Vista Protected Processes Bypassed 221
Anonymous Hero writes "Security Researcher Alex Ionescu strikes again, this time with a proof of concept program that will arbitrarily enable and foremost disable the protection of so-called 'protected processes' in Windows Vista. Not only threatening Vista DRM and friends, it's also another step towards hardened and even more annoying malware. Normally, only specially signed processes made by special companies (decided by Microsoft) can be protected, but now the bad guys can protect any evil process they want, including the latest version of their own keylogger, spambot, or worm, as well as unprotect any 'good' one."
In related news (Score:5, Funny)
Re:Other OSes (Score:4, Funny)
this is just an another step (Score:4, Funny)
biting the hand that feeds you (Score:5, Funny)
He [Alex Ionescu] is also a Microsoft Student Ambassador and is representing the company on campus as a Technical Rep.
not for long, I bet.
Re:Source code (Score:3, Funny)
Re:You think so? (Score:4, Funny)
New Meaning for "Genuine Advantage" (Score:3, Funny)
Surprising really? (Score:4, Funny)
Re:Ever since DOS (Score:5, Funny)
I miss the days when I gave my computer commands not suggestions.
You are becoming nostalgic, Deny or Allow?
It's really Melinda's fault (Score:5, Funny)
So get off your old, tired, 20th Century horse and get with the new paradigm.
Just a suggestion of course.
Re:Didn't we see this before... (Score:5, Funny)
Re:Can't beat em, join em? (Score:4, Funny)
Why would anyone bother putting in more backdoors to the OS equivalent of Goatse ?
Re:Why do they even bother? (Score:5, Funny)
Re:Ever since DOS (Score:4, Funny)
Re:In related news (Score:5, Funny)
Re:Ever since DOS (Score:2, Funny)
I had the opposite problem a week or two ago on a Windows 2003 server (or is it a Windows Server 2003 server? I can never remember). It actually amused me enough to take a screenshot [prntscrn.net] of it, but for those who don't want to view ad-supported screenshots of Automatic Update dialog boxes:
The two buttons, "Restart Now" and "Restart Later" are disabled. So is the close window ("X") button for the dialog itself.
I'm pleased that it's not offering to let this non-privileged user reboot our server; but I can't help but think it would be better to check if they're able to reboot the system before displaying the dialog. Also, why was the "restart later" option disabled? Maybe unprivileged users aren't allowed to interact with the Windows Update dialog at all, but if that's the case, why is it being displayed on their screen?
Full disclosure: I was setting up RDP access to the server for an external contractor, and logged in to add them to the "Remote Desktop" group. While I was there I installed updates from Windows Update, and it wanted a reboot - I deferred it for later and logged out so I could log in as the contractor's (non-admin) account to set up appropriate shortcuts on the desktop and make sure they had access to what they needed to access. The automatic updates dialog appeared immediately after I logged in as this unprivileged user. (I actually used Task Manager to close it.)