On Jan 26, 8:08 am, Ron Lopshire <not...@ovbl.org> wrote:
> Some good food for thought from KL's Alisa Shevchenko.
>
> Vista vs. Viruses
>
> http://www.viruslist.com/en/analysis?pubid=204791916
>
> A couple of things struck me.
>
> 1) Alisa links to and discusses some of the work (Blue Pill) of Joanna
> Rutkowska. You can get to most, if not all, of Joanna's work from here.
>
> http://www.invisiblethings.org/index.html
>
> Check out Joanna's Papers Section for movies, PDFs, Power Point
> presentations, and more.
>
> 2) Where have we heard this before?
>
> Quote: "From this point of view, I can't take User Account Control
> seriously as a security measure against malicious programs. There is a
> high probability that a function which irritates the user will be
> disabled. Either the user will click on "allow" or s/he will enter the
> administrator password without a second thought."
>
> 3) Quote: "PatchGuard -> The Vista kernel (only for 64 bit platforms)
> is allegedly protected against modification. This is highly relevant
> given the fact that kernel mode rootkits are becoming more and more
> widespread."
>
> I have mentioned before that _I_ would not even consider putting Vista
> on a box without 64-bit architecture.
>
> 4) Quote: "IE7 security features -> ActiveX Opt-in is a function which
> blocks all ActiveX management tools apart from those which are
> explicitly allowed by the users.
> ...
> And as for executing unknown ActiveX components - it's been permitted
> before, and it will continue to be permitted."
>
> How many clueless idiots think that _opt-in_ is a safety feature?
> Geez. MS's contention that Vista/IE7 is safe/safer/safest deserves,
> IMNSHO, to be in the category of "The only thing worse than no
> security is a false sense of security."
>
> WinXP was not useable in the Home/SOHO market until SP2. It will be
> interesting to see if this is a sign of things to come for Vista.
>
> Ron
To me the bottom line is this - there needs to be education of the
user - in our testing, Vista is harder to "infect" by normal means - I
believe we will see spyware/malware lein more towards the packaged
with other software method of infection - where the user runs an
installer to install a piece of software and the installer has admin
rights so it will be able to set the infection in place.
Once you have install access you can do whatever you want - for
instance, we have our kernel driver that allows us full, unrestricted
access to anything/everything on the system for scanning and removal
purposes - a hacker/malware author will certainly write something like
this and then Vista will be infected as well.
Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com
Reply With Quote