Microsoft fortifies Windows 7 kernel with overrun buster Microsoft engineers have fortified the latest version of Windows with a feature designed to make it significantly harder for attackers to exploit bugs that may be lurking deep inside the operating system. The safeguard is called safe unlinking, and it's been dropped into a part of the Windows 7 kernel that allocates and …
I'm not sure that's the phrase I'd use. (In fact, I expect someone else has already pointed out that every other OS currently available has had this for years.) It sounds awfully like they've just used the debug version of the pool allocator, which they've had ever since NT was a baby. Over the last 20 years, MS have introduced a number of run-time checks (in both kernel and user level code) initially as developer aids in debugging builds and then eventually left them in release builds as end-user protection against malice.
On the other hand, I think you will struggle to devise a meaningful benchmark that actually shows this to be either a resource hog (it *does* cost extra memory) or a performance hit, so it to be welcomed.
Of course, since the feature exists in previous versions of the OS and is being presented here as a security measure, Microsoft *ought* to retrospectively deploy it on XP and Vista since these are both products they currently claim to offer security patches for. My guess is that they will not do so. They will claim it breaks some obscure driver and argue that you need to upgrade to Win7 to get the increased security. Go on, Steve, prove me wrong.
Would be even better if every app under the sun wasn't running with system level privileges making this sort of band aid fix a whole lot less necessary though.
Can anyone currently running Windows7 tell me if this XP behaviour still applies to Win7;
Scenario: XP configured with multiple user accounts with itunes installed.
1) User A is logged in and using itunes.
2) User B switches to their own account which does NOT have admin privileges.
3) User B starts Itunes (for the first time). Itunes complains that it is already open and refuses to continue.
4) Switch back to User A and close itunes
5) Back again to User B and start Itunes.
6) Itunes does the "Running itunes for the first time" thing, thrashes about a bit and then declares "The system must be rebooted"
WTF is up with that? Why would the system need rebooting? Itunes was already installed and working. The user had no admin privileges yet (I assume) the itunes app was still able to update the kernel (or some other critical system file) enough that a reboot was required.
That just STINKS of poor OS architecture design to me.
Assuming itunes even works in Win 7, would a similar situation yield similar results?
.....to knock Microsoft and their efforts, however I installed Windows 7 a couple of weeks ago and I really like it! And being a Vista-hater-sorta-person that's quite a thumbs up (and I don't mean pushing the turds either!).
Given that this is only release-candidate or beta stuff currently they've done a good job of humping the competition. And speaking of humping where's that Paris.....
"That just STINKS of poor OS architecture design to me."
Files on disc are locked if any program is using that file. If the program can be closed (i.e. has a GUI) then there is no great issue - the installer should ask you to close the programs. For others, the installer cannot do this (or the user may not have rights to stop the process, it may have no GUI, it may be part of a system service).
So the install/uninstall may have to happen at a point where nothing is using the affected file - which is at a reboot.
This, of course, applies mostly to XP. VNTFS on Vista is transactional and greatly reduces the chance of file-locks and the need for reboots.
It should also be noted that many of these reboot requests are spurious and put in by incompetent developers who don't actually know the dependencies of what they are updating. "Install done - show the reboot dialog". These are the same morons you assume that you use the C drive for "Documents and Settings" - gods help you if you try to change it!
There are things that could be improved in Windows. Take iTunes. It's probably chocking over trying to update an XML file (or something) for the Mobile Device Service. Why can't the installer simply ask the OS to shut that down for a minute while it installs? Actually - why does iTunes install this service without first asking me?
Linux may have it's problems, but it can handle things like this much, much better and only needs a reboot when the actual kernel needs updated. I guess OS X and other *nix systems are similar.
6) Itunes does the "Running itunes for the first time" thing, thrashes about a bit and then declares "The system must be rebooted"
You are clueless.. How can you blame the way apple have authored their crappy installation package that tries to sneak on AppleSoftwareUpdate, Bonjour, MobileMe, QuickTime on Microsoft?
"You are clueless.. How can you blame the way apple have authored their crappy installation package that tries to sneak on AppleSoftwareUpdate, Bonjour, MobileMe, QuickTime on Microsoft?"
"How can you blame apples crappy product on MS" etc etc
Ummm, the user involved had no admin privileges. A decent OS (ie not Windows) would require that Bonjour and any other crap would need admin privileges in order to install the load of borderline malware listed above. Itunes did not ask for admin privileges in order to proceed, it just went ahead and did it.
That is sort of the point, wintards. Basically s[eaking, for the slow learners out there, a proper OS doesn't allow apps to do stuff they shouldn't do, not without explicit user authorisation anyway.
Whether itunes is crap or not is irrelevant. If it wants to do crap it shouldn't be allowed to do the OS should stop it.
Windows = Epic Fail
It's no wonder windows pc's are constantly being p0wned by every script kiddy that is out there.
Yet the interwebs are full of MS apologists that want to blame every rogue app's behaviour on the author of the application instead of where the blame truly lies, ie the OS vendor who'se crappy architecture allows dodgy apps to get away with anything anytime.
Paris because, I don't know, maybe I just need to think about someone with an IQ level that is higher than your average wintard.
"Ummm, the user involved had no admin privileges. A decent OS (ie not Windows) would require that Bonjour and any other crap would need admin privileges in order to install the load of borderline malware listed above. Itunes did not ask for admin privileges in order to proceed, it just went ahead and did it."
Err i bet to install itunes the user involved was logged in as admin, because it wouldn't install otherwise, because many develoeprs are lazy and require it (and i bet itunes is excatly the same). That is not ms's fault, its the developers fault (in this case, apple!) as they are just lazy and as such the general user gets lazy.
Don't blame windows because developers can't be bother to make there programs work without admin, MS have and still do advise that you don;t log in as an administrator (and remember logging in as an administrator is STILL different from using the administrator account)
"Paris because, I don't know, maybe I just need to think about someone with an IQ level that is higher than your average wintard." <--- well done for showing with that single statement that your IQ level is the same as your age (as if IQ has any bearing on computer use anyway).
Quote "Basically s[eaking, for the slow learners out there, a proper OS doesn't allow apps to do stuff they shouldn't do, not without explicit user authorisation anyway."
Couldn't agree more.
One of my personal peeve's with Windows is the number of unnecessary background tasks/start-up programs/system tray icons etc. etc. installed by applications that simply don't need them.
Example programs such as Acrobat Reader which installs an 'accelerator' which doesn't actually do anything useful other than eating system resources and slowing down boot times! Or quicktime which does the same. Install Steam and it runs automatically on boot, why? Do they really expect me to play Steam games every time I switch my machine on?
All application installs should explicitly ask permissions to install things like background services, tray icons, startup processes, browser plug-ins etc. If they don't ask, then the OS should notice what the installer is trying to do and let you know with a dialogue box, where you can then make the choice to allow it to continue or not. (Same with icons on the desktop, be nice and ask first!).
All app developers who create apps with services that are not actually required, should give you the option to use them or not during install, not wait till your restarted and then gone 'where did that icon come from?'.
I know some programs are useful to have running as services, or to have a tray icon, but the vast majority have absolutly no need to do so.
I regularly black-list applications and try to find alternatives to use if they insist on installing services that aren't actually required. (Quick time alternative, Foxit reader etc.)
So you mean like UAC?
It's application side that it tells you to reboot, it's got nothing to do with Windows. If Windows suddenly enforced lots of security practices (eg Vista) people would complain, apps would stop working, and people like you would get off on slagging off the OS for doing what you want it to do.
You even fail at trying to be a leet scener by spelling it p0wned. My IQ, at last test, is 168 and I'm a 'wintard' but then that doesn't register with you does it, because you're actually stupider than a lobotomised frog. I really hope you don't actually work in IT. Just grow up.
<rant>
I’m with goat jan on this, if iTunes is already installed and is available to all users on the PC then it should run, the individual user addressable data should be separated from the executable code and iTunes should be able to perform a context switch between applications instances. Yeah OK I know, there is only one speaker/sound card so it’s a bit of a moot point anyway, but if iTunes instance A is not actually using the sound device then instance B should be able to access it. This is OS design 101, but what has happed is that the goofs in MS have created a situation where every sodding application needs admin access to run properly and the goofs in ITunes have made the assumption that only one instance of iTunes will ever be running at the same time, massive fail x 2.
</rant>
So MicroShit had made an attempt to deal with buffer overruns, all these stupid ‘enhancements’ with fancy psudo-techy names like “Data Execution Prevention (DEP)” or “Address Space Layout Randomization (ASLR)” are just marketing hype, real programmers have being doing this for years, since before MS ever existed, its called bounds checking. I know non-MS/Intel hardware does support the ability to detect when an attempt is made to address memory outside the application address space, but this just points to a shite initial design of windows software/Intel hardware and how futile it is to try and turn what is a single user system into a multitasking syatem. Meh!
I too have being using a method to prevent bugs or exploits getting into my code, its called testing.
Microsoft's Security Science team writes here. "It doesn't mean pool overruns are impossible to exploit, but it significantly increases the work for an attacker."
OK, I’ll start the countdown till an exploit is found
10
9
8
7
6…..
Paris, who has caused lots of buffers to overflow
Windows doesn't help how it creates user accounts as administrators (I'm talking about Windows XP here BTW - I've not really looked at Windows 7 in detail).
If Microsoft wanted to address this problem, they should just change it - force the change, break backwards compatibility and work with the developers. Microsoft are the ones which steer the Windows ship afterall (not the developers - the developers work with the OS not develop it).
I doubt that backwards compatibility really works anyway otherwise what's the point in using the virtual XP system (it's 'cause Windows 7 breaks backwards compatibility already).
Mike
The windows installer service will not let a standard user install any packages, you must have installed the package with elevated rights.. when the next user logs and launches the app any parts of the application that are not in that users profile are then added... as I said itunes is a crappy installer that must have a reboot authored into the package by apple, not MS.
Take a look at the application log even you should be able to work out what is going on..
"If Microsoft wanted to address this problem, they should just change it - force the change, break backwards compatibility and work with the developers. Microsoft are the ones which steer the Windows ship afterall"
No its customers drive the ship, most customers will moan if they break all backwards compatablity (as customers moaned when it went to the nt kernal, and more recently with vista). Most enterprise customers want bakcwards compatablity, developers don;t wnt to have to maintain there code. So actually they are donig the best they can in a bad situation where no matter waht they do they will annoy someone!
But Goat Jam is still correct that the OS is responsible for kicking it's sorry butt for misbehaving. Moreover, whatever recommendations the MS "Security" team is making, the MS "Apps" team is not providing the tools to implement. The number applications we install that need Admin rights to run properly is atrocious, and the worst offenders come from Microsoft, and I'm talking their 2005, 2007, and 2008 versions of the programs, not stuff written way back in 1995.
If I read your first post correctly you stated that the software was already installed, a new user then tried to use it for the first time. You don't need admin access to run an exe to which you have access (duh), that exe will have access to the parts of your registry that you have access to modify (typically your HKCU\* or a subset thereof).
Just because you don't understand Windows security model doesn't mean that it's no good. You should also probably understand what you are slagging off before you accuse others of being idiots.
"If Microsoft wanted to address this problem, they should just change it - force the change, break backwards compatibility and work with the developers. Microsoft are the ones which steer the Windows ship afterall (not the developers - the developers work with the OS not develop it)."
Um, they tried that with Vista (UAC anyone?) and you can see where that got them.
Mine's the one with the tag that reads " Are you sure you want to put this on?"
"It's no wonder windows pc's are constantly being p0wned by every script kiddy that is out there."
Weird. In over 15 years owning and running PCs, with every version of Windows from 3.1 and up, I have never, *ever*, had a virus, trojan or other form of malware infection.
The security industry -- and make no mistake, it *is* an industry -- instantly activates their "Danger, Will Robinson!" mode, flailing their arms around and spreading panic, whenever there's even the remotest *possibility* of an exploit. Here's a clue: 99% of malware can ONLY be installed on your PC if you're been conned into visiting a specific website -- i.e., most of today's security problems are caused by ignorant users installing *trojans*.
Unix is no more proof against ignorant users than Windows. An operating system cannot read the user's mind. It has no way of knowing whether the program it just downloaded is malicious or benign.
You can either tell your users to avoid doing "X", without giving them any reasons why, or you can go that extra mile and *educate* them, so they know *why* they shouldn't do "X".
The former is like giving a starving man a fish; the latter is like teaching the man *how* to fish.
I switched to Apple in 2005, not because of all the FUD about its alleged insecurity. I simply don't like the GUI all that much. Windows XP's was mediocre at best -- it even allowed background apps to grab focus and switch to the foreground without warning -- and I just got fed up with its ever-increasing quirks and design flaws. Windows 7 looks interesting though.
OS X is currently at the top of my "Least Worst Operating System" list. (#2 is the late, unlamented "GEM"; I miss its drop-down menus.)
Oh why is it every time I see someone slinging terms like "wintards" or "mactards" etc at people do I get the impression that the person writing the post picked up all their technical knowledge from the side of a cereal box. And surprise, surprise, your ill-informed rant only serves to keep that record going. Oh and for bonus points you managed to throw in "p0wned" - nice work there champ.
If you go back and read YOUR OWN POST you'll see that the non-admin user isn't INSTALLING anything. They are running already installed software for the first time - so the entire basis for your rant is your own uninformed assumption that iTunes must have self-escalated its privileges based purely on the fact that iTunes requested a reboot? That's it? Seriously? I can think of several more plausible explanations quite easily.
How about that Apple's (lazy) devs assumed that you were most likely to be running iTunes "for the first time" just after installing it so they just have it run through the same routines (including the reboot) regardless?
*sigh*
Both the Firefox and Safari vulnerabilities that he proved were exploited on a Mac OS X system. The German hacker said the latest versions of both Firefox and IE take full advantage of features built in to Windows Vista that make it far more difficult to reliably exploit than on the current version of OS X. Those features, including "data execution prevention" (DEP) and "address space layout randomization," (ASLR) don't appear to be properly implemented between OS X and versions of Safari and Firefox built for that operating system, Nils said.
"It's quite easy to write an exploit for Firefox on OS X compared to Firefox on Vista," he said.
Charlie Miller, an analyst with Baltimore-based Independent Security Evaluators, also won a Macbook and $5,000, for developing an exploit for a previously unknown critical flaw in Safari on Mac OS X.
"Mac OS X has some ASLR but not much, and there is no DEP in OS X," Miller said. "My exploit relied on exploit code being in certain spot, and that it would [execute], and in Vista neither of those things would have happened."
I hadn't heard the term before, and I do try and keep up. Are there any actual examples of 'pool overruns', in the public domain, that can be successfully run on OS X and Linux
"Independent Security Evaluators has successfully exploited weaknesses in Windows, OS X and Linux. "I think they're trying to stay ahead of the curve"
“This simple check blocks the most common exploit technique for pool overruns,”
http://www.ditii.com/2009/05/28/microsoft-fortified-windows-7-kernel-with-safe-unlinking-overrun-buster/
Like, where and how did MS come out with a fix so quickly and why not design a MMU that isn't vulnerable to 'pool overruns' rather than havign to check for them, after the fact.
"It doesn't mean pool overruns are impossible to exploit, but it significantly increases the work for an attacker."
"Both the Firefox and Safari vulnerabilities that he proved were exploited on a Mac OS X system"
Sheesh! Enough already. We KNOW. We were all here reading The Register when they reported on it.
From the Pwn2Own website: "With a little tweaking, he ran a sleek exploit against IE8, defying Microsoft’s latest built in protection technologies- DEP (Data Execution Prevention) as well as ASLR (Address Space Layout Randomization) to take home the Sony Vaio and $5,000 from ZDI. "
So much for DEP and ASLR then. Guess neither Safari, Firefox nor IE8 are perfect and neither are OS X or Windows. Gosh! Who knew?
</sarcasm>
@Rob: you need to check your Twitter feeds more often. Haven't you heard? Jesus grew up, died, then got better. (Allegedly.) If he's still crying over harmless, inconsequential chit-chat like this, it's no wonder the Abrahamic religions are so f*cked-up.
Thanks for these two absolute classics:
1) "You even fail at trying to be a leet scener by spelling it p0wned."
Oh dear. Poor old Goat Jam must feel soooo embarrassed now...
2) "My IQ, at last test, is 168 and I'm a 'wintard'"
In my (albeit limited) contact with the outside world, the only people I've ever met who boast about their IQ scores also have the most amazing inability to be of any interest to anyone except themselves.
Anyway, I'm just relieved to know that my Windows ME system already incorporates safe linking and has done from the beginning, which is why I will never switch to anything else till the day I die.
"The windows installer service will not let a standard user install any packages, you must have installed the package with elevated rights."
Indeed, that would be User A
So when User B, who has no admin rights clicks on itunes, how is iTunes, which *should* be running with the privileges of User B, able to make kernel/system changes to a level that requires a complete system reboot?
"Would be even better if every app under the sun wasn't running with system level privileges making this sort of band aid fix a whole lot less necessary though."
Goat Jam, Post#1
"So you mean like UAC?
Well, no, actually. Normal, non-admin users should not be able/have to do the keep-on-clicking--yes thing either. That is the point of them being NON ADMIN USERS. Simply letting anybody who is sitting at the keyboard go clickety-clickety for every piece of malware that comes along solves absolutely nothing.
"It's application side that it tells you to reboot, it's got nothing to do with Windows"
Umm, do you know anything about how this stuff works? What could an application possibly do to the OS that requires a complete system reboot? Can anybody explain this to me? Don't tell me that itunes is crap and blame it on apple. I already know itunes is crap, but it it is the job of the OS to ensure that crap apps don't do stupid things.
Windows = epic fail in this regard
As others have said, you obviously don't understand the Windows security model.
An application, running as a normal user account, cannot do anything that requires administrative privileges.
And as for reboot messages, it IS the application that asks for a reboot, not the operating system itself.
Did you check that the application had done anything to actually require a reboot (file rename operation, installed a new service?) before coming on here and whinging about it? No, didn't think you did. As others have already said, check the Application log to see what really happened, rather than your worryingly inaccurate version of events. I too hope you don't actually work in IT.
All I'm saying is that Microsoft should be congratulated for taking security seriously not berated,
anything that makes an exploiter's job harder is a good thing.
IMHO Microsoft deal with security issues much better than Apple. MS is generally open about vulnerabilities, Apple is not.
Indeed, that would be User A
So when User B, who has no admin rights clicks on itunes, how is iTunes, which *should* be running with the privileges of User B, able to make kernel/system changes to a level that requires a complete system reboot?
----------------------------------------------------------
The windows installer service would not let this happen unless something has been authored in to the package - if that was the case user b would be prompted to elevate access and would need to enter an admin account and password.
The point you are missing is the devs are writing applications and packages that are doing this by ignoring guidelines\best pracises - in this case apple if what you said is really happening...
eventvwr - application log ?
What is happening is that a user with admin rights has installed itunes. Another user, who doesn't have all the user space crap (user ID files/directory structure and registry) setup is then running itunes. Itunes says to itself, it's the first time that this user has run me, I'll setup all my crap in his user ID/Registry, I've got access to it all because it's user space (there is a section of the registry reserved for each individual user's settings, to which that user has access). Itunes sets up the user's ID and then does the Windows programming equivilant of:
10 Print "Reboot now or later?"
This is probably because when itunes is actually installed it needs to restart a couple of services and it's a well known lazy programming method of making sure that everything you need to be restarted is actually restarted.
There is no rights elevation going on
There is no application installation going on
The application, for reasons best known to Apple programmers requests a reboot, it's probably a mistake.
Windows does have problems in some areas, this isn't one of them.
Nobody is playing fair with him... just let the lad live in his little world in peace... stop bothering him with fact's and stuff people!!
Ignorance is bliss... I suppose.
Personally... I'm looking forward to being able to switch my XP image for Windows 7 - been using the Betas and RC's and unlike when I did the Vista ones, I've not run into any real performance issues, or annoyances... my only issue is they took too long and messed up Vista in the first place - rather than move to a Vista laptop, I've moved to OSX in the last year or so... luckily for them though, my work moves less slowely - and I will still end up having to buy Win 7 for work.
Shouldn't we be switching out the Gate's logo's now?? Surely it's an angelic dancing or a crazy evil Balmer these days?
Tiggertaebo said;
"If you go back and read YOUR OWN POST you'll see that the non-admin user isn't INSTALLING anything. They are running already installed software for the first time"
Exactly. And once installed that app is running with system level privileges, allowing it to get away with this sort of crap.
"Would be even better if every app under the sun wasn't running with system level privileges making this sort of band aid fix a whole lot less necessary though"
Goat Jam, Post #1
An AC said;
"The OS doesn't tell an installer app that it needs to reboot, the installer app decides itself if a reboot is needed."
Umm, the only time a reboot should be needed is if the app has made changes to the underlying OS/kernel.
A non privileged user should NEVER be able to invoke a chain of events that *requires* a reboot. It is up to the OS to decide when a reboot is required.
End of story.
Fraser said;
"What is happening is that a user with admin rights has installed itunes. Another user, who doesn't have all the user space crap (user ID files/directory structure and registry) setup is then running itunes. Itunes says to itself, it's the first time that this user has run me, I'll setup all my crap in his user ID/Registry, I've got access to it all because it's user space (there is a section of the registry reserved for each individual user's settings, to which that user has access). Itunes sets up the user's ID and then does the Windows programming equivilant of:"
Right, and how the hell is that clusterfuck not classed as bad OS design?
What you are aptly describing is an application that is running with system level privileges. Let me remind you once again of the comment I made that kicked off this particular flame war.
"Would be even better if every app under the sun wasn't running with system level privileges making this sort of band aid fix a whole lot less necessary though."
Corr blimey, imagine if mainframes required a reboot every time a user tried to run an app for the first time!
There is a reason why they don't folks, and it all comes down to the OS architecture and design.
Windows = Fail
Please try to understand - A application will only run with system priviliges if it's ACL allows it so to do or if it accesses a service which starts with the system ID. You can, and lots of software does, run only with user priviliges. But, yes you are right it would be better if people/companies making installers were more carefull with the default ACLs they assign, that is hardly the OS' problem though.
As for separating the system and user space and furthermore separating individual users from each other, I don't even begin to known why you think this is bad design? Do you want each user to have to share their settings? Do you want the kernal to have the same privs as a user? Should an application not be available to a user added to the system after the app was installed, without re-install?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
