Vista Protected Processes Bypassed

Anonymous Hero writes "Security Researcher Alex Ionescu strikes again, this time with a proof of concept program that will arbitrarily enable and foremost disable the protection of so-called 'protected processes' in Windows Vista. Not only threatening Vista DRM and friends, it's also another step towards hardened and even more annoying malware. Normally, only specially signed processes made by special companies (decided by Microsoft) can be protected, but now the bad guys can protect any evil process they want, including the latest version of their own keylogger, spambot, or worm, as well as unprotect any 'good' one."

In related news

[tinkertim]

A spokesperson for Microsoft was quoted as saying :

This is only an issue if you're downloading and watching porn. You should be watching only wholesome media, like "What About Bob [wikipedia.org]", instead.

Re:Other OSes

[Anonymous Coward]

No, this feature is available only in Windows Vista.

this is just an another step

[imbaczek]

...to start considering Vista as an usable OS.

biting the hand that feeds you

[kv9]

He [Alex Ionescu] is also a Microsoft Student Ambassador and is representing the company on campus as a Technical Rep.

not for long, I bet.

Re:Source code

[Original Replica]

yes, it would make a nice tool for you to administer your systems. or for anyone out there to "administer" for you.

Re:You think so?

[sqlrob]

Right, like those code scanners that preemptively found the second ANI bug after the first was found. Those code scanners?

New Meaning for "Genuine Advantage"

[BoRegardless]

Genuine Advantage seems to now benefit the bastards too.

Surprising really?

[loconet]

If you build a house out of hardened excrements, it is still a house built out of shit even if you paint it pink.

Re:Ever since DOS

[Anonymous Coward]

I miss the days when I gave my computer commands not suggestions.

You are becoming nostalgic, Deny or Allow?

It's really Melinda's fault

[ColdWetDog]

Want your missing is the higher social value of interacting with your computer on a more equal basis. Just like women, Computers are complex, pretty, expensive and inscrutable. Just like women, they are best handled with suggestions, not commands.

So get off your old, tired, 20th Century horse and get with the new paradigm.

Just a suggestion of course.

Re:Didn't we see this before...

[FutureDomain]

I clearly remember being called to help a friend with a spyware/malware problem, discoverng he had ME, and going out to buy a copy of XP to replace it.

Well, it looks like you might be doing it again. Helping a friend with a malware problem, finding out that he has Vista, and buying a copy of XP to replace it.

Re:Can't beat em, join em?

[ultranova]

You're little website is one thing, but if you're microsoft, you have a lot to lose. Maybe the hacker just wants to get on the inside to get better info for future illicit hacks... or worse, put in backdoors.

Why would anyone bother putting in more backdoors to the OS equivalent of Goatse ?

Re:Why do they even bother?

[cyphercell]

after a $b investment over five years from the dominant player in operating systems, yes "The WOW starts Now!"

Re:Ever since DOS

[Udo Schmitz]

I miss the days when I gave my computer commands not suggestions. This whole "protected area" stuff just pisses me off.

So, is using a Vista PC like talking to the bomb in Dark Star?

Re:In related news

[StinkyGeek]

I have to ask. If both you *and* your wife enjoy porn, how do you find time to post on /.?

Re:Ever since DOS

[totally bogus dude]

I had the opposite problem a week or two ago on a Windows 2003 server (or is it a Windows Server 2003 server? I can never remember). It actually amused me enough to take a screenshot [prntscrn.net] of it, but for those who don't want to view ad-supported screenshots of Automatic Update dialog boxes:

Updating your computer is almost complete. You must restart your computer for the updates to take effect.

Do you want to restart your computer now?

The two buttons, "Restart Now" and "Restart Later" are disabled. So is the close window ("X") button for the dialog itself.

I'm pleased that it's not offering to let this non-privileged user reboot our server; but I can't help but think it would be better to check if they're able to reboot the system before displaying the dialog. Also, why was the "restart later" option disabled? Maybe unprivileged users aren't allowed to interact with the Windows Update dialog at all, but if that's the case, why is it being displayed on their screen?

Full disclosure: I was setting up RDP access to the server for an external contractor, and logged in to add them to the "Remote Desktop" group. While I was there I installed updates from Windows Update, and it wanted a reboot - I deferred it for later and logged out so I could log in as the contractor's (non-admin) account to set up appropriate shortcuts on the desktop and make sure they had access to what they needed to access. The automatic updates dialog appeared immediately after I logged in as this unprivileged user. (I actually used Task Manager to close it.)