Kernel crimps make Windows 8 a hacker hassle Windows 8 will make hackers' lives hard, says Windows internals expert, security researcher and co-author of Apple's iOS and the open source Windows XP clone ReactOS, Alex Ionescu. Now chief architect at CrowdStrike, a security company focused on nation-state adversaries, Ionescu says Windows 8 builds on the usermode exploit …
That is to say XP/Sp2 introduced an advanced firewall to the operating system. And a new basic user interface for for the new advanced firewall.
The Win 2K firewall was basic (access list), and configured by policy settings.
Prior to XP/Sp2 there was also the Internet Connection Firewall which was statefull firewall but with limited application.
Perhaps some of you who don't know what you are talking about will list the advanced features the XP SP2 firewall was missing, so that I can laugh at you.
Letting OpenVPN in UDP mode traverse the firewall in either direction.
Because it wouldn't let you do it. And you had to use tcp mode and/or install a "proper" software firewall on the machine.
Bugged me for YEARS. Windows Firewall was fine as a basic security front but died a death under any non-standard usage.
Anybody who uses the word "hackers" to describe a person who breaks into systems cannot be taken seriously. You couple this with kernel. Then you have kernel hackers, which are very legitimate kernel developers. It's all very misleading. I suppose the use of the "Windows" makes things a bit different. Though I wonder when they started talking about the "kernel" with the public. Effing retards...
Then every Windows 8 machine will get "owned", without anybody being able to do anything about it.
Specially trusted drivers guaranteed to load before anything else? Root kit paradise.
The TIFKAM sandboxes sound even more fun - are they seriously saying that I can't open a particular data file with two different TIFKAM applications?
What kind of user never needs to use a different application to open a given file?
What happens when you want to open that old Word 2012 document with Word 2014? Or even OpenOffice 50?
How do you edit a photo? Add an image to a document? Do all those things which are necessary for content creation?
This seems to be saying that you instantly lose all your data if you want to try out a different TIFKAM application for X.
They've put the nails in Windows 8's coffin before it's even born!
"The TIFKAM sandboxes sound even more fun - are they seriously saying that I can't open a particular data file with two different TIFKAM applications?"
Depends what you mean by "data file". All files contain "data". If you mean what is generally meant - a file with user data in it, then no, they're not seriously saying that. Sandboxing in this case refers primarily to processes, not files separate to the application that may be written or read to. The rest of the objections in this post follow from this misconception.
on Windows 8 has nothing to do with "improved security" More likely it's everything to do with Microsoft taking us back to the 80s by removing multitasking - so the malware can't run in the background while you use another app. You know, the same reason why nobody was able to create a working virus on the Commodore 64 - because it could only do one thing at a time.
Well, Microsoft did write CBM BASIC V2. Maybe they're trying to get back to their roots. However I, and most of the rest of the computing world, have since moved on.
This post has been deleted by its author
To be honest, even their non-sandboxing "security" was present in the 80's. It's been the first thing you do in any security circle - isolate user mode from kernel mode as much as possible. Everyone else got the hang of it, Microsoft was still running user code in kernel space and vice versa up to Vista at least, and because it was for "compatibility", all doubts were ignored.
That's pretty much why Windows has such a terrible reputation, security-wise, and why viruses exist in the volume they do. Because there was little to no separation between concepts that people were separating from each other back in the 60's. Hell, some things like 3DFX drivers (I think, I can't remember the exact device) basically ran a service in kernel mode that accepted commands from user-space drivers. And you could quite literally DMA any piece of memory ANYWHERE on the machine from user-space (and not even just from privileged users). They let that junk in, at some point, and allowed it to operate.
Tell me why processes all can see the Windows folder? Why they were allowed to write to it for YEARS? Why they were allowed to keep copies of system-wide DLL's in their own folders (and thus create DLL-version hell) and even overwrite system-wide ones with their own version? Why they were allowed to kill other applications? Why they were allowed to tamper with system settings in the registry at all?
On Windows, for years, every program was equal and could do just about anything it liked, including killing off system-registered anti-malware without the user knowing. They didn't want to sacrifice DOS compatibility and rather than emulate or isolate, they just allowed programs free-reign. Only now are they realising the problems associated with that, pushing products to "fix" that, and actually doing something about the security of their systems.
Anyone with half a brain knew they didn't care about the end user security years ago. That's what we were all moaning about. Now that it's come back to bite them and can be used as a sales metric, they suddenly want to fix all that?
"Why they were allowed to keep copies of system-wide DLL's in their own folders (and thus create DLL-version hell) and even overwrite system-wide ones with their own version?"
Make your mind up. Do you want programs to keep DLLs in their own direcetory or the system directory? You can't have neither and still have DLLs. DLL Hell is something I haven't experienced since Win3.1, its ridiculous that you're complaining about something that hasn't really existed for 17 years.
Wow a reply so full of fail it makes the original post look correct. DLL hell has largely gone away but really only since early XP days not 3.1.
>Make your mind up. Do you want programs to keep DLLs in their own direcetory or the system directory?
No what he is saying is programs should not be able to keep system DLLs in their own directories and programs should not be able to override DLL's in the system directory. He didn't say anything about application specific DLLs Pretty obvious and a big reading fail on your part.
Your post would have been timely in 2005 but even as a massive critic of M$ I have to say their security has come a sh_t ton of a long way since XP. They are still cleaning up their mess but are far ahead of security pariahs like Adobe and Oracle at this point. The actually do follow best practices for the most part now. Of course it took the worm/trojan fiascos of the early 2000s bringing down computers all over the world to get their attention.
"More likely it's everything to do with Microsoft taking us back to the 80s by removing multitasking "
This is incorrect. I have multiple active MUI applications running right now quite happily. You may be thinking of how applications are "tombstoned", i.e. frozen when not in use, on Windows Phone 7. That's fairly reasonable on a single core mobile device with hard limits on battery life, though inconvenient in some cases. The restriction is changed on WP8 so that, for example, you can have a VoIP application running in the background and alert you on an incoming call. But this never applied to Win8. Not sure where you got this from.
Hacker != Cracker || Attacker
Please use the correct term. I initially thought that Windows 8 was going to be a nightmare for innovators or their own developers (i.e. "kernel hackers"), then I realised you were using the wrong word.
FFS El Reg, sort it out.
Yes, more kernel-mode protections mean vulnerabilities are harder to exploit, and exploits are on average less useful (for example, what might have been a privilege escalation becomes a denial of service, as with the RDT issue mentioned in the article). But this is just another step in the arms race, and some of these kernel protections are already falling.
For example, SMEP, the feature on newer Intel CPUs to prevent execution of user-mode pages while the CPU is running in Ring 0 (kernel mode), already has a successful bypass for Win 8 x64.
This particular exploit uses "Return-Oriented Programming" (ROP), which is basically a technique for jumping to existing code that does your dirty work for you. It's relatively new, at least as a popular approach for exploiting vulnerabilities, because it wasn't really necessary until things like DEP became widespread. Similarly, stack-smashing was long regarded as a theoretical danger but too much effort to be worth pursuing (again, among the broad security/hacker community) until AlephOne's "Smashing the Stack for Fun and Profit" showed just how easily it could be done. Soon we had stack-smashing exploits everywhere.
In short, this is a quantitative change in Windows security, not a qualitative one.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
