Sign in / up

back to article WoW! Want to beat Microsoft's Windows security defenses? Poke some 32-bit software

Two chaps claim to have discovered how to trivially circumvent Microsoft's Enhanced Mitigation Experience Toolkit (EMET) using Redmond's own compatibility tools. A report [PDF] by the duo at Duo Security describes how the Windows on Windows (WoW64) environment can be abused to bypass builtin security tools. WoW64 allows 32- …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Snake Silver badge

    Damned if you do, damned if you don't

    Running 64-bit native may be nice for system security but when a 64-bit program goes buggy, say goodbye to your overall system stability (go on, crash Photoshop 64, I dare ye!)

    Running 32-bit WoW allows far more gracefully recovery from app crashes but then allows security intrusions.

    Fist, meet Face. Head, meet Wall. Get to know one another.

    1 11 Reply
    1. Steve Knox
      Reply Icon
      Meh

      Re: Damned if you do, damned if you don't

      Running 64-bit native may be nice for system security but when a 64-bit program goes buggy, say goodbye to your overall system stability (go on, crash Photoshop 64, I dare ye!)

      I think that says more about the bugginess of Adobe software in general and PS64 in particular than about the relative merits of 64-bit vs 32-bit operating environments. If you have specific evidence that the 64-bit OS is responsible as opposed to PS64, feel free to provide it.

      6 0 Reply
      1. Snake Silver badge
        Reply Icon
        Stop

        Re: Damned if you do, damned if you don't

        "If you have specific evidence that the 64-bit OS is responsible as opposed to PS64, feel free to provide it."

        That's too easy. Everyone who downvoted me gets the same response:

        Are you actually telling me that it's OK for the OS to freeze when a 64-bit app crashes?

        Who cares if Photoshop 64 is buggy, it should never take the entire OS down with it. Are you people actually implying that it should?? Because that's exactly what your position is when you exclusively blame the app for this fiasco. I am quite sure that, if Linus Torvalds was told this about Linux, he'd have an absolute shit-fit.

        4 6 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: Damned if you do, damned if you don't

          I've had Linux programs completely lock up the PC, both 32 bit and 64 bit.

          3 1 Reply
          1. druck Silver badge
            Reply Icon

            Re: Damned if you do, damned if you don't

            But I've never been unable to ssh in to the linux machine and kill the rogue process.

            1 0 Reply
  2. elDog

    I call foul. You require two rarely used-together malware-magnets: Windows and Adobe xxx

    Who would ever run these things at the same time? And still have their jobs?

    11 2 Reply
    1. Snake Silver badge
      Reply Icon

      Re: I call foul. You require two rarely used-together malware-magnets: Windows and Adobe xxx

      Lol, great reply.

      If you do any form of graphic design work, you're using Adobe. Almost exclusively.

      For lack of a better choice, really.

      0 0 Reply
    2. thames
      Reply Icon

      Re: I call foul. You require two rarely used-together malware-magnets: Windows and Adobe xxx

      Well ironically, the Adobe Flash plug-in (along with the other usual suspects) is one of the things that had been holding back browsers from going 64 bit on Windows. The plug-ins authors couldn't be bothered to get their crap to work properly in 64 bit so users stuck with 32 bit.

      Third party vendor legacy lock-in is the reason why Windows was so far behind everyone else in changing to a 64 bit desktop. I switched to 64 bit with Linux not long after having the hardware that could support it and I had zero problems doing so. That was so long ago I can't even remember using 32 bit Linux on a desktop any more.

      Embedded or mobile hardware is pretty much the only place you'll find 32 bit CPUs these days.

      5 0 Reply
  3. Anonymous Coward
    Thumb Up

    Worth the read

    Very nice write-up, worth actually keeping as a reference (model, evil grin). I've cut the amount of 32-bit software to the bone just on principle. It helps that I max the memory at build time. Time to reconsider what goes where in virty machines.

    0 0 Reply
  4. RedneckMother

    Why are "we" still using "flash"

    I've tried (and, to date, failed) to spread the word about flash to various government webadmins - this shite must be deprecated - no, must cease, ASAP.

    A proprietary POS like flash is only (repeatedly) a vector for problems on the "web". I refuse to use flash. There are too many historical (hysterical?) problems, and there will continue to be problems with such dainbramaged BS on the web.

    Government sites (never mind everyone else) should be MUCH more concerned about "open access" to content. Tying info (and the display of same) to closed formats is ludicrous.

    3 0 Reply
    1. Tom 13
      Reply Icon

      Re: Why are "we" still using "flash"

      So what development tools in a Windows environment do you recommend instead?

      I'm not a web developer and don't pretend to be one. But as the front line I've recently been asked that question. Unfortunately all the rest of the web developers in our organization are on the Adobe wagon so Flash gets used extensively and that's the way they are likely to go even though it's a new project.

      sidenote: as far as I'm concerned Adobe's new licensing, downloading, and installing regime for their paid programs is even more shite than their Flash end user software.

      0 0 Reply
      1. Ken Hagan Gold badge
        Reply Icon

        Re: Why are "we" still using "flash"

        "So what development tools in a Windows environment do you recommend instead?"

        A fair question, but I think there is only one answer: HTML5 with gobs of JavaScript.

        On the plus side, it exists and has been largely standardised in a public fashion and has multiple implementations (just about, although I think we are down to about three now). Even its limitations can be seen as a plus point if you have reactionary views about "modern" UI design.

        On the down side, JS was designed to write handlers for HTML elements and it shows. Anything more than a dozen lines long is using the language beyond what it is suitable for. Much the same could be said for your favourite assembly language: good for a few short routines of pure magic, but only a fool would try to write an entire app in ASM these days. (Then again, as recently as the 1980s people did exactly that quite successfully by taking extreme care.)

        But what clinches it for me is that fact that there is nothing else out there. Flash and Java both suffer from being unforgivably dire security nightmares and both suffer from a parent company that refuses to release the design so that anyone else could have a go at fixing it. Therefore, both violate the Hippocratic maxim of "First do no harm.". If you are a programmer writing client-side Java or Flash for other people to run on their machines, shame on you. (And don't be surprised or upset if you find that an ever-growing fraction of your target customers refuse point-blank to consider your product because they have a blanket ban on your chosen platform.)

        0 0 Reply
        1. Michael Wojcik Silver badge
          Reply Icon

          Re: Why are "we" still using "flash"

          only a fool would try to write an entire app in ASM these days. (Then again, as recently as the 1980s people did exactly that quite successfully by taking extreme care.)

          "as recently as the 1980s"? We're still shipping, maintaining, and enhancing products with substantial components written in System z assembly, and we encounter customers who have significant assembly application portfolios all the time.

          0 0 Reply
        2. Tom 13
          Reply Icon

          Re: Why are "we" still using "flash"

          Thanks for the input. I've passed it along.

          0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like