Vista Protected Processes Bypassed 221
Anonymous Hero writes "Security Researcher Alex Ionescu strikes again, this time with a proof of concept program that will arbitrarily enable and foremost disable the protection of so-called 'protected processes' in Windows Vista. Not only threatening Vista DRM and friends, it's also another step towards hardened and even more annoying malware. Normally, only specially signed processes made by special companies (decided by Microsoft) can be protected, but now the bad guys can protect any evil process they want, including the latest version of their own keylogger, spambot, or worm, as well as unprotect any 'good' one."
Didn't we see this before... (Score:3, Informative)
I clearly remember being called to help a friend with a spyware/malware problem, discoverng he had ME, and going out to buy a copy of XP to replace it.
Re:Wait, wait... (Score:4, Informative)
It's not like they can just create a pointer and address the other memory space but using the API they can achieve the same thing.
This is what allows programs like xfire to inject into your game process or (as they mention in TFA) allows Warden to peek inside all processes to see if they are evil.
Re:cmdrdildo (Score:1, Informative)
You're joking, right? (Score:3, Informative)
The ability to play some DRM'd files was also added to XP and Windows 2000. I assume you already knew that though...
This is how it's done (Score:5, Informative)
Re:Source code (Score:4, Informative)
Seems to contain a compressed buffer with a .sys driver that is decompressed with a call to RtlDecompressBuffer and hidden away by writing it to the alternate stream "%SystemRoot%\system32\drivers\crusoe.sys:drmkaud. sys", and then there's a registry update to load the driver.
Someone who cares should write out the compressed buffer and disassemble that.
Re:In related news (Score:4, Informative)
It was a joke, just a joke and only a joke.
The link given is to Microsoft Bob, which Microsoft gave up on shortly after launching it and (according to Wikipedia) later admitted the product was their single largest failure in their company history.
You'd need to remember Bob in order to appreciate that Vista is well on its way to being "Bob 2".
I suppose any joke could be taken as flamebait lol, but really, its just a joke. Better put in
its funny, laugh.
Re:Other OSes (Score:5, Informative)
Re:Good idea, bad implementation. (Score:4, Informative)
Re:In related news (Score:2, Informative)
I haven't seen a reduction in functionality. Of course, I haven't played any HD-DVDs either, mostly because I don't have an appropriate drive. Vista is not ME, it's XP Second Edition.