World's most advanced rootkit penetrates 64-bit Windows A notorious rootkit that for years has ravaged 32-bit versions of Windows has begun claiming 64-bit versions of the Microsoft operating system as well. The ability of TDL, aka Alureon, to infect 64-bit versions of Windows 7 is something of a coup for its creators, because Microsoft endowed the OS with enhanced security …
But given that even Trend et al don't provide that info, I suspect that something about the way the OS works requires truly clever people to provide that bit of info.
As for the Run As bit, are you running Vista or Win 7? I had issues with Vista, but none so far with Win 7. This to some extent mitigates the habituation training issue.
MBR issues are with us always. LILO and GRUB would only obfuscate the issue, not resolve it. If Windows grants access via direct SCSI commands, the malware can overwrite either of those too. What is needed is a reliable control for access to writing the MBR. A DIP switch or jumper on the MB can guarantee that restriction, but are a PITA for maintenance, and as indicated previously there are times when a necessary patch will update the MBR. Next best choice is the BIOS. Apparently the BIOS boys never got this to work correctly previously. Even if they did, with the current crop of updatable BIOSes I'm not sure how effective it will be.
And it is exactly that reason people get infected or screw there system then blaim it on MS.
Seriously, how many times does that pop up, really? unles your a super geek or someone insistant on poking around in the system then it really doesnt happen that often, if you have a crap old program, force it to install in a different location that has had its security levels reduced, that will get around most issues of UAC, i have a wee folder tucked away for just such programs / games, and it works wonders. UAC isnt a pain, its there for the masses, everyday joe an jane who dont know shit, MS cant do any more, it cant pull a hand out of your TFT and slap you around the face with a kipper shouting you are about to install some really dodgy crap here DONT DO IT!
Vistas UAC wasnt too bad but 7 i think has nailed it, people need education now, the tools are there so stop moaning how bad MS is and go do something about it, go and teach the old guy next door whats right and wrong, help that "noob" on the forums asking daft questions because unless us techno peeps teach folk whats right and wrong they will remain ignorant of dangers until it bites them in the arse.
There always has to be a balance between security and flexibility. Just as the only 100% foolproof way to protect yourself from network attack is to shut down all network connectivity, the only 100% secure computer platform is one that cannot execute any code that was not pre-installed and verified as being secure.
As soon as you want a general purpose computer, you immediately have to allow a certain level of risk. The question with any computer platform is does it make the right trade-offs between usability and security.
A windows PC doesn't fill the MBR so "clever" apps have been using it as a private scratch space :
http://www.chiark.greenend.org.uk/ucgi/~cjwatson/blosxom/debian/2010-08-28-windows-applications-making-grub2-unbootable.html
including but not limited to HP ProtectTools, PC Angel, Adobe Flexnet
http://linux.slashdot.org/story/10/08/28/2112208/Some-Windows-Apps-Make-GRUB-2-Unbootable?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+slashdot%2FeqWf+%28Slashdot%3A+Slashdot%29
I've known for a long time that a system set up to dual-boot using Grub from the MBR will randomly stop working and need re-GRUBbing from a stand-alone LInux CD or USB. I'd always assumed it was MS borking the MBR because they thought they owned it and didn't check. Or maybe malware.
The way that avoids this (using XP) is BOOTPART http://www.winimage.com/bootpart.htm, and install GRUB into the first sector of the linux partition instead of the MBR. Then you can boot Linux via Windows MBR and BOOT.INI. Some day I'll find out how to do the equivalent with Windows 7 (or has MS made it impossible to boot Linux via the MS boot loader? Wouldn't surprise me).
Having managed a few networks in my time, I've dealt with windows boxes and related security issues on various levels, and nothing was more telling than when dealing with locked-down user accounts.
Most readers on this site will be accustomed to small-to-medium windows networks where most users are granted a modicum of trust and rights over their own personal systems, but when you have environments like schools, prisons, call centres it is policy to "lock it down 'til it squeaks" that you start to see some of the dirty habbits of software you previously considered respectable.
Once you've locked down a winXP system, it is nigh impossible to infect it. Buffer overflow code executions fail when they attempt restricted actions. Process user elevations never happened because policies specify a whitelist of trusted locations locally and externally that executables can be run from.
We never had a problem with the students desktops (the teachers laptops on the other hand...)
Secure, that is, until you start having to punch dirty great holes in your own security to get shoddily designed bits of software working.
Firefox is a classic example. It's self update system breaks several fundamental rules of the windows environment. The most obvious of which, attempting to write back to its' own program folder.
This should never happen. The updating component should have been installed as a local service.
What really irks me, is that these aren't brand new rules that you could forgive people struggling to catch up with. The NT family were deisgned from the get-go so that in everyday use you run as a limited user but there are still too many lazy coders out there who take shortcuts that compromise the whole systems security, forcing you to run as root.
The UAC isn't intended as a direct security measure. It's there to embarrass the coders into writing their software in compliance with the platform they are developing it for. Just think of it as a big FAIL sticker on the 3rd party software everytime you see it.
I like that, MS should change the message on UAC
"Windows has detected that running this poorly designed malware/software may result in the installation of 100 seperate viruses that will take over every aspect of your computer and may well try force you to buy some equally virus ridden "anti virus" software. Are you sure you want to allow this to run?
If someone wants to break into something they will. Windows and Linux servers are priority one as there's a lot at stake, fraud, stealing data and so on.
The news is good and bad, good because people can patch up. Bad because there's a window of opportunity for the hackers. Many vulnerabilities are usually exposed by security researchers, not the hackers, as soon as the security researchers blab about the bug it will get exploited.
> The NT family were deisgned from the get-go so that in everyday use you run as a limited user but there are still too many lazy coders out there who take shortcuts that compromise the whole systems security, forcing you to run as root.
Problem with NT's design is that until Vista you were encouraged to run as admin.
"...Problem with NT's design is that until Vista you were encouraged to run as admin..."
You really weren't, if you went on any MS courses, or spoke to anyone at MS they'd tell you not to run as admin, just because your pre-installed version of Windows came with an admin level account, didn't mean that MS encouraged this.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
