New Windows Kernel Vulnerability Bypasses UAC 303
xsee writes "A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users."
Re:Bad omen? (Score:2, Interesting)
What about the clueless home users?
When has anyone, especially Microsoft, ever cared about them? Even the anti-malware outfits are just exploiting the fundamentally insecure nature of Windows to extract money from those clueless users. It's a sick ecosystem, and I'm hard pressed to decide if Microsoft is unwilling, or just unable, to ever fix it.
Re:Bad omen? (Score:4, Interesting)
What about the clueless home users?
And I spent five hours last night cleaning up friend's Vista machine. Her husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free. The last time around I installed Firefox and Chrome (so if some site wouldn't work in one, they could try in the other) and, at her request, removed all their file-sharing software.
So, of course, when I looked it at last night I found that they had gone back to Explorer (Firefox "didn't look the same") and the thing had a couple of Trojan downloaders running and at least a dozen other bits of active malware, plus two different browser hijackers. They were competing with each other for control of Explorer, and as a consequence Explorer wouldn't load anything at all.
I ran three different scanners and got rid of everything that I could. Tedious process. So, my friend asked if I could just disable Internet Explorer (she's had just about enough of this as well, since they don't live near us, and she's always the one that has to drive the computer over.)
After talking with this lady about what they actually need a computer for, and looking over their selection of installed applications, I think they may be a candidate for a Linux upgrade. They don't have any Windows-specific apps that would preclude trying another OS, and most of what they do is Web-based anyway (Yahoo Mail, Facebook, etc.) We tried all the major sites they use on an Ubuntu box, just to make sure they work well in Firefox and Chrome.
If I do wean them off of Windows, I want them to be as happy as possible with the new OS. Just replacing the operating system and expecting people to just adapt is unrealistic, so there will be some training involved, but it will be worth the investment since once it's done I won't hear from them very often about computer problems. Oh, they'll be irked that they won't be able to run the latest trojan, but that's the price they're going to have to pay.
This wasn't the worst-infected machine I've encountered by any means. I'm not an IT guy by profession, but people do ask me to help on occasion. I had a co-worker a couple of years ago who had (and I counted them) thirty five pieces of active malware, plus an even dozen Trojan downloaders. The hard disk in that box wouldn't stop, ever, and it would take ten seconds to respond to a keystroke. I had to pull the drive and install it in another system just to scan it.
Probably in the next couple of weeks she'll bring their system back and I'll remove Windows for her.
Re:Backdoor? (Score:3, Interesting)
An entity in the position to push Microsoft into giving them a backdoor would, one presumes, already possess formidable power, either legally or secretly(depending on whether the backdoor is inserted by NSA spooks or suspiciously cheap Chinese contractors). Such an entity would be foolish to use such power to push for a backdoor which, if discovered(and there is constant searching going on, even if you only count the guys who just want to send h3rb5l v15gra! spam...), would suddenly give every flea-bitten nonentity who can afford an internet connection considerable intelligence capabilities.
Any entity with substantial legal clout would, unless absurdly moronic, simply use instruments like CALEA, collaboration with Telcom entities, search and seizure procedures, and the like. If those weren't good enough, they would advance the theory that only even greater legal clout can possibly save America and The Children from the pedo-terrorist menace. If history is any guide, they should then receive an upgrade.
Any entity with substantial clandestine/illegal clout would, again unless absurdly moronic, be much better served by making use of vulnerabilities that happen anyway, along with HR/outsourcing based infiltration of relevant institutions. Pushing for a backdoor that puts them on par with dubiously pubescent script kiddies, when they currently have a commanding lead, would be illogical in the extreme.
Re:Back to the drawing board (Score:3, Interesting)
And, if that happens, there is literally nothing to suggest that they would land on a Microsoft platform.
It would be bordering on suicide for Microsoft to lose backwards compatibility -- because people could be swayed to end up someplace else.
Exactly ... I mean, you can see the ad campaigns already ... "Well, if you're already switching operating systems ....".
Re:Bad omen? (Score:4, Interesting)
Re:Back to the drawing board (Score:3, Interesting)
Even Vista's "Hey, let's actually slightly enforce all those best-practices things about not assuming that everyone is running with Admin privileges at all times, as though it were still Windows 95" was met with a firestorm of nearly pure hate. So much so that, even with Vista to take the flack and several years for 3rd parties to get their act together, 7 backed off the UAC a little bit. A really serious change of the "Nope, no win32 for you. Also, all drivers must be utterly rewritten" caliber would probably be met with shocked silence, followed by most of Redmond being set on fire...
Vulnerabilities are VERY profitable for Microsoft. (Score:5, Interesting)
Microsoft top managers achieve vulnerabilities by not allowing Microsoft programmers to finish their work, apparently. Since Microsoft has a virtual monopoly on operating systems installed on computers you can buy, the vulnerabilities make Microsoft more money because the average person cannot fix an infected computer and buys a new computer with another copy of Windows. See the New York Times article: Corrupted PC's Find New Home in the Dumpster. [nytimes.com]
The solution is to make computers with Linux already installed available. Unfortunately configuration of Linux is quirky and poorly documented, slowing adoption.
Another solution is to use anti-trust law to make Windows more fair for buyers. Should users of Windows Vista pay for an entirely new version of Windows, when Vista was troublesome and a court case showed that Vista was knowingly released before it was ready? There are only small differences between Windows Vista and Windows 7. Why should users pay for an entirely new copy of Windows?
It is my opinion that the present practices of selling something almost everyone with a computer must have are unfair and against the common welfare. Microsoft lost an anti-trust case, but there was never any penalty.
Re:Bad omen? (Score:2, Interesting)
What a completely uncalled for comment.
Not at all. Microsoft got caught flat footed when the Internet went public. Windows was never able to be used safely on anything but a trusted network, and after almost twenty years it still isn't. If it were, why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?
Stop making excuses. All operating systems are vulnerable, to varying degrees, when connected to the global network. Only one OS, however, stands out as a shining example of how not to do it.
Every time Microsoft includes a new tool, they get sued for bundling or something.
Re:Bad omen? (Score:5, Interesting)
Nothing you said there has ANYTHING to do with Microsoft not caring about "clueless home users". I called you on that comment and you just changed the subject.
You say Microsoft misread the importance of the Internet. Absolutely, although it was 15 years ago! But what has that got to do with them not caring about home users?
You claim Windows can't be used safely on an untrusted network? That is false, the current version ships with the firewall turned on and most of the useless network services turned off. Gone are the days when you would be infected within 15 minutes of connecting to the Internet with a vanilla install.
Despite what you say, you don't have to install a third party firewall and run third party anti-malware software. My original post to you linked to the free Microsoft supplied anti-malware software. Why did you just ignore that? All the reports that I have seen about it have been quite positive.
And I still don't see any evidence of Microsoft ignoring the plight of clueless home users.
Re:Bad omen? (Score:5, Interesting)
Normally I don't feed the trolls, but...
Every measurement I've seen indicates that malware authors are profit driven. The reason they find exploits is to drive revenue (in the past this wasn't the case, but for the past 10 or so years it is). Let's take this as a given (if you can find evidence that malware authors aren't profit driven, we can reconsider this, but I suspect you won't).
Finding an exploit costs money - you need to spend your time to find it or you need to pay someone to find it. Either way, you're out cash money - that's an expense for the malware author.
Assuming that the malware author has a limited budget for exploits (which is likely to be true), the malware author is going to want to maximize their return on investment.
Further, let's assume that the cost of finding an exploit is the same on all platforms (that's not true btw - Charlie Miller has said that it's far easier to find exploits on OS X than it is on Windows, but let's just assume that the cost is the same).
If I pay $10000 for a Windows exploit (the amoun of the pwn2own prize), I can target 90% of the computer users out there. If I pay for an OSX exploit, I can target about 6% of the computer users out there, and if I pay for a Linux exploit, I can target about 4% of the users out there (the market share numbers are roughly accurate, but obviously vary by country - for instance OSX has about a 10% share in the US but only 4% worldwide).
So how does the malware author maximize the return on their investment? Obviously they want to chose the one that gets them the most victims for their money. And that choice is Windows - 90% vs 6% vs 4% means that for a given amount of effort, the OS with 90% market share will always return a higher ROI than the OS with 6% or 4%.
The only thing that will change this dynamic is if either the cost for exploits for OSX and Linux goes dramatically down OR if the market share for OSX and Linux dramatically increases.
All software has bugs. Anyone who works in software engineering knows that. It doesn't matter what operating system you're running, they all have bugs. And some percentage of those bugs will result in an EoP. It doesn't matter what operating system - every OS I've known has had EoP bugs in them.
As long as an operating system can run arbitrary applications (in other words, it's not locked down like iOS is), the very nature that allows you to run arbitrary programs allows you to exploit EoP vulnerabilities in the OS.
Re:Bad omen? (Score:3, Interesting)
So hacking personal computers is more lucrative, than, e.g. the servers on the internet?
You mention this malware author, who wants profit. Back in the days, so I thought, most of the hackers did it more for personal challenge, or fame, than for profit. I also thought, the first bright minds of this sector came out from people who actually built the software, they protected or hacked. They worked at universities and had all crazy ideas, were joining together in some kind of devotion to computers - it was not always a socially lucrative thing to be a geek. Engineers, mathematicians, and stuff.
So which kind of profit lies in unprotected Windows Systems, which have enough stuff installed, which easily and legally could undermine them? Like Flash? Skype? Stealing data can't really be the reason why there is so much money behind it.
Most Workstations in big networks are secured not only by hardware firewalls, but also by unix systems. If accessing those Workstations is so crucial to get profit, accessing the network via a unix virus would be very easy. And from there, malware could be easily spread.
However I turn it in my mind, I don't think the no. 1 OS for the Desktop marketshare is any more profitable, than the no. 1 OS type in any other sector, which stores the same crucial data, or any other thing, that could be very profitable.
Either those securing systems are just harder to overtake, or profit is not the key factor in the overall hackers motivation.
For me, people who do that kind of coding either just do it for curiousity or because of paranoia. Or because of the thrill. Some of them maybe for profit, but I hardly think, they would post it on the internet, anyway.
But I sincerely ask which aspects I just don't know yet, since I am young, maybe I am too historic to be a realist.
Re:It's simple economics (Score:2, Interesting)
Cool. So your point is that if Linux and Mac get popular while Windows remains popular, security as a whole for the computing landscape will be improved due to a more heterogeneous environment. It's quite possible.
You also realize then that the argument that if Linux or Mac had 90% of market share, that they would be exploited just as often, if not more so is correct?