currently have a commanding lead, would be illogical in the extreme.

Re:Backdoor?

[iiiears]

A possibility, but don't credit espionage when human error fits just as well. The code was likely Okay-ed a decade ago and not reviewed since. ditto the .gif flaw and the .wma extended info flaw and the .jpg flaw and the .asf/.wmv flaw and the .ico Microsoft GDI+ flaw.

How many more are still hiding in millions of lines of code? How much of it can co-opt your hardware? The journey to security is only a few decades old everyone is still learning.

Just maybe, no matter how hard you try for perfection mistakes will be made and with billions of people using your software all the flaws will be found and exploited and then fixed.

In my opinion Operating systems have become too complex and it isn't humanly possible to understand all of it. The answer may just be to simplify everything and allow a larger group to develop tools to review the source code.

Re:Backdoor?

[fuzzyfuzzyfungus]

That was my point, not only is espionage not necessary to explain the presence of the bug, any entitity that would be in the position to force a bug for purposes of espionage would be actively weakening their own position by pushing for one. OSes are definitely too complex to be easily dealt with; but I'm not too optimistic about the prospects for simplicity. People seem to like what complexity can do for them, when it comes to user experience, and all the complexity you move out of the OS doesn't just vanish, it usually comes right back in multiple 3rd party implementations, often shoddier(and inevitably less consistent) than what was built into the OS in the first place.

Decoupling complex elements from one another is a great good, and something that MS has been historically bad about; but unless the market does a shocking about face and agrees to spend the next few decades receiving zero new features, only bug-fixes, the prospect of code being cleaned up faster than it is added seems dim...

Requires code to be run

[abigsmurf]

This exploit still requires the code to be run (ie for the system to already be compromised). UAC is just an extra hurdle malware has to clear, it's not meant to be the be all and end all to stop malware.

The IE exploit mention is meaningless (other than for flamebaiting). You can quite easily catch a virus using a fully patched version of Firefox with up to date plugins through regular browsing (noscript is not regular browsing).

Re:Requires code to be run

[gstoddart]

noscript is not regular browsing

No, it's better. It's like browsing that goes all the way to 11. Much of the suck just magically disappears.

Re:Requires code to be run

[0123456]

The IE exploit mention is meaningless (other than for flamebaiting). You can quite easily catch a virus using a fully patched version of Firefox with up to date plugins through regular browsing (noscript is not regular browsing).

So an unknown vulnerability in Firefox is just as likely to infect your machine as a known vulnerability in IE?

Re:Requires code to be run

[js3]

Actually java is more dangerous that IE in this case. Java can download apps disguised as jpeg files and execute them from the appdata/roaming folder (then again, most trojans that do this already exploit other methods to screw up the system)

Re:Requires code to be run

[sponga]

I always get a kick how they dumb down the articles for the audience around here. It's like 'don't you people work in the IT industry and this is common knowledge that code run from any machine by the user will compromise it'.

Virus- 'You wanna run me so I can infect though... I mean give you money...?'
UAC- 'Do you want to run this Yes/No'
User- 'Yes'

hmmm somewhere there is a weak link in that security somewhere.

KEEP FEAR ALIVE!!!

Re:Requires code to be run

Actually java is more dangerous that IE in this case. Java can download apps disguised as jpeg files and execute them from the appdata/roaming folder (then again, most trojans that do this already exploit other methods to screw up the system)

How do you figure? Unsigned Java applets have no access to the file system, most system properties, or the network.

Re:Requires code to be run

Without noscript, yes. In fact - its more probable nowadays depending on what you're looking for. For example, anything video game related is almost always targeted at Firefox nowadays (because this userbase has a 70-80% installation); even IE generally goes free at compromised sites. Plus, last I checked, Firefox had more known vulnerabilities than any combination of two of Opera, Chrome, and IE.

Re:Requires code to be run

[splutty]

Not regular browsing.. Right..

And having sex with a south african (highest aids percentage there) prostitute without a condom is not having real sex either. Wait... Somewhere this analogy went wrong...

Back to the drawing board

[cyberkahn]

Microsoft has the capital to develop a new operating system from the ground up. This bolting on of security solutions like UAC isn't going to to cut it anymore. Heck keep the same user interface design for all I care, but change the underlying OS. I am a technology atheist, so I don't get religious about platforms, but what Apple did by porting OSX for Intel in parallel says volumes about their company.

I know it might be hard, but Microsoft needs a little vision and little less greed to do the same thing, but for security reasons.

Unfortunately I am doubtful.

Re:Back to the drawing board

[js3]

aren't you being overly dramatic there. Every system has had some known exploit at one point or other to gain elevated privilages, this bug seems to exploit left over junk from older oses that (ntsys calls) that exploits a buffer overflow in one of the methods to extract reg key values.

Easy buffer overflow problem that shouldn't be hard to fix

Re:Back to the drawing board

[DAldredge]

I know it might be hard but you could look at research.microsoft.com and see all the nextgen OS research they are doing.

Re:Back to the drawing board

[gstoddart]

Microsoft has the capital to develop a new operating system from the ground up.

Have you even been involved in rewriting software from scratch? Usually you end up missing a whole bunch of use cases, introducing new errors, and completely not getting old ones. It just never seems to work the way people hope it will, and it ends up costing way more than you thought.

I fear that if MS tried to write an OS from scratch, it would likely be a big step backwards, do less than what we're accustomed to now, and take years of incremental improvements to get back to where we are now. I don't see what you propose as being either viable or possible.

but what Apple did by porting OSX for Intel in parallel says volumes about their company

Or, it speaks to how well their kernel was designed as to have the hardware-specific stuff nicely abstracted -- I honestly don't know which. At the very least, it demonstrates that they were willing to undertake the work.

Re:Back to the drawing board

[cyberkahn]

Yes, I know about research.microsoft.com, but I am looking at what is, not what could be. Unless thy were to make a major announcement about a new path forward I don't take what comes out of research.microsoft.com very seriously.

Re:Back to the drawing board

Or, it speaks to how well their kernel was designed as to have the hardware-specific stuff nicely abstracted -- I honestly don't know which. At the very least, it demonstrates that they were willing to undertake the work.

The OS X kernel is derived from BSD. So yes, it's designed to be hardware independent.

Re:Back to the drawing board

[Bert64]

Developing an entirely new os is about the worst thing microsoft could possibly do from a business perspective...

Currently their single biggest selling point is compatibility, sure as you point out compatibility with something that has a fundamentally flawed design but still compatibility... If they were to ditch compatibility, then users would have to ditch all their existing apps (especially legacy apps which may be abandonware) and learn a completely new system thats not been tried and tested...

In other words, they would now saddle themselves with the biggest disadvantages associated with other platforms while offering none of the advantages of those platforms...
Microsoft ditching compatibility with all their legacy cruft would probably be the best news apple and linux distros could ever receive.

Re:Back to the drawing board

[cyberkahn]

"I fear that if MS tried to write an OS from scratch, it would likely be a big step backwards, do less than what we're accustomed to now, and take years of incremental improvements to get back to where we are now. I don't see what you propose as being either viable or possible."

Why is that? Moving from OS9 to OSX was a major leap. I know it was far easier, since they control the hardware platform, but it has been done before.

Re:Back to the drawing board

[DAldredge]

You don't take the enhancements that Research has contributed to .Net, Visual Studio, Exchange, SQL Server, NT 6.0 / 6.1 seriously?

Re:Back to the drawing board

[causality]

Easy buffer overflow problem that shouldn't be hard to fix

I believe you miss his point.

It's an easy buffer overflow problem that shouldn't have been hard to prevent if you have even a fraction of the talent and resources at Microsoft's disposal.

If this bug is as you say, and it exploits "left over junk from older OSes" that only means one thing: there has been more than adequate time for an internal security audit to have found and fixed this bug. Consider the personnel and capital available to the OpenBSD group, then compare that to the personnel and capital available to Microsoft. You're telling me Microsoft couldn't do better than the OpenBSD group?

Why do so many people want to give Microsoft a pass in these matters? It's hard to think of any other entity in the world that would be more capable of doing better than this. It's obvious they don't give a damn about security as long as the sales keep coming. That's what you want to excuse, portray as understandable, smooth over, and encourage by example in other companies? I won't.

Re:Back to the drawing board

[gstoddart]

Why is that? Moving from OS9 to OSX was a major leap. I know it was far easier, since they control the hardware platform, but it has been done before.

Well, not knowing much details about the innards of OS9/OSX -- was this truly a "rewrite" of the OS as the you initially said? ("Microsoft has the capital to develop a new operating system from the ground up.")

Was the transition from OS9 to OSX a "ground up" change? Or was it a swap of the kernel for a more modern one?

My first thought is that trying to build a new OS from "the ground up" isn't going to be an easy task. Unfortunately, Microsoft is hobbled by the need to be backwards compatible. Didn't Apple just more or less say "out with the old, in with the new"?

Re:Back to the drawing board

[vistapwns]

Give me a break. NT IS the rewrite of Windows, compared to Windows 9x, like OS X compared to OS 9. People, especially here, just can't wrap their heads around the fact that MS had a stable, pre-emptive multitasking, secure OS before Apple, so they just randomly throw out that NT needs to be rewritten. Besides nebulous empty rhetoric like Windows having a broken design, what's wrong with it that a rewrite would fix? You guys have neglected to spell this out, though I know the routine, now that I ask I'll get a bunch of ad-hoc crap about the registry or whatever (like a re-write would be necessary to go back to Windows 3.1 .INI files, which WAS truely a broken design) just so you guys can say you knew. And especially in a security context, Windows has all the security features of OS X and Linux, like guarenteed seperation of users and Admins, ASLR, DEP, sandboxed browser, ACLs, MACs, and so on. The only thing 'broken' about the design of Windows that a re-write would fix, is that its market share crushes Mac OS X and Linux. Granted they could switch to managed code, but since neither Linux nor Mac OS X use managed code I fail to see how this constitutes a broken design in Windows. Seems every time we have a vulnerability in Windows we have to have this same lame discussion, but whenever there is an equiv. vulnerability in Linx/Mac OS X, everyone accepts the obvious and sane sentiment that vulnerabilties happen in all code, they get fixed, and life moves on.

Re:Back to the drawing board

[TheSunborn]

Yes, but remember that the original rewrite of Mac OS by Apple(Copland i think it was called) was a total failure which newer reached a state where it could be released.

And the Apple bought Next and used their os instead, and the rest is history.

I don't think that that Microsoft can write a total new from start os which would be able to run existing Windows Software. The amount of undocumented but used side effects in the existing Windows api is simply to big. If you don't belive that, just try to look at some of the bug repports for the Wine project where they document some of the oddities of the Windows API which applications relay on.

Microsofts only hope for a clean slate os, is to make a solution which run all existing software in an emulated environment(Like MacOS X runs Mac OS 9 software).

I do think that .net is part of their plan to do that, because (re)implementing .net in a new os, is easy, compared to implementing the win32 api.

Re:Back to the drawing board

[gstoddart]

If they were to ditch compatibility, then users would have to ditch all their existing apps

And, if that happens, there is literally nothing to suggest that they would land on a Microsoft platform.

It would be bordering on suicide for Microsoft to lose backwards compatibility -- because people could be swayed to end up someplace else.

Microsoft ditching compatibility with all their legacy cruft would probably be the best news apple and linux distros could ever receive.

Exactly ... I mean, you can see the ad campaigns already ... "Well, if you're already switching operating systems ....".

Re:Back to the drawing board

[causality]

You don't take the enhancements that Research has contributed to .Net, Visual Studio, Exchange, SQL Server, NT 6.0 / 6.1 seriously?

I take them seriously because they are highly effective business strategies for making money for Microsoft, in no small part because a shop using those would have great difficulty migrating to another platform.

Now if more of that research effort went into making Windows less prone to malware we'd start seeing some progress and the Internet would become a better place for everyone, including people who don't use Windows.

Re:Back to the drawing board

[Yvan256]

Microsoft's problem right now is exactly that: backward compatiblity. I remember when they said that Windows Vista was supposed to be a complete rewrite from the ground up, that there would be amazing XYZ features, etc. Then they slowly began to remove everything, including the rewrite, until it was basically back to what we could call Windows XP2 (whatever the name).

When Apple introduced Mac OS X, they had a "classic mode" to allow you to run older Mac OS 9 software on the new OS. Then they added Rosetta, which allowed Mac OS X software designed for PowerPC to run on Intel processors, all transparent to the user.

So yes, while Apple's attitude is "out with the old, in with the new", they still support the old but without trying to integrate it directly into the new. The best way to move forward is to look into the future, not the past. Watch how fast they'll drop FireWire once they introduce LightPeak.

Re:Back to the drawing board

[judeancodersfront]

OpenBSD doesn't have the same goals and doesn't have to provide the same level of compatibility.

Windows Security 2008R2 actually has a pretty impressive security record so far. If they stripped it down and provided only core services like OpenBSD it would be even better. The problems really exist in user space where you have a lot of naive people running random executables provided by some very bad people who spend all day looking for holes.

Re:Back to the drawing board

[fuzzyfuzzyfungus]

The OS9/OSX change was, ironically, actually a demonstration of A)how hard it can be to change your OS from the ground up and B)how Apple wasn't up to the challenge.

Back in the System 7 days, Apple started "Copland" as a next-gen OS to remedy the numerous and hilarious deficiencies in their existing OS. The project was a miserable failure and, after about as much schedule slipping as Apple could afford at that time, they took it out back, shot it, and bought NeXT, and then proceeded to adopt more or less everything but the name as the foundation for their new OS. Even with the "grabbing an entire, largely complete, OS from a third party" tactic, OSX only made it to release in 2001, with the Copeland project having been started in 1993.

It wasn't really a "rewrite" at all, more of a grafting of some APIs from the old OS, and some UI conventions(though not all, OS9 die-hards are still bitching about how much OSX's finder sucks...) onto an entirely new OS. The rewrite attempt foundered horribly.

Microsoft's OS leaping attempts were actually pretty similar(except that I'm not sure they ever even pretended to have the in-house expertise to transform the DOS-based Windows versions into something resembling a real OS). Their DOS-based Windows versions sucked, architecturally, so they hired a bunch of serious DEC guys to build them a whole new, architecture-independent OS. That was NT. They then grafted on the win32 API and, by around Windows 2000, had finished bringing over all the UI conventions that 95-98-ME users would expect(NT 3.X is actually a pretty alien experience, if you are expecting Windows...)

There is probably some example of a "Hey guys, let's rewrite our OS" story actually going well, without the invocation of a deus-ex-machina outside team; but neither Apple nor Microsoft really qualify.

Re:Back to the drawing board

[0123456]

Besides nebulous empty rhetoric like Windows having a broken design, what's wrong with it that a rewrite would fix?

Staggering amounts of backwards compatibility crud full of security holes?

One obvious example is Windows' default behaviour of loading .DLL files from the current directory, which allows you to infect arbitrary executables by starting a program from a directory wihch contains a malware DLL. 'But we can't change that because it will break WhizzbangSoft 2003!'

The only way for Windows to become secure is to throw out backwards compatibility, and then no-one would use it.

Re:Back to the drawing board

[icebraining]

And because they reused the XNU (which they bought), which uses parts of the FreeBSD kernel and of the Mach micro-kernel, which was developed at the Carnegie Mellon University.

Re:Back to the drawing board

[XLazarusX]

I fear that if MS tried to write an OS from scratch, it would likely be a big step backwards, do less than what we're accustomed to now, and take years of incremental improvements to get back to where we are now. I don't see what you propose as being either viable or possible.

Windows Phone 7 tells me your fear is well-grounded.

Re:Back to the drawing board

[fuzzyfuzzyfungus]

They might well be able to get away with designing (another, NT being their first) new OS; but a new userspace API or huge security model change would get ugly...

Even Vista's "Hey, let's actually slightly enforce all those best-practices things about not assuming that everyone is running with Admin privileges at all times, as though it were still Windows 95" was met with a firestorm of nearly pure hate. So much so that, even with Vista to take the flack and several years for 3rd parties to get their act together, 7 backed off the UAC a little bit. A really serious change of the "Nope, no win32 for you. Also, all drivers must be utterly rewritten" caliber would probably be met with shocked silence, followed by most of Redmond being set on fire...

Re:Back to the drawing board

[sirsnork]

Firewire is already gone from a lot of the Mac range, they are USB only now. Sadly that also means no more target disk, but thems the breaks

Re:Back to the drawing board

[Yvan256]

I think the non-Firewire models support target disk mode via USB. What's strange is that Firewire got upgraded to FW800 on the new Mac mini models.

Re:Back to the drawing board

[Gadget_Guy]

If they stripped it down and provided only core services like OpenBSD it would be even better.

Then you want the Server Core installation option of Windows Server. About bloody time too!

The problems really exist in user space where you have a lot of naive people running random executables provided by some very bad people who spend all day looking for holes.

That is easily fixed. Don't give them a mouse. They won't be able to run ANY software then! It won't affect power users, as they should be able to do just about everything using keyboard shortcuts.

Re:Back to the drawing board

[Gadget_Guy]

This bolting on of security solutions like UAC isn't going to to cut it anymore.

Why? And what will be improved by rewriting the OS? There still has to be some permission system to be able to install software without having to login to another account. What mechanism would you suggest they use? How would that be immune to security bugs?

...what Apple did by porting OSX for Intel in parallel says volumes about their company.

What does it say about them? How does that compare with Microsoft writing Windows NT for Intel x86 PC compatible, DEC Alpha, and ARC-compliant MIPS platforms, with PowerPC being added later?

Re:Back to the drawing board

[vistapwns]

That is an application flaw, they should use the proper API (and fixed paths) instead of the one that loads .DLLs from the current freakin directory. That's like coding a script file of 'rm / -rf' (or whatever the command is) and saying linux is a cruft of compatibility and security vulnerabilties.

Re:Back to the drawing board

[Bert64]

However there has been relatively little interest in finding such bugs in windows, because previously you never needed to.

Re:Back to the drawing board

[bertok]

If they stripped it down and provided only core services like OpenBSD it would be even better

You mean, like: Windows Server 2008 R2 Core ?

(I assume you mean "Windows Server", not "Windows Security")

Of course, a lot of admins assume that the "Core" edition is somehow magically more secure. In practice, it has the same default settings as the "full" editions, it just has fewer services and components, so there's less to patch. Real security comes from applying security templates that lock down the machine for a specific purpose, and tools like AppLocker, what restrict what executables are allowed to run.

Re:Back to the drawing board

[cbhacking]

You sound more like a technology ignoramus than athiest (as a side note, that word does not mean what you think it means). First of all, if porting OS X to x86 "speaks volumes" for Apple, then you should be far more impressed with Microsoft - NT has been ported to MIPS, Alpha, PowerPC, and Itanium (also x86_64, if you care to count that). Porting an OS written in C is relatively simple.

Also, MS *did* throw out the old and develop a new OS from the ground up; that's what NT was, and it's pretty damn impressive that it can still run software originally written and compiled for Windows 95 (which was completely different under-the-hood). Keeping binary compatibility for that long is damn impressive, and that compatibility is the bread-and-butter of Microsoft's business.

Now, maybe they could scrap the NT codebase and come up with something completely new. Since the ostensible reason is security, it would make sense to use a provably secure language, like C#. Perhaps something like Midori is what you're thinking of. OK, great - they've got a kernel, and even some code that runs on it. Now, how do you propose that they allow users to run the massive library of x86 native Windows code written in C/C++ on top of that managed-code-only OS? If you can answer that, I'm sure MS would love to speak with you.

Re:Back to the drawing board

Yes, but can you run a program natively (without performance penalty) 5-10 years ago?

That's the problem (and benefit) with Windows. I have a copy of SimTower for Win3.1, and it works perfectly on XP. Takes no extra time to start up, memory footprint is about as it was back then. I'm fairly sure if you tried this with any other program, it would still work.

Also, you have to remember that APL didn't port an entire OS anywhere. That was mostly it's BSD / Unix underpinnings. If they programmed their top layer correctly, nothing more than a recompile using an Intel tool chain and new hardware drivers would be needed. Compare this to M$, where they've never moved from Intels, and don't wish to alienate old business software users / companies (or people who like retro games). I suspect there's a lot of code there that's specific to x86 architecture.

That's not to say that they couldn't move, but why bother? Businesses are happy with XP, people are happy with 7. Windows works well enough if you don't install shady software and / or go to malicious sites. They'd have to invest m/billions of dollars to renovate ... introducing potentially more exploitable bugs (initially), and alienating parts of their userbase. It was hard enough with Vista and it's UAC (imho, largely why it tanked) for both users and developers, imagine how bad it would be if you introduced even more?

Re:Back to the drawing board

[hairyfeet]

Yeah, they could do that....and COMPLETELY put themselves out of business! It is the GAMES dude! I have games from the late 90s written for win9X that run perfectly in Windows 7 HP x64. So we are not only talking about a completely different kernel, going from the Win9x mess to WinNT, we are talking going from a hybrid 16/32bit OS to a 64bit OS...and it runs PERFECTLY. And sadly even to this day good luck getting most games to run without admin. Hell did they even fix it so Punkbuster will run as a normal user?

Do you think that kind of backwards compatibility is easy? Who do you think MSFT is, Apple? Do you have ANY idea the huge roaring howling gnashing of teeth mega shitfit folks would have if their games don't run? Try working in consumer PC repair and service buddy, and listen to the screams if their game don't run. Hell before Windows 7 came out I had folks that bought Vista machines switching EN MASS to WinXP in part because of Vista not having good game compatibility. And don't even get me started on all the old apps that are mission critical at these SMBs across the land, which BTW is some of MSFT's biggest customers. What are you nuts?

It is THIS, this reason right here, why Linux and OSX haven't gained more traction. Hell just look at how Macs got better numbers after they went X86, why? Because with Boot Camp you can boot into windows and still play your games or run your old apps, that's why! Bitch all you want about MSFT but even they ain't stupid enough to kill the golden goose and remove backwards compatibility, and until you can cook up easy peasy VMs that offer 100% native CPU AND GPU speed, well there just can't be TOO many changes under the hood, not without pissing off the hoards. Now if you will excuse me, after a big turkey dinner I feel like playing a little No One Lives Forever, a decade old game on my nice Windows 7 X64 rig. Thank you backwards compatibility!

Re:Back to the drawing board

[drsmithy]

Microsoft has the capital to develop a new operating system from the ground up.

They did. It's called Windows NT.

This bolting on of security solutions like UAC isn't going to to cut it anymore.

It's not "bolted on". It's just a more user-friendly interface over the same security capabilities that have existed in the system since it was first released.

I am a technology atheist, so I don't get religious about platforms, but what Apple did by porting OSX for Intel in parallel says volumes about their company.

Windows has been cross-platform for nearly two decades, what does that say about Microsoft ?

Re:Back to the drawing board

[drsmithy]

If this bug is as you say, and it exploits "left over junk from older OSes" that only means one thing: there has been more than adequate time for an internal security audit to have found and fixed this bug.

So the day after Windows 8 is released, will that have been "more than adequate time for an internal security audit to have found and fixed" a bug.

Consider the personnel and capital available to the OpenBSD group, then compare that to the personnel and capital available to Microsoft. You're telling me Microsoft couldn't do better than the OpenBSD group?

Are you trying to say there has never been a single bug in OpenBSD that's existed for more than one release cycle ?

Re:Back to the drawing board

[drsmithy]

I remember when they said that Windows Vista was supposed to be a complete rewrite from the ground up, that there would be amazing XYZ features, etc.

Really ? Can you provide a source ? Because I can't ever remember anyone credible saying that Vista would be a group-up rewrite.

Re:Back to the drawing board

[drsmithy]

It would be bordering on suicide for Microsoft to lose backwards compatibility -- because people could be swayed to end up someplace else.

And where would they go ? Mac, and pay twice as much ? Linux, and have to deal with vendors who barely give a crap about whether their systems do what the customers want ?

Re:Back to the drawing board

[drsmithy]

One obvious example is Windows' default behaviour of loading .DLL files from the current directory, which allows you to infect arbitrary executables by starting a program from a directory wihch contains a malware DLL. 'But we can't change that because it will break WhizzbangSoft 2003!'

If you already had the ability to write to the EXE file, why would you bother with the roundabout method of doing it via a DLL load ?

Re:Back to the drawing board

Even Vista's "Hey, let's actually slightly enforce all those best-practices things about not assuming that everyone is running with Admin privileges at all times, as though it were still Windows 95" was met with a firestorm of nearly pure hate. So much so that, even with Vista to take the flack and several years for 3rd parties to get their act together, 7 backed off the UAC a little bit.

Really? I thought Vista was hated because it made major changes to the UI, was slow, had a completely different driver model so only non-core drivers worked properly, etc.
Then there was the guerrilla marketing of releasing software that wouldn't work on XP "just because".
And let's not forget the anti-DRM campaign that the FSF was running either.

Microsoft really did that to themselves, the changes they made would have been accepted if they released them gradually (more $$ in multiple intermediate releases too) but they slapped down so many major changes at once that it left their customers disorientated. Also, UAC in Vista was stupid as well as annoying, UAC in Win7 is smarter not just reduced.

They might well be able to get away with designing (another, NT being their first) new OS; but a new userspace API or huge security model change would get ugly...

The real problem is the other way around, NT (kernel+core services) really isn't that bad, the problem is Win32. They don't need to completely ditch compatibility, just strip the compatibility bullshit out of the core. Create a new NT core API then move win32k.sys into a user space service that emulates and thunks on to the new core API. This way new software won't suck, old software still works and they can fix some of the terrible design "decisions" (inversion of control where kernel functions call user space services which call kernel functions and can create infinite recursion loops under obscure circumstances).

Re:Back to the drawing board

[master_p]

Let's also not forget that anti-malware software is a serious business with millions of downloads every week. Why would Microsoft want to disturb that, when they have a lot of software houses making anti-malware software for them? it's bad from a business point of view.

Re:Back to the drawing board

[master_p]

Legacy software could run exclusively under a Virtual Machine. For the last 10 years, CPUs have all the technology required for that.

And it's not that Microsoft would ditch the NT kernel...we are only taking about the Win32 subsystem.

Re:Back to the drawing board

[drsmithy]

Do you think that kind of backwards compatibility is easy?

Actually if your application developers only use the documented and published APIs, it's pretty easy. Doesn't require any underhanded trickery on behalf of the OS vendor at all.

Re:Back to the drawing board

[judeancodersfront]

No I mean removing Win32 and .NET and only providing core internet services.

Re:Back to the drawing board

[causality]

So the day after Windows 8 is released, will that have been "more than adequate time for an internal security audit to have found and fixed" a bug.

We were talking about "left over junk from older OSes". See that part about "older OSes"? For clarity, I'll ask if you see that part about " older OSes".

See, to the literate reader this implies that at least some code from older versions of Windows has been re-used and included in newer versions of Windows. I know, when you want to nitpick, that whole literacy thing just gets in the way... but this makes sense for a lot of reasons. For example it is economical to avoid reinventing the wheel.

The thing about reusing older code is that it's older code. Therefore, it has had more time to undergo security audits, audits that could have caught basic buffer overflows like that. I can break that down some more if you need me to but I hope at this point that won't be necessary.

Are you trying to say there has never been a single bug in OpenBSD that's existed for more than one release cycle ?

Nope. If I were "trying to say" that, I would have moved my fingers to a different set of keys on my keyboard and explicitly said it. See how I never made such a claim at all? You do see that, right? If not, there is no need to take my word for it, you can scroll up and verify that for yourself.

Fact: between the two of us, you are the only person who has mentioned "bugs ... that existed for more than one release cycle."

I must admit, I do not possess your "talent" for seeing things that aren't there. I also have a hard time putting words into someone's mouth and then forgetting that I'm the one who put them there. So for me, doing what you just did feels phony and dishonest and is really no fun at all.

Still, if any part of this post is confusing or ambiguous, please re-read it thoroughly and take careful note of what I did and did not say. If anything is still unclear, let me know and I'll set you straight. Now, can we finally put to rest this epidemic of "reading one thing and then responding to some shit you made up" that's destroying the quality of discussion here on Slashdot?

Re:Back to the drawing board

[drsmithy]

We were talking about "left over junk from older OSes". See that part about "older OSes"? For clarity, I'll ask if you see that part about " older OSes".

What classifies as "older" ?

See, to the literate reader this implies that at least some code from older versions of Windows has been re-used and included in newer versions of Windows.

Yeah, I kinda got that. Hence my question to clarify what you mean by "older".

Nope.

Then what are you trying to say ? Because it's hard to interpret "If this bug is as you say, and it exploits "left over junk from older OSes" that only means one thing: there has been more than adequate time for an internal security audit to have found and fixed this bug" any other way than "bugs should not survive multiple releases", when you don't provide any definition for what you consider "older".

Still, if any part of this post is confusing or ambiguous, please re-read it thoroughly and take careful note of what I did and did not say. If anything is still unclear, let me know and I'll set you straight. Now, can we finally put to rest this epidemic of "reading one thing and then responding to some shit you made up" that's destroying the quality of discussion here on Slashdot?

If you don't want people to make inferences, don't make statements that require them to do so.

that will brake to many apps so people will not bu

[Joe+The+Dragon]

that will brake to many apps so people will not buy it. Windows is too big to do a apple and just cut off that many people.

Re:that will brake to many apps so people will not

[cyberkahn]

Virtualization would be a good solution for the transition period.

But the os in Virtualization will still have the b

[Joe+The+Dragon]

But the os in Virtualization will still have the bugs and holes so what do you gain?

Re:But the os in Virtualization will still have th

[cyberkahn]

Sure, it wouldn't be a perfect solution, but it would be a way forward in the long run.

Re:But the os in Virtualization will still have th

But the os in Virtualization will still have the bugs and holes so what do you gain?

security by isolation, aka if you have a stupid vulnerable browser, you can save the rest of system just by isolating the stupid browser in a virtual machine

Windows security holes again?

Why do Microsoft fanboys keep saying that these kinds of problems are only for Windows XP?

And just because Microsoft writes crap software doesn't mean such similar holes exists in Mac OS X, BSD, Linux, Solaris, etc. And no, trojans don't count. You can't protect a house if the owner keeps giving keys to everyone who asks for one.

Re:Windows security holes again?

[Kalriath]

You can't protect a house if the owner keeps giving keys to everyone who asks for one.

You're right. So Microsoft should change Windows you can't log in. Ever. Can't give out the keys if you yourself don't have one.

Well, go ahead and tell them what then

[Sycraft-fu]

Seriously, let's hear this brilliant idea that a number of geeks on Slashdot seem to have as to how to design an OS that is perfectly secure against Malware and so on, yet still gives the user full administrative control over their system. So show us a framework or example of some kind where users have the full control they must over personally owned systems, yet the system is 100% secure over bad code. Also then show the design methods that can be used to ensure that there are zero bugs, anywhere, ever, in the design or the implementation and that allow a product to be produced in the timescales demanded by the consumer world (as in it can't take 10 years of validation).

If you put any real thought in this, you'll realize it can't be done. There is no power without responsibility, there is no perfect system that is 100% bug free.

That being the case, stop whining.

For this particular thing, this is a local privilege exploit. It is a bug, a mistake, one that will be fixed. If you Google around you'll find that Linux has had plenty of these through out its history. Something is done wrong such that a program can elevate when it isn't supposed to. They are bugs to be patched, but not super critical since you still have to get malicious code on to the local system and get it to execute. They are more of a concern on multi-user systems but even then it is rarely a panic situation.

So seriously, enough with this "OMG MS just needs to make a 100% perfectly secure OS!" shit. It shows massive ignorance of how complex and OS is, and what all you have to balance. No problem with that, you needn't learn about it if you don't want, but then don't argue from a position of ignorance and assume that they could make a perfect OS if only they wanted to bad enough.

No security is perfect. People who do security in the real world, physical security, have always known this. For some reason many people who do virtual security delude themselves in to thinking it is different. No it isn't, there is no perfect security. So have defense in depth. Be mindful of where you visit on the web, don't download random shit, run a quality virus scanner that checks data as it comes in from the web, use a deprivileged browser (somethign in protected mode, if your browser supports it), have a firewall, have UAC turned on, think before you execute a program. None of that is perfect, none of that is something that can't ever fail, but with layers of protection if one fails, you've others to fall back on.

Re:Well, go ahead and tell them what then

I hate this kind of argument.
"It's impossible to achieve 100%, so stop complaining that X only achieved 10%"
Like if perfection can't be achieved, there isn't any reason to do any better than bad.

"Also Y also did this, so it's perfectly acceptable for X to do this"

There is nothing wrong with your basic point: Since we can't do perfect, we'll have to accept the fact that there will be mistakes. But no one is arguing against that. It's still perfectly reasonable to complain about the high number or severity of the mistakes. Or how they are handled.

Also; the people who complain the most about other people whining, often seem to be the only ones whining. Why is that?

Re:Well, go ahead and tell them what then

[Myopic]

I only read your first sentence. I'm pretty sure the brilliant idea is install NetBSD.

Re:Well, go ahead and tell them what then

[grcumb]

Seriously, let's hear this brilliant idea that a number of geeks on Slashdot seem to have as to how to design an OS that is perfectly secure against Malware and so on, yet still gives the user full administrative control over their system....

If you put any real thought in this, you'll realize it can't be done. There is no power without responsibility, there is no perfect system that is 100% bug free.

And if you put any reading into it, you'd accept the prevailing view that security is about processes, that it cannot be perfect and that it doesn't have to be perfect to be adequate for an individual's needs.

Then perhaps you'd quit focusing on unattainable silver bullets (which are either straw men or some unattainable fantasy born of your personal ignorance of security design) and start looking at development culture and UI philosophy that lead to environments in which heterogeneous systems can interact with an adequate level of security.

This won't protect the world from mind-bogglingly stupid choices like credit card companies who leave themselves open to SQL injections, but it would at least allow home users to actually have to earn their infection through willful ignorance, instead of being subject to exploits simply by opening a PDF file or landing on a web page.

People may be stupid, but some operating systems have staked their business on aiding and abetting said stupidity. Others have not. The latter are decidedly not perfect, but they are miles better than the former.

Re:Well, go ahead and tell them what then

there is no perfect system that is 100% bug free

When it comes to Microsoft operating systems, the vast majority of people would accept something which is 20% bug free.

Microsoft *will not* under any circumstances, risk losing their market share in order to secure the operating environment which they sell. And this is the massive externalization of costs onto organizations forced to use Microsoft operating systems because the operating environment has been a monopoly for 20 years.

It shows massive ignorance of how complex and OS is, and what all you have to balance

What Microsoft spends all of it's time balancing is the legacy operating environment features mixed in with the 'new' features and facilities. It's the shear complexity of the operating environment which is causing this myriad of faults, security issues, bugs, flaws, design failures etc. etc. etc. And guess what, the environment is only getting more complicated. Microsoft doesn't *have* to balance this. It could choose to ditch the legacy features and try to force people to upgrade. The problem is that many people would choose to upgrade to something cheaper and more reliable.

Microsoft is choosing to make an unreliable, insecure operating environment (and externalizing the costs for this) over losing any market share whatsoever. Why are people at /. annoyed about this? Because we've been handling the externalization of Microsoft's costs for the last 10-15 years.

whining

You cannot excuse Microsoft's choices with a vague rant about absolutism that contains no substance whatsoever.

Re:Well, go ahead and tell them what then

Does NetBSD ship with the same sudo as many Linux distros that had two different privilege escalation vulnerabilities related to sudoers parsing in the last year?

I can hear you now, "they don't affect me"

You're probably right, the only places affected are ones with lots of different functional groups of systems with many users each, and thus a moderately complex sudoers file. You know, the kind of places where local privilege escalation holes matter.

Re:Well, go ahead and tell them what then

[metrix007]

Seriously, let's hear this brilliant idea that a number of geeks on Slashdot seem to have as to how to design an OS that is perfectly secure against Malware and so on, yet still gives the user full administrative control over their system. So show us a framework or example of some kind where users have the full control they must over personally owned systems, yet the system is 100% secure over bad code.

Mandatory Access Controls. Not 100%, but close.

Re:Well, go ahead and tell them what then

[woolpert]

You're comparing a local privilege escalation exploit (*unix) to a remote one (Win) as if they are even the same ballgame?

L O fucking L.

Re:Well, go ahead and tell them what then

Why are there so many people hell bent on using a bad operating system, paying money to do so, and rationalizing their decision? If you are reading slashdot you are geek enough to install something else. Go do it.

Re:Well, go ahead and tell them what then

[master_p]

Seriously, let's hear this brilliant idea that a number of geeks on Slashdot seem to have as to how to design an OS that is perfectly secure against Malware and so on, yet still gives the user full administrative control over their system.

Full virtualization of system resources per user would allow a user to have full administrator rights over his machine, without compromising the operating system. For example, a user may modify the file kernel32.dll, but it would be a copy of the file that would be modified.

Furthermore, applications that communicate with any network should be run within their own virtual session; if they modify any critical resource, they would not affect the operation of the computer.

Finally, capability-based security has been proven to work brilliantly as a security paradigm.

Also then show the design methods that can be used to ensure that there are zero bugs, anywhere, ever, in the design or the implementation and that allow a product to be produced in the timescales demanded by the consumer world (as in it can't take 10 years of validation).

You don't need any particular design methods, you only need to use a programming language that has runtime protection for the most basic of flaws, i.e. buffer overflows. Had Microsoft used Ada, instead of C, for example, 99% of the problems would not exist.

If you put any real thought in this, you'll realize it can't be done. There is no power without responsibility, there is no perfect system that is 100% bug free.

We are not arguing about 100% bug free software, we are arguing about software that is bug free from trivial(*) bugs, like buffer overflows or privilege exploits. Complex bugs that are the result of unsolvable problems will always exist.

(*)trivial in the sense of being easy to solve.

Re:Well, go ahead and tell them what then

[drsmithy]

Full virtualization of system resources per user would allow a user to have full administrator rights over his machine, without compromising the operating system. For example, a user may modify the file kernel32.dll, but it would be a copy of the file that would be modified.

But the malware could still do whatever it wanted within the "virtual session". Practical difference == zero.

Finally, capability-based security has been proven to work brilliantly as a security paradigm.

Proven where ?

You don't need any particular design methods, you only need to use a programming language that has runtime protection for the most basic of flaws, i.e. buffer overflows. Had Microsoft used Ada, instead of C, for example, 99% of the problems would not exist.

The lack of any general purpose OSes written in Ada should help demonstrate the real world isn't so simple.

Re:Well, go ahead and tell them what then

[KnowledgeKeeper]

So seriously, enough with this "OMG MS just needs to make a 100% perfectly secure OS!" shit. It shows massive ignorance of how complex and OS is, and what all you have to balance. No problem with that, you needn't learn about it if you don't want, but then don't argue from a position of ignorance and assume that they could make a perfect OS if only they wanted to bad enough.

Well, the problem is the complexity of their OS. Even Mark Russinovich said they didn't know how the system works:

What we do [instead] is take full Windows, and start pulling pieces off of it. The problem with that is, pieces that're left sometimes have dependencies out to pieces that we've removed. And we don't really understand those dependencies.

Re:Well, go ahead and tell them what then

[master_p]

But the malware could still do whatever it wanted within the "virtual session". Practical difference == zero.

Wrong. The malware would do nothing. It would affect fake resources.

Proven where ?

See the Eros operating system and its derivatives.

The lack of any general purpose OSes written in Ada should help demonstrate the real world isn't so simple.

You mean that you don't know any. Google is your friend.

Re:Well, go ahead and tell them what then

[drsmithy]

Wrong. The malware would do nothing. It would affect fake resources.

By definition it would have access to the user's files and be able to interact with the network, which covers about 99% of everything the average piece of malware might want to do.

Unless you want to try and argue the user himself wouldn't be able to run programs that access his own files and the network ?

See the Eros operating system and its derivatives.

I'm not aware of them being used for mainstream, general-purpose computing. Do you have any examples ?

You mean that you don't know any.

No, I don't, though it isn't because I haven't looked. Instead of being a pretentious ass, maybe you could just give some examples ?

Re:Well, go ahead and tell them what then

[master_p]

By definition it would have access to the user's files and be able to interact with the network, which covers about 99% of everything the average piece of malware might want to do.

Not if the user's files do not belong in the virtual session that the malware belongs.

I'm not aware of them being used for mainstream, general-purpose computing. Do you have any examples ?

No, I don't, though it isn't because I haven't looked. Instead of being a pretentious ass, maybe you could just give some examples ?

Sorry, I am not gonna do anything like that. Google is your friend.

Re:Well, go ahead and tell them what then

[drsmithy]

Not if the user's files do not belong in the virtual session that the malware belongs.

So how does the user launch applications that can access their files ? Or are you proposing they are bombarded with even more "are you sure" dialogs every time some app wants to access a file and/or the network ?

Sorry, I am not gonna do anything like that. Google is your friend.

Your reluctance says far more than Google does.

Re:Well, go ahead and tell them what then

[master_p]

So how does the user launch applications that can access their files ?

Normally, like they do now.

Or are you proposing they are bombarded with even more "are you sure" dialogs every time some app wants to access a file and/or the network ?

The user will be able to configure which files are sensitive enough not to belong to any virtual session that is less privileged than his/her files.

Your reluctance says far more than Google does.

Your loss, not mine pal. There are plenty of real-time operating systems created with Ada.
If you knew Ada, you would know that is exactly like C when it comes to low-level control, yet advanced enough to be able to protect the system from the major flaws of C.

Re:Well, go ahead and tell them what then

[drsmithy]

Normally, like they do now.

So what prevents them launching malware that can do the same thing, like they do now ?

The user will be able to configure which files are sensitive enough not to belong to any virtual session that is less privileged than his/her files.

That makes no sense, but I think I know what you meant.

To which my answer is: if users were capable of making those sorts of decisions, we wouldn't have the malware problem we do today.

Your loss, not mine pal. There are plenty of real-time operating systems created with Ada.

For example ?

If you knew Ada, you would know that is exactly like C when it comes to low-level control, yet advanced enough to be able to protect the system from the major flaws of C.

I'm aware of Ada. Several of my CS degree subjects used it.

Re:Well, go ahead and tell them what then

[master_p]

So what prevents them launching malware that can do the same thing, like they do now ?

Nothing. It only prevents the damage done by malware.

That makes no sense, but I think I know what you meant.

Oh, it does. Please stop being so negative because someone thought something you did not think. The problem with malware is that it can access various system resources without the user's consent, once launched (either from a user action or by user acceptance). By presenting "a virtual world" to the malware, where the malware sees a copy of the world, the damage can be limited.

To which my answer is: if users were capable of making those sorts of decisions, we wouldn't have the malware problem we do today.

You say "I know what you mean" and then you completely fail to show that you understood what I am proposing. So here it is again, with an example: suppose malware 'Foo' wants to alter the contents of file 'Bar'. 'Foo' opens the file 'Bar', and alters the contents. The operating system kernel though, instead of delivering the original file, it does a copy-on-write on file 'Bar', and therefore the original file 'Bar' is preserved.

For example ?

Lots of military embedded systems, lots of avionics systems. The F22 software, for example. Some parts of the F16 software kernel. Or the THALES Crotale kernel...really, if you look around, safety-critical and Ada go hand in hand.

I'm aware of Ada. Several of my CS degree subjects used it.

Yet you reject it for a commercial operating system kernel? how strange.

Re:Well, go ahead and tell them what then

[drsmithy]

Nothing. It only prevents the damage done by malware.

How ? How does the computer know whether or not the application trying to access files and/or the network is malware or legitimate ? Or are you saying the data within the virtual session *is* permanently modified ? In which case, like I said earlier, the practical difference to today's systems is zero.

You say "I know what you mean" and then you completely fail to show that you understood what I am proposing. So here it is again, with an example: suppose malware 'Foo' wants to alter the contents of file 'Bar'. 'Foo' opens the file 'Bar', and alters the contents. The operating system kernel though, instead of delivering the original file, it does a copy-on-write on file 'Bar', and therefore the original file 'Bar' is preserved.

So when the next program opens 'Bar' which copy does it get ? How does the OS know which copy to present ? How does the user make a _permanent_ change to 'Bar' and what prevents malware run by the user from making that change ?

How does any of this prevent the malware from opening a network connection ?

Lots of military embedded systems, lots of avionics systems. The F22 software, for example. Some parts of the F16 software kernel. Or the THALES Crotale kernel...really, if you look around, safety-critical and Ada go hand in hand.

Perhaps you missed the "general purpose OS" part of my question ? Listing of a bunch of highly-specialised, embedded applications isn't an answer.

Yet you reject it for a commercial operating system kernel? how strange.

I didn't reject it. Like I said, the industry isn't exactly crawling with general purposes OSes (or software, for that matter) written in Ada.

Re:Well, go ahead and tell them what then

[master_p]

How ?

So when the next program opens 'Bar' which copy does it get ?

How does any of this prevent the malware from opening a network connection ?

An application that is considered potentially harmful, like a web browser, runs in a virtual session. When malware asks for file 'Bar' or a network connection, then it uses the virtual resources.
If the file 'Bar' or the network connection or any other resource is a resource that requires more privileges, then then user IS NOT ASKED through UAT or privilege elevation permission to use the resource, but a virtual resource has been setup APRIORI to be used instead of the real one. The malware thinks it uses the real thing, but it does not.
This security setup is created when the application is installed. The user is not involved in any way in the process. New applications can be installed in the context of a running application (say, a new interactive session), but these applications cannot affect anything else in the system. If there is malware installed under a virtual session, then the user can log in another more privileged session to correct the problem.

Perhaps you missed the "general purpose OS" part of my question ? Listing of a bunch of highly-specialised, embedded applications isn't an answer.

Why isn't it an answer? if a programming language is suitable for safe-critical systems, then it certainly is suitable for general purpose operating systems.

I didn't reject it. Like I said, the industry isn't exactly crawling with general purposes OSes (or software, for that matter) written in Ada.

That's why I said that Ada should have been used more.

Re:Well, go ahead and tell them what then

[drsmithy]

An application that is considered potentially harmful, like a web browser, runs in a virtual session. When malware asks for file 'Bar' or a network connection, then it uses the virtual resources. If the file 'Bar' or the network connection or any other resource is a resource that requires more privileges, then then user IS NOT ASKED through UAT or privilege elevation permission to use the resource, but a virtual resource has been setup APRIORI to be used instead of the real one. The malware thinks it uses the real thing, but it does not.

Then how do legitimate applications access the "real" resources ? If it is the end user that ultimately makes the decision - regardless of whether they do it beforehand (though that adds an additional burden of knowledge making it even more unworkable) or on-demand - then that is not a solution because it will fall victim to the same problem we have today: people are more than happy to do whatever it takes to see the dancing bunnies.

This security setup is created when the application is installed. The user is not involved in any way in the process. New applications can be installed in the context of a running application (say, a new interactive session), but these applications cannot affect anything else in the system. If there is malware installed under a virtual session, then the user can log in another more privileged session to correct the problem.

Your system appears to be completely reliant on a) application vendors to correctly specify the privilege levels they need and b) end users to make educated decisions about whether or not to trust the vendors. Alternatively, c) a tightly-controlled and strictly enforced source of applications that can be installed.

Experience suggests this is not a workable solution for a general-purpose system. Options (a) and (b) simply don't happen and option (c) removes the arbitrary nature of the software that can be used (ie: you get an iPad). If it *was*, we would never have had these problems in the first place, as existing systems have sufficient capabilities to provide essentially all the functionality you are talking about.

Modern systems don't lack the features you desire because people haven't thought of it. They lack them because they haven't been practical to implement. Though the exploding popularity of tightly controlled devices like the iPad and iPhone may change this.

Why isn't it an answer?

Because my point was the lack of general-purpose OSes written in Ada suggests it's not a viable solution for that purpose.

if a programming language is suitable for safe-critical systems, then it certainly is suitable for general purpose operating systems.

Maybe, maybe not. There are numerous and often non-obvious interwoven factors at play in these sorts of situations.

Re:Well, go ahead and tell them what then

[master_p]

Then how do legitimate applications access the "real" resources ? If it is the end user that ultimately makes the decision - regardless of whether they do it beforehand (though that adds an additional burden of knowledge making it even more unworkable) or on-demand - then that is not a solution because it will fall victim to the same problem we have today: people are more than happy to do whatever it takes to see the dancing bunnies.

No, application access resources normally.

a) application vendors to correctly specify the privilege levels they need and

Application vendors do not need to specify privilege levels. All applications must be considered not trustworthy, unless proven so or set to be so manually. Each application installed can only manipulate a copy of the resources, except for the files that it has created...thus, if the application is compromised, the system is not affected.

b) end users to make educated decisions about whether or not to trust the vendors.

My proposal explicitly does not require decisions from the end users.

c) a tightly-controlled and strictly enforced source of applications that can be installed.

It's not required.

Modern systems don't lack the features you desire because people haven't thought of it. They lack them because they haven't been practical to implement. Though the exploding popularity of tightly controlled devices like the iPad and iPhone may change this.

You still haven't understood my proposal.

Because my point was the lack of general-purpose OSes written in Ada suggests it's not a viable solution for that purpose.

Not a good argument. Do you have any specific reasons why Ada is not a viable solution? I bet you don't.

Ada is not chosen for operating system development because it is not popular and there are not many developers around. It's purely economics. Other than that, there is no technical reason that Ada is not suitable for commercial operating systems, especially since complex critical safety kernels and systems are built with Ada.

A software giant like Microsoft could easily adopt Ada though. It may have cost a little more, but the end result would be much better software. The reason Ada is not adopted is because Microsoft doesn't really care about security; they care about stocks, and security perhaps even goes against that; non-security means a) easy hacking and copying of its products, b) a market generated solely around the deficiencies of its operating system. Both options raise the value of their stocks, and that's what there are interested for.

Maybe, maybe not. There are numerous and often non-obvious interwoven factors at play in these sorts of situations.

"Maybe, maybe not" is not an argument. Please list specific reasons why Ada is not suitable for general purpose operating systems.

Re:Well, go ahead and tell them what then

[drsmithy]

No, application access resources normally.

HOW DOES THE SYSTEM (OR THE USER) KNOW THE DIFFERENCE BETWEEN "AN APPLICATION" AND MALWARE ?

Application vendors do not need to specify privilege levels. All applications must be considered not trustworthy, unless proven so or set to be so manually.

So who decides whether or not an application is "trustworthy", how, and when ?
* If it's the user, you still have the dancing bunnies problem.
* If it's the vendor, you still have the incompetent or malicious vendor problem.
* If it's some third party, you have the loss of general-purposeness problem.

Each application installed can only manipulate a copy of the resources, except for the files that it has created...thus, if the application is compromised, the system is not affected.

If applications can only manipulate data and files they have created, how do you deal with multiple applications that need to access and/or modify the same set of data and files ?

Look, in the big picture, "system files" are largely irrelevant - they can be restored from read-only media in a matter of minutes or hours. What matters is the unique data. Protecting the system only really assists the clean-up process, by which time the damage is already done. That's not to say it shouldn't be done, but it's by far a secondary concern.

You also haven't addressed what prevents an application from, say, firing up a network connection to a botnet controller and becoming a DDoS zombie or open relay.

My proposal explicitly does not require decisions from the end users.

Then it requires a centralised, third-party management system of some description, and makes the system no longer general purpose and capable of running arbitrary software.

It's not required.

Then there's nothing to prevent malicious software being installed.

You still haven't understood my proposal.

No, apparently I haven't. In particular I am having trouble seeing how it still allows the user to run whatever software they want, while preventing them from running malicious software, or how it allows them to run software that manipulates their data, while preventing malicious software they have run from doing the same.

Not a good argument. Do you have any specific reasons why Ada is not a viable solution? I bet you don't.

I never said it wasn't a viable solution. I said the distinct lack of products using it suggest there is probably a good reason why it isn't used. Note that these reasons may have nothing whatsoever to do with Ada itself.

Other than that, there is no technical reason that Ada is not suitable for commercial operating systems, especially since complex critical safety kernels and systems are built with Ada.

This isn't really a compelling argument. Just because a tool is really good for one thing (embedded, limited functionality, static, critical systems) doesn't mean it's good at another (general purpose, extensive functionality, dynamic, non-critical systems).

The reason Ada is not adopted is because Microsoft doesn't really care about security; they care about stocks, and security perhaps even goes against that; non-security means a) easy hacking and copying of its products, b) a market generated solely around the deficiencies of its operating system.

Poor security is bad for business, so to say they don't care is just plain stupid. Especially given the extensive and well-documented efforts towards improving security in Windows for the better part of a decade now, including significant refactoring, reimplementation and re-architecting of pretty much every aspect of the system.

Incidentally, most "security products" aren't doing anything to address the "deficiencies of its operating system" (whatever those might be - can you identify some), because they are nearly all there to either a) prevent bad things from happening once the security systems in the OS have already been bypassed (nearly always by an ignorant user and/or third-party software), or b) clean up afterwards. To use the obligatory car analogy, they're airbags, not ABS.

Re:Well, go ahead and tell them what then

[master_p]

AT THIS POINT, I RECOGNIZE THAT YOU MUST BE EXTREMELY STUPID.

for the Nth time: there is no need for the system or the application or the user to know anything. all the system needs to do is to create a virtual session for an executable, where the computer's resources are virtualized for the executable.

if the executable is compromised, then the resources for the other executables will not be compromised.

if the executable launches another executable, the first executable's environment is virtualized for the second executable.

WTF, you must be extremely thick if you don't get it!!!

As for the rest of your comments, regarding Ada and security, you are just plain ignorant of embedded systems and Ada if you think they are unsuitable for general purpose operating systems. Embedded real time operating systems have the strictest performance and security requirements, covering much more ground in those two fields than generic purpose operating systems.

Re:Well, go ahead and tell them what then

[drsmithy]

for the Nth time: there is no need for the system or the application or the user to know anything. all the system needs to do is to create a virtual session for an executable, where the computer's resources are virtualized for the executable.

Then, for the "nth" time, how does a legitimate application modify and interact with the "real" files ? There are numerous reasons why this will be necessary, from simple editing of documents to applying patches.

The last time I asked this, you said "the user will be able to configure it". My point since, which you are either ignoring or misunderstanding, is that as soon as you allow the user to make such decisions then you a) require additional knowledge and interaction from the user and b) open yourself up to the dancing bunnies problem, essentially returning to the situation we have now.

As for the rest of your comments, regarding Ada and security, you are just plain ignorant of embedded systems and Ada if you think they are unsuitable for general purpose operating systems.

I didn't say they were. I said the fact they weren't being used suggested there was probably a good reason.

Embedded real time operating systems have the strictest performance and security requirements, covering much more ground in those two fields than generic purpose operating systems.

Embedded systems operate in completely different risk profiles (for example, inputs are nearly always minimal, strictly controlled and well-known in advance) and performance constraints (for example, sacrificing low latency for predictable latency in terms of responsiveness) than general purpose systems do. This is before even getting into things like scope of capabilities (embedded systems tend to be quite limited), development cost (relatively high for embedded systems, due to the stricter requirements for correctness) and time to market (longer for embedded systems, again due to stricter requirements).

As I said. Being good at one thing does not imply that you will be good at another thing, even if they are related.

Re:Well, go ahead and tell them what then

[master_p]

You are extremely stubborn. It's amazing that you don't get such a simple concept.

Then, for the "nth" time, how does a legitimate application modify and interact with the "real" files ? There are numerous reasons why this will be necessary, from simple editing of documents to applying patches.

By using the available file management interface: fopen, OpenFile, etc. Or whatever file management routines the programming language or library that was used to built the application.

For the application, the real files are the files it sees. It's the files the application has created or it is registered to manipulate. For the rest of the system though, the real files are different.

Here is an example: You download TextEdit and you create the file 'Foo.txt'. Every program in the system sees that file. Now you open the file with Internet Explorer. Since IE is an untrusted application, the system does a copy-on-write on file 'Foo.txt'. If any malicious program modifies 'Foo.txt', then it would be the copy of 'Foo.txt' that is being modified, and not the original one. If TextEdit opens the file 'Foo.txt', then it will open the original file, not the one Internet Explorer has modified, thus preventing malicious programs to alter the file. In case the user wants to edit the file 'foo.txt' modified by IE with TextEdit, then he/she may do so: he/she goes to open the file 'foo.txt' that was modified by IE, which is now in another position on the file system.

Here is another example: you download an email with Outlook Express that contains a Christmas Card from your grandpa. It's not a Christmas Card though, it is a rootkit. You double click the Christmas card, the rootkit runs via a buffer overflow using the JPEG library bug and tries to modify the registry by raw access. The system does a copy-on-write on the registry and the rootkit modifies a copy of the registry. Since a copy of the registry is modified, the system can easily be restored to normal status by simply deleting the rootkit's version of the registry.

Yet another example: you want to install OpenOffice. You download the file, you install it. The installation adds an item in your startup folder that loads an OpenOffice toolbar. A copy of the registry is modified as well, just as in the previous case. But this is safe: you leave it running as is. If the OpenOffice toolbar is compromised in the future by malware, you simply delete the copy of the registry. The initial registry remains intact.

So, as you can see, in all cases you have a working system. Malware can only touch and modify copies of resources; programs can manipulate the version of resources that they see as real, i.e. the resources that they have created, and the versions of those resources managed by other programs. The only thing required to restore the system to a good state is to erase the modified resources.

I didn't say they were. I said the fact they weren't being used suggested there was probably a good reason.

Unfounded speculation.

Embedded systems operate in completely different risk profiles (for example, inputs are nearly always minimal, strictly controlled and well-known in advance)

Not true. One of the reasons the US DoD has created Ada is that there was a need for a truly safe programming language that does not allow systems to be compromised due to bugs even by the personnel that uses those systems.

nd performance constraints (for example, sacrificing low latency for predictable latency in terms of responsiveness) than general purpose systems do.

There is nothing in Ada that prevents systems to manage latency as they require.

This is before even getting into things like scope of capabilities (embedded systems tend to be quite limited),

Wrong again. Embedded systems can be vastly more complex than your desktop OS, which is mostly for viewing and manipulatin

Re:Well, go ahead and tell them what then

[drsmithy]

You are extremely stubborn. It's amazing that you don't get such a simple concept.

I get the concept fine. You seem to be either ignorant of, or refusing to consider, the problems with it.

For the application, the real files are the files it sees. It's the files the application has created or it is registered to manipulate. For the rest of the system though, the real files are different.

Who decides which applications can manipulate what ? Who decides what a "trusted" application is ? How do you share information between different applications (eg: how can a document be edited by Office, OpenOffice, or some other random application ? How do you help with malware that's only interested in read-only access (eg: sending a trojan to everyone in an address book) ?

Everything you listed as an example is already possible with existing systems. Indeed, Windows has already been doing it to some degree for 3+ years.

Unfounded speculation.

On the contrary. Quite well-founded speculation. Ada isn't exactly some "new hotness" language that's sprung up in the last decade, it's been around for thirty years.

Not true. One of the reasons the US DoD has created Ada is that there was a need for a truly safe programming language that does not allow systems to be compromised due to bugs even by the personnel that uses those systems.

The DoD uses (mostly used, these days) Ada because it needed a language that enforced correctness, to proactively prevent certain types of bugs and misfeatures. That has nothing to do with end users causing security breaches that don't leverage software bugs, which is what happens most of the time (trojans, third-party software errors, malicious and/or ignorant data leakages).

There is nothing in Ada that prevents systems to manage latency as they require.

That's great, but it's not really relevant to what I said. RTOSes and other embedded systems strive (and are often defined by their ability) to make latency *consistent*, and for this they typically sacrifice raw performance. General Purposes OSes strive to make it as fast as possible most of the time, with the sacrifice that sometimes it will be much higher than usual when unusual situations are encountered.

The best example of this I can think of off the top of my head is "enterprise" vs "consumer" hard disks:
* "Enterprise" drives have firmware that has hard and short timeout limits when dealing with errors. This is because they are nearly always used in performance-sensitive RAIDed environments, and thus a failure on a single disk usually doesn't imply a system-wide critical failure, and performance is a higher priority. Hence, it's better for the drive to have a predictable response time in which it will return either the correct data or an error, rather than a variable response time in which it may be relatively more likely to return data, but could also still return an error *and also have hung the system for minutes to get that result*.
* In contrast, "consumer" drive firmware is designed to try as long and hard as possible to try and return data from read, even when that can mean multiple minutes before either data is returned, or a sector is finally marked "bad" and an error returned. This is because such drives are nearly always used in non-redundant environments, hence returning data is a higher priority than consistent performance.

Wrong again. Embedded systems can be vastly more complex than your desktop OS, which is mostly for viewing and manipulating documents and media.

What complex embedded systems are you thinking of ?

A desktop OS is written to do a lot more than "viewing and manipulating documents and media". It has to handle multiple user contexts running arbitrary code of unknown origin and quality. It has to handle random hardware devices (and their drivers) of unknown origin and quality being connected and disconnected at arbitrary times and for arbitrary periods.

Re:Well, go ahead and tell them what then

[master_p]

Who decides which applications can manipulate what ?

Nobody.

Who decides what a "trusted" application is ?

Nobody. All applications are implicitly untrusted.

How do you share information between different applications (eg: how can a document be edited by Office, OpenOffice, or some other random application ?

You open the file normally, as you would. The system creates a copy of the file though.

How do you help with malware that's only interested in read-only access (eg: sending a trojan to everyone in an address book) ?

Two ways:

1. resource is hidden from the virtual session the malware belongs.
2. the resources the malware uses are redirected to null.

Everything you listed as an example is already possible with existing systems. Indeed, Windows has already been doing it to some degree for 3+ years.

No, it does not. Windows doesn't create a virtual session for each executable.

That has nothing to do with end users causing security breaches that don't leverage software bugs, which is what happens most of the time (trojans, third-party software errors, malicious and/or ignorant data leakages).

Where did I ever talk in our discussion about preventing users 100% from causing security breaches? what I talk about is securing software, not users. And one way to secure software is to use a programming language that makes it impossible to have bugs that allows security exploits.

What complex embedded systems are you thinking of ?

Examples: nuclear reactors, military aircraft, avionics for commercial aircraft, modern cars, military ships etc

A desktop OS is written to do a lot more than "viewing and manipulating documents and media". It has to handle multiple user contexts running arbitrary code of unknown origin and quality. It has to handle random hardware devices (and their drivers) of unknown origin and quality being connected and disconnected at arbitrary times and for arbitrary periods. It has to handle easy extensibility of capabilities in both user and kernel space. It has to handle hardware whose quality can range from rock solid to dangerously flaky. It has to handle users ranging from highly trained through completely ignorant to actively malicious. It has to handle (and remain "bug-compatible" with) software and hardware that thinks it's a version released anything up to a decade earlier, if not longer. Finally, it has to do all these things while being cheap and updated on a 2-3 year cycle.

How is that more complex than an autonomous system with hundreds of processors and network nodes, with multiple tasks running autonomously with 100% uptime?

Not only what you mention is vastly less complex than what I mention, but it also has nothing to do with Ada.

You have that backwards. Critical safety systems don't run commercial OSes precisely because commercial OSes are developed and geared towards much more complicated and complex environments, and thus have vastly larger and more capable levels of functionality, which in turn means they have vastly larger codebases, which ultimately means they are vastly more difficult to write and debug with correctness as a first priority.

Actually, it's you that has it backwards. Critical safety systems don't run commercial OSes because the commercial OSes are not secure and cannot be secured.

On the other hand, embedded real time OSes can be used as general purpose OSes, because they have the security required.

I'd like to point out, because I am sure you are ignorant about it, that military grade OSes have multiple users as well, and they run multiple applications. For example, in modern ships that run military OSes, all the weapons and radars are in the same network. There are lots

Re:Well, go ahead and tell them what then

[drsmithy]

You open the file normally, as you would. The system creates a copy of the file though.

So... I edit a copy of my Resume in Word, then later open it up and modify it in Writer (since I'm trying it out) then later I go back to Word and -- OMG! My changes are gone !

What happens to the copy of my Resume if I delete OpenOffice ? Does it get deleted as well, or does it hang aroung in Limbo until I reinstall OpenOffice ?

Two ways:

Who decides when/if the resource should be hidden and from what ? There will be completely legitimate reasons why $SOME_APPLICATION might want to look at my address book.

No, it does not. Windows doesn't create a virtual session for each executable.

It does "virtualise" certain parts of the system though (to support legacy applications) - Registry, certain system paths, etc. The capability exists.

Examples: nuclear reactors, military aircraft, avionics for commercial aircraft, modern cars, military ships etc

None of those are particularly complex. They're all single or very limited purpose, with tightly controlled and well-known inputs, never extended in an ad-hoc fashion and nearly always operated by trained and certified users.

How is that more complex than an autonomous system with hundreds of processors and network nodes, with multiple tasks running autonomously with 100% uptime?

Er, in pretty much every way ? What embedded system are you thinking of that can handle all the things I listed in that paragraph ? Your "autonomous system with hundreds of processors and network nodes, with multiple tasks running autonomously with 100% uptime" isn't particularly complex if all it has to do is changing some coloured lights from green to orange to red based on half a dozen well-specified input types.

Actually, it's you that has it backwards. Critical safety systems don't run commercial OSes because the commercial OSes are not secure and cannot be secured.

...Because they have to provide so much more functionality and deal with so much more complexity.

On the other hand, embedded real time OSes can be used as general purpose OSes, because they have the security required.

But they can't because they lack the features, functionality, flexibility, extensibility, time to market and cost requirements of a general purpose OS.

What embedded OS do you think could be a functional replacement for - and we'll pick the easy one - OS X ?

I'd like to point out, because I am sure you are ignorant about it, that military grade OSes have multiple users as well, [..]

Who are trained.

[...] and they run multiple applications.

Which are all known, tested and certified in advance. J. Random Soldier is not going to be able to download and run SuperAwesomeGemHunt off the intarcloudweb, nor does the system need to make any allowances for him to do that.

For example, in modern ships that run military OSes, all the weapons and radars are in the same network. There are lots of different software components running all the time and interacting with each other.

But the tasks they have to do are very limited and almost completely static. Manage systems with capabilities fully known in advance, manufactured to extremely high quality and tolerances, and which will never unexpectedly change.

How well do you think the RADAR and weapons computers will do at managing the propulsion or HVAC systems ? Do you think the RADAR and weapons computers from one ship could run the hardware on another ship in another Navy ? That's the kind of scenarios a general purpose OS has to deal with.

A military system can be nearly guaranteed to never have to run an unknown piece of software and, more importantly, will never be criticised if it cannot do so.

There are extremely complex graphical interfaces with all sorts of information displayed: from complex maps to complex real time graphs, and y

Re:Well, go ahead and tell them what then

[master_p]

"So... I edit a copy of my Resume in Word, then later open it up and modify it in Writer (since I'm trying it out) then later I go back to Word and -- OMG! My changes are gone ! "

No. The latest version of the document will be opened, depending on if the two programs belong to the same virtual session. Think about it as if you are using a Virtual Machine for each application.

"What happens to the copy of my Resume if I delete OpenOffice ? Does it get deleted as well, or does it hang aroung in Limbo until I reinstall OpenOffice ? "

Nothing. It remains there, waiting to be opened by another application.

"Who decides when/if the resource should be hidden and from what ? There will be completely legitimate reasons why $SOME_APPLICATION might want to look at my address book. "

The application developers.

"It does "virtualise" certain parts of the system though (to support legacy applications) - Registry, certain system paths, etc. The capability exists. "

Well, ok. But it does not virtualize everything, so it does not do what I propose.

"None of those are particularly complex. They're all single or very limited purpose, with tightly controlled and well-known inputs, never extended in an ad-hoc fashion and nearly always operated by trained and certified users. "

The programs themselves are particularly complex.

"Er, in pretty much every way ? What embedded system are you thinking of that can handle all the things I listed in that paragraph ? Your "autonomous system with hundreds of processors and network nodes, with multiple tasks running autonomously with 100% uptime" isn't particularly complex if all it has to do is changing some coloured lights from green to orange to red based on half a dozen well-specified input types. "

Obviously, you never served aboard a military vessel.

"...Because they have to provide so much more functionality and deal with so much more complexity. "

No, because they are programmed without the required quality.

"But they can't because they lack the features, functionality, flexibility, extensibility, time to market and cost requirements of a general purpose OS. What embedded OS do you think could be a functional replacement for - and we'll pick the easy one - OS X ? "

No, no, and no. QNX, for example.

"Who are trained. "

That doesn't exclude spying, treason, unhappy personnel, sabotage, etc.

"Which are all known, tested and certified in advance. J. Random Soldier is not going to be able to download and run SuperAwesomeGemHunt off the intarcloudweb, nor does the system need to make any allowances for him to do that. "

Oh, they do in a regular basis. All ships have internet, and all ships run internet applications. They regularly play flash games etc.

"But the tasks they have to do are very limited and almost completely static. Manage systems with capabilities fully known in advance, manufactured to extremely high quality and tolerances, and which will never unexpectedly change. "

The tasks they have to do are vastly complex, much more complex than Microsoft Word and Internet Explorer and Outlook. Not only that, but lives depend on the software. Furthermore, software changes frequently on those ships, by updating and creating new modules.

"How well do you think the RADAR and weapons computers will do at managing the propulsion or HVAC systems ? Do you think the RADAR and weapons computers from one ship could run the hardware on another ship in another Navy ? That's the kind of scenarios a general purpose OS has to deal with. "

No. You analogy is deeply flawed. Software from one vessel can not run in any another vessel because of different protocols. General purpose OSes run the same protocols: http, html, jpeg, email, x-windows, tcp/ip etc. Military grade software that can run in anything that runs the same protocol.

"A military system can be nearly guaranteed to never have to run an unknown piece of software and, more importantly, will never be criticised

Re:Well, go ahead and tell them what then

[drsmithy]

No. The latest version of the document will be opened, depending on if the two programs belong to the same virtual session. Think about it as if you are using a Virtual Machine for each application.

So if the system allows applications to access data in the same virtual session, who decides whether or not applications are "equal" ?

Nothing. It remains there, waiting to be opened by another application.

Sounds like things could get mighty cluttered (or an opening for a DoS attack).

The application developers.

Ok. So we're relying on application developers not to be stupid/ignorant/lazy/malicious. That hasn't worked out too well so far, what makes you think it would be any different this time ?

Well, ok. But it does not virtualize everything, so it does not do what I propose.

My point is that the fundamental capability is already present, so there's no need to do a ground-up reimplementation.

The programs themselves are particularly complex.

I sincerely doubt they're any more complex than Microsoft Office, Photoshop, or even something like Firefox, let alone a whole general purpose OS.

However, even if they are it's not really relevant. The complexity that's being discussed is one of the overall environment, not specific applications.

No, because they are programmed without the required quality.

Correct. Because there are more important priorities for them - features, time-to-market, cost, capabilities, etc.

No, no, and no. QNX, for example.

QNX is a good example, but the way it is typically implemented as an embedded system is not really a form in which is could substitute for OS X.

QNX is also not without security vulnerabilities, either.

That doesn't exclude spying, treason, unhappy personnel, sabotage, etc.

All of which are problems for a general purpose OS *as well*.

Oh, they do in a regular basis. All ships have internet, and all ships run internet applications. They regularly play flash games etc.

Er, yeah, but you're missing the point: they're not running them on the same embedded systems that manage the ship.

The tasks they have to do are vastly complex, much more complex than Microsoft Word and Internet Explorer and Outlook.

How so ?

Not only that, but lives depend on the software. Furthermore, software changes frequently on those ships, by updating and creating new modules.

After it's been thoroughly tested, QAed and approved by a central authority. No-one randomly loads up some piece of software on these systems and expects it to work, if the system even allows them to get that far.

No. You analogy is deeply flawed. Software from one vessel can not run in any another vessel because of different protocols. General purpose OSes run the same protocols: http, html, jpeg, email, x-windows, tcp/ip etc. Military grade software that can run in anything that runs the same protocol.

When you miss the point this badly, there's not really much I can respond with, but I'll have another go.

The embedded systems you are describing are designed and built to perform a very limited set of tasks in a static, known environment. That is why the software from ship A cannot (generally) run the systems on ship B - it's simply not built to. It has nothing to do with "protocols", it's an inherent part of the design and implementation (limited purpose).

A general purpose OS is the complete opposite - it is designed and built to perform a wide range of arbitrary tasks in a dynamic, unknown environment. That is why it can be installed on dozens (if not hundreds) of unique PC configurations, with thousands of different software combinations and still work.

Wrong. A military system or an avionics system or a nuclear station system is manufactured in such a way that even if someone tries to add an unknown piece of software to

Nothing to do with UAC

[harryjohnston]

This is a perfectly ordinary elevation-of-privilege vulnerability. Just like every other elevation of privilege vulnerability it also happens to be capable of bypassing UAC's split-token protection, but the vulnerability itself isn't related to UAC in any way.

In particular, if the workaround suggested in the article is correct, this vulnerability can't be used to escape from Internet Explorer Protected Mode (the other major function of UAC).

Re:Nothing to do with UAC

Finally a comment that isn't made of FUD. Even if an attacker compromises IE8 or Chromium, they can't use this vulnerability because the registry key is off limits. Technically the exploit shouldn't work on XP for Chromium either (even though MIC is unavailable), as the Chromium browser process is assigned a restricted access token which prevents access to nearly all system objects (filesystem, registry, pipes, etc).

I really understand why people still get worked up about program vulnerabilities and privilege escalation... these happen all the time and are proven to be unstoppable. But their damage can be contained, which is what the entire purpose of SELinux and MIC is for.

Re:Nothing to do with UAC

Er, I really don't understand, that is.

Re:But the os in Virtualization will still have th

[Yvan256]

You gain that new versions of programs and future ones will be written for the new OS, meaning that after a while you'll be able to ditch the old OS with much less trouble and complaints from your users.

UAC != Security Boundary

Yeawn... UAC is not, was not and will never be a security boundary. Nor was it ever intended to be.

Some of you, I fear, need to do some learning...

http://blogs.technet.com/b/markrussinovich/archive/2007/02/12/638372.aspx
http://blogs.msdn.com/b/e7/archive/2009/02/05/update-on-uac.aspx

This is a security flaw because it allows elevation of rights, breaching a security boundary.
It has nothing to do with UAC what-so-ever.

Re:UAC != Security Boundary

[QuoteMstr]

It looks like a security boundary, acts like a security boundary, and smells like a security boundary. It is a security boundary as far as application developers and user are concerned. Even the terminology involved ---- "elevation", "integrity level", and so on --- suggests this interpretation. Claiming after the fact that "it was never intended as a security boundary" is just an exercise in weasel working.

UAC isn't there because we want to deal with it. If it isn't a security boundary, what's the goddamned point? If there are known holes MS refuses to fix, black hats will use these holes, and you might as well turn UAC off and avoid the inconvenience.

Re:UAC != Security Boundary

Funny you mention integrity levels, which stops this vuln in its tracks. It has a tie-in to UAC (prompting for permission if a low-IL program requests higher permissions) but it isn't an actual function of UAC. All UAC is is gsudo in disguise, with a few other compatibility features (filesystem/registry virtualization, et cetera).

Re:UAC != Security Boundary

The two-ring security (not to be confused with actual hardware-enforced rings) that we have on all modern OSes, the design that only separates between user-level applications and elevated applications (applications, not daemons), was never intended to deal with running untrusted code. This is why applications lazily run in the full context of the user account. This is why, in 2010, we're still dealing with half-baked security measures like SELinux, AppArmor, seccomp, and Mandatory Integrity Control -- because we're too lazy to start over and make something better.

Registry

[lyinhart]

From the article: "The flaw is related to the way in which a certain registry key is interpreted..." Another argument for abolishing the Windows registry and storing setup information in plain text files. Not like that's going to happen...

Re:Registry

[Spad]

"The flaw is related to the way in which a certain config file is interpreted..."

Re:Registry

[whiteboy86]

One of the goals of the "registry" was to effectively hide configuration settings from the user. Things like program-trial expiration checkpoints can easily be hidden in the vastness of the registry, this would be very difficult to do with plain text files.

Re:Registry

IE8 and Chrome can't access the registry anyway, that is except for the HKEY_CURRENT_USER\Software\LowRegistry key.

Re:Registry

[Soko]

Really? Switching to text files would magically fix this??

This flaw is not related to how the registry is loaded and/or interpreted, actually it's not the fault of the registry at all - it's a kernel exploit. The mitigation is to tweak *permissions* on a couple of reg keys that should have been tightened up in the first place. It's akin to allowing SUID root on the sudoers file and a kernel vulnerability that allows $BAD_GUY to use that fact - it's not the file itself.

Whether the info is in a database of binary values or a database composed of text files laying around a hard disk is immaterial - the permissions to change said config info would have made this a non issue.

Yes, Microsoft have been idiots, but they are trying to clean up thier act. If you're going to dis them, dis them for missing the reg key permissions, not the registry itself - al much more valid argument.

Re:Registry

[Ciggy]

Serif managed it quite well in Windows 3.1 days - it took quite a bit of searching to eventually find the file containing the trial expiry information which wasn't deleted when the software was removed (and so reclaim the disk space it was using): it wasn't an obvious config file.

Re:Registry

[cbhacking]

I'm always amused by people suggesting that config files are in any way more secure than the registry. The registry has fine-grained permissions (each key has ACLs). It's type-safe; the type and usually size of the data is known during read and verified during write.

There are other downsides to the registry, and it doesn't guarantee security - no applicaiton that accepts input of any type can do that - but it's certainly not *less* secure than parsing scattered text files.

Re:Registry

http://web.nvd.nist.gov/view/vuln/search

Search "sudoers" for just a taste.

There is absolutely no sane argument for a registry being inherently less secure than application Foo's unique, complex configuration grammar + setuid bit. You might be a fanboy.

microsoft is a bad omen for windows

[bl8n8r]

Can't we just say "uncle" and start over with something else?  I'd give anything to be rid of Exchange and Active Directory.

Re:microsoft is a bad omen for windows

[jeremiahstanley]

Google Apps for email, works miracles and it still allows you to use Outlook but also lets you use all the nifty free Mac apps. It has a calendar and automagically blocks spam. I've set this up for about 15 domains now, everybody loves it.

Active Directory however is one of the best features of Windows in the enterprise. Sure, their permissions make me go cross eyed but that's another story and has nothing to do with AD. It's really just LDAP with extensions anyway so you are complaining about the Microsoftisms that drive everybody nuts. It's a hard job to design a tool that works 90% for everybody in every use and not have some limitations from doing that.

As has been said previously: the flaw here is a PEBKAC issue. To save them from themselves we should be asking M$ to port Office to the Wii and a large majority of users can use that. The real issue that drives us all nuts with Windows is that it is a platform for 3rd party apps that work like shit. Almost all the M$ programs I've had to admin work awesome on their own, it's that accounting app that is 23 years old or some one-off utility database that sucks balls and forces us to reach around our heads to scratch our ear.

Of course

[Sycraft-fu]

UAC isn't really anything special, just an easy way for running as a deprivileged user. However many Slashdot types love to hate on it not only because it is from Microsoft, but because it messes with one of their talking points. For the longest time Linux (and OS-X) types hated on Windows because people ran as administrators. They talked about how amazingly insecure that was, how big a problem, how MS didn't care about security and so on. Many people tried to explain to them that it really doesn't matter, since people will just hand out the credentials to elevate without thinking, you can't protect people from themselves.

Well then along comes UAC, with a number of other security enhancements. Seems Ms WAS taking that seriously now. They made it easy for users to run deprivileged. Well shit, that isn't a good thing if you are an MS hater. So they find ways to hate on UAC and claim it is no good, insecure, worthless, a pain, whatever. Many of the criticisms apply just as well to other elevation modes in other OSes but this isn't a matter of true technical analysis, it is just fanboyism.

Same shit here. Windows has a bug in its privilege isolation, leading to a local escalation exploit. Something to be fixed for sure, but hardly super critical. Linux has had the same kind of thing many times and it is never a major crisis since it still requires code to get on the local system and be executed first. However since it is with Windows they'll spin it as an anti-UAC thing.

Re:Of course

The only people I've heard "hate on UAC" are "windows type people". Can you please supply a link to somewhere where linux-and-mac-type-of-people "hate on UAC"?

I'm a full-blown linux type of kind of person, and thought the UAC seemed like a good addition to Windows, contrary to many windows users. But security always comes at a price.

Good luck with your angry anti-anti-UAC thing and finding hidden fanboyism everywhere.

Re:Of course

[Myopic]

I don't hate UAC because it's from Microsoft. I hate UAC because I think it is totally stupid that I have to change a filename, then say yes I want to change the filename, then say yes I really want to change the filename, then say yes I really, really want to change the filename. Four times? Why is four times the magical threshold between security and insecurity? For me, the number of times is zero (I know when I want to change a filename, and no amount of dialog boxes is going to change my mind, so they serve no purpose) or one time (thanks for the reminder, let me consider it a second time), but three times? four? Why not ten times? or more?

I hate UAC because it makes Windows even more unusable. It is, absolutely and without a doubt, the number one thing I hate about my career. I have not been successful finding jobs that I want to do and in which I can completely get away from Windows. I hate it for what it is, not because it's from Microsoft.

This is the end of my rant for now, but I reserve the right to bitch about Windows as often as it pisses me off, which is a lot.

Re:Of course

[Nick+Ives]

Um, you only get that if you're changing files inside a privileged location. It's actually less intrusive than Unix style operating systems where in any sensibly configured default you're tightly confined to $home and everything else requires sudo; UAC protects the Program Files and Windows directories.

I'd actually prefer UAC to be more restrictive.

Also, where does it actually require you to confirm four times to change a filename? In 7 it takes 2 and that's because I keep UAC on high. In the default configuration it only asks once to confirm privilege escalation for a filename change in the Windows directory.

Re:Of course

[javacowboy]

I can't believe this nonsense got modded up.

You propagate an incredible fallacy, which is absolutely mind-boggling, that, and I quote:

For the longest time Linux (and OS-X) types hated on Windows because people ran as administrators. They talked about how amazingly insecure that was, how big a problem, how MS didn't care about security and so on. Many people tried to explain to them that it really doesn't matter, since people will just hand out the credentials to elevate without thinking, you can't protect people from themselves.

WTF? There's a difference between making a conscious decision to elevate my privileges to execute a command, most commonly to install software, and having all processes kicked off while my user account is running, many times without my knowledge or consent having administrator privileges.

As a user, there are all kinds of processes I didn't kick off or have knowledge of, from daemons, to Flash sites, to some JavaScript heavy site. Any of these processes could do damage to my system (and most probably anything under my user account, such as my home directory, but I digress) yet more often than not, I'm not aware of.

This underscores the importance of administrator privileges being turned off by default, which you don't seem to understand. Microsoft made a horrible design decision in allowing root access to be turned on by default, and I'm quite certain they regret it every single day.

Re:Of course

[caluml]

It's actually less intrusive than Unix style operating systems where in any sensibly configured default you're tightly confined to $home and everything else requires sudo

And you can pretty much do everything *in* ~/.
Download whatever source you want, ./configure --prefix=/home/foouser/progs/packagename, make, make install, and you can run it from /home/foouser/progs/packagename/usr/bin/prog.
This assumes it doesn't need some admin rights, which most things don't. (Binding to 1024 is probably the major thing).

Re:Of course

[shutdown+-p+now]

If it helps, you can also do configure/make/make install (with a --prefix) inside your ~ in Windows too ;)

Re:Of course

[radish]

Sure, but it's also a design decision they fixed years ago. I run a bunch of Win 7 boxes here at home for me & the family, no-one gets admin rights except me. Works fine. Sooo...maybe time to let it go?

Re:Of course

And you can pretty much do everything *in* %USERPROFILE%.
Download whatever source you want, msbuild.exe *.sln /t:Clean;Build;DeployLocal, and you can run it from \Users\foouser\AppData\Local\packagename\prog.
This assumes it doesn't need some admin rights, which most things don't. (Binding to 1024- or creating raw sockets is probably the major thing).

(No it's not anywhere near as smooth an experience but it's all possible.)

Re:Of course

[ScrewMaster]

The only people I've heard "hate on UAC" are "windows type people". Can you please supply a link to somewhere where linux-and-mac-type-of-people "hate on UAC"?

I'm a full-blown linux type of kind of person, and thought the UAC seemed like a good addition to Windows, contrary to many windows users. But security always comes at a price.

Good luck with your angry anti-anti-UAC thing and finding hidden fanboyism everywhere.

I agree. Most people I know that are familiar with Unix and Unix-derived operating systems had a very different reaction to UAC than the GP is claiming. You want to know what it was? I'll tell you: it was "About goddamn time!" The Unix/Linux crowd was waiting for decades for Microsoft to start implementing some Unix-style security (or at least Unix equivalent security) and you're right ... it's the spoiled Windows types that were the biggest complainers.

Re:Of course

[Myopic]

My context is remoting into a Server 2008 box and changing filename extensions.

1. Actually change the filename.
2. "Are you sure you want to change the filename extension? Blah blah stupid warning which presumes I'm retarded, with no FOAD Forever checkbox."
3. The first UAC box. Something like "This requires admin privs."
4. Are you really sure you want to grant those access privs?

One part of my job is to do that kind of thing dozens of times a day. It is a useless waste of my will to live. I was able to discover the hid-away setting for how to eliminate the 4th of those boxes, which saves 33% of my sanity.

Ranting about Windows is just a way to blow off steam. I do really hate Windows, though.

Re:Of course

If you're using remote desktop to connect to servers for admin tasks, what do you need UAC for? Turn it off on the remote boxes. Jesus.

Re:Of course

[drsmithy]

One part of my job is to do that kind of thing dozens of times a day. It is a useless waste of my will to live. I was able to discover the hid-away setting for how to eliminate the 4th of those boxes, which saves 33% of my sanity.

If you are having to rename files dozens of times a day, the proper solution is to fix the process that is producing files needing to be renamed.

An alternative would be to make sure those files are created with the rename privilege granted to you (or some proxy user). That way you won't have to deal with UAC at all.

Re:Of course

[Myopic]

Oh! To live in a world of proper solutions. Man, that would be sweet.

Re:Of course

[Myopic]

I have only found an option for "elevate privs without asking". That is helpful and eliminates the 4th step; but I haven't found a way to eliminate the third step (which is also UAC, I think) nor the second step (which is just a Windows annoyance). But I am always trying to collect together ways to make Windows less annoying, so if you have tips I'm all ears.

Re:Of course

[harryjohnston]

Use the command line instead of the GUI. That eliminates all four issues at once. Also, you won't be changing the permissions on the file as a side-effect.

Re:Of course

This describes various ways to disable UAC in Windows Server 2008.

Vulnerabilities are VERY profitable for Microsoft.

[Futurepower(R)]

"I'm hard pressed to decide if Microsoft is unwilling, or just unable, to ever fix it."

Microsoft top managers achieve vulnerabilities by not allowing Microsoft programmers to finish their work, apparently. Since Microsoft has a virtual monopoly on operating systems installed on computers you can buy, the vulnerabilities make Microsoft more money because the average person cannot fix an infected computer and buys a new computer with another copy of Windows. See the New York Times article: Corrupted PC's Find New Home in the Dumpster.

The solution is to make computers with Linux already installed available. Unfortunately configuration of Linux is quirky and poorly documented, slowing adoption.

Another solution is to use anti-trust law to make Windows more fair for buyers. Should users of Windows Vista pay for an entirely new version of Windows, when Vista was troublesome and a court case showed that Vista was knowingly released before it was ready? There are only small differences between Windows Vista and Windows 7. Why should users pay for an entirely new copy of Windows?

It is my opinion that the present practices of selling something almost everyone with a computer must have are unfair and against the common welfare. Microsoft lost an anti-trust case, but there was never any penalty.

this could be a very bad omen?

[nurb432]

No, but the 'windows startup sound' is.

Re:Vulnerabilities are VERY profitable for Microso

[Gerzel]

No penalty!?

Are you mad? Just ask their lawyers! Those corporate wrists got SUCH a slapping!

It was so unfair! You really should send Microsoft some more money just to make sure you're up-to-date on everything and help their aching wrists.

This is why government regulation is bad, and we should abolish the government except for an extremely powerful military with few oversights or regulations.

Oh gee, not this myth again...

[rmdyer]

The Windows registry is just a database that sits on the file system. Parts of the database are maintained in memory for extremely fast access. The database also handles locking when multiple applications need to have access, or write to the same piece of data at the same time. The registry was made to replace the need to keep the following from happening...
(My application needs and INT value that describes something.)
1. opening a file.
2. locking a byte range.
3. seeking to the byte range on the disk.
4. parsing the byte range.
5. performing ASCII/UNICODE to numeric INT/DWORD/LONG conversions where required.
6. re-writing the byte range (when required).
7. unlocking/closing.
Since there are no numeric conversions, this also takes care of keeping values small, and taking up less disk space and speeding things up as well. The registry also has ACLs for the data.

If you've ever watched access to the windows registry via applications through hooking programs like regmon, then you will note just how much you need that speed and accuracy.
There's nothing "special" or evil about the windows registry. It's just a miniature database "data" file system on top of a larger file system.

It's global, but your applications don't have to use it if you don't want to. For your applications to have Windows logo certs, you would need to apply certain registrations of software install information in the Windows registry, but that is about it. You don't need to store any of your applications' data in the registry. You can just store things in text files if you want. Slow poke.

This myth about what the Windows registry is just lame and probably comes from being absent minded about other technologies and ways of doing things.

Re:Oh gee, not this myth again...

[Waffle+Iron]

There's nothing "special" or evil about the windows registry.

IMO, the stupid thing about the registry is that they made up a bizarre byzantine custom API for it, when it could have been done with the familiar POSIX file API, like the /proc filesystem in Linux. (Having to call atoi() on a retrieved data value is not going to noticeably slow down your app relative to the overall system call overhead.)

It didn't help that the whole thing tended go corrupt and die back in the early days. It's never really shaken that initial reputation.

Re:Oh gee, not this myth again...

[westyvw]

Most databases are designed and modeled. The registry never was. It is not a database, even if Microsoft claims it is. The neatest thing about it is that you can hide data there that even windows cant see.

on a similar note

One week old bug, for Windows 7, regarding scheduler bug that didn't received so much attention.
http://www.exploit-db.com/exploits/15589/

Tested with a limited account. Worked like a charm.

Creates a new user, test123/test123 with admin rights

I'm worried - no wait, I'm not. I'm running win98

Oh my, this latest windows vulnerability has me so worried.

No - wait. What am I thinking. I'm running windows 98 SE with KernelEx API enhancements.

Another NT-based vulnerability has me laughing at the OS with no clothes.

It's simple economics

[cbhacking]

Most (not all, but most) of the recent remote exploits for Windows are through third-party code present on OS X and Linux as well (Adobe Reader, Flashplayer, and Java are the big three recently). Those programs are vulnerable on other platforms too, but weaponizing and deploying an exploit is expensive, and they're not worth the return on investment.

In situations where return on investment is equal for each platform, or where OS X or Linux are dominant, there have certainly been exploits. See the Pwn2Own contests for an example of how easily OS X can be compromised, even before Windows was. See the smartphone market, in particular iPhone jailbreaks (which are no more or less than remote root exploits), for what happens when people actually bother to find and exploit vulnerabilities in Apple's code.

As for the inevitability, that's dead easy. Malware is business, and has been for years. For each platform, there are two relevant numbers: cost to produce a useful exploit, and value (income) from releasing that exploit. Currently, the former number is relatively high for Windows - it's been picked over pretty hard, and a lot of security hardening has gone into it. Again, see things like Pwn2Own.

However, the latter number - the money you can make with a good Windows exploit - is far, FAR higher. Many millions of dollars higher. The difference between that value on Windows and that value on other desktop operating systems is such that it's not worth developing malware for them if you could do it for free (i.e. be compensated for your time). If you're going to spend the time writing malware for desktop operating systems, there just isn't any target that makes sense other than Windows.

To answer your question more directly, try a few hundred million. That's how many you need to come close to the number of Windows installations. Depending on the value-difficulty equation, it might not take a number equal to that of Windows - for example, the untapped market may be easier to monetize, increasing the income - but it will require that market shares become roughly equivalent.

Re:It's simple economics

[grcumb]

As for the inevitability, that's dead easy. Malware is business, and has been for years. For each platform, there are two relevant numbers: cost to produce a useful exploit, and value (income) from releasing that exploit. Currently, the former number is relatively high for Windows - it's been picked over pretty hard, and a lot of security hardening has gone into it. Again, see things like Pwn2Own.

It is interesting, isn't it, that people go to such efforts to find Windows-specific exploits when they could find exploits on other systems with far less effort?

That there's a reason for this, and it has everything to do with return on investment, as you rightly say:

However, the latter number - the money you can make with a good Windows exploit - is far, FAR higher. Many millions of dollars higher. The difference between that value on Windows and that value on other desktop operating systems is such that it's not worth developing malware for them if you could do it for free (i.e. be compensated for your time). If you're going to spend the time writing malware for desktop operating systems, there just isn't any target that makes sense other than Windows.

So I come back to the question I posed originally:

"Perhaps you could refute the contention that neither Linux nor Mac OS will ever recreate the monoculture we're seeing currently with Windows, that this heterogeneity is by design and that it's an innate strength in the development culture."

I'm not for a moment suggesting that writing malware as a business won't continue after Windows is long gone. Of course it will.

But just as US banks in the 1920s-30s learned (eventually) to make themselves less susceptible to bank robbers (whose activity peaked at that time due to recent improvements in transportation), personal and institutional computing will eventually learn to take malware in stride, to reduce the profits of any given exploit from its current colossal size to something much simpler.

There will always be another rube willing to allow another con-man to fleece him. There will always be innocent victims who get mugged because they were in the wrong place at the wrong time. But to suggest, as the GP does, that this somehow excuses the appallingly poor security models, practices and culture that ensure Microsoft's continued relegation to the security gutter... well, that's just disingenuous.

To tar other OSes with the same brush is to suggest that one should not move to another bank because, once enough people move to it, it too will become the target of bank robbers. It's wrong because:

1. Nobody is suggesting that everyone has to move all their money to one single bank;
2. The new bank might not be perfectly secure, but at least it doesn't leave all the money in a pile in the middle of the floor.

This move to a more heterogeneous and inherently secure environment will happen in small increments, and the process will lurch along in fits and starts, but it is far more likely to happen than another single, monolithic operating environment taking over from Microsoft Windows - and I include future versions of Microsoft Windows in that grouping.

And that, my friend, is why I find the contention that 'Linux and Mac OS will be just as bad when they get popular' to be inane, misleading and, frankly, intellectually lazy.

Re:It's simple economics

[vux984]

And that, my friend, is why I find the contention that 'Linux and Mac OS will be just as bad when they get popular' to be inane, misleading and, frankly, intellectually lazy.

Just because I didn't elaborate doesn't mean I haven't thought about it.

Personally, I'm pretty confident that the majority of malware infections are PEBKAC.

Drive by / remote exploit malware certainly do exist out there, but its not THAT prevalent. You can go months, even years using a Windows PC without an infection with just windows firewall, and keeping your PC up to date. I've done it. Countless others have too.

The clusterfucks of malware ridden pcs that some people routinely turn their computers into are, in my opinion primarily at least initially installed by the end user. They fall for the social engineering, go for the shiny offer, and escalate the installer so that it can have its way with the PC and bring all its friends...

You make osx or even linux the dominant OS, where all that social engineering, and shiny crapware will start targeting OSX and linux. The same users who try to install the britney spears naked screensaver will click on the brintey_spears_naked.dmg and enter their computer password in os x.

Right now its not worth it for that class of malware writers to do it today. So britney_spears_naked_screensave.dmg malware isn't constantly thrown in your face. Its simple economics.

a) First, OSX and Linux combined is still single digit marketshare. Right out of the gate, Windows is where the ROI is.

b) Second, what little marketshare OSX and Linux have are disproportionately more sophisticated users that won't fall for the bullshit anyway.

If you are likely to be sucked in by malware bullshit then you are likely ignorant, unsophisticated when it comes to computers... and you walk into a BestBuy or Walmart... you are exactly the demographic being targeted by malware, and you'll walk out with a windows PC.

Move all --those-- people onto linux or OSX and I have no doubt the malware will follow them, and they'll happily install it.

Re:It's simple economics

[drsmithy]

It is interesting, isn't it, that people go to such efforts to find Windows-specific exploits when they could find exploits on other systems with far less effort?

Who said it would be *less* effort ?

But to suggest, as the GP does, that this somehow excuses the appallingly poor security models, practices and culture [...]

For example ?

And that, my friend, is why I find the contention that 'Linux and Mac OS will be just as bad when they get popular' to be inane, misleading and, frankly, intellectually lazy.

The reason it's true is because the biggest security vulnerability in the system is the end user, and the end user isn't suddenly going to change. The second biggest security vulnerability in the system is third party software which, again, isn't going to change.

Only a minority of "exploits" are actually exploiting an unpatched OS flaw.

Re:It's simple economics

[metrix007]

Cool. So your point is that if Linux and Mac get popular while Windows remains popular, security as a whole for the computing landscape will be improved due to a more heterogeneous environment. It's quite possible.

You also realize then that the argument that if Linux or Mac had 90% of market share, that they would be exploited just as often, if not more so is correct?

Re:It's simple economics

[ScrewMaster]

b) Second, what little marketshare OSX and Linux have are disproportionately more sophisticated users that won't fall for the bullshit anyway.

I have to disagree with you on the OSX claim. Most of the Mac users I know are far more clueless that their Windows-using counterparts regarding security, because they've been told that their OS is "perfectly secure" and consequently don't bother doing anything else to defend themselves.

Linux people, yeah, I'll tend to agree with you on that score, but only until somebody successfully mass-markets a Linux variant to millions of ordinary people. Just keep in mind that that doesn't mean it has to have anything to do with PCs or a conventional desktop.

Re:It's simple economics

[vux984]

I have to disagree with you on the OSX claim. Most of the Mac users I know are far more clueless that their Windows-using counterparts regarding security,...

Fair comment, I agree there is absolutely a camp of clueless mac users out there who are grossly overconfident of their immunity. But I still think the mac userbase is skewed away from a few particularly malware vulnerable demographics.

Warez in particular is still primarily a windows demographic, and that's one of the EASIEST vectors to get malware into systems. You have people literally actively downloading and running the stuff as fast as they can click on keygenz, crackz, etc.

what's the point of a firewall?

why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?

Probably because you're too retarded to know how to use a hardware firewall, the Windows built in software firewall, and MSE?

*Posted via Windows 7 Professional behind a hardware firewall with the software firewall turned off*

Why the fuck do I need a firewall at all? Seriously.

Re:what's the point of a firewall?

[vux984]

Why the fuck do I need a firewall at all? Seriously.

Layered defense. No software is perfect. In theory a computer doesn't need a firewall.

However in a world without NAT and firewalls, you plug your computer in an share folder with your lan, its available in korea too, assuming your lan is routed.

This is this the primary purpose of a firewall. To enforce connection policy. So that you can have connectivity with specific computers without exposing the service to entire world.

The secondary purpose is layered defense. If it turns out your file sharing service has an unpatched defect, its a lot better if the service can only be reached from your lan than the entire world.

That is a much smaller attack surface. Users of the lan can attack that service directly, everyone else have to beat the firewall first.

All software has unpatched defects. So a layered defense to mitigate risk just makes sense. And its a LOT easier to validate a firewall than to validate every network service you might ever install/use. Once the bugs have been shaken out of the firewall software, it will provide good protection even if the software behind it is defective.

Re:Vulnerabilities are VERY profitable for Microso

[fluffy99]

The solution is to make computers with Linux already installed available. Unfortunately configuration of Linux is quirky and poorly documented, slowing adoption.

Dell tried that and sales were so bad, that they stopped doing it for the consumer level computers. You can still get a no-OS option servers.

Nothing new here.

[fluffy99]

The underlying problem here is that win32k.sys fails to do a sanity check on an untrusted registry value. I'm not sure if it's a buffer overflow attack or something different. In this case, a user registry key that specifies fonts for End-User-Defined-Character. I'm sure there are lots of other user registry keys that could be exploited in this manner. Used to be the screensaver ran as the system and you could simply set the registry key to point to a file of your choosing and it would run under the system context.

Of course, it's not like Linux has ever had issues with daemons getting hacked by incorrectly trusting input from user-land config files.

Re:Vulnerabilities are VERY profitable for Microso

[rainmouse]

It is my opinion that the present practices of selling something almost everyone with a computer must have are unfair and against the common welfare. Microsoft lost an anti-trust case, but there was never any penalty.

794 million dollar fine in a media player anti trust case is hardly no penalty

http://en.wikipedia.org/wiki/European_Union_Microsoft_competition_case#Judgment

I agree with what you said about linux though. Its an operating system I have on dual boot that I cant make very much work in. I've tried 4 different media players but all are silent with mp3's (sound works in other things) and endless other little problems a new user like me had no idea to fix that finally drove me away from linux.

Windows has a Kernal ??? ...

Since '98 seems just a bunch of Mosaic scripts that they stole from NSC Champaig-Urbana.

OOOOPPPPPPSSSSS!!!!!

I should have not typed that thingy. :)

Oliy Olily Oxenfree

Re:Vulnerabilities are VERY profitable for Microso

[Culture20]

Dell tried that

pics or it didn't happen. I could never find the option when building machines, so I went with beige box builders that preinstalled Linux (I still reinstalled, just like I reinstall windows).

Re:Vulnerabilities are VERY profitable for Microso

[drsmithy]

Since Microsoft has a virtual monopoly on operating systems installed on computers you can buy, the vulnerabilities make Microsoft more money because the average person cannot fix an infected computer and buys a new computer with another copy of Windows. See the New York Times article: Corrupted PC's Find New Home in the Dumpster. [nytimes.com]

The average person being unable to fix an infected computer has absolutely nothing to do with Microsoft's "monopoly".

Another solution is to use anti-trust law to make Windows more fair for buyers. Should users of Windows Vista pay for an entirely new version of Windows, when Vista was troublesome and a court case showed that Vista was knowingly released before it was ready? There are only small differences between Windows Vista and Windows 7. Why should users pay for an entirely new copy of Windows?

The differences between Vista and Windows 7 are *at least* as significant as the differences between any two OS X releases, and certainly as big as those between previous Windows releases like 2000 and XP, or XP and 2003.

It is my opinion that the present practices of selling something almost everyone with a computer must have are unfair and against the common welfare.

It is trivially simple to buy a computer without Windows.

Re:Vulnerabilities are VERY profitable for Microso

[fluffy99]

Dell did offer Redhat on consumer level machines for a very short while. They were limited in options and generally within $50 of buying the version with Windows XP installed.

Dell still offers Linux or no-OS on their high-end servers. I just went to Dell and configured a R810 server. OS options are no-os, SUSe, RedHat, Citrix Xen Server, or various flavors of MS Server 2008

http://configure.us.dell.com/dellstore/config.aspx?c=us&cs=555&l=en&oc=MLB1284&s=biz

Re:Vulnerabilities are VERY profitable for Microso

[fluffy99]

Also, a press release stating this same thing I just told you.
http://news.cnet.com/Dell-offers-new-Red-Hat-Linux/2110-1016_3-276048.html

Not News

I thought that Microsoft employed good engineers and tested their code, but apparently not so well as they would have us believe.

Sure, privilege escalations have been found in other OSs (like Linux), but their code is open to examination; Windows code is not. and is obviously no more secure than any other OS.

I would expect more from Microsoft, however. They certainly have the money and manpower to examine their code for security, but don't seem to care nut so much.

Re:Vulnerabilities are VERY profitable for Microso

'The average person being unable to fix an infected computer has absolutely nothing to do with Microsoft's "monopoly".'

If the average person had Linux, which has fewer and less serious vulnerabilities, there would be less problem with infected computers.

"It is trivially simple to buy a computer without Windows."

Yes, but if you buy an Apple computer you pay 3 times as much. That doesn't make sense for most people.

Re:Vulnerabilities are VERY profitable for Microso

[ThePromenader]

Hear Hear for the no-OS option. I don't think ~any~ computer should ship with a pre-installed OS (unless - IMHO - the maker of both the OS and the hardware are one and the same). All my dell servers are running Debian (an OS 'not supported' by dell, btw), but I have to get it online instead of using all the (windows-oriented) CD's shipped with them.

If all hardware was to ship with no OS, or have a selection of 'OS options' available at the time of the sale, this would put Mac (even more) in a league of its own, as its OS won't work in 'mainstream' hardware (without 'geek tweaking'), and won't install on a mac (without tweaking or an emulator). Yet since Apple is one of the only hardware ~and~ software makers out there, and its OS is made for its own computers, I wouldn't think it really fair to ~make~ them modify their OS (or their hardware) so that it will work on all computers. Yet were they to do this, there would be a radical change in the computer market.

ChromeOS

I too have numerous stories about how I've had to fix end user machines where they've been riddled with viruses and malware and this is really why I can't wait for Chrome OS to come out. The ability for someone to be able to buy a machine from a shop at (hopefully) less cost than the Windows equivelant and not have to worry about any of these issues would be amazing.

Most people I know that are non techincal pretty much use their PC for the web and the occasional (but few and far between) spreadsheet or letter. If google docs (or some other web based office replacement) would be good enough for them to do their fairly simple work, which I think it would, then they can put all of this worry behind them.

And don't get me wrong, I'd love to be able to recommend Ubuntu to them! I use it at home on multiple machines but it's far from perfect from and end user perspective. You can bet that Google will make ChromeOS just work, no worries!

Please hurry up Google! :)

Oh, and do something to be able to sync it with the iPod so my girlfriend will want one as well! ;)

Are you INSANE?

[SmallFurryCreature]

What sells MS software? The high quality (I just vomited in my mouth) or the lock-in? If it was the high quality of MS software (ugh, what did I eat yesterday) then there would be no reason for a rewrite.

So it must be the lock-in. People buy MS because that is what all their software runs on. Why do you think IE6 is still around? Because people WANT to use an hopelessly obsolete browser? No, because they have developer intranet applications that only run on IE6 and with that only on windows. Businesses put all their logic into Excel coupled with Access and Exchange until they are so tied into MS software that when the MS rep comes along they shout "Yes, sir. Thank you sir. Can we have another SIR!" when he cracks the wip and has the CEO lick his boots.

If MS were to pull a OSX, then this lock-in would disappear. Bye bye IE6/ActiveX, companies would have to either stick with the old MS software, which is why IE6 and XP and NT are still around, or rewrite it completely. Any competent manager (but what competent manager would choose MS) would have to ask, do I again design my new software with MS lockin considering their habit of abandoning their customers? Apple received plenty of flack itself for the OSX move, MS has far more customers locked to its old software.

When people start rewriting software, they might just decide to make it platform independent. And that is LETHAL to MS, because then every time the MS rep comes along, he will have the SELL his offering on both quality and price and why should I pay 260 for Windows 7 when Ubuntu 10.10 is free? Will the Ubunutu rep rent better hookers to get the support contract?

No, MS needs the lock-in its old software offers and by that it is itself locked-in. The snake eating its own tail. The US outsourcing all its manufacturing so it can sell goods cheap to unemployed Americans. Business 101: We ain't here to be nice.

Re:Are you INSANE?

[drsmithy]

Any competent manager (but what competent manager would choose MS) would have to ask, do I again design my new software with MS lockin considering their habit of abandoning their customers?

What habit is that ? As numerous people have pointed out in this discussion, Microsoft strives to a fault *not* to "abandon their customers" - their single biggest selling point is legacy support.

Re:Vulnerabilities are VERY profitable for Microso

[AmiMoJo]

Would having Linux actually help though? Windows 7 already has limited user accounts by default with scary prompts demanding the root password when a program tries to make certain changes. Therefore vulnerabilities boil down to two basic types:

1. Flaws in software
2. Users ignoring warnings and blindly entering the root password

(1) is arguably less of a problem in Linux at the momemnt but ultimately there is nothing about Linux itself that makes developers write safer code than they would on Windows. (2) would be the same no matter what OS is in use.

What I don't get about these people throwing their PCs away when they are infected is that they could just restore it to factory to fix it. It's a bit like abandoning your car because it stalled instead of just re-starting the engine.

So why was the key misapplied?

So why was the key misapplied? If it's just as simple and clear as the text config files in UNIX then the people who left this vulnerability open were idiots.

So, if changing the registry to plaint text files wouldn't have magically fixed the problem, then the employees at Microsoft are idots.

Re:Vulnerabilities are VERY profitable for Microso

[bleakgadfly]

"Shop for Ubuntu" http://www.dell.com/content/topics/segtopic.aspx/ubuntu?c=us&l=en&cs=19