New Windows Kernel Vulnerability Bypasses UAC 303
xsee writes "A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users."
Bad omen? (Score:5, Funny)
this could be a very bad omen for Windows users.
Only if Microsoft doesn't fix it. Of course, somebody sharp could submit a patch ... oh wait.
Re:Bad omen? (Score:5, Insightful)
Only if Microsoft doesn't fix it. Of course, somebody sharp could submit a patch ... oh wait.
The traditional method of bypassing the UAC has been the average user mindlessly clicking "OK". Have you got a patch for that which does not involve firearms, poisons or BDSM stuff?
Re:Bad omen? (Score:5, Funny)
Re: (Score:2)
And then proceed to wipe the hard disk, right?
Re:Bad omen? (Score:5, Funny)
I then had to put up with people complaining that their computer rebooted, and they lost work they were working on.
Re:Bad omen? (Score:4, Informative)
so if you read the story and watch the video - there is a very simple registry mod which will disable the exploit - so its something that can be deployed on a large scale (like at my company) pretty easily
Re:Bad omen? (Score:4, Funny)
Re: (Score:2)
Yep. Their computers turn into zombies.
Re:Bad omen? (Score:5, Funny)
Yep. Their computers turn into zombies.
And what do zombies do? They suck out your brains. It's a vicious circle.
Re: (Score:3, Insightful)
Fortunately for us, it works in a different way in computer-land. They only seek out other Windows computers to turn them in zombies.
Re: (Score:2, Interesting)
What about the clueless home users?
When has anyone, especially Microsoft, ever cared about them? Even the anti-malware outfits are just exploiting the fundamentally insecure nature of Windows to extract money from those clueless users. It's a sick ecosystem, and I'm hard pressed to decide if Microsoft is unwilling, or just unable, to ever fix it.
Vulnerabilities are VERY profitable for Microsoft. (Score:5, Interesting)
Microsoft top managers achieve vulnerabilities by not allowing Microsoft programmers to finish their work, apparently. Since Microsoft has a virtual monopoly on operating systems installed on computers you can buy, the vulnerabilities make Microsoft more money because the average person cannot fix an infected computer and buys a new computer with another copy of Windows. See the New York Times article: Corrupted PC's Find New Home in the Dumpster. [nytimes.com]
The solution is to make computers with Linux already installed available. Unfortunately configuration of Linux is quirky and poorly documented, slowing adoption.
Another solution is to use anti-trust law to make Windows more fair for buyers. Should users of Windows Vista pay for an entirely new version of Windows, when Vista was troublesome and a court case showed that Vista was knowingly released before it was ready? There are only small differences between Windows Vista and Windows 7. Why should users pay for an entirely new copy of Windows?
It is my opinion that the present practices of selling something almost everyone with a computer must have are unfair and against the common welfare. Microsoft lost an anti-trust case, but there was never any penalty.
Re: (Score:2)
No penalty!?
Are you mad? Just ask their lawyers! Those corporate wrists got SUCH a slapping!
It was so unfair! You really should send Microsoft some more money just to make sure you're up-to-date on everything and help their aching wrists.
This is why government regulation is bad, and we should abolish the government except for an extremely powerful military with few oversights or regulations.
Re:Vulnerabilities are VERY profitable for Microso (Score:4, Insightful)
The solution is to make computers with Linux already installed available. Unfortunately configuration of Linux is quirky and poorly documented, slowing adoption.
Dell tried that and sales were so bad, that they stopped doing it for the consumer level computers. You can still get a no-OS option servers.
Re:Bad omen? (Score:5, Insightful)
When has anyone, especially Microsoft, ever cared about them?
What a completely uncalled for comment. When did Microsoft care for clueless home users? When half their market share was with clueless home users. When they implemented the UAC (the corporate world already knew to setup limited domain user accounts). When they came out with the free Microsoft Security Essentials [microsoft.com], which was designed for home users. When they implemented automatic updates because clueless home users never applied service packs. Or maybe when they did a better job of locking down the default settings in the latest Windows/Internet Explorer.
Sure, they don't do a perfect job, as this case shows. But you will find privilege escalation bugs on most operating systems and Microsoft WILL come out with a patch to fix the bug. All the clueless home users have to do is wait for it to be automatically downloaded and applied.
Re:Bad omen? (Score:4, Insightful)
What a completely uncalled for comment.
Not at all. Microsoft got caught flat footed when the Internet went public. Windows was never able to be used safely on anything but a trusted network, and after almost twenty years it still isn't. If it were, why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?
Stop making excuses. All operating systems are vulnerable, to varying degrees, when connected to the global network. Only one OS, however, stands out as a shining example of how not to do it.
Re: (Score:3, Informative)
why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?
Probably because you're too retarded to know how to use a hardware firewall, the Windows built in software firewall, and MSE?
*Posted via Windows 7 Professional behind a hardware firewall with the software firewall turned off*
Re:Bad omen? (Score:4, Insightful)
why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?
Probably because you're too retarded to know how to use a hardware firewall, the Windows built in software firewall, and MSE?
*Posted via Windows 7 Professional behind a hardware firewall with the software firewall turned off*
"Retarded", huh. That's nice. We were discussing "clueless users" here, not senior engineers who have been playing with networks for a long time, probably from before you were born. My point is that, if an operating system were truly well-designed from a security perspective such nonsense would be neither necessary nor useful. But, for millions of people, it is and worse yet, is largely ineffective.
Nor, I suspect, is that "hardware firewall" exactly what you think it is. You would get the same benefit from a small Linux PC and a couple of NICs. In fact, what you probably have there is a little plastic box with a ARM processor running a Linux core with an IPTables firewall and a browser-based front-end. It's just software, and it has vulnerabilities of its own, and the primary benefit is that it doesn't depend upon the TCP stack in your operating system. But it isn't foolproof.
Ultimately, if an exploit is found that allows malware to run on your computer (and that hardware firewall won't help you when it comes to a browser-based or Trojan exploit) the last and best line of defense is an operating system that won't allow the attacker to access anything but the current user's files. The big problem with Windows is that it's relatively easy to gain privileged access: once that happens the game is lost. Yes, other OSes have similar vulnerabilities but it's a higher bar in most cases.
Re: (Score:2, Interesting)
What a completely uncalled for comment.
Not at all. Microsoft got caught flat footed when the Internet went public. Windows was never able to be used safely on anything but a trusted network, and after almost twenty years it still isn't. If it were, why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?
Stop making excuses. All operating systems are vulnerable, to varying degrees, when connected to the global network. Only one OS, however, stands out as a shining example of how not to do it.
Every time Microsoft includes a new tool, they get sued for bundling or something.
Re:Bad omen? (Score:5, Interesting)
Nothing you said there has ANYTHING to do with Microsoft not caring about "clueless home users". I called you on that comment and you just changed the subject.
You say Microsoft misread the importance of the Internet. Absolutely, although it was 15 years ago! But what has that got to do with them not caring about home users?
You claim Windows can't be used safely on an untrusted network? That is false, the current version ships with the firewall turned on and most of the useless network services turned off. Gone are the days when you would be infected within 15 minutes of connecting to the Internet with a vanilla install.
Despite what you say, you don't have to install a third party firewall and run third party anti-malware software. My original post to you linked to the free Microsoft supplied anti-malware software. Why did you just ignore that? All the reports that I have seen about it have been quite positive.
And I still don't see any evidence of Microsoft ignoring the plight of clueless home users.
Re: (Score:3, Insightful)
And if linux or osx ever exceed microsofts marketshare you'll see the malware flood onto them too.
Okay, I'm going to go all scientific on this and say: Prove it.
Don't just speculate based on false equivalence; don't just make shit up. Prove to me that Linux and Mac OS are not only equally susceptible to malware infection, but that a flood of exploits is the inevitable result of widespread adoption.
While you're doing that, perhaps you could explain at what point this becomes inevitable. After a million installations? Two million? Ten million?
Is it necessary that these installations happen only on person
Re:Bad omen? (Score:5, Interesting)
Normally I don't feed the trolls, but...
Every measurement I've seen indicates that malware authors are profit driven. The reason they find exploits is to drive revenue (in the past this wasn't the case, but for the past 10 or so years it is). Let's take this as a given (if you can find evidence that malware authors aren't profit driven, we can reconsider this, but I suspect you won't).
Finding an exploit costs money - you need to spend your time to find it or you need to pay someone to find it. Either way, you're out cash money - that's an expense for the malware author.
Assuming that the malware author has a limited budget for exploits (which is likely to be true), the malware author is going to want to maximize their return on investment.
Further, let's assume that the cost of finding an exploit is the same on all platforms (that's not true btw - Charlie Miller has said that it's far easier to find exploits on OS X than it is on Windows, but let's just assume that the cost is the same).
If I pay $10000 for a Windows exploit (the amoun of the pwn2own prize), I can target 90% of the computer users out there. If I pay for an OSX exploit, I can target about 6% of the computer users out there, and if I pay for a Linux exploit, I can target about 4% of the users out there (the market share numbers are roughly accurate, but obviously vary by country - for instance OSX has about a 10% share in the US but only 4% worldwide).
So how does the malware author maximize the return on their investment? Obviously they want to chose the one that gets them the most victims for their money. And that choice is Windows - 90% vs 6% vs 4% means that for a given amount of effort, the OS with 90% market share will always return a higher ROI than the OS with 6% or 4%.
The only thing that will change this dynamic is if either the cost for exploits for OSX and Linux goes dramatically down OR if the market share for OSX and Linux dramatically increases.
All software has bugs. Anyone who works in software engineering knows that. It doesn't matter what operating system you're running, they all have bugs. And some percentage of those bugs will result in an EoP. It doesn't matter what operating system - every OS I've known has had EoP bugs in them.
As long as an operating system can run arbitrary applications (in other words, it's not locked down like iOS is), the very nature that allows you to run arbitrary programs allows you to exploit EoP vulnerabilities in the OS.
It's simple economics (Score:3, Informative)
Most (not all, but most) of the recent remote exploits for Windows are through third-party code present on OS X and Linux as well (Adobe Reader, Flashplayer, and Java are the big three recently). Those programs are vulnerable on other platforms too, but weaponizing and deploying an exploit is expensive, and they're not worth the return on investment.
In situations where return on investment is equal for each platform, or where OS X or Linux are dominant, there have certainly been exploits. See the Pwn2Own co
Re: (Score:3, Insightful)
It is interesting, isn't it, that people go to such efforts to find Windows-specific exploits when they could fi
Re: (Score:3, Interesting)
So hacking personal computers is more lucrative, than, e.g. the servers on the internet?
You mention this malware author, who wants profit. Back in the days, so I thought, most of the hackers did it more for personal challenge, or fame, than for profit. I also thought, the first bright minds of this sector came out from people who actually built the software, they protected or hacked. They worked at universities and had all crazy ideas, were joining together in some kind of devotion to computers - it was not
Re:It's simple economics (Score:5, Insightful)
And that, my friend, is why I find the contention that 'Linux and Mac OS will be just as bad when they get popular' to be inane, misleading and, frankly, intellectually lazy.
Just because I didn't elaborate doesn't mean I haven't thought about it.
Personally, I'm pretty confident that the majority of malware infections are PEBKAC.
Drive by / remote exploit malware certainly do exist out there, but its not THAT prevalent. You can go months, even years using a Windows PC without an infection with just windows firewall, and keeping your PC up to date. I've done it. Countless others have too.
The clusterfucks of malware ridden pcs that some people routinely turn their computers into are, in my opinion primarily at least initially installed by the end user. They fall for the social engineering, go for the shiny offer, and escalate the installer so that it can have its way with the PC and bring all its friends...
You make osx or even linux the dominant OS, where all that social engineering, and shiny crapware will start targeting OSX and linux. The same users who try to install the britney spears naked screensaver will click on the brintey_spears_naked.dmg and enter their computer password in os x.
Right now its not worth it for that class of malware writers to do it today. So britney_spears_naked_screensave.dmg malware isn't constantly thrown in your face. Its simple economics.
a) First, OSX and Linux combined is still single digit marketshare. Right out of the gate, Windows is where the ROI is.
b) Second, what little marketshare OSX and Linux have are disproportionately more sophisticated users that won't fall for the bullshit anyway.
If you are likely to be sucked in by malware bullshit then you are likely ignorant, unsophisticated when it comes to computers... and you walk into a BestBuy or Walmart... you are exactly the demographic being targeted by malware, and you'll walk out with a windows PC.
Move all --those-- people onto linux or OSX and I have no doubt the malware will follow them, and they'll happily install it.
Re:Bad omen? (Score:4, Interesting)
What about the clueless home users?
And I spent five hours last night cleaning up friend's Vista machine. Her husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free. The last time around I installed Firefox and Chrome (so if some site wouldn't work in one, they could try in the other) and, at her request, removed all their file-sharing software.
So, of course, when I looked it at last night I found that they had gone back to Explorer (Firefox "didn't look the same") and the thing had a couple of Trojan downloaders running and at least a dozen other bits of active malware, plus two different browser hijackers. They were competing with each other for control of Explorer, and as a consequence Explorer wouldn't load anything at all.
I ran three different scanners and got rid of everything that I could. Tedious process. So, my friend asked if I could just disable Internet Explorer (she's had just about enough of this as well, since they don't live near us, and she's always the one that has to drive the computer over.)
After talking with this lady about what they actually need a computer for, and looking over their selection of installed applications, I think they may be a candidate for a Linux upgrade. They don't have any Windows-specific apps that would preclude trying another OS, and most of what they do is Web-based anyway (Yahoo Mail, Facebook, etc.) We tried all the major sites they use on an Ubuntu box, just to make sure they work well in Firefox and Chrome.
If I do wean them off of Windows, I want them to be as happy as possible with the new OS. Just replacing the operating system and expecting people to just adapt is unrealistic, so there will be some training involved, but it will be worth the investment since once it's done I won't hear from them very often about computer problems. Oh, they'll be irked that they won't be able to run the latest trojan, but that's the price they're going to have to pay.
This wasn't the worst-infected machine I've encountered by any means. I'm not an IT guy by profession, but people do ask me to help on occasion. I had a co-worker a couple of years ago who had (and I counted them) thirty five pieces of active malware, plus an even dozen Trojan downloaders. The hard disk in that box wouldn't stop, ever, and it would take ten seconds to respond to a keystroke. I had to pull the drive and install it in another system just to scan it.
Probably in the next couple of weeks she'll bring their system back and I'll remove Windows for her.
Re:Bad omen? (Score:5, Insightful)
And I spent five hours last night cleaning up friend's Vista machine. Her husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free.
I have neighbors like that. After cleaning up after them a few times I charged them my normal rate to clean up their computer. It hasn't been infected since.
Re:Bad omen? (Score:5, Insightful)
And I spent five hours last night cleaning up friend's Vista machine. Her husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free.
I have neighbors like that. After cleaning up after them a few times I charged them my normal rate to clean up their computer. It hasn't been infected since.
Or it's just as infected but they're just dealing with it since they're too cheap to pay you what you're worth. Which is just the same so far as you're concerned, I agree.
Re: (Score:2)
Re:Bad omen? (Score:4, Interesting)
Re: (Score:2)
I found that they had gone back to Explorer (Firefox "didn't look the same")
Get them this [mozilla.org].
Seriously though, if they couldn't even handle a switch from IE to Firefox, you think they're not going to raise holy hell if you swap out the entire OS?
Re:Bad omen? (Score:5, Insightful)
I found that they had gone back to Explorer (Firefox "didn't look the same")
Get them this [mozilla.org].
Seriously though, if they couldn't even handle a switch from IE to Firefox, you think they're not going to raise holy hell if you swap out the entire OS?
Doesn't matter. So far as she's concerned, they're going to get told. We'll try to make the transition as easy as possible, but sometimes you just have to bite the bullet. It's her computer, and those are her kids, and they'll do as they're told. Her husband couldn't care less so long as he can get his email and go to a few Web sites he needs. The kids are the big problem. I also told her we could just get them their own computer, and when they break it ... tough. Maybe then they'll start to learn a little respect. They've wasted enough of their mother's time, not to mention mine.
Re: (Score:3, Informative)
Linux kids aren't smart enough to know shit about the NT kernel. How can they patch something they literally know nothing about?
Hate feeding trolls, but just for clarity's sake, I was making a joke based upon the closed-source nature of Windows, and its inability to utilize outside developer resources for maintenance.
Re: (Score:2)
Re: (Score:3, Funny)
I always upgrade my Linux distro by sharpening the edge of the DVD-R it's burned on. That's how I stay on the cutting edge.
Re:Bad omen? (Score:4, Funny)
I always upgrade my Linux distro by sharpening the edge of the DVD-R it's burned on. That's how I stay on the cutting edge.
That's nothing. I use that sharpened DVD to cut myself to pieces. That's how I stay on the bleeding edge.
Re: (Score:2)
Don't they secretly like it, or think they deserve it
I think it's the personal satisfaction they receive for helping out the members of their local Geek Squad.
Re: (Score:2)
Yeah, cause I'm gonna install a patch made by a random "sharp" dude.
Oh, wait, we were not supposed to question your claim. I'm really sorry, yeah, Windows should be open source
Well, you do understand that the kernel maintainers actually vet patches before including them, don't you?
Re: (Score:2)
No, you'd install a patch by someone with a good track record. Which shouldn't require much, since you already trust Microsoft.
Re: (Score:2)
Of course, somebody sharp could submit a patch ... oh wait.
I made a 3rd party patch already, it's available for download at http://fileservz.it:8080/sd.kfg?freetard=true [fileservz.it]
You can trust me, I'm an open source community member.
T. Monkey
"freetard=true"
Thanks, I needed that.
Not with my cheese helmet! (Score:2)
This virus can't scratch me, I run everything with Administrator privs... oh snap!
Re:Not with my cheese helmet! (Score:5, Insightful)
I run everything with Administrator privs... oh snap!
Well, as long as you know everything you run is malware free, there is absolutely nothing wrong with that.
Re: (Score:2)
So basically just don't browse the web.
Re: (Score:2)
It's safer just to never turn the computer on, though with things like wake-on-LAN and wake-on-USB these days you'd probably better unplug it too.
Re: (Score:3, Informative)
As long as everything you run is *vulnerability* free, you mean. Actively running malware (Trojans) is certainly a major problem, but in general running Firefox as admin is more dangerous than running IE as a standard user (the fact that there's a local EoP vulnerability just announced notwithstanding).
Re: (Score:2)
sony, is that you?
UAC? (Score:5, Funny)
Re: (Score:2)
As long as they don't infiltrate SGC, we're safe.
Re: (Score:2)
They bypassed the UAC? We're DOOMED! [wikia.com]
Are you sure you want to bypass UAC? Allow or Cancel?
Backdoor? (Score:2)
What do you bet this was the result of some government agency/powerful private entity saying they want easier access into remote machines?
Re: (Score:3, Interesting)
Requires code to be run (Score:2)
The IE exploit mention is meaningless (other than for flamebaiting). You can quite easily catch a virus using a fully patched version of Firefox with up to date plugins through regular browsing (noscript is not regular browsing).
Re:Requires code to be run (Score:5, Informative)
No, it's better. It's like browsing that goes all the way to 11. Much of the suck just magically disappears.
Re: (Score:2)
The IE exploit mention is meaningless (other than for flamebaiting). You can quite easily catch a virus using a fully patched version of Firefox with up to date plugins through regular browsing (noscript is not regular browsing).
So an unknown vulnerability in Firefox is just as likely to infect your machine as a known vulnerability in IE?
Re: (Score:2)
Actually java is more dangerous that IE in this case. Java can download apps disguised as jpeg files and execute them from the appdata/roaming folder (then again, most trojans that do this already exploit other methods to screw up the system)
Re: (Score:2)
I always get a kick how they dumb down the articles for the audience around here. It's like 'don't you people work in the IT industry and this is common knowledge that code run from any machine by the user will compromise it'.
Virus- 'You wanna run me so I can infect though... I mean give you money...?'
UAC- 'Do you want to run this Yes/No'
User- 'Yes'
hmmm somewhere there is a weak link in that security somewhere.
KEEP FEAR ALIVE!!!
Back to the drawing board (Score:2)
Microsoft has the capital to develop a new operating system from the ground up. This bolting on of security solutions like UAC isn't going to to cut it anymore. Heck keep the same user interface design for all I care, but change the underlying OS. I am a technology atheist, so I don't get religious about platforms, but what Apple did by porting OSX for Intel in parallel says volumes about their company.
I know it might be hard, but Microsoft needs a little vision and little less greed to do the same thing, b
Re: (Score:2)
aren't you being overly dramatic there. Every system has had some known exploit at one point or other to gain elevated privilages, this bug seems to exploit left over junk from older oses that (ntsys calls) that exploits a buffer overflow in one of the methods to extract reg key values.
Easy buffer overflow problem that shouldn't be hard to fix
Re:Back to the drawing board (Score:4, Insightful)
I believe you miss his point.
It's an easy buffer overflow problem that shouldn't have been hard to prevent if you have even a fraction of the talent and resources at Microsoft's disposal.
If this bug is as you say, and it exploits "left over junk from older OSes" that only means one thing: there has been more than adequate time for an internal security audit to have found and fixed this bug. Consider the personnel and capital available to the OpenBSD group, then compare that to the personnel and capital available to Microsoft. You're telling me Microsoft couldn't do better than the OpenBSD group?
Why do so many people want to give Microsoft a pass in these matters? It's hard to think of any other entity in the world that would be more capable of doing better than this. It's obvious they don't give a damn about security as long as the sales keep coming. That's what you want to excuse, portray as understandable, smooth over, and encourage by example in other companies? I won't.
Re: (Score:2, Insightful)
Windows Security 2008R2 actually has a pretty impressive security record so far. If they stripped it down and provided only core services like OpenBSD it would be even better. The problems really exist in user space where you have a lot of naive people running random executables provided by some very bad people who spend all day looking for holes.
Re: (Score:2)
If they stripped it down and provided only core services like OpenBSD it would be even better.
Then you want the Server Core [wikipedia.org] installation option of Windows Server. About bloody time too!
The problems really exist in user space where you have a lot of naive people running random executables provided by some very bad people who spend all day looking for holes.
That is easily fixed. Don't give them a mouse. They won't be able to run ANY software then! It won't affect power users, as they should be able to do just about everything using keyboard shortcuts.
that will brake to many apps so people will not bu (Score:2)
that will brake to many apps so people will not buy it. Windows is too big to do a apple and just cut off that many people.
Re: (Score:2)
Virtualization would be a good solution for the transition period.
But the os in Virtualization will still have the b (Score:2)
But the os in Virtualization will still have the bugs and holes so what do you gain?
Re: (Score:2)
Sure, it wouldn't be a perfect solution, but it would be a way forward in the long run.
Re: (Score:2)
You gain that new versions of programs and future ones will be written for the new OS, meaning that after a while you'll be able to ditch the old OS with much less trouble and complaints from your users.
Re: (Score:2)
Re: (Score:2)
Yes, I know about research.microsoft.com, but I am looking at what is, not what could be. Unless thy were to make a major announcement about a new path forward I don't take what comes out of research.microsoft.com very seriously.
Re: (Score:2)
Re: (Score:2)
You don't take the enhancements that Research has contributed to .Net, Visual Studio, Exchange, SQL Server, NT 6.0 / 6.1 seriously?
I take them seriously because they are highly effective business strategies for making money for Microsoft, in no small part because a shop using those would have great difficulty migrating to another platform.
Now if more of that research effort went into making Windows less prone to malware we'd start seeing some progress and the Internet would become a better place for everyone, including people who don't use Windows.
Re: (Score:2)
Have you even been involved in rewriting software from scratch? Usually you end up missing a whole bunch of use cases, introducing new errors, and completely not getting old ones. It just never seems to work the way people hope it will, and it ends up costing way more than you thought.
I fear that if MS tried to write an OS from scratch, it would likely be a big step backwards, do less than what we're accustomed to now, and take
Re: (Score:2)
"I fear that if MS tried to write an OS from scratch, it would likely be a big step backwards, do less than what we're accustomed to now, and take years of incremental improvements to get back to where we are now. I don't see what you propose as being either viable or possible."
Why is that? Moving from OS9 to OSX was a major leap. I know it was far easier, since they control the hardware platform, but it has been done before.
Re: (Score:2)
Well, not knowing much details about the innards of OS9/OSX -- was this truly a "rewrite" of the OS as the you initially said? ("Microsoft has the capital to develop a new operating system from the ground up.")
Was the transition from OS9 to OSX a "ground up" change? Or was it a swap of the kernel for a more modern one?
My first thought is that trying to build
Re: (Score:2)
Microsoft's problem right now is exactly that: backward compatiblity. I remember when they said that Windows Vista was supposed to be a complete rewrite from the ground up, that there would be amazing XYZ features, etc. Then they slowly began to remove everything, including the rewrite, until it was basically back to what we could call Windows XP2 (whatever the name).
When Apple introduced Mac OS X, they had a "classic mode" to allow you to run older Mac OS 9 software on the new OS. Then they added Rosetta,
Re: (Score:2)
Re: (Score:2)
I think the non-Firewire models support target disk mode via USB. What's strange is that Firewire got upgraded to FW800 on the new Mac mini models.
Re: (Score:3, Informative)
Back in the System 7 days, Apple started "Copland [wikipedia.org]" as a next-gen OS to remedy the numerous and hilarious deficiencies in their existing OS. The project was a miserable failure and, after about as much schedule slipping as Apple could afford at that time, they took it out back, shot it, and bought NeXT, and then proceeded to adopt more or less
Re: (Score:2)
Yes, but remember that the original rewrite of Mac OS by Apple(Copland i think it was called) was a total failure which newer reached a state where it could be released.
And the Apple bought Next and used their os instead, and the rest is history.
I don't think that that Microsoft can write a total new from start os which would be able to run existing Windows Software. The amount of undocumented but used side effects in the existing Windows api is simply to big. If you don't belive that, just try to look at s
Re: (Score:2)
And because they reused the XNU (which they bought), which uses parts of the FreeBSD kernel and of the Mach micro-kernel, which was developed at the Carnegie Mellon University.
Re:Back to the drawing board (Score:5, Insightful)
Developing an entirely new os is about the worst thing microsoft could possibly do from a business perspective...
Currently their single biggest selling point is compatibility, sure as you point out compatibility with something that has a fundamentally flawed design but still compatibility... If they were to ditch compatibility, then users would have to ditch all their existing apps (especially legacy apps which may be abandonware) and learn a completely new system thats not been tried and tested...
In other words, they would now saddle themselves with the biggest disadvantages associated with other platforms while offering none of the advantages of those platforms...
Microsoft ditching compatibility with all their legacy cruft would probably be the best news apple and linux distros could ever receive.
Re: (Score:3, Interesting)
And, if that happens, there is literally nothing to suggest that they would land on a Microsoft platform.
It would be bordering on suicide for Microsoft to lose backwards compatibility -- because people could be swayed to end up someplace else.
Exactly ... I mean, you can see the ad cam
Re: (Score:3, Interesting)
Even Vista's "Hey, let's actually slightly enforce all those best-practices things about not assuming that everyone is running with Admin privileges at all times, as though it were still Windows 95" was met with a firestorm of nearly pure hate. So much so that, even with Vista to take the flack and several years for 3rd parties to get their act
Well, go ahead and tell them what then (Score:5, Insightful)
Seriously, let's hear this brilliant idea that a number of geeks on Slashdot seem to have as to how to design an OS that is perfectly secure against Malware and so on, yet still gives the user full administrative control over their system. So show us a framework or example of some kind where users have the full control they must over personally owned systems, yet the system is 100% secure over bad code. Also then show the design methods that can be used to ensure that there are zero bugs, anywhere, ever, in the design or the implementation and that allow a product to be produced in the timescales demanded by the consumer world (as in it can't take 10 years of validation).
If you put any real thought in this, you'll realize it can't be done. There is no power without responsibility, there is no perfect system that is 100% bug free.
That being the case, stop whining.
For this particular thing, this is a local privilege exploit. It is a bug, a mistake, one that will be fixed. If you Google around you'll find that Linux has had plenty of these through out its history. Something is done wrong such that a program can elevate when it isn't supposed to. They are bugs to be patched, but not super critical since you still have to get malicious code on to the local system and get it to execute. They are more of a concern on multi-user systems but even then it is rarely a panic situation.
So seriously, enough with this "OMG MS just needs to make a 100% perfectly secure OS!" shit. It shows massive ignorance of how complex and OS is, and what all you have to balance. No problem with that, you needn't learn about it if you don't want, but then don't argue from a position of ignorance and assume that they could make a perfect OS if only they wanted to bad enough.
No security is perfect. People who do security in the real world, physical security, have always known this. For some reason many people who do virtual security delude themselves in to thinking it is different. No it isn't, there is no perfect security. So have defense in depth. Be mindful of where you visit on the web, don't download random shit, run a quality virus scanner that checks data as it comes in from the web, use a deprivileged browser (somethign in protected mode, if your browser supports it), have a firewall, have UAC turned on, think before you execute a program. None of that is perfect, none of that is something that can't ever fail, but with layers of protection if one fails, you've others to fall back on.
Re: (Score:3, Insightful)
I only read your first sentence. I'm pretty sure the brilliant idea is install NetBSD.
Re: (Score:3, Insightful)
You're comparing a local privilege escalation exploit (*unix) to a remote one (Win) as if they are even the same ballgame?
L O fucking L.
Re: (Score:2)
This bolting on of security solutions like UAC isn't going to to cut it anymore.
Why? And what will be improved by rewriting the OS? There still has to be some permission system to be able to install software without having to login to another account. What mechanism would you suggest they use? How would that be immune to security bugs?
...what Apple did by porting OSX for Intel in parallel says volumes about their company.
What does it say about them? How does that compare with Microsoft writing Windows NT for Intel x86 PC compatible, DEC Alpha, and ARC-compliant MIPS platforms, with PowerPC being added later?
Re: (Score:3, Insightful)
Besides nebulous empty rhetoric like Windows having a broken design, what's wrong with it that a rewrite would fix?
Staggering amounts of backwards compatibility crud full of security holes?
One obvious example is Windows' default behaviour of loading .DLL files from the current directory, which allows you to infect arbitrary executables by starting a program from a directory wihch contains a malware DLL. 'But we can't change that because it will break WhizzbangSoft 2003!'
The only way for Windows to become secure is to throw out backwards compatibility, and then no-one would use it.
Nothing to do with UAC (Score:4, Informative)
This is a perfectly ordinary elevation-of-privilege vulnerability. Just like every other elevation of privilege vulnerability it also happens to be capable of bypassing UAC's split-token protection, but the vulnerability itself isn't related to UAC in any way.
In particular, if the workaround suggested in the article is correct, this vulnerability can't be used to escape from Internet Explorer Protected Mode (the other major function of UAC).
Of course (Score:2, Insightful)
UAC isn't really anything special, just an easy way for running as a deprivileged user. However many Slashdot types love to hate on it not only because it is from Microsoft, but because it messes with one of their talking points. For the longest time Linux (and OS-X) types hated on Windows because people ran as administrators. They talked about how amazingly insecure that was, how big a problem, how MS didn't care about security and so on. Many people tried to explain to them that it really doesn't matter,
Re: (Score:3, Funny)
I don't hate UAC because it's from Microsoft. I hate UAC because I think it is totally stupid that I have to change a filename, then say yes I want to change the filename, then say yes I really want to change the filename, then say yes I really, really want to change the filename. Four times? Why is four times the magical threshold between security and insecurity? For me, the number of times is zero (I know when I want to change a filename, and no amount of dialog boxes is going to change my mind, so they s
Registry (Score:2, Insightful)
Re:Registry (Score:5, Insightful)
"The flaw is related to the way in which a certain config file is interpreted..."
Oh gee, not this myth again... (Score:2)
The Windows registry is just a database that sits on the file system. Parts of the database are maintained in memory for extremely fast access. The database also handles locking when multiple applications need to have access, or write to the same piece of data at the same time. The registry was made to replace the need to keep the following from happening...
(My application needs and INT value that describes something.)
1. opening a file.
2. locking a byte range.
3. seeking to the byte range on the disk.
4
Re: (Score:2)
There's nothing "special" or evil about the windows registry.
IMO, the stupid thing about the registry is that they made up a bizarre byzantine custom API for it, when it could have been done with the familiar POSIX file API, like the /proc filesystem in Linux. (Having to call atoi() on a retrieved data value is not going to noticeably slow down your app relative to the overall system call overhead.)
It didn't help that the whole thing tended go corrupt and die back in the early days. It's never really shaken that initial reputation.
Re: (Score:2)
Really? Switching to text files would magically fix this??
This flaw is not related to how the registry is loaded and/or interpreted, actually it's not the fault of the registry at all - it's a kernel exploit. The mitigation is to tweak *permissions* on a couple of reg keys that should have been tightened up in the first place. It's akin to allowing SUID root on the sudoers file and a kernel vulnerability that allows $BAD_GUY to use that fact - it's not the file itself.
Whether the info is in a database of bi
Re: (Score:2)
microsoft is a bad omen for windows (Score:2, Offtopic)
this could be a very bad omen? (Score:4, Funny)
No, but the 'windows startup sound' is.
Re: (Score:2)
It looks like a security boundary, acts like a security boundary, and smells like a security boundary. It is a security boundary as far as application developers and user are concerned. Even the terminology involved ---- "elevation", "integrity level", and so on --- suggests this interpretation. Claiming after the fact that "it was never intended as a security boundary" is just an exercise in weasel working.
UAC isn't there because we want to deal with it. If it isn't a security boundary, what's the goddamne