Security researchers have found a way to subvert the load-up procedure for Windows Vista and bypass its code-signing security checks. Indian researchers Nitin and Vipin Kumar of NV labs have developed a tool called VBoot kit, a custom boot sector loader, which launches from a CD. Once loaded, the tool allows hackers to make …
Microsoft seems to have forgotten the golden rule....
If you build it, they will come.
"Beta" and "Boot CD": How to beat this before the fact
How to defeat the 3v1l boot kit:
1: Don't run a beta of an OS on a production machine (granted this is tough for Linux geeks who like to recompile their kernels twice before breakfast).
2: Don't allow booting from CDs in BIOS (duh).
3: (If you're paranoid about resetting board BIOSes) lock or rivet the case shut to prevent changing a machine's boot order. Modern cases allow padlocks and you can use rivets instead of screws on older ones.
Let's see, we have the evil boot rootkit (defeated), the evil animated cursor vulnerability (defeated: IE protection, user account control and standard accounts on Vista, limited accounts on XP/2K) beaten before their release.
Funny, the only real Vista flaw so far is the slow deleting problem with the shell. Come on, everyone, try harder! It's not like you didn't have a whole year of betas to go looking for flaws... oh wait, yes you did! And this is the best you can find?
Physical access expoit SHOCKER!
Are we supposed to be shocked that, given physical access to the hardware, it's possible to circumvent software-based protection?
Not in the UK
I am sure the UK (labour) Government passed a law banning reverse engineering commercial code and therefore this method is illegal for use here and thus the findings are flawed.
So Vista is still safe in the UK.
No booting from CD?
Lets be realistic, you can't possibly disable boot from CD in the BIOS. If microsoft software ever tried this it would never go near any PC of mine again.
If I wish to install another OS on MY PC, then I'll damn well do it. No software provider has the right to hijack my machine and prevent me from modifying it.
Same thing if they prevent me from running GPL software, I'd get rid of that OS also.
It doesn't matter what's done to lock the OS down, someone will always want to have a "crack" at it.
If you buid a brick wall and go around telling people it's indestructable, expect someone to come along and have a pop at it. It's just human nature.
MS will never be able to 100% lock it down and I think they probably know this. It's a game of cat and mouse really, they'll just keep patching and patching to try and keep on top of any crack. It's just that the crack will just have to mutate to the same degree as Microsoft's patch. (WGA/IE7 anyone?).
Just two teensy-weensy other flaws, Gordon...
> ...Funny, the only real Vista flaw so far is the slow deleting problem with the shell....
... and the fact that Vista goes tits-up and crashes whenever you try to actually DO anything with it...
... and the fact that there are hardly any usable drivers for Vista even for hardware currently in production.. (yes, I know that MS doesn't write the drivers, but what's the point in third parties writing drivers for an OS that no-one actually seems to want...?)
Looks like the convicted predatory US monopolist is finally facing the possibility of revenue-hunger... after all, only two of its divisions even make a profit: Office and Windows... so if they go down... :-)
‘Researchers unpick Vista kernel protection’
I'm thinking going back to Windowsn 98.
Hackers won't be interested anymore in hacking that one.