Vista Protected Processes Bypassed 221
Anonymous Hero writes "Security Researcher Alex Ionescu strikes again, this time with a proof of concept program that will arbitrarily enable and foremost disable the protection of so-called 'protected processes' in Windows Vista. Not only threatening Vista DRM and friends, it's also another step towards hardened and even more annoying malware. Normally, only specially signed processes made by special companies (decided by Microsoft) can be protected, but now the bad guys can protect any evil process they want, including the latest version of their own keylogger, spambot, or worm, as well as unprotect any 'good' one."
Can we have Source? (Score:2, Interesting)
Wait, wait... (Score:5, Interesting)
Most likely I am missing the point here, and can't understand TFA accordingly. Somebody please set me straight.
Re:Wait, wait... (Score:3, Interesting)
possible silver lining (Score:4, Interesting)
Again? (Score:3, Interesting)
Bill Gates wants more cheap labor [infoworld.com] to waste of useless software [theinquirer.net]. What a waste of human intellect and talent. How about making the computer RUN faster, be more intuitive, and reliable?
Looks like 32-bit (Score:4, Interesting)
32-bit allows unsigned code in kernel mode for legacy reasons so its much more easier to inject into 32-bit processes.
Re:Can't beat em, join em? (Score:4, Interesting)
That's MS's big problem. A LOT of people WANT them to fail because they're MS. Because fundamentally, a computer and it's OS is supposed to do what the user wants, not what Bill Gates, the RIAA and the MPAA want it to do. There are enough people out there who know how to hack it up so it actually does do what they want. The more pragmatic ones WANT MS to fail because that's how to crack the content they want.
Once the hacking is accomplished, a significant number of people will then abuse that code to get other people's computers to do what THEY want rather than what Bill wants (doing what the user wants is simply not up for discussion).
The real beauty here is that the "bad guys" are turning the OS's own features against the creator (the other bad guys). The divine appropriatness of that is simply irresistable.
Re:In related news (Score:5, Interesting)
The parent is not necessarily too uptight to admit surfing porn.
Re:In related news (Score:5, Interesting)
Vista goes way ot of its way to reduce functionality for the user in order to make content providers happy. Think of what that really means. Company A sells something to Consumer A but that something is disabled in order to make Company B happy. Company B is happy because they can continue their old business model and maintain their dominance if and when they finally move into new business models when they feel ready. Meanwhile, companies C, D and E through M move to create, innovate and design new things only to be prevented by both Company A and Company B. Depending on how this is done and how much evidence can be produced, this is illegal behavior.
No, debuggers can't have special privileges (Score:3, Interesting)
When you make a Windows API call to something like CreateRemoteThread [microsoft.com], you need a handle to the process you're interested in. If the right security bits aren't set (and they get set by the call to CreateProcess), CreateRemoteThread returns unsuccessfully.
Anyway, what could you do to give debuggers special privileges that you could prevent other people from using?
Re:In related news (Score:3, Interesting)
I'll tell you, personally I think porn sites don't need malware. They KNOW what you're there for - they don't need to slap adware on your system to get you to come there. I've always had some spyware protection back when I was running mostly on Windows 2000 and XP, and I surfed porn sites frequently (albeit with Opera originally and later Firefox, more than IE, so my exposure to ActiveX was minimal) and I very rarely got any spyware according to my utilities.
Basically ANY sleazy commercial outfit will slap spyware on your system. I have clients whose kids or spouses spend a lot of time on sports sites and retailers of sport shoes - and they get tons of spyware from those sites. Porn definitely isn't the primary problem.