Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

ATI Driver Flaw Exposes Vista Kernel to Attackers

CowboyNeal posted more than 6 years ago | from the sneaking-in dept.

Windows 248

Shack0ption writes "An unpatched flaw in an ATI driver was at the center of the mysterious Purple Pill proof-of-concept tool that exposed a way to maliciously tamper with the Windows Vista kernel. The utility, released by Alex Ionescu and yanked an hour later after the kernel developer realized that the ATI driver flaw was not yet patched, provided an easy way to load unsigned drivers onto Vista — effectively defeating the new anti-rootkit/anti-DRM mechanism built into Microsoft's newest operating system. Ionescu confirmed his tool was exploiting a vulnerability in an ATI driver — atidsmxx.sys, version 3.0.502.0 — to patch the kernel to turn off certain checks for signed drivers. This meant that a malicious rootkit author could essentially piggyback on ATI's legitimately signed driver to tamper with the Vista kernel."

cancel ×

248 comments

Let's blame Microsoft (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#20180891)

How long before the usual MS bashing starts on a clearly ATi problem??

Re:Let's blame Microsoft (1, Interesting)

dAzED1 (33635) | more than 6 years ago | (#20180995)

hi troll.

See, MS said this wouldn't be an issue. Specifically this. Regardless whether ATI has an issue, the Vista kernel shouldn't sign something that can be modified, without the signature changing.

Re:Let's blame Microsoft (0, Troll)

Anonymous Coward | more than 6 years ago | (#20181103)

I don't think you have any idea what you are talking about. Do you actually know what code-signing is and what it is used for?

Re:Let's blame Microsoft (4, Informative)

drawfour (791912) | more than 6 years ago | (#20181161)

You do realize that the kernel does not do any signing, that's Verisign's job, right? The kernel only verifies that the signature is valid (and trusted). All this hack is doing is causing the kernel to turn off the part where it refuses to load an unsigned driver.

From the article:

Vista is perfectly aware that an unsigned driver has been loaded: you will even get a warning a bit after the driver is loaded.

Re:Let's blame Microsoft (0)

Anonymous Coward | more than 6 years ago | (#20181469)

Vista is perfectly aware that an unsigned driver has been loaded: you will even get a warning a bit after the driver is loaded.
Vista is looking like an incredible joke after all this effort was made to secure it and a simple signed driver can get it to load unsigned drivers. And it is even aware of it but does nothing to stop the unsigned driver.

Are the unsigned drivers loaded with malicious intent going to sit around and wait for Vista to do what it wants to do next?

--
Off topic question:
Does anyone know how to run the Win XP command prompt in fullscreen mode on the main display and mirror it to a secondary display? Video output (on the mirror) always seems to die when command.exe is put into fullscreen mode. Does not seem to matter the make/model of video card or motherboard.

Re:Let's blame Microsoft (2, Informative)

dkf (304284) | more than 6 years ago | (#20181549)

You do realize that the kernel does not do any signing, that's Verisign's job, right?
Even that's wildly inaccurate, and just demonstrates that you're confused as to how digital signature systems (and other things based on a PKI too) work.

Verisign just signs the driver author's certificate, and even then just to say "these guys are who they say they are, and they're doing code signing with the key matching this certificate". They most certainly say nothing at all about the correctness of the drivers; that's up to the driver author (and maybe Microsoft too).

Re:Let's blame Microsoft (2, Informative)

KiloByte (825081) | more than 6 years ago | (#20181557)

Actually, Windows will accept only stuff signed by Microsoft itself, and they take a hefty chunk of change for the privilege. You cannot also choose to have a driver which Microsoft doesn't like signed -- so that state-of-the-art professional sound processing tools are a no-no if they somehow can be used to record "premium content". Or if, say, the driver's authors somehow competes with MS.

VeriSign can sign only SSL certs and certain less-well-known types of keys for you.

Re:Let's blame Microsoft (1)

Yetihehe (971185) | more than 6 years ago | (#20181983)

and they take a hefty chunk of change for the privilege.
Actually about $250. Joanna Rutkowska has managed to sign her own driver intended to punch a hole in vista [invisiblethings.org] , registered as microsoft partner and obtained the certificate.

Or if, say, the driver's authors somehow competes with MS.
She clearly competed with them in security business ;)

Re:Let's blame Microsoft (2, Insightful)

Magada (741361) | more than 6 years ago | (#20181031)

It starts here, with me. Microsoft is making driver devs jump through hoops with the whole signed-drivers thing when all it takes (as has been shown in this case) is ONE signed driver with ONE exploitable flaw to break the whole scheme.

What are Microsoft going to do now? Revoke the key they used to sign drivers with? How many copies of Vista wich verify drivers with the now-revoked pubkey have already been sold? How many devices were sold in retail with drivers which will no longer JustWork(tm)? Will Microsoft and the OEMs have the resources to re-certify each of those, or will they sign blindly?

Each of those probably stands a 50-50 chance of being either rooted or patched with the new key the first time it's connected to the 'net. How's that for convenience?

Oh, did I mention that finding another bug in another driver signed with the new key will mean the whole process must be repeated?

Oh and did I mention that if someone finds such a bug and sits on it, they have root to any Vista system in existence, until the bug is found and fixed (which may be never)?

Re:Let's blame Microsoft (0)

Anonymous Coward | more than 6 years ago | (#20181107)

I'm interested in how you came to the conclusion that a machine hooked to the net has a 50-50 chance of being rooted by a local exploit. It seems extremely unlikely that 50% of the people who hook up to the net on an x64 box (tend to be technical folks on x64) are going to be all visiting malicious sites, and be tricked into running malicious code that they have to choose to run. Oh, wait - you just pulled those numbers out of... air? or something else with three letters?

Re:Let's blame Microsoft (5, Insightful)

morgan_greywolf (835522) | more than 6 years ago | (#20181237)

(BTW--I've been using Linux as my primary OS since 1996, so no I'm not Linux bashing)

Well, one thing to consider is this -- how different are other OSes like Linux? With Linux, a root exploit in a kernel module gains you access to the whole system as well, especially when you consider that it uses a monolithic kernel. IOW, kernel modules directly patch the Linux kernel, live, in memory. Now consider that the ATI drivers for Linux are based at least in part on the ATI drivers for Windows.

Mind you that some things like SELinux might help to mitigate some of this in some scenarios, but not in all.

Re:Let's blame Microsoft (1)

domatic (1128127) | more than 6 years ago | (#20181551)

If you're paranoid, you can build a kernel with all the drivers you need and disable module loading. It isn't something I would do but .......

Re:Let's blame Microsoft (1)

morgan_greywolf (835522) | more than 6 years ago | (#20181685)

Yeah, I know. I've been using Linux really since the very early days of Slackware (just not as a primary OS), so I remember before there were such things as kernel modules. ;)

Re:Let's blame Microsoft (2, Informative)

LurkerXXX (667952) | more than 6 years ago | (#20181735)

This is exactly why the OpenBSD folks have been fighting against binary blobs and demanding open source drivers for hardware. Too many other open source OS's will gladly take a closed binary blob so that they can run hardware. And that leads to possible exploits down the road.

Re:Let's blame Microsoft (1)

mhall119 (1035984) | more than 6 years ago | (#20181757)

Well, one thing to consider is this -- how different are other OSes like Linux?
First off, this is part of the reason binary driver use is discouraged. Secondly, this only seems to be a way around Vista's requirement of using signed drivers, something Linux doesn't even try for.

Re:Let's blame Microsoft (1)

morgan_greywolf (835522) | more than 6 years ago | (#20181961)

Secondly, this only seems to be a way around Vista's requirement of using signed drivers,
Which is the mechanism Microsoft designed to defeat the installation of malicious drivers, right?

Re:Let's blame Microsoft (3, Insightful)

mhall119 (1035984) | more than 6 years ago | (#20182085)

Malicious to whom? This systems seems designed more to prevent the installation of kernel-mode drivers that would allow the circumvention of things like DRM. I guess it could stop the installation of rootkits too, but there are other ways to stop them. It's funny (to me at least) that there are things that Windows can stop even an Administrator from doing on their own machine.

Re:Let's blame Microsoft (5, Insightful)

Tim C (15259) | more than 6 years ago | (#20181305)

Each of those probably stands a 50-50 chance of being either rooted or patched with the new key the first time it's connected to the 'net.

It's a local exploit.

did I mention that finding another bug in another driver signed with the new key will mean the whole process must be repeated?

Third parties write crap, exploitable code and it's MS's fault? You can write exploitable kernel modules for Linux as well, yet somehow I don't think you'd be blaming that on Linus. If anything, this is an argument for open source drivers, not against MS's scheme - although how many people actually have the skill to audit the code they run, let alone auditing it?

did I mention that if someone finds such a bug and sits on it, they have root to any Vista system in existence

Every Vista install that uses the exploitable driver, you mean. Just as an exploitable driver for Linux would open every Linux install that uses that driver. For example, I have an NVidia card; as and when I upgrade to Vista, I won't be vulnerable to this particular exploit.

Try to tone the hyperbole down a little, it's not very becoming.

Drivier signing != driver quality (1)

Old time hacker (302793) | more than 6 years ago | (#20181775)

Every Vista install that uses the exploitable driver, you mean. Just as an exploitable driver for Linux would open every Linux install that uses that driver. For example, I have an NVidia card; as and when I upgrade to Vista, I won't be vulnerable to this particular exploit.

Errr... Are you sure? The bad guy can bring the ATI driver with him, and load it on your system. The key question is whether it will stay loaded long enough for the exploit to work even if the hardware is not present. At Blackhat this year, a bunch of similar exploits in Vista drivers were described, and at least some of them (possibly all) did not need their specialized hardware to load and stay loaded on the box.

Also, please note that getting your own signing key is not difficult or expensive ( $1000 ) and then you can sign any old chunk of malware that you like. Of course, you might want to make it do something useful as well so as to give yourself plausible deniability if it gets detected.

Re:Let's blame Microsoft (1)

Compholio (770966) | more than 6 years ago | (#20181805)

Third parties write crap, exploitable code and it's MS's fault?
It is when they've been espousing this whole "we check signed drivers to make sure they're good!" thing.

You can write exploitable kernel modules for Linux as well, yet somehow I don't think you'd be blaming that on Linus.
People do once they've been included in an official release of the kernel, which is equivalent to saying "we checked the driver to make sure it's good!".

Re:Let's blame Microsoft (1)

jhol13 (1087781) | more than 6 years ago | (#20181947)

Third parties write crap, exploitable code and it's MS's fault?
I think the OP meant that requiring signed drivers is inconvenience to the driver writers and users. A lot like Linux requiring recompile of non-distribution-included drivers in every kernel patch.

Do I need to say why Microsoft likes signed drivers? Do I need to say why Linus likes to break out-of-kernel-tree drivers? Both reasons are equally idiotic, btw.

Re:Let's blame Microsoft (0)

Anonymous Coward | more than 6 years ago | (#20181323)

At least Microsoft have a key to revoke, when this happens (probably just a matter of time, if it aint already happned) on OSX, Linux, *BSD etc you wont even get that unsigned driver warning.

Re:Let's blame Microsoft (1)

neaorin (982388) | more than 6 years ago | (#20181431)

What are Microsoft going to do now? Revoke the key they used to sign drivers with? How many copies of Vista wich verify drivers with the now-revoked pubkey have already been sold?
I was under the impression that each certified vendor was issued their own driver signing certificate, issued by the trusted CA. Thus, all MS has to do is revoke that specific certificate, and notify everyone via automatic update. I am not very familiar with Vista so I might be wrong though.

Re:Let's blame Microsoft (0)

Anonymous Coward | more than 6 years ago | (#20181565)

It starts here, with me. Microsoft is making driver devs jump through hoops with the whole signed-drivers thing when all it takes (as has been shown in this case) is ONE signed driver with ONE exploitable flaw to break the whole scheme.


And it takes ONE patch to fix it.

Let's be real here. It's not like DRM'd music or media, where once it's cracked, there's no way to uncrack it.

Re:Let's blame Microsoft (0)

Anonymous Coward | more than 6 years ago | (#20181579)

It starts here, with me. Microsoft is making driver devs jump through hoops with the whole signed-drivers thing when all it takes (as has been shown in this case) is ONE signed driver with ONE exploitable flaw to break the whole scheme.
It's been shown before. The hoops with the signed drivers are nothing about security and all about controlling who can develop for the platform.

Re:Let's blame Microsoft (1)

petermgreen (876956) | more than 6 years ago | (#20182125)

What are Microsoft going to do now? Revoke the key they used to sign drivers with?
They could just blacklist the ati driver in question. Of course that alone would probablly cause a LOT of customer upset.

Re:Let's blame Microsoft (4, Funny)

bl8n8r (649187) | more than 6 years ago | (#20181129)

Very quickly.

You must be new here, so I'll try and enlighten you.

You see, Microsoft is a lot like the smelly kid in 3rd grade that
used to drop a load in his shorts and not say anything while
everyone wandered around trying to figure out what died, where.

After a few of these episodes, whenever there was a strange smell,
it would come to pass that the smelly kid dropped another load.

Now, to make matters worse for the smelly kid, imagine him running
around telling everyone that he has solved the problem*. People are
relieved for a while until, guess what? The smelly kid drops another
load. How can this happen, isn't this supposed to be fixed?

This insane cycle of disappointment/re-assurance causes people to
get cynical very quickly and as a result, causes people to start complaining
very quickly.

[*] - http://news.com.com/Allchin+Buy+Vista+for+the+secu rity/2100-1012_3-6032344.html [com.com]

Re:Let's blame Microsoft (2, Insightful)

tttonyyy (726776) | more than 6 years ago | (#20181325)

But you'll also find that the Linux kid will also drop a "load in his shorts" if he's using a kernel module with a flaw that can be exploited.

It is impossible to prove that any piece of software is 100% bug free. Impossible. Regardless of your operating system, if you trust kernel-level drivers (you actually want to *do* something useful with your system?), chances are that somewhere there is an exploitable flaw. It's just that no-one may have found it yet. There is no such thing as a 100% secure system.

Re:Let's blame Microsoft (2, Funny)

jaavaaguru (261551) | more than 6 years ago | (#20181605)

the Linux kid will also drop a "load in his shorts"

No, he will dump a core in his shorts.

More likely an "oops" moment. (0)

Anonymous Coward | more than 6 years ago | (#20181823)

n/t

which needs more than "n/t" since apparently this needs to be more original as someone has used the same comment before.

Re:Let's blame Microsoft (1)

mrsteveman1 (1010381) | more than 6 years ago | (#20182171)

Yes, but you'll understand why I'm unwilling to give Microsoft the benefit of the doubt, or another chance.

Comforting, in a way... (4, Funny)

an.echte.trilingue (1063180) | more than 6 years ago | (#20181169)

For my part, I'm not going to play the blame game since I don't know better either way. I am, however, in some strange way comforted to see that Windows users are starting to have issues with ATI drivers, too.

All those years of trying to get fglrx to work, avenged!

So, is that what you call passive aggression?

Re:Comforting, in a way... (1)

Gazzonyx (982402) | more than 6 years ago | (#20182305)

... All those years of trying to get fglrx to work, avenged!

So, is that what you call passive aggression?
No. after trying to get them to work once on Solaris (over the span of a week), I'd say it's justifiable grounds for homicide.

FP! (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#20180893)

Hi everyone!

FYI, you got SP, not FP (0)

Anonymous Coward | more than 6 years ago | (#20181083)

n/t

lol wut (0)

Anonymous Coward | more than 6 years ago | (#20180899)

Ironic that ATI drivers are the first major downfall of Vista.

Re:lol wut (0)

Anonymous Coward | more than 6 years ago | (#20181017)

Ironic in what sense? ATI has always been know for good hardware, and some of the quirkiest drivers in the market.

We need to strip ATi of its driver team, and then strip nVidia of their hardware team, and merge the remainder.

Re:lol wut (1)

Anonymous Coward | more than 6 years ago | (#20181087)

Ironic because ATI drivers are the cause of so many Linux troubles.

Re:lol wut (0, Offtopic)

Bert64 (520050) | more than 6 years ago | (#20181123)

Great idea, remove competition from the videocard market so that buyers only have one choice for high performance video cards.
Then watch as prices rise, and the pace of improvement slows massively.

Re:lol wut (2, Funny)

jaavaaguru (261551) | more than 6 years ago | (#20181723)

Just like the OS market... look how Windows' price has risen and how much of an improvement Vista is over XP.

Re:lol wut (4, Interesting)

fuzzix (700457) | more than 6 years ago | (#20181181)

We need to strip ATi of its driver team, and then strip nVidia of their hardware team, and merge the remainder.

What does it matter? Neither of them bother with proper overlay any more.

My last nVidia card was simply without overlay hardware. My last ATi card's overlay dropped resolution when a high refresh rate was used. At least the nVidia card could play a video at full res without resorting to GL.

It's not all about the 3D... :)

You do have a point about the drivers, though. While closed, nVidia's Linux module hasn't provided nearly as much heartache as ATi's... abomination.

Re:lol wut (0)

Anonymous Coward | more than 6 years ago | (#20181289)

Your nVidia card is defective. RMA it. I had two 7900 that had broken overlay.

Re:lol wut (1)

morgan_greywolf (835522) | more than 6 years ago | (#20181293)

ou do have a point about the drivers, though. While closed, nVidia's Linux module hasn't provided nearly as much heartache as ATi's... abomination.


I take you never had an Athlon XP with an AGP nVidia card, huh? Not that it's nVidia's or the driver's fault, it was really AMD's fault, but still...I'm just sayin...

Re:lol wut (0)

Anonymous Coward | more than 6 years ago | (#20181273)

As a matter of fact I think the optimal solution in this case would be everyone getting punched in the face very hard.

Obligatory post (-1, Redundant)

ilovegeorgebush (923173) | more than 6 years ago | (#20180909)

In Soviet Russia, Kernel tampers you!

...yeah

trusted computing (3, Insightful)

Anonymous Coward | more than 6 years ago | (#20180911)

ok...
so windows vista trusts ATI.
ATI trusts themselves.
I don't trust no one, especially closed-source drivers from ATI.

shouldn't they simply replace their "fglrx" with "ati", in their xorg.conf?

So I read it right? (4, Funny)

Wooky_linuxer (685371) | more than 6 years ago | (#20180913)

Vista has an anti-DRM mechanism built-in? Wow, and I thought Linux stood for free sofware... way to go Redmond!

Re:So I read it right? (1, Insightful)

CarpetShark (865376) | more than 6 years ago | (#20181135)

and I thought Linux stood for free sofware...


Linux does NOT stand for free software. It happens to have a (now old and relatively flawed) free software license. The main direction for Linux comes from a guy who likes Tivoisation (ie, DRM), and is of the opinion that politics like Freedom issues don't matter; he just wants to create tools.

If you want a Free Software kernel, that guarantees you'll still be able to use it at version 11.6, you'll need to look further afield.

You could argue that kernels don't matter much anyway, as long as they're posix, and that's true, to an extent, but most desktops are now embracing HAL, etc., which are linux-specific.

Croppies Lie Down (0)

Anonymous Coward | more than 6 years ago | (#20181149)

Oh, croppies ye'd better be quiet and still
Ye shan't have your liberty, do what ye will
As long as salt water is formed in the deep
A foot on the necks of the croppy we'll keep
And drink, as in bumpers past troubles we drown,
A health to the lads that made croppies lie down
Down, down, croppies lie down.

Fr1st or sekund prost!!! (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20180917)

yes yes

anti-DRM (0, Redundant)

radmege (1109385) | more than 6 years ago | (#20180919)

"... effectively defeating the new anti-rootkit/anti-DRM mechanism built into Microsoft's newest operating system." Increased security and anti-DRM? I guess Microsoft is finally listening to what consumers want!

Re:anti-DRM (-1, Redundant)

radmege (1109385) | more than 6 years ago | (#20180943)

"... effectively defeating the new anti-rootkit/anti-DRM mechanism built into Microsoft's newest operating system."
Increased security and anti-DRM? I guess Microsoft is finally listening to what consumers want!

Re:anti-DRM (0)

Anonymous Coward | more than 6 years ago | (#20180969)

Most likely it is Microsoft's response on the Vista platform to this. [slashdot.org] If SONY could do that, imagine what someone else might pull with pirated software cd copies or porn cd sold at the local computer flea market, etc.

Open Source drivers (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20180925)

Could this happen if ATI drivers were open source?

Re:Open Source drivers (1, Insightful)

Anonymous Coward | more than 6 years ago | (#20181053)

Yes.

Re:Open Source drivers (1)

Yvanhoe (564877) | more than 6 years ago | (#20181479)

But it would only appear on the frontpage of /. after two or three days, once it has been fixed.

That's why microkernels are useful (3, Interesting)

Anonymous Coward | more than 6 years ago | (#20180927)

if each driver had its own separate space, this flaw wouldn't affect the rest of the system.

Re:That's why microkernels are useful (0)

Anonymous Coward | more than 6 years ago | (#20181425)

Not that it would matter anyway, because the system would be too slow to be useful anyway.

Kernel Type (2, Interesting)

canistel (1103079) | more than 6 years ago | (#20180937)

I wonder (obviously not a kernel developer here), would a micro kernel prevent these types of problems, where malicious code which normally wouldn't have permission to do things, attack a part of the kernel (video driver) which does and so gain permissions?

Re:Kernel Type (1)

ilovegeorgebush (923173) | more than 6 years ago | (#20180979)

I'd prefer a decently written & thoroughly tested Kernel API to be honest. It's not like they haven't got the cash to invest in decent developmental and quality assurance practices.

Re:Kernel Type (4, Informative)

TheRaven64 (641858) | more than 6 years ago | (#20181079)

Depends. A video driver needs to be able to DMA data to and from the card. Even if it's in an isolated address space, a compromised driver can write all over physical memory by telling the card to. If you have an IOMMU then this can be alleviated somewhat. Some kernel component outside the driver could provide DMA apertures in the correct places, and if it did correct validation of the driver's requests (i.e. not let it open windows anywhere into memory except where it is owned by a process using the driver) then it would be possible for a microkernel to be safe from this kind of thing.

Re:Kernel Type (2, Insightful)

Magada (741361) | more than 6 years ago | (#20181085)

It's an interesting dilemma for Microsoft - they can't have DRM without video drivers running in kernelspace (performance issues), but DRM is broken if they allow drivers in kernelspace. Consider this: anyone can now load the vulnerable driver, apply Ionescu's magic and WHAM! I predict pirate-patched video card drivers for windows are coming soon - the oportunity to strip the DRM out of high-def movies from the comfort of your own PC is just too nice to pass up. And doing it with a legitimate copy of Vista? Priceless.

Re:Kernel Type (4, Informative)

drawfour (791912) | more than 6 years ago | (#20181131)

You may have missed the part in the article where the kernel *knows* it's running unsigned binaries, and thus turns off the DRM stuff. So there is no way to strip out the DRM, since that capability will be turned off when the system detects it's running unsigned binaries.

From the article:

Vista is perfectly aware that an unsigned driver has been loaded: you will even get a warning a bit after the driver is loaded. This also means that PMP will become aware that the driver is loaded, and disable high-definition media playback. This means that this tool will not help you bypass DRM in any way, because the original Vista protection mechanisms are still in place. Note that on Vista 32-bit, this behavior already exists by default in the OS, so it is not a "bug" of Purple Pill.

Re:Kernel Type (1)

Opportunist (166417) | more than 6 years ago | (#20181163)

That's exactly the problem: If the program runs "as" the driver, which is signed and thus trusted, the kernel does not notice that it's unsigned code. For the kernel, this is signed code. Worse (or better, depending on your POV), you run with a fairly high level of trust (being the graphics driver), thus you have a rather good chance to pop the DRM altogether.

Rules of the Road (4, Interesting)

mfh (56) | more than 6 years ago | (#20180965)

When hardware drivers are responsible for system integrity, all hope of safety is permanently lost. Introducing the new battleground for virus writers... fake patches:

YOUR VIDEO CARD NEEDS NEW DRIVERS: CLICK NEXT!!!!!

Re:Rules of the Road (1)

maroberts (15852) | more than 6 years ago | (#20181045)

AFAIK, this doesn't happen. I'm under the impression each release of a driver for Vista has to be tested and signed off by MS. However it does pose the possibility of an insider creating a sekret backdoor. Once you've created one backdoor, it'd probably be a good insurance policy to create an extra one so that when the first one is discovered, you maintain access.

Re:Rules of the Road (1)

petermgreen (876956) | more than 6 years ago | (#20182215)

btw is there an official "test" version of vista 64 bit intended for driver developers to use that doesn't have the protections?

Re:Rules of the Road (1)

a.d.trick (894813) | more than 6 years ago | (#20182101)

This is why hardware owners need to open the specs to their equipment so that the kernel writers can be responsible for writing the code. They don't need to provide any code, we can do that. That's how it works with the Linux kernel, with the exception of binary kernel drivers from ATI/Nvidia and a few other oddballs. It's actually been wildly successful for Linux and is (I think) the primary reason why Linux is so much more stable than Windows. Most of the crashes in Windows these days are from poorly written drivers.

Bug or feature? (2, Informative)

martinag (985168) | more than 6 years ago | (#20180985)

FTFA, quoting a Symantec senior manager: "Basically, that ATI driver has functionality that allows you to read and write kernel memory. It's either a bug or a feature of the driver." I guess it's a feature to the bad guys. To everyone else, it's a bug.

Re:Bug or feature? (3, Insightful)

mugenjou (912908) | more than 6 years ago | (#20181043)

I guess it's a feature to the bad guys. To everyone else, it's a bug.
I guess it's a bug to Microsoft and the content industries. To everyone else, it's a feature.

Re:Bug or feature? (2, Insightful)

Opportunist (166417) | more than 6 years ago | (#20181177)

If you consider someone a bad guy who wants his legally purchased machine to do what he wants, then yes.

Ah, you kids have it easy... (4, Insightful)

Glowing Fish (155236) | more than 6 years ago | (#20181021)

The fact that people are actually going to the lengths of breaking into Windows by using a legitimate driver with kernel access to load in rootkits...the fact that it even requires explaining, means that Windows has reached some type of real security. I mean, with Windows 98, you would just hit enter on the login dialog box, and there you were!

Re:Ah, you kids have it easy... (1)

sleekware (1109351) | more than 6 years ago | (#20181311)

Good point, Windows is almost ready for a networked environment! All kidding aside, I agree - Windows has come a long way in the security area.

ATI will patch this (4, Insightful)

Dekortage (697532) | more than 6 years ago | (#20181041)

Seems like the real concern is not that ATI's code opens a security hole. You know ATI will patch it. A more important question is, how many other securely-signed drivers, etc., have similar holes? How many drivers are there in a typical Windows Vista system, anyway?

At least Microsoft can say (with some truth) that it's not THEIR software which introduces the problem! (it actually is, of course, but not directly)

Re:ATI will patch this (1)

Iphtashu Fitz (263795) | more than 6 years ago | (#20181147)

You know ATI will patch it.

And how will ATI ensure that all people using the flawed drivers upgrade to the newest ones? How will the average Vista/ATI user even know that they are at risk of this flaw? Unless all those flawed systems are patched this will remain a fairly big hole to be exploited by the unscrupulous.

Re:ATI will patch this (1)

Dekortage (697532) | more than 6 years ago | (#20181455)

That's true. I would hope that Microsoft could roll this into its "critical updates" -- not that ALL users would get it, but it should cover a big spread.

No shit (1)

trifish (826353) | more than 6 years ago | (#20181105)

A kernel-level driver can own a system? No shit!

(BTW, that's one of the reasons drivers need to be signed to run on Windows Vista x64.)

Re:No shit (1)

sleekware (1109351) | more than 6 years ago | (#20181175)

It makes me wonder what Microsoft's security qualifications really are for a signed kernel level driver. How much do they really try to crack in to make sure that it is secure? Or do they just trust ATI to take care of this and sign anything they release?

Re:No shit (1)

trifish (826353) | more than 6 years ago | (#20182243)

As I wrote elsewhere (the /. threaded system prevents me from replying to two people at once):

"The point is that an author of a malicious kernel-level Trojan horse wants to stay anonymous, but can't. The certificate authorities (Verisign etc) need to verify your identity first before they issue a code signing certificate for you.

That's how it's much much harder for moronic script kiddies to release kernel-level Trojan horses for Vista x64. Because we (or at least the police) would be able to find out their names and addresses."

Re:No shit (4, Funny)

mhall119 (1035984) | more than 6 years ago | (#20182315)

It makes me wonder what Microsoft's security qualifications really are for a signed kernel level driver.
I believe they use the Verisign security test: If the check clears the bank, the code is secure.

Break the signing (1)

Tony (765) | more than 6 years ago | (#20182035)

How long before a signing tool comes out?

This whole business of "signing" is ridiculous. It's no safer than the current model. Perhaps even less safe, as it gives both the OS programmers and the end-users a false sense of security. "You can trust a signed driver."

No, you can't.

The only way I can see to make a truly safe system is to run each driver in its own VM, and create a virtual network between the drivers and the core OS. Each user-end program would also run in its own VM, and IPC would occur via the system network, rather than direct system calls. Each IPC message would have to have a signature for types of input (data type, string length, etc) and a common, well-audited message dispatcher would have to validate each message for conformance.

This is microkernel architecture on steroids, meaning it's big and slow and dumb, but solid. Even then, a single security flaw in the VM system would compromise the entire system.

Re:Break the signing (1)

trifish (826353) | more than 6 years ago | (#20182223)

The point is that an author of a malicious kernel-level Trojan horse wants to stay anonymous, but can't. The certificate authorities (Verisign etc) need to verify your identity first before they issue a code signing certificate for you.

That's how it's much much harder for moronic script kiddies to release kernel-level Trojan horses for Vista x64. Because we (or at least the police) would be able to find out their names and addresses.

It will not work. Ever. (4, Insightful)

Opportunist (166417) | more than 6 years ago | (#20181247)

Actually I'm amazed it took almost a year. I would've betted my annual income that something like this would surface before May.

Let's take a look at the inner workings of the system. Yes, MS has full access to the source code, so their drivers will probably not leak. They also have no "real" competition on the OS market (yes, there's Linux, there's MacOS, but what company would switch?). They can take their time to proof and perfect their drivers until you can be certain that they don't leak.

Do third party vendors have the source? No. Do they have tight schedules and competition breathing down their neck? You bet. Will they prefer performance or security? Well, what of those two is tested on pages like THG?

Worse yet, what if such a driver actually allows a user to "crack open" his system and use it as he pleases? Could you see people buy a cheap ATI card just for the purpose of disabling the DRM? I mean, there have been really, really crappy games for some consoles that sold surprisingly well, because they contained a bug that allowed disabling certain security measures. Save-game exploits were quite popular for a while.

Could you see that this "security" bug could actually be a selling argument FOR the hardware rather than against it?

Re:It will not work. Ever. (1)

Tony (765) | more than 6 years ago | (#20181861)

(yes, there's Linux, there's MacOS, but what company would switch?)

Ernie Ball [com.com]
Wotif.com [zdnet.com.au]
Burlington Coat Factory [computerworld.com]
Peugeot [europa.eu]

Just to name a few.

And of course IBM and Novell, but they don't count, as they are strong GNU/Linux players.

Of course, Siemens was a bit off [newsforge.com] in their prediction of 20% market share by 2008. But I'd say there's the chance we might make 20% some day.

I see... (2, Funny)

lixee (863589) | more than 6 years ago | (#20181267)

So the reason ATI is not giving us Linux users free drivers, is because they care about the security of our systems. Talk about irony!

In Other News (1, Funny)

Anonymous Coward | more than 6 years ago | (#20181287)


  In Other News .... Dell Asks ATI for better windows vista drivers.

Linux fglrx module possibly also exploitable (2, Interesting)

chrb (1083577) | more than 6 years ago | (#20181295)

The fglrx module expects the registers related to Thread Local Storage to be in a certain state. If you mess around with it, you can cause a kernel crash. Try running wincecfg from <wine-0.9.31 under valgrind (wine>=0.9.31 includes a check for fglrx in TLS mode and aborts), it will crash the kernel with 100% repeatability. You can find details in ATI and wine bugzillas.

I always wondered if this could be turned into a more dangerous security exploit. And now I wonder how much code is shared between fglrx and the Windows driver, as it seems it has similar bugs.

Re:Linux fglrx module possibly also exploitable (1)

Bralkein (685733) | more than 6 years ago | (#20182189)

I'm sure anyone who's had much experience with the fglrx driver would be surprised if that piece of crap only contains one vulnerability ;-)

And this is why (2)

Ravenscall (12240) | more than 6 years ago | (#20181439)

And this is why I have used nVidia hardware since I upgraded from my Voodoo 3 3000. While ATI and nVidia may go back and forth in hardware performance, nVidia has much better driver support on Linux or Windows.

*Still rather upset That there is no linux acceleration driver for the ATI Rage Mobility in the original iBook, I would much rather run Linux on it than OS X or OS 9.

Re:And this is why (1)

a.d.trick (894813) | more than 6 years ago | (#20182161)

I agree that nVidia has pretty good drivers and cards (I <3 my new 8800), but they've had the same kinds of problems too. People don't write perfect code and if it's not open, the chances of bugs like these slipping through is very real. This is a problem for both companies.

Really cleaning up the Internet (-1, Troll)

tjstork (137384) | more than 6 years ago | (#20181747)

The whole problem with the internet is that our anti-malware strategy is defensive, and honestly, its just getting downright annoying and expensive. We need to go after people that actually create malware, and with some serious tools. It is increasingly reckless to let a few bad eggs hold the entire world hostage.

a) It's time to design the internet so that anonymous traffic is not possible. Make it possible to track the spread of this malware back from to the source. Make malware not just the crime of malware itself, but of identity theft as well.

a) Declare any writer of malware to be a Terrorist Enemy Combatant. If someone is writing an attack on an American computer system from offshore, we should have the CIA / FBI, etc, sending them to Gitmo as well. If foreign nations are not willing to enforce or do something about computer crime laws, then the United States has to enforce those laws for them. Send a few malicious geeks off to Guantinomo, I say. Cyberware IS terrorism.

Really, I'm way past hackers and security people being portrayed as some black and white struggle that we all must take part in. I'd much rather have my good guys in government going and killing all of the bad guys, without me having to even think about it.

Re:Really cleaning up the Internet (2, Funny)

frakfrakfrak (1049468) | more than 6 years ago | (#20182011)

Your troll-fu is weak, Daniel-san. Only when you can praise Jon Katz will you be ready.

Re:Really cleaning up the Internet (3, Insightful)

Knight2K (102749) | more than 6 years ago | (#20182231)

1. It is important to use the correct names for things. The word "terrorist" is subset of "criminal". My working definition of 'terrorist', which can doubtless be improved on, is: one who uses violence to create terror or panic within a populace in order to achieve political ends. Without the political component, a terrorist is simply a criminal guilty of assault, murder, theft, etc. and should be caught and prosecuted accordingly. By using this term incorrectly, you are just as guilty of spreading FUD as the U.S. government. While this may be an effective way to get attention, it is alarmist, unethical, and immoral.

By expanding the meaning of the term, the government has been able to greatly expand its power at the expense of its citizens. It certainly is important to catch and prosecute cyber-criminals, but discuss it rationally and pass appropriate, targeted laws to deal with the problem. More importantly, enforce the ones that already exist.

2. In most cases, a non-anonymous network would probably be fine, as long as encryption was used to keep data private. Unfortunately, we live in a world where, in some places, using encryption will get you tossed in jail, regardless of the content. In other words, it can be important to hide not only what you sent, but the fact that you sent it. A concrete example would be blogging in China. Given recent events with the NSA, I wouldn't be surprised if the U.S. government starts to take a more active role in discouraging personal strong encryption. How do we solve that problem?

3. Guantanamo is one of the worst violations of human rights in recent history. Even the basest criminals are entitled to due process. That's what makes our system justice and not revenge. The United States is NOT the world police. There is a process to be followed to enforce change in other countries. The lack of serious international backing is part of our problem in Iraq. The U.S., despite being the last world superpower, does not have the resources to fight every battle and prosecute every crime that other countries won't deal with.

You are right that we need effective computer crime laws and effective enforcement of them. The way to do it is to lobby other countries for this and establish treaties with them. Use diplomacy and sanctions where necessary. It isn't impossible; if we can get intellectual property laws perverted across the globe, surely we can expend the effort needed to reach cyber-criminals where ever they choose to hide.

4. The government is supposed to work for us, but it needs watching. One of the most important lessons of modern history is that we have to be active and mistrustful of government, in order for it to function correctly. The Bay of Pigs was the first warning and the Watergate scandal made this manifest. The Iraq war, NSA wiretapping, and the PATRIOT Act are examples of what happens when we fail to perform our role of government watchdog. I'm not going to trust the government on who the bad guys are. I want the FBI, the CIA, Interpol, etc. to gather evidence and arrest criminals and bring them before the appropriate judicial authority and prove their case before the public.

You are correct that this is a serious international problem and needs serious international intervention, but it also has to be done right.

My understanding was that video runs in ring 3 (3, Interesting)

NullProg (70833) | more than 6 years ago | (#20181751)

Oops, I guess not....

Because WPF is largely written in managed code on the common language runtime, it never ran in kernel mode. There are elements of WPF (called the MIL) that are written in unmanaged code, but that code also largely runs (and always has run) in user mode. Insofar as WPF needs to touch kernel mode stuff (e.g., drivers), it interacts with them through the existing DirectX APIs. The user mode and kernel mode aspects of the WPF architecture haven't changed.
http://arstechnica.com/news.ars/post/20051216-5788 .html [arstechnica.com]

So what did Microsoft gain with the Vista GDI changes?

Enjoy,

I'm not going to blame Microsoft (0, Flamebait)

ajs318 (655362) | more than 6 years ago | (#20181879)

I'm not going to blame Microsoft. I'm going to blame the various countries' legislators for not passing a law demanding that driver Source Code be published as a condition of approval of hardware for sale.

If there were such a law on the books, many vulnerabilities would be flushed out. The closedness is at the very root of the problems, and the only way to solve them for good is to enforce Source Code availability.

(I don't buy your "Let the Free Market Decide" bleatings. I can see where you're coming from, but you have to realise there is no free market in the computer hardware sector anymore, just a cartel of vendors who use various dirty tricks to prevent competition from outside. In this situation, only Government can make a difference.)

ATI (0)

Anonymous Coward | more than 6 years ago | (#20181941)

News like this only reminds me why I've stopped buying ATI video cards ... their drivers have always sucked big dead bison balls.

purple pill? O.o (3, Funny)

Spy der Mann (805235) | more than 6 years ago | (#20181981)

I only knew about the red pill and the blue pill. Hmmmmmmmmmm........

Morpheus: This is your last chance, Neo. After this, there is no turning back.
You take the blue pill, the story ends, you awake in your bed and believe whatever you want to believe. You take the red pill, you stay in Wonderland, and I show you how deep the rabbit-hole goes.Remember: all I'm offering is the truth, nothing more.
Neo: And the purple pill?
Morpheus: Oh, the purple pill gets you high. I can't guarantee what happens later.
Neo: I'll take the purple pill. (*gulp*)
(After a short pause...)
Whoa, dude, I can see what's behind the mirror! Whoa... everything's like computer code! I understand what the Matrix is now!!
(Back in the nebuchadnezzar...)
WE'RE LOSING HIM!
Neo: I can fly dude!!! Excellent!!!
Flatline: beeeeeeeeeeeeeeeeeeeeeeeep....

(Some time later...)
Trinity: Seriously, Morpheus. This is the 20th time we lose a potential "One" because of the purple pill!
Morpheus: He wasn't "The One". "The One" would have survived.
Trinity: Idiot.


Now, seriously, what's "purple pill"?

I thought the kernel was the holy of all holies (0)

Anonymous Coward | more than 6 years ago | (#20182173)

Why is MS allowing 3rd party drivers in the kernel in the first place?

Dang... (1)

PJ1216 (1063738) | more than 6 years ago | (#20182205)

...and just when you thought Vista was secure, somebody finds some way to break in...
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...