Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[¿]

Windows 7 has an "unfixable" security hole. Or at least they claim it's unfixable. If it is though, residential customers don't even have to worry as the hacker would need to be physically at their computer. Business clients however may just decide to keep using XP.

Discuss windows, microsoft, windows 7, and fail.

[qwertyuiopas]

I think I heard somewhere(Xkcd windows 7 comic thread, I think) that wondows 7 used vista's kernel.

I'm sticking with XP too.

[G-Flex]

It doesn't "use vista's kernel" any more than Vista uses XP's kernel, as far as I know. I'm not sure what the development is like on it, but it sure isn't identical, to say the least.

[Tormy]

"The one fairly big drawback to the hack, however, and upside for most users, is that it can't be performed remotely, so it'll likely only be a significant concern for businesses or other folks using computers in public places."

Well, some good news at least..anyways, if it's really "unfixable"..... I am speechless in that case...

[Yanlin]

You'd think it would be as simple as simply... NOT ALLOWING FILES TO DO THAT?!

[qwertyuiopas]

It sounds like a BIOS or hardware issue, where the computer would load it off a disk and then it would load the OS while inserting it's exploits.

[RAM]

It probably is fixable, but not without compromising the integrity of the copy protection...

[G-Flex]

You'd think it would be as simple as simply... NOT ALLOWING FILES TO DO THAT?!

It seems like this doesn't involve booting Windows at all, so... yeah.

[Yanlin]

Don't common AV programs make sure these kind of stuff can't do that? As in, stuff can't just put itself on the boot or whatever. I know Avast! does.

Then again, it's just a click confirmation. Like they said, it can't be done remotely. So crisis averted. XP is still quite good. Offices don't need to upgrade. It's us gamers and shite that need to upgrade.

[umiman]

Yeah, why are you guys so worried? Do you live with people constantly attempting to change your passwords and steal your data? This can't be done remotely and really isn't a cause of concern for casual users.

> "I find it very scary, and if you would know what you're talking about so would you, unless you use your PCs just to play Doom of course."

I'm fairly certain that you don't actually understand the nature of the attack. It certainly has concerns, but is not outright scary. Assuming a semblance to the vbootkit I can guess at the process this employs. It requires the computer to boot off of removable media (CD-ROM, USB, etc), at which point the program reads the master boot record and begins launching the OS, while it is still running. In many ways it is similar to a hypervisor, executing at a layer below the OS. It then modifies files the OS loads into memory, so that compromised code can be executed within the context of the OS.

Now this certainly has concerning implications. I suspect it can actually be detected in a similar manner that the Bluepill exploit is detected (look for operations that take too many clock cycles because something else is executing), but the OS is not in a position to do this. If the system is compromised before your own code executes, there is no way to regain integrity at that point. Pre-boot integrity controls are the only feasible countermeasure. Why this is labeled a Windows 7 hack is confusing, since it actually targets the weak integrity checks prior to OS code running (yes, the payload is OS specific, but the attack is not).

Now, why this isn't scary- this attack requires the boot process to be physically compromised. The attack code must execute prior to the bootloader, which means it needs to execute off of removable media and requires physical access. If a person simply maintained their boot order to load from hard disk first, and password protected their BIOS so that the boot order couldn't be changed this isn't going to be even a driveby attack (though overloading the keyboard buffer does work on some machines, to bypass the password most machines are going to require the person to take the case off and reset the cmos via jumper or pulling the battery- neither are going to be quick drive by attacks at a company). Really, it is easy to restrict this to people who have flat out stolen a machine. The open question I have is whether increased boot integrity controls (TPM for example) mitigate this attack.

By the way, the whitepaper for the original v1 attack is here: http://www.nvlabs.in/uploads/projects/vbootkit/vbootkit_nitin_vipin_whitepaper.pdf

[qwertyuiopas]

Don't common AV programs make sure these kind of stuff can't do that? As in, stuff can't just put itself on the boot or whatever. I know Avast! does.

Then again, it's just a click confirmation. Like they said, it can't be done remotely. So crisis averted. XP is still quite good. Offices don't need to upgrade. It's us gamers and shite that need to upgrade.

The issue is that it does NOT put itself in boot or whatever.
It forces it's way i without ever being on your drive before windows even can know it's there then takes control of windows.

I don't know for sure, but I think that you can compare it to an emulator.
The game doesn't know the diffrence and can't do a thing about it, and you don't have to change a ROM to run it on an emulator.

Of course, it isn't an emulator, but something in the vista/win7 boot process leaves a gap where it can take over somehow without windows noticing and without leaving a trace when the computer is shut down.

[Maggarg - Eater of chicke]

Faicplam.

[Tormy]

Yeah, why are you guys so worried?

I am not worried actually...I will surely stick to my Vlited x64 Vista. It's faster than XP and very stable. I've installed it 1 year ago, and never ever had any problems with it.

[Yanlin]

Faicplam.

Failpalm.

[Zaranthan]

Wait, people are worried because you can boot from removable media? How can any software PREVENT that? It's pretty much a given that if you have physical access to a machine, it's yours (not in the legal property sense, more in the "you are able to do whatever you want to it" sense).