Results 1 to 3 of 3

Thread: Vista vs. Viruses

Hybrid View

  1. 01-26-2007, 11:08 AM #1
    Ron Lopshire Guest

    Vista vs. Viruses

    Some good food for thought from KL's Alisa Shevchenko.

    Vista vs. Viruses

    http://www.viruslist.com/en/analysis?pubid=204791916

    A couple of things struck me.

    1) Alisa links to and discusses some of the work (Blue Pill) of Joanna
    Rutkowska. You can get to most, if not all, of Joanna's work from here.

    http://www.invisiblethings.org/index.html

    Check out Joanna's Papers Section for movies, PDFs, Power Point
    presentations, and more.

    2) Where have we heard this before?

    Quote: "From this point of view, I can’t take User Account Control
    seriously as a security measure against malicious programs. There is a
    high probability that a function which irritates the user will be
    disabled. Either the user will click on “allow” or s/he will enter the
    administrator password without a second thought."

    3) Quote: "PatchGuard -> The Vista kernel (only for 64 bit platforms)
    is allegedly protected against modification. This is highly relevant
    given the fact that kernel mode rootkits are becoming more and more
    widespread."

    I have mentioned before that _I_ would not even consider putting Vista
    on a box without 64-bit architecture.

    4) Quote: "IE7 security features -> ActiveX Opt-in is a function which
    blocks all ActiveX management tools apart from those which are
    explicitly allowed by the users.
    ...
    And as for executing unknown ActiveX components - it's been permitted
    before, and it will continue to be permitted."

    How many clueless idiots think that _opt-in_ is a safety feature?
    Geez. MS's contention that Vista/IE7 is safe/safer/safest deserves,
    IMNSHO, to be in the category of "The only thing worse than no
    security is a false sense of security."

    WinXP was not useable in the Home/SOHO market until SP2. It will be
    interesting to see if this is a sign of things to come for Vista.

    Ron
    Reply With Quote Reply With Quote
  2. 01-27-2007, 01:42 PM #2
    Nick Skrepetos Guest

    Re: Vista vs. Viruses



    On Jan 26, 8:08 am, Ron Lopshire <not...@ovbl.org> wrote:
    > Some good food for thought from KL's Alisa Shevchenko.
    >
    > Vista vs. Viruses
    >
    > http://www.viruslist.com/en/analysis?pubid=204791916
    >
    > A couple of things struck me.
    >
    > 1) Alisa links to and discusses some of the work (Blue Pill) of Joanna
    > Rutkowska. You can get to most, if not all, of Joanna's work from here.
    >
    > http://www.invisiblethings.org/index.html
    >
    > Check out Joanna's Papers Section for movies, PDFs, Power Point
    > presentations, and more.
    >
    > 2) Where have we heard this before?
    >
    > Quote: "From this point of view, I can't take User Account Control
    > seriously as a security measure against malicious programs. There is a
    > high probability that a function which irritates the user will be
    > disabled. Either the user will click on "allow" or s/he will enter the
    > administrator password without a second thought."
    >
    > 3) Quote: "PatchGuard -> The Vista kernel (only for 64 bit platforms)
    > is allegedly protected against modification. This is highly relevant
    > given the fact that kernel mode rootkits are becoming more and more
    > widespread."
    >
    > I have mentioned before that _I_ would not even consider putting Vista
    > on a box without 64-bit architecture.
    >
    > 4) Quote: "IE7 security features -> ActiveX Opt-in is a function which
    > blocks all ActiveX management tools apart from those which are
    > explicitly allowed by the users.
    > ...
    > And as for executing unknown ActiveX components - it's been permitted
    > before, and it will continue to be permitted."
    >
    > How many clueless idiots think that _opt-in_ is a safety feature?
    > Geez. MS's contention that Vista/IE7 is safe/safer/safest deserves,
    > IMNSHO, to be in the category of "The only thing worse than no
    > security is a false sense of security."
    >
    > WinXP was not useable in the Home/SOHO market until SP2. It will be
    > interesting to see if this is a sign of things to come for Vista.
    >
    > Ron

    To me the bottom line is this - there needs to be education of the
    user - in our testing, Vista is harder to "infect" by normal means - I
    believe we will see spyware/malware lein more towards the packaged
    with other software method of infection - where the user runs an
    installer to install a piece of software and the installer has admin
    rights so it will be able to set the infection in place.

    Once you have install access you can do whatever you want - for
    instance, we have our kernel driver that allows us full, unrestricted
    access to anything/everything on the system for scanning and removal
    purposes - a hacker/malware author will certainly write something like
    this and then Vista will be infected as well.

    Nick Skrepetos
    SUPERAntiSpyware.com
    http://www.superantispyware.com

    Reply With Quote Reply With Quote
  3. 01-27-2007, 05:21 PM #3
    Ron Lopshire Guest

    Re: Vista vs. Viruses

    Nick Skrepetos wrote:

    > On Jan 26, 8:08 am, Ron Lopshire <not...@ovbl.org> wrote:
    >
    >>Some good food for thought from KL's Alisa Shevchenko.
    >>
    >>Vista vs. Viruses
    >>
    >> http://www.viruslist.com/en/analysis?pubid=204791916
    >>
    >>WinXP was not useable in the Home/SOHO market until SP2. It will be
    >>interesting to see if this is a sign of things to come for Vista.
    >
    > To me the bottom line is this - there needs to be education of the
    > user - in our testing, Vista is harder to "infect" by normal means - I
    > believe we will see spyware/malware lein more towards the packaged
    > with other software method of infection - where the user runs an
    > installer to install a piece of software and the installer has admin
    > rights so it will be able to set the infection in place.
    >
    > Once you have install access you can do whatever you want - for
    > instance, we have our kernel driver that allows us full, unrestricted
    > access to anything/everything on the system for scanning and removal
    > purposes - a hacker/malware author will certainly write something like
    > this and then Vista will be infected as well.

    Thanks for your thoughts, Nick. You might be able to educate the
    women, but the men are probably a lost cause.

    http://outside.arc.ab.ca/staff/erkamp/security.jpg

    That's the difference between boys and girls. Girls mature and become
    women. Boys just get older. [g]

    We, especially those of you fighting these creeps, have seen a huge
    shift in the paradigm as it pertains to malware throughout the course
    of WinXP's run.

    In 2002, it was porn-surfing, warez, P2P file sharing, script kiddies,
    and a bunch of other aggravations encountered using the browser as a
    vector.

    In 2007, it is spoofing, phishing, botnets, and multi-million dollar
    criminal empires using email as a vector (including Web Mail).

    In 2012, it will be --- if you know the answer to this, Nick, your
    retirement is already provided for. [bg]

    You do have to admit, though, getting links to porn in the mail was a
    hell of a lot more fun than getting a spoofed letter from American
    Express. LOL.

    Ron
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules