Can a Rootkit Be Certified for Vista?

Discussion in 'Windows Vista General Discussion' started by Guest, Mar 17, 2007.

  1. Guest

    Guest Guest,1895,2104462,00.asp

    Can a Rootkit Be Certified for Vista?
    By Lisa Vaas
    March 15, 2007

    Be the first to comment on this article

    NEW YORK-Forget what Microsoft says about Vista being the most secure
    version of Windows yet. More to the point, what do the hackers think

    In a nutshell, they think it's an improvement, but at the end of the
    day, it's just like everything else they dissect-that is, breakable.

    "Not all bugs are being detected by Vista," pointed out famed hacker
    H.D. Moore. "Look at how a hacker gets access to the driver: Right now
    I'm working on Microsoft's automated process to get Metasploit-
    certified. It [only] costs $500."

    Moore is the founder of the Metasploit Project and a core developer of
    the Metasploit Framework-the leading open-source exploit development
    platform-and is also director of security research at BreakingPoint
    Systems. The irony of his statement lies in the idea that Vista trusts
    Microsoft-certified programs-programs that can include a hacker
    exploit platform that walks through the front door for a mere $500 and
    a conveyor-belt approval process.

    Moore was one of a handful of white-hat hackers in the audience of a
    session on Vista security here at Ziff Davis Enterprise's 2007
    Security Summit on March 14. The session, titled "Vista: How Secure
    Are We?," was presented by David Tan, co-founder and chief technology
    officer at CHIPS Computer Consulting.

    By Moore's side were equally prestigious hackers Joanna Rutkowska-
    security researcher at COSEINC-and Jon "Johnny Cache" Ellch, author of
    "Hacking Exposed Wireless."

    For her part, Rutkowska granted that yes, one way to own a Vista
    system is by getting a rootkit certified, but if you want a
    compromised system, you don't even have to waste your time and money
    with certification-"It can be a graphics card with a stupid bug," she
    said. "You can't do anything about it. You can't sue the vendor for
    introducing a bug. You can't prove it was done intentionally."

    Until Microsoft or some security vendor concocts a black list for
    buggy drivers, Rutkowska said, Vista is potential toast. Of course,
    bugs can always be detected in memory, right? Except-oops!-Rutkowska
    demonstrated a few weeks ago at Black Hat that exploits can in fact
    tinker with memory to hide their footprints.

    Click here to read more about kernel rootkits.

    But before the hackers, and Tan himself, pointed out Vista's security
    weak points, Tan outlined the improvements to the new operating
    system's security features. He praised Microsoft's Trustworthy
    Computing initiative and the company's reshaped development cycle for
    the "phenomenal effort" that has produced products such as SQL Server
    2005-a version of the database that to date hasn't had a single major
    vulnerability or exploit attached to it. "Microsoft deserves to be
    applauded for that," he said.

    In keeping with that improved attention to security, Microsoft has
    added a slew of security features to Vista in the two areas you need
    to worry about in a client operating system, Tan said: namely,
    protecting the system and protecting data.

    Those features include UAC (User Access Control), a feature that
    forces users to work in restricted accounts instead of with the rights
    of system administrators that they had traditionally been granted in
    previous Windows versions. UAC is active by default for all users-
    although it can be turned off-and even administrator accounts only get
    medium-integrity level rights in Vista.

    UAC has been criticized on the basis of the debatable annoyance level
    pertaining to its warning boxes, which pop up in colors (orangey-red
    for caution, bluish-green for safe) and ask users if they really want
    to proceed with given actions. Rutkowska kicked off the criticism of
    UAC when she wrote in her blog that, although UAC is "the most
    important security mechanism introduced in Vista," it "can be bypassed
    in many ways."

    Rutkowska's observations were soon followed by Symantec research
    scientist Ollie Whitehouse's Feb. 20 posting titled "An Example of Why
    UAC Prompts in Vista Can't Always Be Trusted," due to the ease in
    which social engineering can be used to trick users into approving
    illicit user privilege escalation.

    Next Page: Microsoft's attitude problem.
    Guest, Mar 17, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.