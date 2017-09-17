'Bashware' Attacks Exploit Windows 10's Subsystem for Linux (betanews.com) 38
Mark Wilson quote BetaNews: While many people welcomed the arrival of Windows Subsystem for Linux (WSL) in Windows 10, it has been found to be a potential security issue. A new technique known as a Bashware has been discovered by security researchers that makes it possible for malware to use the Linux shell to bypass security software.
While administrator access is needed to execute a Bashware attack, this is fairly easily obtained, and the technique can be used to disguise malicious operations from antivirus software and other security tools. Researchers from Check Point Research point out that the danger stems from the fact that "existing security solutions are still not adapted to monitor processes of Linux executables running on Windows."
While administrator access is needed to execute a Bashware attack, this is fairly easily obtained, and the technique can be used to disguise malicious operations from antivirus software and other security tools. Researchers from Check Point Research point out that the danger stems from the fact that "existing security solutions are still not adapted to monitor processes of Linux executables running on Windows."
Easy to get administrator access? (Score:2)
While administrator access is needed to execute a Bashware attack, this is fairly easily obtained
Really? that sounds like more of a problem than some particular tool....
Re:Easy to get administrator access? (Score:5, Insightful)
Re:Easy to get administrator access? (Score:5, Insightful)
Yes. If you have Administrator access, you own the system. So what they are really saying is "Hey, if you already own the Windows system then you can do bad things with the Windows system!"
So it's a meaningless and irrelevant story.
Re: Easy to get administrator access? (Score:1)
Can drive-by-downloads install the WSL, and then install something to apt-get WINE, or complile WINE on the WSL, resulting in a virus running undetected by the Windows antivirus?
The issue here is that once it happens, there will be no way to catch it down the road. Once an id10t user gets infected, nothing will detect the infection. Only knowledgeable techs who know to remove the WSL to remove the virus.
Can an antivirus or anti-malware system detect malware installed into the
Obtaining Administrator access: Win10 vs Linux (Score:2)
The thing is, on the platform usually targetted by malware written in Bash script - like GNU/Linux systems - "Administrative access" isn't something trivial.
It's rare that regular users run everyday tasks as "root".
You needed Microsoft to bring the GNU userspace and "linux ABI" to their NT kernel for suddenly things to run sour.
----
And joke aside about NT user running as "administrators" 24/24 hours and 7/7 days, this was bound to happen
:
In order to not have ridiculous performance (as opposed to solution l
Re: (Score:1)
So really, the better solution is to actually run Linux on VMWare, VirtualBox, Hyper-V, and so on.
Got it, avoid another MS integration clusterfuck.
Re: (Score:2)
So really, the better solution is to actually run Linux on VMWare, VirtualBox, Hyper-V, and so on.
And why would I do that instead of running Windows in qemu-kvm, VirtualBox or even VMWare? You want the more secure system as the host rather than the other way around.
Re: (Score:2)
Again, remember : WSL is only exclusively to be used in testing/development environment (so that devs can directly test linux binary ELFs without needing, e.g., a full blown Ubuntu VirtaulBOX VM image). WSL is currently NOT to be used in production (keep it away from production servers - obviously those will be running some GNU/Linux flavor), otherwise such blow-in-your-face accident could happen on critical machines with critical data.
But some stupid shop is going to underbid you writing a thin layer on top of some free opensource code, and install/enable WSL behind the back. PHBs, dimwitted people masquerading as chief of cyber security, all the layers of CXOs, all bent "upon making the numbers" for the coming quarter to get an additional million dollar stock options all will claim that is the fair price for that module that faces the world from the landing page of corporate web site.
You lose immediately
They lose after some time
We
Re: (Score:2)
No, it's not a non-issue, but it's a different kind of issue than most people realize. Remember the Alexis de Tocqueville Institution [sourcewatch.org] and the propaganda they pumped out last decade about how Linux and Open Source in general was a parasite on the tech industry, was enabling all sorts of illegal activities (such as terrorism - of course!), and attempted to publish a book claiming Linus Torvald's didn't really invent the Linux kernel? Microsoft was (and still is!) a major funder of this propaganda mill.
Think a
Re: (Score:2)
While administrator access is needed to execute a Bashware attack, this is fairly easily obtained
Really? that sounds like more of a problem than some particular tool....
It's a classic example of a Raymond Chen airtight hatchway [microsoft.com] attack. In order to carry out an attack with admin privs, you first need to be admin. And then a sign lights up in black on a black background telling you you've done it.
Steve Martin Joke from 70s (Score:1)
"I'm gonna tell you how to make a MILLION dollars tax free. First, get a million dollars."
"I'm gonna tell you how to get root access on a Linux machine. First, get admin access."
Eh, needs work before it's ready for Steve if he ever does a Linux show.
Average Joe? or Linux Admins? (Score:1)
Does that mean all copies of the Windows 10 operating system are vulnerable? Meaning grandma or bubba and their propensity to give everything and its kid brother root access?
Or are we just talking about systems being administered by Linux admins, where root access by an untrusted application carries this risk implicitly.
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
Now we get all the holes of Windows AND Linux in one OS. Jeenius!
Re: (Score:1)
Re: Average Joe? or Linux Admins? (Score:1)
WSL vs Win32 API (Score:2)
It is that no existing anti-malware utilities will automatically catch and remove the malware. This is a serious risk.
Well to be more precise
:
- currently the WSL subsystem that provides "linux ABI" to original linux ELFs
- and the Win32 system usually offered to normal windows userland
are too different environment which are kept (on purpose) isolated from each other.
(Just think about it: even if theoretically NTFS can store case-sensitive filenames, absolutely no Win32 userland does handle it.
That's just one of the several reasons why both environment should touch eachother's stuff.
Another reason is that for performance re
Re: WSL vs Win32 API (Score:1)
1. The user doesn't know the Linux subsystem is installed.
2. The user doesn't know anything about Linux, and expects their Windows anti-virus to protect them.
WSL is optionnal (Score:2)
The user doesn't know the Linux subsystem is installed.
WSL isn't installed by default on Windows 10.
It's an optional component that you need to explicitly select in the corresponding control-pannel-thingy.
(like IIS).
If the user is clueless, chances are high that they don't have WSL installed.
The user doesn't know anything about Linux, and expects their Windows anti-virus to protect them.
(well, if they are running McAffee, they are toasted anyway
:-P )
More seriously, it's the "security suite"'s developpers' job to develop a solution.
Again there is no technical reason preventing it (even if the current suite happens not to be able to see what happens on the
Re: WSL is optionnal (Score:1)
So we are back to Antivirus vendors providing ELFs, and providing a means of automatically installing and registering them, after installation. A means of automatically detect
Too late (Score:2, Funny)
Re: (Score:2)
HAH! And they just said Linux is Windows future (Score:2)
And to think there was just a headline here on
/. that asked 'Will Linux Innovation Be Driven By Microsoft?'
Well here's hoping not.
Question ? (Score:2)
Why is bashware not a problem on a Linux system ? After all: if all that Windows Subsystem for Linux does is to provide Linux functionality then you would expect the same malware to also have been a problem on native Linux systems.
Re: Question ? (Score:1)
Re: Question ? (Score:2)
The masses are not enabling Windows Subsystems for Linux either. If someone is, they are supposed to know what they are doing.
Re: Question ? (Score:1)
Holy crap! (Score:2)
Holy crap! If someone gets administrator access on my system, they can do bad things? With the SUBSYSTEM FOR LINUX, SPECIFICALLY???
/., what is this shit?
Seriously,
Anybody have a problem with Wine being used? (Score:2)
Under Windows 10 install Linux, load Linux and install Wine = Exploit. Video is now private, I can see why.
One more for the airtight hatchway list (Score:2)
AKA: Code execution results in code execution.
Raymond has a whole series of these things:
https://blogs.msdn.microsoft.com/oldnewthing/20070807-00/?p=25683
Once you're able to run arbitrary programs as admin on a Windows box, the box is lost. Which particular set of arbitrary weirdness you choose to do to crash, compromise, or exfiltrate the data is pretty much irrelevant.