Slashdot Mirror
Latest EMET Bypass Targets WoW64 Windows Subsystem (threatpost.com)
msm1267 writes: Backwards compatibility, a necessary evil for Microsoft and its need to support so many legacy applications on Windows, may be its undoing as researchers have found a way to exploit this layer in the operating system to bypass existing mitigations against memory-based exploits. Specifically in this case, researchers slid past Microsoft's Enhanced Mitigation Experience Toolkit, or EMET, a suite of more than a dozen freely available mitigations against memory attacks. The soft spot, the researchers said, is the Windows on Windows, or WoW64, Windows subsystem that allows 32-bit software to run on 64-bit Windows machines. The researchers said 80 percent of browsers in their sample size were 32-bit processes executing on a 64-bit host running WOW64, meaning they're all vulnerable to this attack.
by constantly breaking the ABI.
...for legacy applications, especially true in the closed source world where simple recompiles are not possible to do lack of source. Still one would think that Microsoft would have provided protection against holes that exist in its legacy systems. Perhaps even a simple walled chroot would suffice? Very few if any honest user applications really need access to system level permissions.
Time is what keeps everything from happening all at once.
As it is, Windows 8 broke a lot of compatibility w/ Windows 7. There really was no reason to have a 32-bit version of either Windows 8 or 10. All win32 applications were XP applications, so all that could have simply been run on XP-Mode or Hyper-V on Windows 10 platforms.
WoW64 should really be deleted, and only 64-bit Windows programs should be developed. VirtualPC should be brought back to Windows 10, and all win32 applications should be run only under that, and not under native win64 systems like Windows 10 or 8.
The sandboxed web browser will keep this from happening as it will only occur virtually. Close the browser and - poof - its normal again.
... until a vulnerability is also found in the sandbox, which will probably be 32-bit if it's a wrapper for a 32-bit browser.
What are the architectural reasons why Windows doesn't behave more like multi-lib on Linux? Is it just the fact that recompilation is not an option because most Windows software is closed-source? Or are these business/design decisions getting in the way, once again? Specifically I would like to know what the significant differences are between WoW64 and the implementation of multi-lib on Linux. Considering that these tend to run on the same hardware, it comes down to design decisions.
For firefox you'd either have to choose one of their nightly 64-bit versions or settle with Waterfox which usually lags behind a few versions.
Not so. Pale Moon, my personal choice. They deliberately lag a few versions behind on the user interface rather than accepting the broken shit Firefox foists on everyone.
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
See how simple it can be when you have source? For those who invested in the Microsoft ecosystem, I wish them the best of luck.
To suggest that Firefox for Windows is not open-source is disingenuous. You can compile Firefox yourself on Windows, too. It's not that difficult and can be done using the free version of Visual Studio.
This would kill the usefulness of Windows 10 for existing games, practically all of which are 32-bit. Without remaining a strong platform for gaming, it would be difficult (to say the least) to upsell a large portion of the existing user base. I suppose you can argue that native 32-bit versions should be discontinued, but that's a totally different argument from saying that WoW64 should be discontinued.
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
I noticed Visual Studio is only 32 bit only, and defaults to making 32 bit builds. I don't think Microsoft is big on the whole 64 bit thing.
Fun fact: your 32 bit DLLs are in syswow64 and your 64 bit ones are in system32. Legacy makes such a mess when you don't plan ahead...
I think World of Warcraft has been a 64-bit application for quite some time now.
Fight for your bitcoins!
I just compile Firefox from source since this is a Gentoo system.
The ability to compile Firefox from source isn't exclusive to Gentoo, you can do it on Windows or OSX as well if you want.
For those who invested in the Microsoft ecosystem, I wish them the best of luck.
It's not that hard, just follow the guides here or here.
If you want a platform that breaks older shit, well then go ahead and find one. However many of us would like our software to keep working. WoW64 has been a great success because 32-bit apps run seamlessly and very fast. So you can just use whatever software you want. This has made widespread 64-bit adoption possible. If suddenly 80+% of your programs stop working because there's no compatibility layer, people just won't want to use it. Many, many programs these days are still 32-bit. You may not like that or agree with the choice, but it is what it is. I want to be able to run my software, I don't care about ideological purity.
Also you might want to do your research a bit better, VirtualPC -IS- back. It's called Hyper-V now and it is MS's all encompassing virtualization solution. You can have it on the desktop all the way up to big clusters of servers.
There can't be that many browsers to "sample". Browsers aren't like the population of field mice in the world. You don't use a statistical process to analyze a random sample of them, then declare a ridiculous statistic like "80 percent of them". In the real world there are four or five or eight (some finite quantity). Any declaration should read something like: "five of the seven browsers examined..."
The fact that distributions no longer ship old libraries, or that the community of developers has a certain tendency to introduce new “frameworks” and deprecate existing ones, shouldn’t be confused with an alleged technical inability of the Linux kernel or its traditional GNU userspace to maintain backwards compatibility.
Windows did something far weirder than focus on the ABI.
The WoW64 folder holds the 32 bit DLLs while the System32 folder holds the 64bit DLLs. There is then black magic that usually redirects 32 bit applications to the different Wow64 folder.
The idea was not binary compatibility but source compatibility. Someone in the hierarchy must have dictated that C programs must be able to be recompiled in 64bit with zero code changes. Only an MBA with zero programming background could think that this largely impossible mandate justifies permanently twisting the system with weird rules.
Don't get me started on Program Files (X64) ...
The fun with the System and System32 folders was not done for source compatibility. It was done for programs that hardcoded the path/folder name instead of querying the system for it.
Linux has very good backwards compatibility as peppepz pointed out... The fact that most distros don't include the necessary ancient libraries is because this backwards compatibility is very rarely needed, so those using it are a very small niche who still have the option to install the libs.
The vast majority of linux software comes with sourcecode, and almost all of it has already been compiled for 64bit systems as well as other architectures like arm or mips. It's extremely rare that you would need to be using an old linux binary, and even if you are running old software there is usually nothing stopping you from recompiling it assuming someone else hasn't already done so. I regularly run several applications which date from as early as 1994, recompiled for a 64bit host. They compile and run fine on 64bit, as 64bit hardware (alpha/mips) was available in 1994 anyway.
Any software that doesn't compile and run cleanly on 64bit hosts is usually fairly easily fixed and is very rare as the unix world has had access to 64bit cpus for a long time now.
I run several 64bit linux servers with custom kernels, they have support for 32bit (and a.out) binaries turned off because i have absolutely no use for this feature.
By contrast, most windows software comes only as 32bit (or 16) binaries and cannot be recompiled or easily modified. To get a 64bit binary you are relying on the goodwill (and continued existence) of the original vendor, and quite often even if a 64bit version is available it will only be the more recent versions which is no good if you're stuck with an old version for whatever reason.
Backwards compatibility is essential for windows, if you're going to ditch compatibility you might as well just switch to linux anyway.
Backwards compatibility is a tiny niche for linux, hardly anyone ever uses it.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!