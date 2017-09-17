'Bashware' Attacks Exploit Windows 10's Subsystem for Linux (betanews.com) 8
Mark Wilson quote BetaNews: While many people welcomed the arrival of Windows Subsystem for Linux (WSL) in Windows 10, it has been found to be a potential security issue. A new technique known as a Bashware has been discovered by security researchers that makes it possible for malware to use the Linux shell to bypass security software.
While administrator access is needed to execute a Bashware attack, this is fairly easily obtained, and the technique can be used to disguise malicious operations from antivirus software and other security tools. Researchers from Check Point Research point out that the danger stems from the fact that "existing security solutions are still not adapted to monitor processes of Linux executables running on Windows."
While administrator access is needed to execute a Bashware attack, this is fairly easily obtained, and the technique can be used to disguise malicious operations from antivirus software and other security tools. Researchers from Check Point Research point out that the danger stems from the fact that "existing security solutions are still not adapted to monitor processes of Linux executables running on Windows."
Easy to get administrator access? (Score:2)
While administrator access is needed to execute a Bashware attack, this is fairly easily obtained
Really? that sounds like more of a problem than some particular tool....
Re:Easy to get administrator access? (Score:4, Insightful)
Re: (Score:3)
Yes. If you have Administrator access, you own the system. So what they are really saying is "Hey, if you already own the Windows system then you can do bad things with the Windows system!"
So it's a meaningless and irrelevant story.
Re: Easy to get administrator access? (Score:1)
Can drive-by-downloads install the WSL, and then install something to apt-get WINE, or complile WINE on the WSL, resulting in a virus running undetected by the Windows antivirus?
The issue here is that once it happens, there will be no way to catch it down the road. Once an id10t user gets infected, nothing will detect the infection. Only knowledgeable techs who know to remove the WSL to remove the virus.
Can an antivirus or anti-malware system detect malware installed into the
Re: (Score:2)
While administrator access is needed to execute a Bashware attack, this is fairly easily obtained
Really? that sounds like more of a problem than some particular tool....
It's a classic example of a Raymond Chen airtight hatchway [microsoft.com] attack. In order to carry out an attack with admin privs, you first need to be admin. And then a sign lights up in black on a black background telling you you've done it.
Average Joe? or Linux Admins? (Score:1)
Does that mean all copies of the Windows 10 operating system are vulnerable? Meaning grandma or bubba and their propensity to give everything and its kid brother root access?
Or are we just talking about systems being administered by Linux admins, where root access by an untrusted application carries this risk implicitly.
Re: (Score:1)