backtop

Print 97 comment(s) - last by fatedtodie.. on Apr 30 at 4:28 PM
Attack isn't considered a serious threat

With Windows being the predominant operating system in the world, it's no surprise that it has the widest number of hacks and attacks aimed at it. As a result, Windows is often considered the least secure operating system by some users.

Windows 7 is out as a beta and the final version is expected sometime this year or early next year. Microsoft has also started to circulate the latest release candidate build of the operating system among developers and testers. Despite the fact that the operating system isn't officially available yet, a pair of security researchers have already shown a way that a computer running Windows 7 can be completely taken over during the boot process.

Researchers Vipin Kumar and Nitin Kumar have demonstrated proof-of-concept code that the pair developed called VBootkit 2.0. The software injects code into the Windows machine during boot up and allows the complete takeover of the machine and access to all files on the system.

Vipin Kumar said, "There's no fix for this. It cannot be fixed. It's a design problem."

Network World reports that while the attack allows a nefarious user to completely take over a Windows 7 computer, the attack is not a serious threat since it can’t be carried out remotely. A hacker would have to gain direct access to the computer to initiate the hack. The injected software allowing the takeover of the computer would also be erased after a reboot.

However, if the hacker had direct access to the computer, the hack would be very hard to trace. The file size needed to execute the attack is very small at 3KB and makes changes to the Windows files loaded at boot; no files are changed on the computer's hard drive. This makes the VBootkit 2.0 software very difficult to detect.

The latest version of the software allows the attacker to increase their user privileges up to the system level and they can remove a user's password giving access to all of the user's files. Once the attack is complete, the software restores the user's password to ensure the attack can’t be detected.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
Grrrrr
By jrb531 on 4/24/2009 10:21:00 AM , Rating: 5
You just cannot please some people.

Windows XP - not secure enough
Windows Vista - too secure
Windows Vista Part two (Windows 7) - not secure enough

Which do you want people? Make up your minds!

I'd love to see how secure Apple would be if they did not control all aspects of their hardware and most software and had as many people trying to hack their system.

Not trying to bash Apple and I'm no Microsoft fanboy but fair os fair.

Many of the same people who purport to hate Vista and the high level of admittingly "anoying" security were the same ones who totally bashed XP because of a lack of security.

I've grown so tired of it. Vista has the best of both worlds... it comes defaulted with high security (not perfect mind you but MUCH better off than XP) and if you want you can shut this off to have XP like security.

What is wrong with this? If it's hard to shut it off that is a good thing because I would rather only those who really know what they are doing be able to shut it off because these types of users are often the ones who know how to keep their systems secure.

The thought of every mom & pop being able to shut down their security with a tap of the button because they want to get rid of those annoying pop-ups give me nightmares.

I've been through far too many systems corrupted and infected because people understand that in theory they either need to maintain a car themselves or pay someone to do it for them yet do not understand that a computer needs the same type of maintenance on a regular basis be it virus or spyware protection, updates, backups, patches or even defragging.

End of mini-rant :)




RE: Grrrrr
By fatedtodie on 4/24/09, Rating: -1
RE: Grrrrr
By jrb531 on 4/24/2009 10:34:02 AM , Rating: 3
Says who?

By your logic we can "assume" that Windows 8 is the true goal and that Windows 7 is just a step on the roadmap.

A more likely senario is that Windows 7 is just a rushed rehash of Vista in order to kill off the Vista name due to bad press that can never be fixed.

If Vista became perfect this very second it would matter very little because the name is trashed.

Windows 7 "is" Vista with some changes that would have happened anyway to Vista itself had Microsoft stayed with the name. Want to bet right now that any real changes to Windows 7 end up in Vista via a patch anyway?


RE: Grrrrr
By TomZ on 4/24/2009 10:40:53 AM , Rating: 3
quote:
Want to bet right now that any real changes to Windows 7 end up in Vista via a patch anyway?
I would bet against that, personally. For example, there are a lot of GUI changes from Vista to Windows 7, and I think there is practically no chance of Microsoft releasing that for Vista.


RE: Grrrrr
By omnicronx on 4/24/09, Rating: -1
RE: Grrrrr
By omnicronx on 4/24/09, Rating: -1
RE: Grrrrr
By noirsoft on 4/25/2009 4:30:09 PM , Rating: 2
quote:
Dont fix it if it ain't broke. OSX is the perfect example of this, they have been using the same base OS for 10 years.


Um... try 7 to 8 years. OSX first shipped on new macs in 2002, well after XP, for those keeping track.

So, Microsoft has been using the same base OS for almost 10 years (if we start win Windows 2000) and Apple is a few years behind (as always)


RE: Grrrrr
By StevoLincolnite on 4/24/2009 11:00:16 AM , Rating: 1
Windows 7 (Blackcomb) was already under development before Windows Vista, however Microsoft wanted to focus it's efforts on Vista (Longhorn) hence Blackcomb was delayed.


RE: Grrrrr
By TomZ on 4/24/2009 1:23:59 PM , Rating: 5
That may well be true, but still there's no doubt that Windows 7 is based on the Windows Server 2003/Vista codebase.


RE: Grrrrr
By Dark Legion on 4/24/2009 2:22:41 PM , Rating: 3
quote:
That may well be true, but still there's no doubt that Windows 7 is based on the Windows Server 2003/Vista codebase.


Well if he is right, then it would be the other way around; Vista would be based on Windows 7 (Blackcomb), and Blackcomb was delayed so that Longhorn was released first (which would make sense due to the GUI changes etc., but there is no doubt that one is obviously based off the other).


RE: Grrrrr
By TomZ on 4/24/2009 2:30:39 PM , Rating: 2
If Vista was based off Windows 7, then you'll have to explain what the tens of thousands of Microsoft engineers working on Windows 7 have been doing for the past 3 years. :o)


RE: Grrrrr
By jrb531 on 4/24/2009 4:23:40 PM , Rating: 1
quote:
Speaking about Windows 7 on October 16, 2008, Microsoft CEO Steve Ballmer confirmed compatibility between Vista and Windows 7.[17] Ballmer also confirmed the relationship between Vista and Windows 7, indicating that Windows 7 will be a refined version of Vista.[17]


http://en.wikipedia.org/wiki/Windows_7


RE: Grrrrr
By Souka on 4/24/2009 6:28:53 PM , Rating: 4
Come on guys...get it right.

Vista was based off of WinME, which was based off of MS-Bob

Windows 7 is based off of WinXP, which came from Win2k

Can't you see it?


RE: Grrrrr
By TomZ on 4/24/2009 2:28:39 PM , Rating: 2
Sorry, correction: Windows 7 is based off the Server 2008/Vista codebase (not Server 2003).

Vista was based off the Server 2003 codebase.


RE: Grrrrr
By fatedtodie on 4/24/09, Rating: 0
RE: Grrrrr
By jrb531 on 4/24/2009 4:25:06 PM , Rating: 3
I did...

quote:
Speaking about Windows 7 on October 16, 2008, Microsoft CEO Steve Ballmer confirmed compatibility between Vista and Windows 7.[17] Ballmer also confirmed the relationship between Vista and Windows 7, indicating that Windows 7 will be a refined version of Vista.[17]


RE: Grrrrr
By fatedtodie on 4/30/2009 4:28:41 PM , Rating: 2
Care to quote balmer? Or are you going on hearsay?
Just because some reporter claims he used that wording doesn't make it a quote, I quoted the Lead of the department that actually makes windows 7.
I guess when I said read the facts I wasn't speaking clearly enough.
For future reference... facts do NOT include "oh well this dude said that that guy said so and so".


RE: Grrrrr
By Silver2k7 on 4/25/2009 5:26:02 AM , Rating: 2
lol it's still better than xp atleast.

"If Vista became perfect this very second it would matter very little because the name is trashed."


RE: Grrrrr
By michaelheath on 4/24/09, Rating: -1
RE: Grrrrr
By DEredita on 4/24/2009 1:03:41 PM , Rating: 2
I agree with what you are saying, but I think Win 7 is a bit larger of a step up. I am not a Vista hater, as I actually like Vista Business 64-bit edition. But, Windows 7 from my experience is a major step forward. I been on Vista since early 2007, and like it far better than XP. I actually started using OSX regularly because of XP. At work, I use both OSX and Vista.


RE: Grrrrr
By afkrotch on 4/24/2009 2:03:51 PM , Rating: 3
2k = Win NT 5.0
XP = Win NT 5.1
Vista = Win NT 6.0
Win 7 = Win NT 7.0

Not like Microsoft hid that fact, just that it doesn't sound all that great to call it Windows NT 6.0 Vista.

Anyways, there is a lot more to a OS release than what you make it out to be. There's a lot of underlying changes.

XP brought about better memory management, better multithreading, etc. While no, it's not really a brand new OS, but a much more refined and upgraded Win2k kernel. Which is a refined/upgraded NT kernel. Hence it being Win NT 5.1.

I wouldn't call it the same old thing with a new coat of paint.


RE: Grrrrr
By TomZ on 4/24/2009 2:25:35 PM , Rating: 2
quote:
XP brought about better memory management, better multithreading, etc

Vista also had a lot of kernel enhancements relative to XP.

quote:
Win 7 = Win NT 7.0
Actually, Windows 7 is version 6.1, not 7.0.

I agree with you - there are a lot of internal changes from release-to-release that the casual observer might not notice. But I would argue that is part of the "problem." Since the improvements don't have great visibility, they fail to add perceived value to the general customer. Technical people like us will recognize and appreciate them, but those making daily purchase decisions may just tend to see a new OS release as the old one with a face lift.


RE: Grrrrr
By eosmund on 4/24/2009 7:32:43 PM , Rating: 3
Actually the kernel is 7.0, but it reports as 6.1 for compatibility reasons. There were a lot of apps that would refuse to install when the kernel reported itself as 7.0.


RE: Grrrrr
By fibbeh on 4/24/2009 3:29:00 PM , Rating: 2
RE: Grrrrr
By takercena on 4/24/2009 11:10:22 PM , Rating: 2
Yea the same thing happen to windows xp64. Where is sp3 for this version of windows when the kernel is just 5.2 which is 0.1 different than windows xp. Numbers mean nothing.


RE: Grrrrr
By gmyx on 4/24/2009 3:12:50 PM , Rating: 2
I find it funny how people complain about UAC. Linux had this feature implemented a long time ago. It lets you know when your about to do something that WILL affect your machine.
The only thing they should add is 'Remember this choice'


RE: Grrrrr
By sprockkets on 4/25/2009 4:22:41 PM , Rating: 2
Depends on your distro; Ubuntu remembers for like 15-20 minutes.

However, in SuSE, you used your admin password to open Yast, and then could do all your tasks, whereas UAC would require each task to be authorized. It would be nice if the control panel would prompt for auth vs doing it for each little task in control panel, but it's better than nothing.


RE: Grrrrr
By Akrovah on 4/24/2009 4:01:02 PM , Rating: 2
I think your description of the transition is flawed. You seem to think MS needed to go the extra length of emulating XP in Vista so that users would not have to get all new software, but 90% of programs that worked in XP worked just fine in Vista. I myself didn't find any piece of software that I ran in XP that didn't run in Vista as well. The only compatbility issue I ever encountered was the removal of DirectSound (thank you Creative's Alchemy for fixing that BTW). Even then, the game would work, it just wouldn't have surround sound. If I recall correctly, most of the software that didn't run in Vista were apps that needed some deeper access to the OS, like anti-virus etc.

Even for software that didn't run, emulating an NT kernel on top of another NT kernel sounds questionable to me. Even with the extensive changes under the hood from XP to Vista it still didn't have the huge shift that was required for OS9 to OSX. In that case when X was first released it had virtually no software that was OSX native, making emulation something of a requirement for the OS to actually be usable.

Apple's and MS's situations were very different.


RE: Grrrrr
By Akrovah on 4/24/2009 4:06:43 PM , Rating: 2
Oh, and the performance improvement from Vista to 7 is very real. I went from playing Crysis with settings mixed between med - high with no dx10 at about 20 fps to maxed settings on dx10 with some low level AA and still maintined about 20 fps with Win7. No hardware change, and even still using the Vista drivers for my video card in Win7.

General destop usability was gretly imrpoved as well, especially file copy operations which were horrendously slow in Vista.

The only thing I have been disapointed with in the Win7 Beta is the IE8 beta. Crashes on me repetedly. It was finally the push that sent me to Firefox full time.


RE: Grrrrr
By jrb531 on 4/24/2009 4:32:44 PM , Rating: 1
You see what you want to see. Vista and Windows 7 are basically the same. They share the very same core, drivers and fps.

Whatever speedup you may have seen was most likely caused by a fresh install.

Do a fresh Vista install then a fresh Windows 7 install and you will see identical performance.


RE: Grrrrr
By Akrovah on 4/24/2009 5:18:45 PM , Rating: 2
I was comparing fresh installs.

I understand that in the core kernel very little has changed from Vista to 7, otherwise the driver model wouldn't be so similar, but there is alot more to an OS that can be refined and trimed down than just the kernel.


RE: Grrrrr
By michaelheath on 4/24/2009 7:17:09 PM , Rating: 2
quote:
I wouldn't call it the same old thing with a new coat of paint.


Sure I can. You can play under the hood all you want with an OS and stake claim in all of the measurable improvements you can find. However, if an end-user can barely tell the difference, then what’s the point? The “new coat of paint” is changing the interface around or adding features. I feel Windows 7 is just that: Improved performance in a few places, some new features and a more sparkly interface for end-users to play with, but it’s still Windows Vista. Windows 7 isn't god-awful, but it’s not mind-blowing, either.

quote:
You seem to think MS needed to go the extra length of emulating XP in Vista so that users would not have to get all new software, but 90% of programs that worked in XP worked just fine in Vista. I myself didn't find any piece of software that I ran in XP that didn't run in Vista as well...


Actually, there were plenty of programs that didn’t work at all in Vista: Adobe CS2 programs didn’t work properly (had to wait for CS3); practically every major AutoDesk program refused to run or install (had to wait for 2008 versions of everything); statistical programs like SAS, SPSS, and Stata wouldn’t install or run properly (waited forever for updated versions of those programs); mathematical programs such as MatLab and Mathematica (had to wait 6 months for revisions of those); plenty of Java and Oracle web apps didn’t work in IE 7... As an IT working for an Ivy League university, I’m pretty well aware what did and didn’t work, and a lot of things didn’t work in several major heart-stopping we-won’t-be-supporting-Vista-for-a-long-long-time kinds of ways. A cost-free XP virtual environment would have been nice.

quote:
...Most of the software that didn't run in Vista were apps that needed some deeper access to the OS, like anti-virus etc.


This is unacceptable from a support standpoint.

quote:
Even for software that didn't run, emulating an NT kernel on top of another NT kernel sounds questionable to me.


I suggest reading more about virtualization. People do it all the time, and quite often multiple instances of the same OS are running on one computer, each utilizing different operating cores of the same CPU and performing parallel tasks.

quote:
Oh, and the performance improvement from Vista to 7 is very real.


Yes, but this is purely from a subjective standpoint and completely circumstantial. The spectrum you view Windows 7 through is very narrow. I have to consider it from a broad support point of view and contemplate many different individual’s needs. These people don’t game all the live long day, and a few extra frames in Crysis doesn’t mean anything to them. Being able to get their work done faster does, and I don’t think Windows 7 doesn’t have a terribly convincing argument after giving it a good long hard look.


RE: Grrrrr
By GiganticPanda on 4/25/2009 2:18:33 PM , Rating: 2
Although I cannot comment on the majority of software in your post, the statement that Adobe CS2 didn't work correctly under Vista is untrue. I used the same copy I had been using on XP on the Vista beta, and am still using it under SP1, and have never had a single problem with any aspect of the software. Although there may have been a few pro level apps that did not run correctly, to date I have only found one piece of software that does not run on Vista, and it is far from essential.


RE: Grrrrr
By michaelheath on 4/27/2009 4:25:56 PM , Rating: 2
I consider frequent random program crashing or programs just plain not starting to be very big issues. In January of 2007, Adobe said it was looking into how CS2 products reacted with Vista and said there were isolated issues, but ultimately said that 'new versions' were being developed that would ensure Vista compatibility. In April of 2007, my Adobe representatives told me that CS2 would never be updated for Vista support or compatibility because CS3 was impending. Why update an old suite of products when a brand new version was about to be released?

If CS2 works for you in Vista, great. For the folks I support, it's best that CS2 and Vista avoided each other.


RE: Grrrrr
By Jonesd on 4/25/2009 8:23:05 PM , Rating: 1
1.. Create the admin account (done setting up the initial login)
2... Create another user, standard, no admin rights
3... Use the non-admin account.

4... Start, run, secpol.msc.
Local policies, security options, scroll to the bottom & UAC options. Does it say 'Prompt for credentials'? Mine does.

Ohh, right, that means, as a standard user, it will ask for a username and password. Not many people know this as they don't bother to check, find out or hardly ever run as non-admin. Facts can be good.


RE: Grrrrr
By michaelheath on 4/27/2009 4:27:47 PM , Rating: 1
I can't help but feel mildly vindicated:

http://windowsteamblog.com/blogs/business/archive/...


RE: Grrrrr
By 2tweeked on 4/25/2009 4:12:30 AM , Rating: 2
As far a computer security goes, why can't we get old school on this. I remember the days when the OS was bootstrapped from ROM. Why can't we do this with computer hardware today? Provide a universal standard so optional OS's can take advantage of this process also. The static elements from the OS loaded into secured memory from secure FLASH memory and the dynamic/changing elements of the OS on the the hard drive. A hybrid solution. OS FLASH Mem upgrades would be done with authenticated secure means. Build a fortress around the OS and provide drawbridges to user space on demand or when needed. What do you think?


RE: Grrrrr
By Silver2k7 on 4/25/2009 5:36:07 AM , Rating: 2
not a bad idea perhaps.. but what will a motherboard cost with a 20Gb flash memory added.. im guessing these aren't quite as cheap as your regular usb thumbdrive.

Vista Ultimate x64, 18.7 Gb right now.

With todays big harddrives i could care less if the OS eats a few Gb.. but with flash memory it could be expensive.


Physical Access....
By Crusty on 4/24/2009 9:52:36 AM , Rating: 5
If a hacker has physical access to your computer you have a lot more to worry about then someone peeking at your files.




RE: Physical Access....
By Master Kenobi (blog) on 4/24/2009 9:57:50 AM , Rating: 2
Right. With physical access the least of your problem is them loading remote control software.


RE: Physical Access....
By Oregonian2 on 4/26/2009 2:40:48 AM , Rating: 2
Some say take the hard drive. I say take the whole computer (especially now that they tend to be laptops).


RE: Physical Access....
By Fleeb on 4/24/2009 10:16:16 AM , Rating: 2
If I have physical access... can I just steal the hard drive?


RE: Physical Access....
By afkrotch on 4/24/2009 10:57:24 AM , Rating: 2
That's detectable. This the exploit, you can create yourself a user acct and access other network resources.


RE: Physical Access....
By Griffinhart on 4/24/2009 3:52:42 PM , Rating: 2
With physical access I can boot to a Password recovery disk reset one of the local passwords and do the same thing. It might be more detectable but in a business network It's highly unlikely that anyone would notice that the local admin account password was changed for a very long time. I'm quite sure I could go to any desktop or laptop PC in the building change the admin password and install a keylogger without anyone being the wiser about it.


RE: Physical Access....
By kamel5547 on 4/24/2009 4:26:18 PM , Rating: 2
Actually since all the machine local account names and passwords in our office are set by GPO, your reset would last until group policies were applied, at which point they would be wiped. Meaning at boot time the password would revert back to the original and any non-standard accounts would be deleted, even if you d/c'd the network connection. Probably many people don't bother doing this, but I do...


RE: Physical Access....
By Fritzr on 4/24/2009 10:14:43 PM , Rating: 2
That's nice for the person who can reset the local admin password or create a new admin account. Install the keylogger, set it to run under a legit account, then let the GPO erase your footprints :)

Now if the GPO looks for and repairs changes and additions you might consider yourself secure against ongoing intrusion. You'd still be vulnerable during the window of opportunity between the install and the GPO repair, but that's a different problem.


RE: Physical Access....
By Amiga500 on 4/24/2009 10:17:16 AM , Rating: 2
More a worry for businesses I feel...

People giving themselves access to areas (and files) they shouldn't.


RE: Physical Access....
By bhieb on 4/24/2009 10:51:45 AM , Rating: 2
But this is local machine access not network access. Most businesses don't store much on the local box.


RE: Physical Access....
By Amiga500 on 4/24/2009 11:23:19 AM , Rating: 2
Unfortunately not.

Big CAD files = big local files.

They'll invariably be both on the network drives and local drives.


RE: Physical Access....
By guacamojo on 4/24/2009 10:23:04 AM , Rating: 2
But does this get around hard drive encryption?

Lost/stolen laptops are a real problem, and they can often contain sensitive or confidential information.

Hardware-based encryption isn't much help if this method allows root access through the "legitimate" file system.


RE: Physical Access....
By bhieb on 4/24/2009 10:54:28 AM , Rating: 2
That is the concern I see too. If it is legitimate access the encryption would let them on, they can copy it off to USB and be on their way. I see MS patching it regardless of how much these guys say it "can't be fixed". They cannot afford to have any long standing mistakes with Windows 7.


RE: Physical Access....
By WoWCow on 4/24/2009 10:46:09 AM , Rating: 2
quote:
A hacker would have to gain direct access to the computer to initiate the hack. The injected software allowing the takeover of the computer would also be erased after a reboot.

Then
quote:
The file size needed to execute the attack is very small at 3KB and makes changes to the Windows files loaded at boot; no files are changed on the computer's hard drive. This makes the VBootkit 2.0 software very difficult to detect.


I'm quite a nub and am working with a paranoid admin who simply cannot tolerate any other person attempting to install software on his machines. So they activated system disk protections (literally a system restore; wipes out new entry/logs/registries) to counteract any installations.

The question is
Does the hacker require administrative access to install the software and make permanent changes?


RE: Physical Access....
By BZDTemp on 4/24/2009 3:46:31 PM , Rating: 1
quote:
The question is Does the hacker require administrative access to install the software and make permanent changes?


Not likely - if so then it would not really be a hack.

I'd say this hack makes public available Windows 7 computers and big NO-NO! That is unless the computer allows for no outside storage = no USB and so on.


RE: Physical Access....
By MrPeabody on 4/24/2009 11:09:46 AM , Rating: 5
Seriously. I recently discovered an exploit with Windows 7 where a malicious hacker might completely halt all processing on the machine. This includes all network connectivity, background services, virus-checking . . . everything. Worse, it's a terribly simple exploit. In fact, most PC's have a button right on the front that knowledgable black hats might abuse.

All they need is physical access.

Rumor has it that most flavors of Linux have a similar exploit. No word yet on OSX.


RE: Physical Access....
By MrPeabody on 4/24/2009 11:40:10 AM , Rating: 5
UPDATE: I found an associate of mine with an iMac, and verified that this exploit also exists on Apple computers.

It appears that Apple has addressed this exploit by placing the button on the back of the iMac. This appears to be in-line with their general "security by obscurity" approach to protecting their machines.

Obviously, this is unacceptable. If I were a Mac user, I'd be upset. Indeed, my associate seemed particularly angry when I demonstrated the exploit to him. I guess he thought Macs were invulnerable.


RE: Physical Access....
By EasyC on 4/24/2009 12:12:44 PM , Rating: 5
I have found a solution to this hack. It is solved with hardware. I run an Asus P6T6 WS motherboard in my machine at home. I found the button used for this hack and disconnected it from the motherboard. I installed the diagnosis card packaged with the mobo and powered the computer on this way. Then I shut and locked my case!

So for now the problem is solved...until hackers start packaging hammers in their tool kit. Then we have even bigger problems to worry about.


RE: Physical Access....
By xsilver on 4/25/2009 9:12:51 AM , Rating: 2
ha - your solution can be exploited by 3 letters.

h2o.

check mate...


RE: Physical Access....
By ertomas on 4/25/2009 9:18:48 AM , Rating: 3
Just in case you missed this sentence:

quote:
Vipin Kumar said, "There's no fix for this. It cannot be fixed. It's a design problem."


Your solution won't work... It's a DESIGN PROBLEM...

You see, Win7 and Mac designers put a thing called a POWER CORD on the machines early on the development cycle. If you unplug it you still can reproduce the hack...

YOU FAIL!


RE: Physical Access....
By sprockkets on 4/25/2009 8:20:19 PM , Rating: 2
"That was great." - GLADDOS


Nonsense article
By rs1 on 4/24/2009 11:48:31 AM , Rating: 4
If you have local access to a machine, you already have complete control over it. No operating system in existence can prevent that, and it's silly to imply that Windows 7 should be able to.

Unless, of course, the author has a grudge against Windows 7 or something and just wants to try and make it look bad.




RE: Nonsense article
By Fritzr on 4/24/2009 10:25:29 PM , Rating: 1
Local access to a machine that is password locked only allows you to try entering the password. This particular hack allows you to boot the machine to an account with a known password.

The whole point of forcing users to enter a password to login to their account is to prevent people with direct local access to the machine from using that same machine without permission.


RE: Nonsense article
By Helbore on 4/25/2009 9:58:41 AM , Rating: 5
Yet youi can easily reset a password or create a new administrator account on any Windows machine, if you have the right tools.

I've got boot disks to do this and have done on every iteration of the NT platform since version 4. All I need is the knowledge and tools to do it, plus direct access to the physical machine.

Much the same as this hack. Its just slightly more elegant at hiding its access. Point is, breaking Windows security whilst sitting at the machine has ALWAYS been an easy task to anyone with theright tools (which are easily obtainable off da interwebz)

To anyone without the tools or skills, this hack is useless. To anyone with them, its no different than it ever has been before.


RE: Nonsense article
By rs1 on 4/25/2009 2:54:27 PM , Rating: 4
quote:
Local access to a machine that is password locked only allows you to try entering the password. This particular hack allows you to boot the machine to an account with a known password.


Bull. Passwords are easily circumvented if you have local access. All you need is a bootable DVD/CD/USB drive/floppy disk/etc. loaded with the proper tools. For instance, I would recommend:

http://home.eunet.no/pnordahl/ntpasswd/

I've personally used their utility several times to reset the admin password on machines that I would not have been able to access otherwise. It works quite well, all it takes is local access.

quote:
The whole point of forcing users to enter a password to login to their account is to prevent people with direct local access to the machine from using that same machine without permission.


Wrong, the point is to prevent casual access attempts by unauthorized parties, and to make the typical user feel like their machine is "secure" when really it isn't. If a determined individual with more than a casual knowledge of computing has direct local access to a machine, however, then nothing can stop them from using it without permission. Even if you set a BIOS password on your system so that it won't even boot without a proper login, someone with local access could just trip the "clear CMOS" jumper and wipe out your password (or if they were *really* mean, reset it to something different so you'd be left stuck wondering why your password no longer works).

Sorry, but if someone has local access to a system, there is virtually nothing that can be done to prevent them from taking control of it if that is really what they want to do.


RE: Nonsense article
By JediJeb on 4/26/2009 12:19:56 PM , Rating: 2
quote:
I've personally used their utility several times to reset the admin password on machines that I would not have been able to access otherwise. It works quite well, all it takes is local access.


The only thing that the software in the article can do that this approace can't is restore the original password. Using your approach you reset the password to gain access, but if the owner returns and finds their password no longer works then they know someone has broken in to their system. If this software returns the original password after the deed is done, they original owner may never know there was a security breach.

In a situation where extremely sensitive information is involved, the difference between an attack that is obvious and one that doesn't appear to have happened makes a lot of difference. Say someone hacks in and gains access to the Presidents travel route a month in advance, if it is noticed within a few days the route can be changed, if it is never noticed then that could be bad.


By Nighteye2 on 4/24/2009 11:02:06 AM , Rating: 1
Direct access is not physical access. A hacker using another exploit to get a trojan in can have the trojan drop this piece of software - basically a 2-stage take-over.

That trojan may not be able to do much, but if the trojan can install this exploit...




By Griffinhart on 4/24/2009 11:13:55 AM , Rating: 2
quote:
Direct access is not physical access. A hacker using another exploit to get a trojan in can have the trojan drop this piece of software - basically a 2-stage take-over.


Nope it requires physical access to the machine.

quote:
While VBootkit 2.0 shows how an attacker can take control of a Windows 7 computer, it's not necessarily a serious threat. For the attack to work, an attacker must have physical access to the victim's computer. The attack can not be done remotely.


From what I can gather it requires you to boot the system from a CD which then fools the computer into then running the installed OS normally. It requires physical access.


By emboss on 4/24/2009 5:25:06 PM , Rating: 2
Some motherboards are factory configured to try booting from a USB device prior to attempting to boot from the HDD. If this has not been changed, and the user has a USB thumb drive plugged in, then the initial trojan could copy the boot code to the USB stick and do a reboot.

Any sysadmin worth his salt would have changed this, of course, but home users could still be vulnerable.


By afkrotch on 4/24/2009 11:28:33 AM , Rating: 2
If you already have direct access, what would be the need to have this reboot hack tool for? Once you have direct access, there's other ways to gain admin privileges.


By Fritzr on 4/24/2009 10:21:17 PM , Rating: 2
Direct access and no knowledge of passwords is not the same as direct access and booting into an account with a known password.

First case you are staring at the screen trying to guess a password.

Second case you are staring at the screen trying to decide what you want to do with your full access.


not convinced
By AlmostExAMD on 4/24/2009 9:43:46 PM , Rating: 1
Once again people jumnping to conclusions about how good Windows 7 is,Wait until it's released and wait until the real hackers out there find exploits in it's core.
Then Microsoft will once again be forced to release updates/patches to fix them, Thus leading to a once again bloated operating system!
It's all good and well now but don't hold your breath.
Here is a litlle crazy idea with a lot of potential,How about offering $1000 per bug/hack to anyone around the world that can find them,I'm sure hackers out there would jump at the chance and we would be left with a most stable/safe and usable OS in the world that is ready for public and doesn't need patches every week.




RE: not convinced
By Fritzr on 4/24/2009 10:30:25 PM , Rating: 2
Crackers won't stop doing the research just because you tell them you are going to stop paying for new hacks. They will simply sell the How To info on exploits to the crooks. Come to think of it, they probably will do that anyway. $1000 is peanuts compared to what a botnet can earn.


RE: not convinced
By Helbore on 4/25/2009 10:05:49 AM , Rating: 3
Let a boatload of pro hackers at any OS and you can guarantee they will find exploits. If you think anything as immense as a modern OS can be developed without exploits, then you don't understand the complexities of coding such a piece of software.

At least Microsoft acknowledge exploits and patch them. Patches aren't bloatware, they're necessary and a damned good thing.


This just in...
By DASQ on 4/24/2009 10:57:20 AM , Rating: 5
Security researchers find latest exploit that allows complete data compromise in a Windows-based computer. Reportedly, they opened the case, and physically removed the hard drive. "There's no fix for this. It cannot be fixed. It's a design problem" says the creators of this proof of concept.




how is this different from Leopard?
By zinfamous on 4/24/2009 4:03:50 PM , Rating: 3
this "hack" sounds oddly similar to the way in which I can reset the password and admin privileges on my Leopard iMac at work

I just insert the OS X disc and without any prompting whatsoever at boot, I can reset and access anything on the system.

It's like an intentionally built-in exploit. I'm no OS or software guru, but I was stupified when I first discovered this.




By sprockkets on 4/25/2009 4:29:00 PM , Rating: 2
Certain linux platforms also could boot into user mode or whatever and that gave you root access without a password, though most do not allow this without the root password.

In anycase, they put this in by default, simply because once you have physical access, what good is any security less you used encryption? You are only as strong as your weakest link.


Re-imaging
By dagamer34 on 4/24/2009 10:30:43 AM , Rating: 2
Most smart, large companies either:

a) have remote access thin clients

or

b) reimage the hard drive after every boot.




RE: Re-imaging
By Totally on 4/24/2009 11:31:52 AM , Rating: 2
quote:
b) reimage the hard drive after every boot.


It runs in memory, so it doesn't even touch the hard drive, and is erased after every reboot anyway.


A threat until you reboot?
By Griffinhart on 4/24/2009 11:02:04 AM , Rating: 2
So it's a program that the attacker needs phsyical access to your system for and.....

quote:
However, when the victim's computer is rebooted, VBootkit 2.0 will lose its hold over the computer as data contained in system memory will be lost.


The problem goes away with a reboot.




By foolsgambit11 on 4/25/2009 7:22:50 PM , Rating: 2
The problem is that the hacker, while sitting at your computer, can quickly, and without leaving any trace, access all data, encrypted or not, on your Win7 box. As other people pointed out, this development is not total disaster, since no OS could guarantee security if a hacker has physical access, but it is worth noting that this "untraceable" hack is out there.

Despite their claims, surely there must be a way to guard against this, either with an OS patch or a BIOS configuration/patch.


This is old and already defensible
By epobirs on 4/24/2009 12:15:12 PM , Rating: 2
If physical access is needed, which implies media, in the form of a CD or flash drive, must be introduced to hijack the boot process, or how else could the code, however small, be introduced?

Here is a radical idea: Use the functions already in the BIOS of the computer to ensure that it will boot only from the hard drive and no other devices. Then put a decent password on access to the BIOS. It takes about a minute to change it as needed when the time comes, if ever.

I just got done with a job that involved installing new system images on PC in a large bank chain. (Machines greater than a certain age got replaced entirely and came with the current image already installed.) Part of the process required making the necessary BIOS changes to enable booting of the image installer disc. A few simple steps that are then undone when the process is complete.

Perhaps there is a way to force booting from CD or USB ports even when the BIOS doesn't want to do it but I haven't heard of it. If they have physical access to the computer I suppose they can zero out the SRAM to eliminate the BIOS settings including the password but that is hardly a quick or casual operation for somebody needing to be stealthy.




By Silverel on 4/24/2009 2:09:33 PM , Rating: 2
That'll stop most people from trying this. Put a nice hefty lock on the case, and you're just about set.


Finally!
By IcePickFreak on 4/24/2009 10:18:51 AM , Rating: 2
This is great news! You mean I can actually have full control of my Windows installation? Good work Microsoft!




RE: Finally!
By mattclary on 4/24/2009 10:44:57 AM , Rating: 1
+1, that's kind of funny.


By Donovan on 4/24/2009 12:09:53 PM , Rating: 3
quote:
A new exploit has been found that allows full administrator access to all versions of Windows. The attack is generally performed from the local console but can also be executed remotely on some configurations.

Hackers are calling the new security flaw "Login", and all it takes is a valid user name and password. Microsoft initially responded to say that their operating system was "working as intended", but was forced to withrdraw the comment after a trademark lawsuit was filed by Blizzard.




Wow
By Murst on 4/24/2009 12:11:17 PM , Rating: 3
Is the best that hackers can come up with so far in Windows 7? Probably they'll come out with some real threats in the future, but for now, it looks like Microsoft > hackers.




By sans2212 on 4/24/2009 12:28:01 PM , Rating: 3
Security companies may be hired some hacker, cracker and genius programmer to make the best virus, malware and trojan ever made. Since their money come from people and enterprise customer that uses their services, so it is naturally they want to make more money and claims their solutions is the best to make them feel secure.




i love vista
By poohbear on 4/25/2009 5:44:21 AM , Rating: 3
i bought vista after SP1 in november 2008. I love it. It's stable, smooth, and lovely. My system is more than powerful enough to handle it & all its features. end of story.




Are you serious?
By depravedone on 4/24/2009 10:19:56 AM , Rating: 2
So, if someone breaks into your house or place of business, they can take control of your computer? How is this even news? EPIC FAIL




Live CD
By mattclary on 4/24/2009 10:43:56 AM , Rating: 2
An Ubuntu CD would allow you access to the files too, methinks. I often use Ubuntu to recover files from customer's machines that are heavily infected. Never had any files inaccessible due to security settings.




Gimme a Break!!
By tech329 on 4/24/2009 10:45:34 AM , Rating: 2
If I have physical access to a machine with an unencrypted drive all bets are off. In that circumstance, one way or another the data is vulnerable.




Software can't be fixed?
By snikt on 4/24/2009 10:54:31 AM , Rating: 2
quote:
"There's no fix for this. It cannot be fixed. It's a design problem."


Its software, how can it not be fixed?




By holy cow on 4/24/2009 8:13:46 PM , Rating: 2
The all bets are off anyways.




What is going on?
By Spookster on 4/24/2009 9:19:36 PM , Rating: 2
A Microsoft article and it wasn't written by Jason Mickrosoft? WTF?




Vista more secure???
By frozentundra123456 on 4/25/2009 1:15:44 AM , Rating: 2
Vista is probably more secure than XP,but the security features are so annoying that most people either ignore them or turn them off. I dont think you have to be a computer expert to turn off the security features in Vista. Most of this can be done from the control panel. However, it would be useful to be able to somehow allow UAC to ignore some programs while still being turned on. Does it really make sense to ask if you want to run a microsoft program such as disk cleanup, or defrag when you have just told the computer to run it??
I have no great problems with Vista, but I dont see it as that big a step up from XP. I only have Vista because I bought a new computer. I definitely would not bother to upgrade to Vista on a computer that is running XP. Besides security, the other "improvement" in Vista was supposed to be DX10. However, I have yet to find a game that my admittedly rather weak computer (HD2600 Pro, E4500)can run at a decent frame rate in DX10 mode, and the graphical improvements over DX9 are minimal.




can’t be carried out remotely
By l00k on 4/25/2009 11:27:31 PM , Rating: 2
Write a virus that runs the file as a batch file, or a online add that you need to scan your computer. Better yet talk to Google have them put the code in there Apps.

So I don't understand how this is NOT a issue.




Whoops...I mean oops!!
By blueboy09 on 4/26/09, Rating: -1
RE: Whoops...I mean oops!!
By TomZ on 4/26/2009 12:12:51 PM , Rating: 3
You're sadly very misinformed.


"Nowadays you can buy a CPU cheaper than the CPU fan." -- Unnamed AMD executive











botimage
Copyright 2012 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki