Vista Exploit Surfaces on Russian Hacker Site

[drag]

I asked you in the other thread, how would you fix the issue? Too much code can make system wide changs on the Windows platform. So seriosuly, how would you have handled this while still providing for some level of backwards compatibility to existing software?

Actually I have a idea.

Ever used Chroot in a Unix system? (I expect: yes, of course)

Well it's progressed in sophistication and has lead to a new class of VM typified by things like OpenVZ (commercial counterpart: Virtuozzo) and Vserver and Solaris 10's new containers features. From a security standpoint this sets up a enviroment were root is not god of the OS, root itself becomes a non-privilaged user.

You would use the equivelent of 'mount --bind' (I know NTFS has a similar feature) so that the directory structure of the container corrisponds nicely to the directory structure of the user's read/writable portions of the directory structure they are allowed to have.

Effectively you would end up with a little fake Windows sandbox were applications can fling themeslves around with all the administrative requirements they want without actually polluting the core system and keeping the users from each other's stuff. Binary compatability is ensured by simply having a full XP environment (or nearly full. Strip out everything not relevent to win32 apps) aviable to each user... (or use the snapshot features aviable for things like shadow copies to save on system resources.. each user ends up with a compressed binary file somewere which would be the differences between their little envrionment vs the original system's)

 

[Slackware]

Originally posted by: bsobel

They come up every now and then, you know it and i think most of the MS people around here realize how this is potentially the biggest flaw in a security feature anyone has ever made.

I asked you in the other thread, how would you fix the issue? Too much code can make system wide changs on the Windows platform. So seriosuly, how would you have handled this while still providing for some level of backwards compatibility to existing software?

I like bsobel most of the time because he knows his ******, now he's just Gates boy in this and embarresses himself in ****** he is trying to tell us is not what it is. yeah, sure, you can run as in XP, it's the "preferred way" in never never land.

I'm not even sure where thats coming from, I havent' made comments on how to run XP 'the prefered way' in this thread, Ive been dealing with Vista. Perhaps you meant to attack one of the other long time users on your way out the door?

Bill

The preferred way to run Vista is how no user except under an admin will run it, same as XP and every security feature and then some will be shot to hell because of it, you know that and yet you refuse to acknowledge that.

You know that teaching users to click accept for pretty much everything from going on the internet to accessing any files will teach them to click accept always, and that is what it takes to allow someone to access your computer, just click accept, like you always do.

Perhaps they didn't think like users do, or programmers do, perhaps they were a bunch of stupid ass people who didn't think at all?

That is the ONLY possible explanation i can find.

 

[Slackware]

Originally posted by: drag

I asked you in the other thread, how would you fix the issue? Too much code can make system wide changs on the Windows platform. So seriosuly, how would you have handled this while still providing for some level of backwards compatibility to existing software?

Actually I have a idea.

Ever used Chroot in a Unix system? (I expect: yes, of course)

Well it's progressed in sophistication and has lead to a new class of VM typified by things like OpenVZ (commercial counterpart: Virtuozzo) and Vserver and Solaris 10's new containers features. From a security standpoint this sets up a enviroment were root is not god of the OS, root itself becomes a non-privilaged user.

You would use the equivelent of 'mount --bind' (I know NTFS has a similar feature) so that the directory structure of the container corrisponds nicely to the directory structure of the user's read/writable portions of the directory structure they are allowed to have.

Effectively you would end up with a little fake Windows sandbox were applications can fling themeslves around with all the administrative requirements they want without actually polluting the core system and keeping the users from each other's stuff. Binary compatability is ensured by simply having a full XP environment (or nearly full. Strip out everything not relevent to win32 apps) aviable to each user... (or use the snapshot features aviable for things like shadow copies to save on system resources.. each user ends up with a compressed binary file somewere which would be the differences between their little envrionment vs the original system's)

I use chroot for cached and non updated waiting to get updated and updated waiting to get deployed and even in user directories to store files that agree via SHA1 checksums.


You pretty much cant do that in Windows Vista...

So...

I guess if you really wanted to by using third party tools but that would take ages to lock down and more ages to lock up and if you ever did then starting up firefox would take like 1 minute because of all the paging, XP is stupid like that, Vista is better you say? Not really, the Superprefetch will learn your apps and store them in a database, they will become very fond of that database, if you upgrade an app, it will not be in that database and unless you manually update the database it will never be.

It's like the old Netscape cache, it's nothing special at all, KDE has done this for five years,.

 

[mechBgon]

Let me ask you, do you use the RunAs feature?

Yes. If you want me to fire up Windows Media Encoder 9 Series and record a narrated session showing my typical uses of it, I can make a couple and email them to you, both elevation to Admin, and de-elevation from Admin. From the command line, from the GUI, and using the shortcut technique shown in Salvador's thread.

No one else does either, it's a failure because it does not work properly.

How does it not work properly for you? What happens instead? As a home user, and as a domain admin, I've never had problems using RunAs to elevate to either a local Admin or domain-Admin account, and I'm certainly not a super-genius at this. The guy who took over my admin job is undoubtedly still using the RunAs shortcuts I left sprinkled around.

So what your are [sic] saying is that only idiots use windows? And all smart people use Linux or something other than windows, i don't know if you realize the magnitude of what your are saying but that is about it, only stupid people use Windows.

You're too intelligent to misinterpret what I wrote that badly. 🙂

I like how the quotes are all fvcked up even though you tidy them infinitly is this a feature cut in stone by the fusetalk god (you shall not quote sensibly no matter what) or what?

The system makes no sense..

I think you used a brace } where you needed a bracket ]

 

[Slackware]

Originally posted by: mechBgon

Let me ask you, do you use the RunAs feature?

Yes. If you want me to fire up Windows Media Encoder 9 Series and record a narrated session showing my typical uses of it, I can make a couple and email them to you, both elevation to Admin, and de-elevation from Admin. From the command line, from the GUI, and using the shortcut technique shown in Salvador's thread.

No one else does either, it's a failure because it does not work properly.

How does it not work properly for you? What happens instead? As a home user, and as a domain admin, I've never had problems using RunAs to elevate to either a local Admin or domain-Admin account, and I'm certainly not a super-genius at this. The guy who took over my admin job is undoubtedly still using the RunAs shortcuts I left sprinkled around.

So what your are [sic] saying is that only idiots use windows? And all smart people use Linux or something other than windows, i don't know if you realize the magnitude of what your are saying but that is about it, only stupid people use Windows.

You're too intelligent to misinterpret what I wrote that badly. 🙂

I like how the quotes are all fvcked up even though you tidy them infinitly is this a feature cut in stone by the fusetalk god (you shall not quote sensibly no matter what) or what?

The system makes no sense..

I think you used a brace } where you needed a bracket ]

It was a lot worse the first five previews so i just decided to post it broken when it was undarstandable...

Yeah, i do realize that somenone will use it and get annoyed with it, most people won't use it at all and they will learn to click every accept button they ever find.


Ok, how does it not work... do you want me to name every software that does not work with it or have you actual knowledge about the issue and are just jerking my chains?

Every piece of software that interacts with OpenGL, every piece of software that wants to write to the system cache rather than the user cache...

In short, over time, all applications including MS's own apps.

 

[Slackware]

Originally posted by: mechBgon

Let me ask you, do you use the RunAs feature?

Yes. If you want me to fire up Windows Media Encoder 9 Series and record a narrated session showing my typical uses of it, I can make a couple and email them to you, both elevation to Admin, and de-elevation from Admin. From the command line, from the GUI, and using the shortcut technique shown in Salvador's thread.

I do have to say that it is kinda nice that you would take the time to show it in video as evidence, very refreshing from most of this "i read that it can do, i read that it can't" crap.

A man ready to prove his word true, that is unusual.

Unfortunatnly it doesn't really matter because most everyday users can't use RunAs features as the libraries will not load for them, in Linux/Unix every process inherit the permissions, in RunAs they inherit the original user permissions making it impossible to use it with anything that require libraries which require RunAs permissions, i guess if you took the time to let those libraries run with Admin priveliges under any user it would work but then again, that would make your computer a giant security hole.

 

[bsobel]

Effectively you would end up with a little fake Windows sandbox were applications can fling themeslves around with all the administrative requirements they want without

Hey Drag, fine up a Vista box. Bring up task manager, go to processes. Right click on one, notice that 'virtulization' check mark....

There is more in Vista then the MS haters realize...

Bill

 

[Slackware]

Originally posted by: bsobel

Effectively you would end up with a little fake Windows sandbox were applications can fling themeslves around with all the administrative requirements they want without

Hey Drag, fine up a Vista box. Bring up task manager, go to processes. Right click on one, notice that 'virtulization' check mark....

There is more in Vista then the MS haters realize...

Bill

I hope you realize that i am not a Vista hater at all, au contraire my friend, i belive it is even better than Linux in some ways, or at least has the potential to be on the right hardware.

It's actually the security features of Vista i find most intresting but as an admin and as a user as wll as a programmer.

I hope i didn't offend you Bill, it was not my intention, even in a heated debate on here it is usually cool compared to what i am used to on the mailing lists so if i went a bit overboard you will have to forgive me.

Since you were courteous to give me your first name it would be terrible manners not to give you mine.

Patrick

 

[nweaver]

UAC is not as good (imho) as SUDO is yet.

I was able to setup someone with rights to start/stop the FTP service, reboot the server, and check the ip address (can run ifconfig, not ifconfig and anything else) using sudo, and they ONLY REQUIRE THEIR PASSWORD, not the password of root.

That is (imho) a good thing. If Vista had the option to specify executables, scripts, etc that the user could run AS ADMIN without an ADMIN PASSWORD (using their own password instead) that would be great. I realize that Vista is a single user OS, linux is a multi user OS, but form the standpoint of securing but allowing access, sudo > UAC

 

[bsobel]

I realize that Vista is a single user OS, linux is a multi user OS

I'm very surprised and confused that you'd make that statement. Can you elaborate on why you think 2k/xp/vista are single user os's?

 

[Slackware]

Originally posted by: bsobel

I realize that Vista is a single user OS, linux is a multi user OS

I'm very surprised and confused that you'd make that statement. Can you elaborate on why you think 2k/xp/vista are single user os's?

I would say that the very things we discussed earlier with superfetch and readyboost are very dependant on one user doing the one user thing, if you get another user account, with a new cache, and then you are going to flip between both because it does not share, it goes per process and does not take into consideration per user does it?

For a multiuser system the kind of prefetch used in Linux or W2K systems would be beter as it would not be per process specific and cached code would not have to be cleared because of another process using the same code loading.

At least that is how i understand it, i may be wrong, i often am, but i learn. 😉

 

[bsobel]

I would say that the very things we discussed earlier with superfetch and readyboost are very dependant on one user doing the one user thing, if you get another user account, with a new cache, and then you are going to flip between both because it does not share, it goes per process and does not take into consideration per user does it?

At the level of the virtual memory manager, it doesnt' care about users. It just knows what pages are make the most sense to cache. In essence you get a union of the users behavours.

But if you think about it, the vmm has to work this way. By the time you boot your Vista box you've got at least 4 users already (this includes the user accounts varoius services run at). And since you can easily have multiple concurrent logins (fast user switching, media center extenders, etc) the readyboost scenario just sees the union of the behaviour (which is actually what you want anyhow).

 

[nweaver]

how many people can effectivly use a windows machine?

How many a linux machine? (my wife and I share one all the time, I just forward X and open the applications I want)

Also, Sudo versus UAC. Sudo is designed to add secure flexibilty in user controls. UAC is designed to add security, but not flexibility (you still have to know the admin password)

I can have a server with mysql, apache, and some other obscure service, and divide up what each user can do (mysql admin can start/stop/modify mysql, same for www, etc) without knowing an admin (root) password. To do that with windows would be a nightmare. With sudo, it's a couple of lines in a text file.

 

[Slackware]

Originally posted by: bsobel

I would say that the very things we discussed earlier with superfetch and readyboost are very dependant on one user doing the one user thing, if you get another user account, with a new cache, and then you are going to flip between both because it does not share, it goes per process and does not take into consideration per user does it?

At the level of the virtual memory manager, it doesnt' care about users. It just knows what pages are make the most sense to cache. In essence you get a union of the users behavours.

But if you think about it, the vmm has to work this way. By the time you boot your Vista box you've got at least 4 users already (this includes the user accounts varoius services run at). And since you can easily have multiple concurrent logins (fast user switching, media center extenders, etc) the readyboost scenario just sees the union of the behaviour (which is actually what you want anyhow).

The point i was making is that even firefox by a new user will have to be reread from disk , in a mutliuser system tis would obviously create a mess but then again it is not ment for that.

But sometimes you have 7 different people who all access the same computers, now they NEED 7 different logins, and that will mess up the cache in both super fetch and readyboos enough, wont it?

I'll probably just use Linux but it has been a very interesting discussion, bet of luck to you, take care.

 

[bsobel]

The point i was making is that even firefox by a new user will have to be reread from disk

The VMM should be able to share most of the pages, so no, caching should prevent it from needing to be rully re-read.

But sometimes you have 7 different people who all access the same computers, now they NEED 7 different logins, and that will mess up the cache in both super fetch and readyboos enough, wont it?

Like I said, this all becomes based on the system use behavoiur and what the VMM sees. Now if your saying those 7 people keep changing and their is no predictible pattern, then yes, this pre-fetch stuff will tend to have less of an effect. But generally there are going to be plenty of shared pages (if nothing else, the core OS and the shell for example).

I'll probably just use Linux but it has been a very interesting discussion, bet of luck to you, take care.

Good luck with whatever decision who choose.

 

[mechBgon]

Ok, how does it not work... do you want me to name every software that does not work with it or have you actual knowledge about the issue and are just jerking my chains?

I'd be interested to hear at least a few specific examples, yes, including the Microsoft ones you're referring to. The "knowledge of the issue" that I could see causing problems for you would be (1) if you had a blank password on the account you're trying to elevate to, or (2) if you'd gone and disabled secondary logon. Beyond that, we would want Smilin to jump in here. But both of those would prevent programs from launching, and it sounds like you had different problems than that.

Every piece of software that interacts with OpenGL, every piece of software that wants to write to the system cache rather than the user cache...

I only have one OpenGL app installed at the moment, trueSpace, but it doesn't seem to have any problem being run using RunAs, although I normally use Direct3D acceleration because it performs better that way, and I normally don't RunAs it because there's no need to. Maybe by "interacts with OpenGL" you meant something different than "using OpenGL 3D acceleration."

 

[RebateMonger]

Originally posted by: bsobel
(Actually with the MS fingerprint readers its fairly cool as they will authent as well, so when my daughter does somethign that requires admin I just walk over and touch the fingerprint reader, it integrates GREAT and is a heck of a lot easier than constantly enter the admin pw).

Will Vista let you authenticate to a Domain with the MS FingerPrint Reader? (I didn't think it would let you do that with XP. At least, not when it was first released.)

 

[bsobel]

Originally posted by: RebateMonger

Originally posted by: bsobel
(Actually with the MS fingerprint readers its fairly cool as they will authent as well, so when my daughter does somethign that requires admin I just walk over and touch the fingerprint reader, it integrates GREAT and is a heck of a lot easier than constantly enter the admin pw).

Will Vista let you authenticate to a Domain with the MS FingerPrint Reader? (I didn't think it would let you do that with XP. At least, not when it was first released.)

Honestly haven't tried it yet, when I put Vista on the primary office machine I'll let you know (but it might be a bit). At home just running workgroup mode....

 

[nit123456]

rediscuss the topic for new thoughts.......