Windows XP Flaw 'Extremely Serious' 630
scottott wrote to mention a Washington Post article with the news that the security hole we mentioned on Wednesday has widened. Computers can now be infected just by visiting infected web sites, or looking at images in the preview panel of older versions of Outlook. From the article: "At first, the vulnerability was exploited by just a few dozen Web sites. Programming code embedded in these pages would install a program that warned victims their machines were infested with spyware, then prompted them to pay $40 to remove the supposed pests. Since then, however, hundreds of sites have begun using the flaw to install a broad range of malicious software. SANS has received several reports of attackers blasting out spam e-mails containing links that lead to malicious sites exploiting the new flaw, Ullrich said."
Gotta love it... (Score:5, Insightful)
Re:Sorry to say it got me (Score:2, Insightful)
How can you tell?
This week's Windows security hole article... (Score:5, Insightful)
Programming code embedded in these pages would install a program that warned victims their machines were infested with spyware, then prompted them to pay $40 to remove the supposed pests.
Where do you send the money? And they aren't afraid of getting caught?
What's the real lesson here? (Score:5, Insightful)
But it was really just bad luck that the bug happened to be found in the Windows WMF library and not, say, its Unix/X11 equivalent. Or libpng, or zlib, or whatever. Anyone who thinks otherwise is deluded. All software has bugs, and even if the quality of the free libraries is ten times higher (unlikely) there will still be plenty of memory tramplings and buffer overruns.
So, when the next vulnerability is found in a commonly used Unix library, will we be in any better position? Not really. Still the library is linked into the application and runs in the application's address space. It has access to all the files the app does, and traditionally on Unix that means everything the user has access too. Your email application may only need to read ~/.mail_settings and connect via IMAP to some host, but it runs with permission to overwrite any file owned by you and connect on any TCP/IP port it wants.
Why does the WMF rendering code need to run with any more permissions than: read a block of memory with the WMF file, and write a block with the rendered bitmap? (Or perhaps make display / GDI calls, if performance is a concern.)
What support is there in Unix operating systems for running common library code with only the privileges it needs? As far as I know Linux has no simple way to run a dynamically-linked library (.so file) in its own address space or without permitting it to make system calls. So when the next exploit is found in a common Linux library - and it will be found - the situation will be just as embarassing.
Re:MOD PARENT UP (Score:3, Insightful)
Take the number of *Nix viruses (included, BSD's, Linux, Unix, etc) and compare that to the number of windows viruses that showed up in the past 2 years alone.
MSFT doesn't care about security. Vista is a step in the right direction but they are keep way to much of the old code base for it to be useful for this decade.
Uploads (Score:5, Insightful)
My browser touches all sorts of things in the host OS, from the sound card to files that I upload and download. Luckily when I get AIM spam for foo.exe or some other sillyness I don't get far unless I type 'wine foo.exe', then even then ;-)
The true challenge is how to dial in the security to a reasonable level. Problem is getting all the millions of programmers to adopt more secure standards combined with the users, IT managers, etc.. that deploy the apps on desktops. Then, getting that out across the millions of home users too. Daunting task.
Windows Major Foul-Up (Score:5, Insightful)
The problem with the WMF (Windows Metafile) file format turns out to be one of those careless things Microsoft did years ago with little or no consideration for the security consequences.
Almost all exploits you read about are buffer overflows of some kind, but not this one. WMF files are allowed to register a callback function, meaning that they are allowed to execute code, and this is what is being exploited in the WMF bug.
I find this mind-boggling to the point of absurdity. Regardless of any supposed benefit gained by this, allowing a data file to execute arbitrary code upon it being viewed is simply begging for an exploit like this. No matter whan spin Microsoft will try to put on this one, it makes them look bad. Extremely bad.
Re:Well, Duh... (Score:2, Insightful)
When you run Linux.
Re:MOD PARENT UP (Score:5, Insightful)
Bull if that tired old BS was true then would you care to compare IIS to Apache?
Using the same criteria of course. Apache the market giant VS IIS the positions are almost reversed. But once again MS winds up with the lions share of the remote root exploits. Now how does that figure with the claim that market share = number of exploits?
Re:Well, Duh... (Score:5, Insightful)
If Windows Were Open Sourced (Score:2, Insightful)
FWIW, I think it would be a big mistake to force Microsoft or any other vendor to open source their product. Such a dangerous precedent would be akin to forcing OSS to be closed, which could then be attempted further down the road if political opinions shift against OSS.
That said, I agree that given time, it is plausible that the security of Windows would be better if it were open sourced rather than not.
Re:MOD PARENT UP (Score:2, Insightful)
runas
- You really think Mr. Joe Computer Illiterate would do that? Or how about Ms. Soccer Mom? One of the biggest Windows security issues is that everyone and their mother is running with root privileges. Unfortunately zillions of programs have been written by clueless coders who assume everyone is root. Endresult: You can't run many things without being root. As soon as you dwell into technicalities of user security, 99.99% of computer illiterate people will tell you to f*** off and let them use their computers as they want to. Not to mention they won't have the patience, will, desire to learn this stuff. They just want stuff out of the box that works. They don't want to spend time entering commands that appear to them as pure gibberish.
Microsoft needs to do a few things:
- Copy Ubuntu security ideas: no one knows root password, use sudo (well
- Take out IE and crap from the kernel. There is no excuse for a virus running as an image with SYSTEM authority. None.
- Default user setting is very limited. Right now windows doesn't even warn you (SP2) if you put a blank password as administrator. W-T-F?
But they key is, never let a clueless user have full control over the system except for one single process that is needed to configure hardware. All this have to be done seamlessly or users will simply ditch these measures and go back using root.
Re:Uploads (Score:3, Insightful)
This thinking doesnt require a paradigm shift, just an application of thought. As long as we have tools out there that will keep the average Jo from thinking, he wont.
Re:What's the real lesson here? (Score:3, Insightful)
Most embarassing is that while users wait for a patch, MS doesn't even suggest useful workarounds.. see the KB article [microsoft.com] "Suggested Actions" section, which says "exercise caution when opening email"? huh?
Of course, if you have Microsoft Onecare, you may already have a fix [windowsonecare.com]. I've never even heard of Onecare until today.
Re:MOD PARENT UP (Score:3, Insightful)
That doesn't make it false.
The first thing that would happen is that you'd have been told that a program was trying to execute for the first time. And you'd have to agree to explicitly allow it.
Interesting... I haven't used OSX much, but I have downloaded programs to friends' OSX boxes, and run them, and gotten no such prompt. In which cases does the OS ask you this?
Also, this example doesn't apply to Linux, so the argument isn't quite tired and old yet.
And then, even if you were that foolish, you'd still be forced to give administrative approval when that program tried to modify or install something outside the user space.
User space is all you need for most spyware/malware/worms. This is why sandboxing (the OP) should be more prevalent -- on all operating systems. Don't get too comfortable just because you don't run windows.
How these incidents get spun (Score:2, Insightful)
"Oh it could happen to any OS", but doesn't
"You should be using a virtual machine to browse the internet anyway", windows is *so* easy to use.
"It's only because Windows is popular", broken, braindead 'features' being exploited has something to do popularity
"All software is buggy", some software is much worse than others it would appear
In a few months we will be hearing from the same people how much better Windows is now all the probelms are fixed will and things like this will never happen again, that those 'lunix zealots just will never get over it, its not 1998 anymore l00Z3R$", that Windows is just as secure as anything, and on and on it goes...
It's time for a new soundbite...
Windows, only usable if your time is worthless.
Re:MOD PARENT UP (Score:5, Insightful)
What the hell are you talking about? If you're referring to the fact that default home users run as a Administrator or Poweruser by default, you're right, that's a mistake, but its a policy mistake, not a technology mistake. Windows lets you run as a lesser user, its just that by default you don't. Internet Explorer runs 100% in userland. There is no part of Internet Explorer which runs in the kernel. None. Although Internet Explorer certainly has more holes than Firefox, they are both limitted to the same order of magnitude of potential damage. The same as on other "real OSes".
Windows development culture is insecure (Score:5, Insightful)
It's the core security problem of Windows: the development culture doesn't respect security. Developers went for decades of DOS and Windows 3.1/9x without needing to worry about users and permissions. So they got used to assuming they could write whereever they wanted. When real user seperation and permissions became mainstream with Windows 2000 and XP, they weren't prepared to change. Because so much software required full access the easiest way to get stuff running is to run in an Administrator account. And since so many people (developers included) run as Administrator, why bother doing the right thing? Games are usually guilty, but there are piles of business and research software that is equally guilty. My brother is a sysadmin for a research lab. To keep Administrator access out of users hands, he has to bend of backwards to get the machines running the software his users need. A 2005 release of a $3,000 package that refuses to be placed in a directory with whitespace or a tilde, meaning it can't be installed in C:\Program Files. A $500 package that demands write access to a file in the C:\Windows directory.
This is one case where backward compatibility came at the expense of security. The development culture is moving too slowly. Bigger companies are starting to do the right thing and you get the occasional smaller development house following the rules. The killer is that huge mass of more specialized software. Apple bit the bullet when they cut over to Mac OS X; software had to do the right thing or it stopped working. Microsoft needs to make such a dramatic change or we'll be putting up with this bullshit for at least another five years.
Re:MOD PARENT UP (Score:2, Insightful)
True. But it's false nonetheless, for reasons (among others) that I went on to explain.
but I have downloaded programs to friends' OSX boxes, and run them, and gotten no such prompt. In which cases does the OS ask you this?
Every time.
Also, this example doesn't apply to Linux, so the argument isn't quite tired and old yet.
I didn't address Linux because I personally don't know enough about it. I'm sure someone else could explain what would happen if a rogue app tried to modify the OS.
User space is all you need for most spyware/malware/worms.
Not for the Sony root kit, which was the example I used. And not for the ones that install proxy servers, etc. So there is an entire class that functions on Windows that wouldn't work elsewhere. And they tend to be the more malicious ones as well.
Don't get too comfortable just because you don't run windows.
Good point. I am, however, way less uncomfortable.
Re:MOD PARENT UP (Score:2, Insightful)
Re:another use for Google (Score:2, Insightful)
Re:If Windows Were Open Sourced (Score:3, Insightful)
To answer your question, its not unless you make regular backups of your important data. If you made backups the system itself would be unaffected and you would have save versions of your important files. A simple wipe and restore of
The short of it is, a system is only as secure as the expertise of the person running it allows it to be. Simply running 'Geek OS flavor of the month' does not make you secure.
Re:Question (Score:3, Insightful)
Re:HEHEHE (Score:3, Insightful)
That seems reasonable to me.
Fuck up once, blame someone else.
Fuck up three times, blame someone else.
Once you've fucked up dozens and dozens of time, its your own damn fault. Pay some attention. Take some responsibility.
Re:MOD PARENT UP (Score:3, Insightful)
You are mistaken, or lying. I regularly plug in USB (and Firewire) devices as a non-Admin user and they work fine.
Re:MOD PARENT UP (Score:1, Insightful)