Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Windows Kernel Vulnerability Bypasses UAC

timothy posted more than 3 years ago | from the happy-thanksgiving-everyone dept.

Microsoft 303

xsee writes "A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users."

cancel ×

303 comments

Sorry! There are no comments related to the filter you selected.

Bad omen? (5, Funny)

ScrewMaster (602015) | more than 3 years ago | (#34343930)

this could be a very bad omen for Windows users.

Only if Microsoft doesn't fix it. Of course, somebody sharp could submit a patch ... oh wait.

Re:Bad omen? (-1, Troll)

Anonymous Coward | more than 3 years ago | (#34343954)

Linux kids aren't smart enough to know shit about the NT kernel. How can they patch something they literally know nothing about?

Re:Bad omen? (3, Informative)

Dolphinzilla (199489) | more than 3 years ago | (#34343994)

so if you read the story and watch the video - there is a very simple registry mod which will disable the exploit - so its something that can be deployed on a large scale (like at my company) pretty easily

Re:Bad omen? (1)

Anonymous Coward | more than 3 years ago | (#34344064)

What about the clueless home users?

Re:Bad omen? (3, Funny)

K. S. Kyosuke (729550) | more than 3 years ago | (#34344112)

Well, we have natural selection for that. ;-)

Re:Bad omen? (1)

Yvan256 (722131) | more than 3 years ago | (#34344280)

Yep. Their computers turn into zombies.

Re:Bad omen? (4, Funny)

ScrewMaster (602015) | more than 3 years ago | (#34344336)

Yep. Their computers turn into zombies.

And what do zombies do? They suck out your brains. It's a vicious circle.

Re:Bad omen? (2, Insightful)

Yvan256 (722131) | more than 3 years ago | (#34344396)

Fortunately for us, it works in a different way in computer-land. They only seek out other Windows computers to turn them in zombies.

Re:Bad omen? (2, Interesting)

ScrewMaster (602015) | more than 3 years ago | (#34344138)

What about the clueless home users?

When has anyone, especially Microsoft, ever cared about them? Even the anti-malware outfits are just exploiting the fundamentally insecure nature of Windows to extract money from those clueless users. It's a sick ecosystem, and I'm hard pressed to decide if Microsoft is unwilling, or just unable, to ever fix it.

Vulnerabilities are VERY profitable for Microsoft. (4, Interesting)

Futurepower(R) (558542) | more than 3 years ago | (#34344536)

"I'm hard pressed to decide if Microsoft is unwilling, or just unable, to ever fix it."

Microsoft top managers achieve vulnerabilities by not allowing Microsoft programmers to finish their work, apparently. Since Microsoft has a virtual monopoly on operating systems installed on computers you can buy, the vulnerabilities make Microsoft more money because the average person cannot fix an infected computer and buys a new computer with another copy of Windows. See the New York Times article: Corrupted PC's Find New Home in the Dumpster. [nytimes.com]

The solution is to make computers with Linux already installed available. Unfortunately configuration of Linux is quirky and poorly documented, slowing adoption.

Another solution is to use anti-trust law to make Windows more fair for buyers. Should users of Windows Vista pay for an entirely new version of Windows, when Vista was troublesome and a court case showed that Vista was knowingly released before it was ready? There are only small differences between Windows Vista and Windows 7. Why should users pay for an entirely new copy of Windows?

It is my opinion that the present practices of selling something almost everyone with a computer must have are unfair and against the common welfare. Microsoft lost an anti-trust case, but there was never any penalty.

Re:Bad omen? (5, Insightful)

Gadget_Guy (627405) | more than 3 years ago | (#34344590)

When has anyone, especially Microsoft, ever cared about them?

What a completely uncalled for comment. When did Microsoft care for clueless home users? When half their market share was with clueless home users. When they implemented the UAC (the corporate world already knew to setup limited domain user accounts). When they came out with the free Microsoft Security Essentials [microsoft.com] , which was designed for home users. When they implemented automatic updates because clueless home users never applied service packs. Or maybe when they did a better job of locking down the default settings in the latest Windows/Internet Explorer.

Sure, they don't do a perfect job, as this case shows. But you will find privilege escalation bugs on most operating systems and Microsoft WILL come out with a patch to fix the bug. All the clueless home users have to do is wait for it to be automatically downloaded and applied.

Re:Bad omen? (4, Insightful)

ScrewMaster (602015) | more than 3 years ago | (#34344700)

What a completely uncalled for comment.

Not at all. Microsoft got caught flat footed when the Internet went public. Windows was never able to be used safely on anything but a trusted network, and after almost twenty years it still isn't. If it were, why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?

Stop making excuses. All operating systems are vulnerable, to varying degrees, when connected to the global network. Only one OS, however, stands out as a shining example of how not to do it.

Re:Bad omen? (3, Interesting)

ScrewMaster (602015) | more than 3 years ago | (#34344288)

What about the clueless home users?

And I spent five hours last night cleaning up friend's Vista machine. Her husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free. The last time around I installed Firefox and Chrome (so if some site wouldn't work in one, they could try in the other) and, at her request, removed all their file-sharing software.

So, of course, when I looked it at last night I found that they had gone back to Explorer (Firefox "didn't look the same") and the thing had a couple of Trojan downloaders running and at least a dozen other bits of active malware, plus two different browser hijackers. They were competing with each other for control of Explorer, and as a consequence Explorer wouldn't load anything at all.

I ran three different scanners and got rid of everything that I could. Tedious process. So, my friend asked if I could just disable Internet Explorer (she's had just about enough of this as well, since they don't live near us, and she's always the one that has to drive the computer over.)

After talking with this lady about what they actually need a computer for, and looking over their selection of installed applications, I think they may be a candidate for a Linux upgrade. They don't have any Windows-specific apps that would preclude trying another OS, and most of what they do is Web-based anyway (Yahoo Mail, Facebook, etc.) We tried all the major sites they use on an Ubuntu box, just to make sure they work well in Firefox and Chrome.

If I do wean them off of Windows, I want them to be as happy as possible with the new OS. Just replacing the operating system and expecting people to just adapt is unrealistic, so there will be some training involved, but it will be worth the investment since once it's done I won't hear from them very often about computer problems. Oh, they'll be irked that they won't be able to run the latest trojan, but that's the price they're going to have to pay.

This wasn't the worst-infected machine I've encountered by any means. I'm not an IT guy by profession, but people do ask me to help on occasion. I had a co-worker a couple of years ago who had (and I counted them) thirty five pieces of active malware, plus an even dozen Trojan downloaders. The hard disk in that box wouldn't stop, ever, and it would take ten seconds to respond to a keystroke. I had to pull the drive and install it in another system just to scan it.

Probably in the next couple of weeks she'll bring their system back and I'll remove Windows for her.

Re:Bad omen? (4, Insightful)

WrongSizeGlass (838941) | more than 3 years ago | (#34344386)

And I spent five hours last night cleaning up friend's Vista machine. Her husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free.

I have neighbors like that. After cleaning up after them a few times I charged them my normal rate to clean up their computer. It hasn't been infected since.

Re:Bad omen? (4, Insightful)

ScrewMaster (602015) | more than 3 years ago | (#34344570)

And I spent five hours last night cleaning up friend's Vista machine. Her husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free.

I have neighbors like that. After cleaning up after them a few times I charged them my normal rate to clean up their computer. It hasn't been infected since.

Or it's just as infected but they're just dealing with it since they're too cheap to pay you what you're worth. Which is just the same so far as you're concerned, I agree.

Re:Bad omen? (3, Interesting)

Wingsy (761354) | more than 3 years ago | (#34344426)

Your lady friend sounds like my sister. Only I convinced her to get a Mac. And now, 2 years later, she's a soccer-mom geek. Doing all kinds of stuff with her computer that she never thought she would be doing ... except calling me for help.

Re:Bad omen? (1, Funny)

Anonymous Coward | more than 3 years ago | (#34344496)

Only I convinced her to get a Mac.

Wow, why not just perform a full-frontal lobotomy on her instead?

I mean, you've basically done the computer-realm equivalent of that to her anyway...

Re:Bad omen? (1)

Rary (566291) | more than 3 years ago | (#34344458)

I found that they had gone back to Explorer (Firefox "didn't look the same")

Get them this [mozilla.org] .

Seriously though, if they couldn't even handle a switch from IE to Firefox, you think they're not going to raise holy hell if you swap out the entire OS?

Re:Bad omen? (4, Insightful)

ScrewMaster (602015) | more than 3 years ago | (#34344550)

I found that they had gone back to Explorer (Firefox "didn't look the same")

Get them this [mozilla.org] .

Seriously though, if they couldn't even handle a switch from IE to Firefox, you think they're not going to raise holy hell if you swap out the entire OS?

Doesn't matter. So far as she's concerned, they're going to get told. We'll try to make the transition as easy as possible, but sometimes you just have to bite the bullet. It's her computer, and those are her kids, and they'll do as they're told. Her husband couldn't care less so long as he can get his email and go to a few Web sites he needs. The kids are the big problem. I also told her we could just get them their own computer, and when they break it ... tough. Maybe then they'll start to learn a little respect. They've wasted enough of their mother's time, not to mention mine.

Re:Bad omen? (2, Informative)

ScrewMaster (602015) | more than 3 years ago | (#34344148)

Linux kids aren't smart enough to know shit about the NT kernel. How can they patch something they literally know nothing about?

Hate feeding trolls, but just for clarity's sake, I was making a joke based upon the closed-source nature of Windows, and its inability to utilize outside developer resources for maintenance.

Re:Bad omen? (1)

michelcolman (1208008) | more than 3 years ago | (#34344204)

At least he immediately associates "somebody sharp" with Linux.

Re:Bad omen? (2, Funny)

Yvan256 (722131) | more than 3 years ago | (#34344290)

I always upgrade my Linux distro by sharpening the edge of the DVD-R it's burned on. That's how I stay on the cutting edge.

Re:Bad omen? (3, Funny)

ScrewMaster (602015) | more than 3 years ago | (#34344352)

I always upgrade my Linux distro by sharpening the edge of the DVD-R it's burned on. That's how I stay on the cutting edge.

That's nothing. I use that sharpened DVD to cut myself to pieces. That's how I stay on the bleeding edge.

Re:Bad omen? (0)

Anonymous Coward | more than 3 years ago | (#34344638)

Linux kids are smart enough to not give a shit about the nt kernel.

There, fify...

Re:Bad omen? (4, Insightful)

ColdWetDog (752185) | more than 3 years ago | (#34344006)

Only if Microsoft doesn't fix it. Of course, somebody sharp could submit a patch ... oh wait.

The traditional method of bypassing the UAC has been the average user mindlessly clicking "OK". Have you got a patch for that which does not involve firearms, poisons or BDSM stuff?

Re:Bad omen? (5, Funny)

michelcolman (1208008) | more than 3 years ago | (#34344298)

You could occasionally give them a box like "Do you want to allow the following program etc...", program name "wipeharddisk.exe", File origin "compromised internet site" and then give them a big red box with "You stupid idiot!" if they click "Yes" anyway. At least one out of every three boxes should be of this kind, and of course various program names, publishers and origins should be used. After three of those "idiot" boxes, next time show them a progress bar with "wiping hard disk...".

Re:Bad omen? (-1, Redundant)

WrongSizeGlass (838941) | more than 3 years ago | (#34344456)

Only if Microsoft doesn't fix it. Of course, somebody sharp could submit a patch ... oh wait.

The traditional method of bypassing the UAC has been the average user mindlessly clicking "OK". Have you got a patch for that which does not involve firearms, poisons or BDSM stuff?

Yes, it's called Linux.

Re:Bad omen? (0)

ToasterMonkey (467067) | more than 3 years ago | (#34344008)

Of course, somebody sharp could submit a patch ... oh wait.

I made a 3rd party patch already, it's available for download at http://fileservz.it:8080/sd.kfg?freetard=true [fileservz.it]

You can trust me, I'm an open source community member.

T. Monkey

Re:Bad omen? (0)

Anonymous Coward | more than 3 years ago | (#34344072)

I made a 3rd party patch already, it's available for download at http://fileservz.it:8080/sd.kfg?freetard=true [fileservz.it]

You can trust me, I'm an open source community member.

Oh great, thanks for the tip - now i just 'click' hmm that's strange, what's happen... CARRIER LOST

Re:Bad omen? (1)

ScrewMaster (602015) | more than 3 years ago | (#34344322)

Of course, somebody sharp could submit a patch ... oh wait.

I made a 3rd party patch already, it's available for download at http://fileservz.it:8080/sd.kfg?freetard=true [fileservz.it]

You can trust me, I'm an open source community member.

T. Monkey

"freetard=true"

Thanks, I needed that.

Re:Bad omen? (0, Insightful)

Anonymous Coward | more than 3 years ago | (#34344084)

I had a different take on that line:

Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users.

Yeah, but aren't they used to that? Don't they secretly like it, or think they deserve it, like the battered woman who keeps going back to her abusive boyfriend because "he's really just misunderstood" and because "he can change, really!" since "he's turning over a new leaf" and "this time he really means it".

What blows my mind is experiencing that AND paying for the privilege. Microsoft: the alpha male providing proof that nice guys finish last.

Re:Bad omen? (1)

ScrewMaster (602015) | more than 3 years ago | (#34344108)

Don't they secretly like it, or think they deserve it

I think it's the personal satisfaction they receive for helping out the members of their local Geek Squad.

Re:Bad omen? (-1, Troll)

Anonymous Coward | more than 3 years ago | (#34344244)

Yeah, cause I'm gonna install a patch made by a random "sharp" dude.

Oh, wait, we were not supposed to question your claim. I'm really sorry, yeah, Windows should be open source

Re:Bad omen? (1)

ScrewMaster (602015) | more than 3 years ago | (#34344310)

Yeah, cause I'm gonna install a patch made by a random "sharp" dude.

Oh, wait, we were not supposed to question your claim. I'm really sorry, yeah, Windows should be open source

Well, you do understand that the kernel maintainers actually vet patches before including them, don't you?

Re:Bad omen? (1)

icebraining (1313345) | more than 3 years ago | (#34344346)

No, you'd install a patch by someone with a good track record. Which shouldn't require much, since you already trust Microsoft.

Re:Bad omen? (0)

Anonymous Coward | more than 3 years ago | (#34344274)

this could be a very bad omen for Windows users.

Only if Microsoft doesn't fix it. Of course, somebody sharp could submit a patch ... oh wait.

lol almost triple as many sploits for Linux and even more for osux .. imagine that ..

Re:Bad omen? (0)

Anonymous Coward | more than 3 years ago | (#34344488)

Show me a random schmoe who fixes a major security vulnerability in Linux and actually gets the change accepted. You can't. Important fixes like this come from main line trusted devs who either have been in the source for years or is employed at one of the for profit Linux shops like Red Hat. Somebody 'sharp' isn't going to just wake up and fix a problem and have it roll out to the world. Knowing that, how is that a superior model for fixing critical security problems over the closed source model? Answer- it isn't.

Not with my cheese helmet! (1)

billcopc (196330) | more than 3 years ago | (#34343960)

This virus can't scratch me, I run everything with Administrator privs... oh snap!

Re:Not with my cheese helmet! (4, Insightful)

Monkeedude1212 (1560403) | more than 3 years ago | (#34343978)

I run everything with Administrator privs... oh snap!

Well, as long as you know everything you run is malware free, there is absolutely nothing wrong with that.

Re:Not with my cheese helmet! (1)

dave562 (969951) | more than 3 years ago | (#34344012)

So basically just don't browse the web.

Re:Not with my cheese helmet! (0)

Anonymous Coward | more than 3 years ago | (#34344034)

No, don't connect to any network, web or not. Also don't insert any removable media. Just use the local computer and you're perfectly safe, oh, so long as you and anyone else with access to the system don't do any user-error mistakes that might cripple the OS.

Re:Not with my cheese helmet! (1)

0123456 (636235) | more than 3 years ago | (#34344272)

It's safer just to never turn the computer on, though with things like wake-on-LAN and wake-on-USB these days you'd probably better unplug it too.

Re:Not with my cheese helmet! (-1, Troll)

Anonymous Coward | more than 3 years ago | (#34344158)

But Windows itself is the ultimate malware!!

Re:Not with my cheese helmet! (1)

TheGratefulNet (143330) | more than 3 years ago | (#34344238)

sony, is that you?

So.. (0)

Anonymous Coward | more than 3 years ago | (#34343976)

what else is new?

Finally (0)

Anonymous Coward | more than 3 years ago | (#34343996)

UAC is such a hassle for us virus and trojan writers. I'm glad Microsoft helped us out once again.

UAC? (4, Funny)

Forrest Kyle (955623) | more than 3 years ago | (#34343998)

They bypassed the UAC? We're DOOMED! [wikia.com]

Re:UAC? (1)

Yvan256 (722131) | more than 3 years ago | (#34344312)

As long as they don't infiltrate SGC, we're safe.

Backdoor? (1)

Ironchew (1069966) | more than 3 years ago | (#34344004)

What do you bet this was the result of some government agency/powerful private entity saying they want easier access into remote machines?

Re:Backdoor? (2, Interesting)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#34344302)

That's a bet I wouldn't take. Given the well-known existence of both more or less free-floating criminal elements and multiple nations with reasonably substantial CS capabilities more or less tightly integrated into their military and/or clandestine capabilities(and sometimes shading into the first category...) any one entity asking for a backdoor is making the (painfully stupid) bet that nobody else is going to find it. Obviously, virtually everyone would love to have a backdoor of their very own; but even unregenerate PNAC acolytes probably aren't stupid enough to assume that only they would ever find it...

An entity in the position to push Microsoft into giving them a backdoor would, one presumes, already possess formidable power, either legally or secretly(depending on whether the backdoor is inserted by NSA spooks or suspiciously cheap Chinese contractors). Such an entity would be foolish to use such power to push for a backdoor which, if discovered(and there is constant searching going on, even if you only count the guys who just want to send h3rb5l v15gra! spam...), would suddenly give every flea-bitten nonentity who can afford an internet connection considerable intelligence capabilities.

Any entity with substantial legal clout would, unless absurdly moronic, simply use instruments like CALEA, collaboration with Telcom entities, search and seizure procedures, and the like. If those weren't good enough, they would advance the theory that only even greater legal clout can possibly save America and The Children from the pedo-terrorist menace. If history is any guide, they should then receive an upgrade.

Any entity with substantial clandestine/illegal clout would, again unless absurdly moronic, be much better served by making use of vulnerabilities that happen anyway, along with HR/outsourcing based infiltration of relevant institutions. Pushing for a backdoor that puts them on par with dubiously pubescent script kiddies, when they currently have a commanding lead, would be illogical in the extreme.

Requires code to be run (1)

abigsmurf (919188) | more than 3 years ago | (#34344018)

This exploit still requires the code to be run (ie for the system to already be compromised). UAC is just an extra hurdle malware has to clear, it's not meant to be the be all and end all to stop malware.

The IE exploit mention is meaningless (other than for flamebaiting). You can quite easily catch a virus using a fully patched version of Firefox with up to date plugins through regular browsing (noscript is not regular browsing).

Re:Requires code to be run (5, Informative)

gstoddart (321705) | more than 3 years ago | (#34344086)

noscript is not regular browsing

No, it's better. It's like browsing that goes all the way to 11. Much of the suck just magically disappears.

Re:Requires code to be run (1)

0123456 (636235) | more than 3 years ago | (#34344104)

The IE exploit mention is meaningless (other than for flamebaiting). You can quite easily catch a virus using a fully patched version of Firefox with up to date plugins through regular browsing (noscript is not regular browsing).

So an unknown vulnerability in Firefox is just as likely to infect your machine as a known vulnerability in IE?

Re:Requires code to be run (1)

js3 (319268) | more than 3 years ago | (#34344122)

Actually java is more dangerous that IE in this case. Java can download apps disguised as jpeg files and execute them from the appdata/roaming folder (then again, most trojans that do this already exploit other methods to screw up the system)

Re:Requires code to be run (0)

Anonymous Coward | more than 3 years ago | (#34344524)

Actually java is more dangerous that IE in this case. Java can download apps disguised as jpeg files and execute them from the appdata/roaming folder (then again, most trojans that do this already exploit other methods to screw up the system)

How do you figure? Unsigned Java applets have no access to the file system, most system properties, or the network.

Re:Requires code to be run (1)

sponga (739683) | more than 3 years ago | (#34344306)

I always get a kick how they dumb down the articles for the audience around here. It's like 'don't you people work in the IT industry and this is common knowledge that code run from any machine by the user will compromise it'.

Virus- 'You wanna run me so I can infect though... I mean give you money...?'
UAC- 'Do you want to run this Yes/No'
User- 'Yes'

hmmm somewhere there is a weak link in that security somewhere.

KEEP FEAR ALIVE!!!

Back to the drawing board (1)

cyberkahn (398201) | more than 3 years ago | (#34344026)

Microsoft has the capital to develop a new operating system from the ground up. This bolting on of security solutions like UAC isn't going to to cut it anymore. Heck keep the same user interface design for all I care, but change the underlying OS. I am a technology atheist, so I don't get religious about platforms, but what Apple did by porting OSX for Intel in parallel says volumes about their company.

I know it might be hard, but Microsoft needs a little vision and little less greed to do the same thing, but for security reasons.

Unfortunately I am doubtful.

Re:Back to the drawing board (1)

js3 (319268) | more than 3 years ago | (#34344088)

aren't you being overly dramatic there. Every system has had some known exploit at one point or other to gain elevated privilages, this bug seems to exploit left over junk from older oses that (ntsys calls) that exploits a buffer overflow in one of the methods to extract reg key values.

Easy buffer overflow problem that shouldn't be hard to fix

Re:Back to the drawing board (3, Insightful)

causality (777677) | more than 3 years ago | (#34344254)

Easy buffer overflow problem that shouldn't be hard to fix

I believe you miss his point.

It's an easy buffer overflow problem that shouldn't have been hard to prevent if you have even a fraction of the talent and resources at Microsoft's disposal.

If this bug is as you say, and it exploits "left over junk from older OSes" that only means one thing: there has been more than adequate time for an internal security audit to have found and fixed this bug. Consider the personnel and capital available to the OpenBSD group, then compare that to the personnel and capital available to Microsoft. You're telling me Microsoft couldn't do better than the OpenBSD group?

Why do so many people want to give Microsoft a pass in these matters? It's hard to think of any other entity in the world that would be more capable of doing better than this. It's obvious they don't give a damn about security as long as the sales keep coming. That's what you want to excuse, portray as understandable, smooth over, and encourage by example in other companies? I won't.

Re:Back to the drawing board (2, Insightful)

judeancodersfront (1760122) | more than 3 years ago | (#34344408)

OpenBSD doesn't have the same goals and doesn't have to provide the same level of compatibility.

Windows Security 2008R2 actually has a pretty impressive security record so far. If they stripped it down and provided only core services like OpenBSD it would be even better. The problems really exist in user space where you have a lot of naive people running random executables provided by some very bad people who spend all day looking for holes.

Re:Back to the drawing board (1)

Gadget_Guy (627405) | more than 3 years ago | (#34344670)

If they stripped it down and provided only core services like OpenBSD it would be even better.

Then you want the Server Core [wikipedia.org] installation option of Windows Server. About bloody time too!

The problems really exist in user space where you have a lot of naive people running random executables provided by some very bad people who spend all day looking for holes.

That is easily fixed. Don't give them a mouse. They won't be able to run ANY software then! It won't affect power users, as they should be able to do just about everything using keyboard shortcuts.

that will brake to many apps so people will not bu (1)

Joe The Dragon (967727) | more than 3 years ago | (#34344092)

that will brake to many apps so people will not buy it. Windows is too big to do a apple and just cut off that many people.

Re:that will brake to many apps so people will not (1)

cyberkahn (398201) | more than 3 years ago | (#34344178)

Virtualization would be a good solution for the transition period.

But the os in Virtualization will still have the b (1)

Joe The Dragon (967727) | more than 3 years ago | (#34344200)

But the os in Virtualization will still have the bugs and holes so what do you gain?

Re:But the os in Virtualization will still have th (1)

cyberkahn (398201) | more than 3 years ago | (#34344218)

Sure, it wouldn't be a perfect solution, but it would be a way forward in the long run.

Re:But the os in Virtualization will still have th (0)

Anonymous Coward | more than 3 years ago | (#34344236)

But the os in Virtualization will still have the bugs and holes so what do you gain?

security by isolation, aka if you have a stupid vulnerable browser, you can save the rest of system just by isolating the stupid browser in a virtual machine

Re:But the os in Virtualization will still have th (1)

Yvan256 (722131) | more than 3 years ago | (#34344316)

You gain that new versions of programs and future ones will be written for the new OS, meaning that after a while you'll be able to ditch the old OS with much less trouble and complaints from your users.

Re:Back to the drawing board (1)

DAldredge (2353) | more than 3 years ago | (#34344132)

I know it might be hard but you could look at research.microsoft.com and see all the nextgen OS research they are doing.

Re:Back to the drawing board (1)

cyberkahn (398201) | more than 3 years ago | (#34344184)

Yes, I know about research.microsoft.com, but I am looking at what is, not what could be. Unless thy were to make a major announcement about a new path forward I don't take what comes out of research.microsoft.com very seriously.

Re:Back to the drawing board (1)

DAldredge (2353) | more than 3 years ago | (#34344248)

You don't take the enhancements that Research has contributed to .Net, Visual Studio, Exchange, SQL Server, NT 6.0 / 6.1 seriously?

Re:Back to the drawing board (1)

causality (777677) | more than 3 years ago | (#34344374)

You don't take the enhancements that Research has contributed to .Net, Visual Studio, Exchange, SQL Server, NT 6.0 / 6.1 seriously?

I take them seriously because they are highly effective business strategies for making money for Microsoft, in no small part because a shop using those would have great difficulty migrating to another platform.

Now if more of that research effort went into making Windows less prone to malware we'd start seeing some progress and the Internet would become a better place for everyone, including people who don't use Windows.

Re:Back to the drawing board (1)

gstoddart (321705) | more than 3 years ago | (#34344134)

Microsoft has the capital to develop a new operating system from the ground up.

Have you even been involved in rewriting software from scratch? Usually you end up missing a whole bunch of use cases, introducing new errors, and completely not getting old ones. It just never seems to work the way people hope it will, and it ends up costing way more than you thought.

I fear that if MS tried to write an OS from scratch, it would likely be a big step backwards, do less than what we're accustomed to now, and take years of incremental improvements to get back to where we are now. I don't see what you propose as being either viable or possible.

but what Apple did by porting OSX for Intel in parallel says volumes about their company

Or, it speaks to how well their kernel was designed as to have the hardware-specific stuff nicely abstracted -- I honestly don't know which. At the very least, it demonstrates that they were willing to undertake the work.

Re:Back to the drawing board (0)

Anonymous Coward | more than 3 years ago | (#34344190)

Or, it speaks to how well their kernel was designed as to have the hardware-specific stuff nicely abstracted -- I honestly don't know which. At the very least, it demonstrates that they were willing to undertake the work.

The OS X kernel is derived from BSD. So yes, it's designed to be hardware independent.

Re:Back to the drawing board (1)

cyberkahn (398201) | more than 3 years ago | (#34344202)

"I fear that if MS tried to write an OS from scratch, it would likely be a big step backwards, do less than what we're accustomed to now, and take years of incremental improvements to get back to where we are now. I don't see what you propose as being either viable or possible."

Why is that? Moving from OS9 to OSX was a major leap. I know it was far easier, since they control the hardware platform, but it has been done before.

Re:Back to the drawing board (1)

gstoddart (321705) | more than 3 years ago | (#34344268)

Why is that? Moving from OS9 to OSX was a major leap. I know it was far easier, since they control the hardware platform, but it has been done before.

Well, not knowing much details about the innards of OS9/OSX -- was this truly a "rewrite" of the OS as the you initially said? ("Microsoft has the capital to develop a new operating system from the ground up.")

Was the transition from OS9 to OSX a "ground up" change? Or was it a swap of the kernel for a more modern one?

My first thought is that trying to build a new OS from "the ground up" isn't going to be an easy task. Unfortunately, Microsoft is hobbled by the need to be backwards compatible. Didn't Apple just more or less say "out with the old, in with the new"?

Re:Back to the drawing board (1)

Yvan256 (722131) | more than 3 years ago | (#34344380)

Microsoft's problem right now is exactly that: backward compatiblity. I remember when they said that Windows Vista was supposed to be a complete rewrite from the ground up, that there would be amazing XYZ features, etc. Then they slowly began to remove everything, including the rewrite, until it was basically back to what we could call Windows XP2 (whatever the name).

When Apple introduced Mac OS X, they had a "classic mode" to allow you to run older Mac OS 9 software on the new OS. Then they added Rosetta, which allowed Mac OS X software designed for PowerPC to run on Intel processors, all transparent to the user.

So yes, while Apple's attitude is "out with the old, in with the new", they still support the old but without trying to integrate it directly into the new. The best way to move forward is to look into the future, not the past. Watch how fast they'll drop FireWire once they introduce LightPeak.

Re:Back to the drawing board (1)

sirsnork (530512) | more than 3 years ago | (#34344526)

Firewire is already gone from a lot of the Mac range, they are USB only now. Sadly that also means no more target disk, but thems the breaks

Re:Back to the drawing board (1)

Yvan256 (722131) | more than 3 years ago | (#34344558)

I think the non-Firewire models support target disk mode via USB. What's strange is that Firewire got upgraded to FW800 on the new Mac mini models.

Re:Back to the drawing board (2, Informative)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#34344418)

The OS9/OSX change was, ironically, actually a demonstration of A)how hard it can be to change your OS from the ground up and B)how Apple wasn't up to the challenge.

Back in the System 7 days, Apple started "Copland [wikipedia.org] " as a next-gen OS to remedy the numerous and hilarious deficiencies in their existing OS. The project was a miserable failure and, after about as much schedule slipping as Apple could afford at that time, they took it out back, shot it, and bought NeXT, and then proceeded to adopt more or less everything but the name as the foundation for their new OS. Even with the "grabbing an entire, largely complete, OS from a third party" tactic, OSX only made it to release in 2001, with the Copeland project having been started in 1993.

It wasn't really a "rewrite" at all, more of a grafting of some APIs from the old OS, and some UI conventions(though not all, OS9 die-hards are still bitching about how much OSX's finder sucks...) onto an entirely new OS. The rewrite attempt foundered horribly.

Microsoft's OS leaping attempts were actually pretty similar(except that I'm not sure they ever even pretended to have the in-house expertise to transform the DOS-based Windows versions into something resembling a real OS). Their DOS-based Windows versions sucked, architecturally, so they hired a bunch of serious DEC guys to build them a whole new, architecture-independent OS. That was NT. They then grafted on the win32 API and, by around Windows 2000, had finished bringing over all the UI conventions that 95-98-ME users would expect(NT 3.X is actually a pretty alien experience, if you are expecting Windows...)

There is probably some example of a "Hey guys, let's rewrite our OS" story actually going well, without the invocation of a deus-ex-machina outside team; but neither Apple nor Microsoft really qualify.

Re:Back to the drawing board (1)

TheSunborn (68004) | more than 3 years ago | (#34344342)

Yes, but remember that the original rewrite of Mac OS by Apple(Copland i think it was called) was a total failure which newer reached a state where it could be released.

And the Apple bought Next and used their os instead, and the rest is history.

I don't think that that Microsoft can write a total new from start os which would be able to run existing Windows Software. The amount of undocumented but used side effects in the existing Windows api is simply to big. If you don't belive that, just try to look at some of the bug repports for the Wine project where they document some of the oddities of the Windows API which applications relay on.

Microsofts only hope for a clean slate os, is to make a solution which run all existing software in an emulated environment(Like MacOS X runs Mac OS 9 software).

I do think that .net is part of their plan to do that, because (re)implementing .net in a new os, is easy, compared to implementing the win32 api.

Re:Back to the drawing board (1)

icebraining (1313345) | more than 3 years ago | (#34344444)

And because they reused the XNU (which they bought), which uses parts of the FreeBSD kernel and of the Mach micro-kernel, which was developed at the Carnegie Mellon University.

Re:Back to the drawing board (1)

XLazarusX (534555) | more than 3 years ago | (#34344476)

I fear that if MS tried to write an OS from scratch, it would likely be a big step backwards, do less than what we're accustomed to now, and take years of incremental improvements to get back to where we are now. I don't see what you propose as being either viable or possible.

Windows Phone 7 tells me your fear is well-grounded.

Re:Back to the drawing board (4, Insightful)

Bert64 (520050) | more than 3 years ago | (#34344192)

Developing an entirely new os is about the worst thing microsoft could possibly do from a business perspective...

Currently their single biggest selling point is compatibility, sure as you point out compatibility with something that has a fundamentally flawed design but still compatibility... If they were to ditch compatibility, then users would have to ditch all their existing apps (especially legacy apps which may be abandonware) and learn a completely new system thats not been tried and tested...

In other words, they would now saddle themselves with the biggest disadvantages associated with other platforms while offering none of the advantages of those platforms...
Microsoft ditching compatibility with all their legacy cruft would probably be the best news apple and linux distros could ever receive.

Re:Back to the drawing board (2, Interesting)

gstoddart (321705) | more than 3 years ago | (#34344358)

If they were to ditch compatibility, then users would have to ditch all their existing apps

And, if that happens, there is literally nothing to suggest that they would land on a Microsoft platform.

It would be bordering on suicide for Microsoft to lose backwards compatibility -- because people could be swayed to end up someplace else.

Microsoft ditching compatibility with all their legacy cruft would probably be the best news apple and linux distros could ever receive.

Exactly ... I mean, you can see the ad campaigns already ... "Well, if you're already switching operating systems ....".

Re:Back to the drawing board (2, Interesting)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#34344480)

They might well be able to get away with designing (another, NT being their first) new OS; but a new userspace API or huge security model change would get ugly...

Even Vista's "Hey, let's actually slightly enforce all those best-practices things about not assuming that everyone is running with Admin privileges at all times, as though it were still Windows 95" was met with a firestorm of nearly pure hate. So much so that, even with Vista to take the flack and several years for 3rd parties to get their act together, 7 backed off the UAC a little bit. A really serious change of the "Nope, no win32 for you. Also, all drivers must be utterly rewritten" caliber would probably be met with shocked silence, followed by most of Redmond being set on fire...

Well, go ahead and tell them what then (4, Insightful)

Sycraft-fu (314770) | more than 3 years ago | (#34344262)

Seriously, let's hear this brilliant idea that a number of geeks on Slashdot seem to have as to how to design an OS that is perfectly secure against Malware and so on, yet still gives the user full administrative control over their system. So show us a framework or example of some kind where users have the full control they must over personally owned systems, yet the system is 100% secure over bad code. Also then show the design methods that can be used to ensure that there are zero bugs, anywhere, ever, in the design or the implementation and that allow a product to be produced in the timescales demanded by the consumer world (as in it can't take 10 years of validation).

If you put any real thought in this, you'll realize it can't be done. There is no power without responsibility, there is no perfect system that is 100% bug free.

That being the case, stop whining.

For this particular thing, this is a local privilege exploit. It is a bug, a mistake, one that will be fixed. If you Google around you'll find that Linux has had plenty of these through out its history. Something is done wrong such that a program can elevate when it isn't supposed to. They are bugs to be patched, but not super critical since you still have to get malicious code on to the local system and get it to execute. They are more of a concern on multi-user systems but even then it is rarely a panic situation.

So seriously, enough with this "OMG MS just needs to make a 100% perfectly secure OS!" shit. It shows massive ignorance of how complex and OS is, and what all you have to balance. No problem with that, you needn't learn about it if you don't want, but then don't argue from a position of ignorance and assume that they could make a perfect OS if only they wanted to bad enough.

No security is perfect. People who do security in the real world, physical security, have always known this. For some reason many people who do virtual security delude themselves in to thinking it is different. No it isn't, there is no perfect security. So have defense in depth. Be mindful of where you visit on the web, don't download random shit, run a quality virus scanner that checks data as it comes in from the web, use a deprivileged browser (somethign in protected mode, if your browser supports it), have a firewall, have UAC turned on, think before you execute a program. None of that is perfect, none of that is something that can't ever fail, but with layers of protection if one fails, you've others to fall back on.

Re:Back to the drawing board (1)

vistapwns (1103935) | more than 3 years ago | (#34344334)

Give me a break. NT IS the rewrite of Windows, compared to Windows 9x, like OS X compared to OS 9. People, especially here, just can't wrap their heads around the fact that MS had a stable, pre-emptive multitasking, secure OS before Apple, so they just randomly throw out that NT needs to be rewritten. Besides nebulous empty rhetoric like Windows having a broken design, what's wrong with it that a rewrite would fix? You guys have neglected to spell this out, though I know the routine, now that I ask I'll get a bunch of ad-hoc crap about the registry or whatever (like a re-write would be necessary to go back to Windows 3.1 .INI files, which WAS truely a broken design) just so you guys can say you knew. And especially in a security context, Windows has all the security features of OS X and Linux, like guarenteed seperation of users and Admins, ASLR, DEP, sandboxed browser, ACLs, MACs, and so on. The only thing 'broken' about the design of Windows that a re-write would fix, is that its market share crushes Mac OS X and Linux. Granted they could switch to managed code, but since neither Linux nor Mac OS X use managed code I fail to see how this constitutes a broken design in Windows. Seems every time we have a vulnerability in Windows we have to have this same lame discussion, but whenever there is an equiv. vulnerability in Linx/Mac OS X, everyone accepts the obvious and sane sentiment that vulnerabilties happen in all code, they get fixed, and life moves on.

Re:Back to the drawing board (2, Insightful)

0123456 (636235) | more than 3 years ago | (#34344420)

Besides nebulous empty rhetoric like Windows having a broken design, what's wrong with it that a rewrite would fix?

Staggering amounts of backwards compatibility crud full of security holes?

One obvious example is Windows' default behaviour of loading .DLL files from the current directory, which allows you to infect arbitrary executables by starting a program from a directory wihch contains a malware DLL. 'But we can't change that because it will break WhizzbangSoft 2003!'

The only way for Windows to become secure is to throw out backwards compatibility, and then no-one would use it.

Windows security holes again? (0)

Anonymous Coward | more than 3 years ago | (#34344246)

Why do Microsoft fanboys keep saying that these kinds of problems are only for Windows XP?

And just because Microsoft writes crap software doesn't mean such similar holes exists in Mac OS X, BSD, Linux, Solaris, etc. And no, trojans don't count. You can't protect a house if the owner keeps giving keys to everyone who asks for one.

Nothing to do with UAC (3, Informative)

harryjohnston (1118069) | more than 3 years ago | (#34344294)

This is a perfectly ordinary elevation-of-privilege vulnerability. Just like every other elevation of privilege vulnerability it also happens to be capable of bypassing UAC's split-token protection, but the vulnerability itself isn't related to UAC in any way.

In particular, if the workaround suggested in the article is correct, this vulnerability can't be used to escape from Internet Explorer Protected Mode (the other major function of UAC).

Of course (2, Insightful)

Sycraft-fu (314770) | more than 3 years ago | (#34344516)

UAC isn't really anything special, just an easy way for running as a deprivileged user. However many Slashdot types love to hate on it not only because it is from Microsoft, but because it messes with one of their talking points. For the longest time Linux (and OS-X) types hated on Windows because people ran as administrators. They talked about how amazingly insecure that was, how big a problem, how MS didn't care about security and so on. Many people tried to explain to them that it really doesn't matter, since people will just hand out the credentials to elevate without thinking, you can't protect people from themselves.

Well then along comes UAC, with a number of other security enhancements. Seems Ms WAS taking that seriously now. They made it easy for users to run deprivileged. Well shit, that isn't a good thing if you are an MS hater. So they find ways to hate on UAC and claim it is no good, insecure, worthless, a pain, whatever. Many of the criticisms apply just as well to other elevation modes in other OSes but this isn't a matter of true technical analysis, it is just fanboyism.

Same shit here. Windows has a bug in its privilege isolation, leading to a local escalation exploit. Something to be fixed for sure, but hardly super critical. Linux has had the same kind of thing many times and it is never a major crisis since it still requires code to get on the local system and be executed first. However since it is with Windows they'll spin it as an anti-UAC thing.

Re:Nothing to do with UAC (0)

Anonymous Coward | more than 3 years ago | (#34344614)

Finally a comment that isn't made of FUD. Even if an attacker compromises IE8 or Chromium, they can't use this vulnerability because the registry key is off limits. Technically the exploit shouldn't work on XP for Chromium either (even though MIC is unavailable), as the Chromium browser process is assigned a restricted access token which prevents access to nearly all system objects (filesystem, registry, pipes, etc).

I really understand why people still get worked up about program vulnerabilities and privilege escalation... these happen all the time and are proven to be unstoppable. But their damage can be contained, which is what the entire purpose of SELinux and MIC is for.

Re:Nothing to do with UAC (0)

Anonymous Coward | more than 3 years ago | (#34344634)

Er, I really don't understand, that is.

UAC != Security Boundary (0)

Anonymous Coward | more than 3 years ago | (#34344332)

Yeawn... UAC is not, was not and will never be a security boundary. Nor was it ever intended to be.

Some of you, I fear, need to do some learning...

http://blogs.technet.com/b/markrussinovich/archive/2007/02/12/638372.aspx
http://blogs.msdn.com/b/e7/archive/2009/02/05/update-on-uac.aspx

This is a security flaw because it allows elevation of rights, breaching a security boundary.
It has nothing to do with UAC what-so-ever.

Registry (2, Insightful)

lyinhart (1352173) | more than 3 years ago | (#34344338)

From the article: "The flaw is related to the way in which a certain registry key is interpreted..." Another argument for abolishing the Windows registry and storing setup information in plain text files. Not like that's going to happen...

Re:Registry (5, Insightful)

Spad (470073) | more than 3 years ago | (#34344472)

"The flaw is related to the way in which a certain config file is interpreted..."

Re:Registry (1)

whiteboy86 (1930018) | more than 3 years ago | (#34344616)

One of the goals of the "registry" was to effectively hide configuration settings from the user. Things like program-trial expiration checkpoints can easily be hidden in the vastness of the registry, this would be very difficult to do with plain text files.

Re:Registry (0)

Anonymous Coward | more than 3 years ago | (#34344666)

IE8 and Chrome can't access the registry anyway, that is except for the HKEY_CURRENT_USER\Software\LowRegistry key.

microsoft is a bad omen for windows (1, Offtopic)

bl8n8r (649187) | more than 3 years ago | (#34344344)

Can't we just say "uncle" and start over with something else?  I'd give anything to be rid of Exchange and Active Directory.

this could be a very bad omen? (3, Funny)

nurb432 (527695) | more than 3 years ago | (#34344618)

No, but the 'windows startup sound' is.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>