Comments on: Microsoft blocks 'Black Hat' Vista hack

Windows update no longer allows driver hack demonstrated at Black Hat security confab. But fix may spell trouble.

[OneWithTech]

A typical Microsoft Move...

...is to take the easiest way out in lie of any security. Why do you
think after they fix one security issue 5 more follow?

Justin

[tbsteph]

Credible Black Hat?

Seems like the author give carte blanche crediblilty to the "researher". c/net has an obvious penchant to "report" almost anything negative concerning MSFT to the point they have lost most of their crediblity, for me.

[geoffbhwg]

Biased opinion?

Why question the credibility of the researcher? It's not like they kept the security hole to themselves. No she gave the info freely at a conference which MSFT attended and they ignored it. It's not her fault and maybe you shouldn't bash her just because she attends a black hat convention.

[Penguinisto]

Yes.

Her name has been attached to some pretty good research, IIRC including the "Blue Pill"/"Red Pill" issues with hypervisors.

[gernblan]

Gee, I'm shocked!

A band-aid kludge on one of their OS's?

Say it isn't so!

[VI Joker]

End-User Education

"Toulouse also pointed out that in order for the attack to occur, the attacker must gain administrator rights on the machine. That means her attack would be foiled by Microsoft's user account control, a Vista feature that runs a PC with fewer user privileges."

Toulouse mentioned that the flaw she discovered only works if the user is log in as an admistrator, and to my knowledge by default users will not be administrators. So it would appear that issue is not security related, its more related to user education. Plus I believe that users are not going to administrators by default in Vista, which I think is commonplace for OSX and Linux. It would seem that MS is trying to do the right thing. They should get a pat on the back for trying, since we all know there is no security software to stop a users from doing something they should not be doing.

[alegr]

Fighting the wrong problem

Code which runs in kernel should generally be trusted, because it runs with almighty privileges. Users tunning with administrator or root privileges are entitled by definition to control what's loaded.

The original sin of Windows XP and Vista is not lousy security.

The security mechanisms (discretionary access lists - DACL) work, assuming that the user is only given privileges that match his qualifications and possible attack surface. Suppose, there is a flaw in the user's app, for example ICQ or AIM, or Real Player, or Flash, that allows arbitrary code execution. If it is exploited, malicious code is executed and tries to install itself permanently. If an user has proper (limited) privileges, the code cannot install itself, don't even think of installing a privileged component (driver or service).

The same holds for Linux. If some Firefox flaw is exploited and malicious JavaScript runs, it cannot install itself permanently with elevated privileges. Only if the user runs with root privileges (as in Lindows AKA Linspire), the exploit is possible.

Of course there are user mode privilege escalation vulnerabilities, but there's been very few such in Windows. A few are known in Linux, too (see BugTraq).

The biggest mistake of Microsoft was giving new users administrative privileges. This was done because many games and crappy applications (such as ICQ) didn't obey published Windows development guidelines and required write access to privileged directories and registry keys. To avoid people screaming, the new users are all administrators. Then it's no wonder that when 10 or 70 years old clicks Yes when asked if he want this wonderful set of smilies, and the crapware is on the computer. THIS IS THE REAL PROBLEM.

[qwerty75]

Another half-assed security "fix"

When is MS going to use real security practices?

[R Me]

When

... windows becomes a real OS

[Ryo Hazuki]

Another full-ignoranced "comment"

When it releases Windows Vista.
And when are you Microsoft-bashers going to stop to ridiculously give credit and believe in anyone that has something bad to say about Microsoft or Microsoft software? (hint: never)

[thedreaming]

Panic mode

Microsoft was touting vista as their most secure version yet, then someone at blackhat finds a exploit that's not easy to fix and then Microsoft said, "Look, we blocked it, HA HA, We're Smart, You're Dumb!"

It's very childish, especially since the same person that found the exploit also told them of at least two ways to fix it properly and Microsoft turned them down.