Windows - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Windows


Can a Rootkit Be Certified for Vista?



 By: Lisa Vaas
2007-03-15
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Windows story.


  Table of Contents:
  1. Can a Rootkit Be Certified for Vista?
  2. ' 2 '

Rate This Article:
Poor Best
Can a Rootkit Be Certified for Vista?
( Page 1 of 2 )

A roomful of hackers, CIOs and CSOs agree that Microsoft's given us the most secure version of Windows yet, but their approval is served up with a garnish of "excepts," "howevers" and "althoughs."

NEW YORK—Forget what Microsoft says about Vista being the most secure version of Windows yet. More to the point, what do the hackers think of it?

In a nutshell, they think its an improvement, but at the end of the day, its just like everything else they dissect—that is, breakable.

"Not all bugs are being detected by Vista," pointed out famed hacker H.D. Moore. "Look at how a hacker gets access to the driver: Right now Im working on Microsofts automated process to get Metasploit-certified. It [only] costs $500."

Moore is the founder of the Metasploit Project and a core developer of the Metasploit Framework—the leading open-source exploit development platform—and is also director of security research at BreakingPoint Systems. The irony of his statement lies in the idea that Vista trusts Microsoft-certified programs—programs that can include a hacker exploit platform that walks through the front door for a mere $500 and a conveyor-belt approval process.

Resource Library:

Moore was one of a handful of white-hat hackers in the audience of a session on Vista security here at Ziff Davis Enterprises 2007 Security Summit on March 14. The session, titled "Vista: How Secure Are We?," was presented by David Tan, co-founder and chief technology officer at CHIPS Computer Consulting.

By Moores side were equally prestigious hackers Joanna Rutkowska—security researcher at COSEINC—and Jon "Johnny Cache" Ellch, author of "Hacking Exposed Wireless."

For her part, Rutkowska granted that yes, one way to own a Vista system is by getting a rootkit certified, but if you want a compromised system, you dont even have to waste your time and money with certification—"It can be a graphics card with a stupid bug," she said. "You cant do anything about it. You cant sue the vendor for introducing a bug. You cant prove it was done intentionally."

Until Microsoft or some security vendor concocts a black list for buggy drivers, Rutkowska said, Vista is potential toast. Of course, bugs can always be detected in memory, right? Except—oops!—Rutkowska demonstrated a few weeks ago at Black Hat that exploits can in fact tinker with memory to hide their footprints.

Click here to read more about kernel rootkits.

But before the hackers, and Tan himself, pointed out Vistas security weak points, Tan outlined the improvements to the new operating systems security features. He praised Microsofts Trustworthy Computing initiative and the companys reshaped development cycle for the "phenomenal effort" that has produced products such as SQL Server 2005—a version of the database that to date hasnt had a single major vulnerability or exploit attached to it. "Microsoft deserves to be applauded for that," he said.

In keeping with that improved attention to security, Microsoft has added a slew of security features to Vista in the two areas you need to worry about in a client operating system, Tan said: namely, protecting the system and protecting data.

Those features include UAC (User Access Control), a feature that forces users to work in restricted accounts instead of with the rights of system administrators that they had traditionally been granted in previous Windows versions. UAC is active by default for all users—although it can be turned off—and even administrator accounts only get medium-integrity level rights in Vista.

UAC has been criticized on the basis of the debatable annoyance level pertaining to its warning boxes, which pop up in colors (orangey-red for caution, bluish-green for safe) and ask users if they really want to proceed with given actions. Rutkowska kicked off the criticism of UAC when she wrote in her blog that, although UAC is "the most important security mechanism introduced in Vista," it "can be bypassed in many ways."

Rutkowskas observations were soon followed by Symantec research scientist Ollie Whitehouses Feb. 20 posting titled "An Example of Why UAC Prompts in Vista Cant Always Be Trusted," due to the ease in which social engineering can be used to trick users into approving illicit user privilege escalation.

Next Page: Microsofts attitude problem.





  Reader Comments: Can a Rootkit Be Certified for Vista?
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Windows Articles          >>> More By Lisa Vaas
 


x}ks8q8c"#d[,ě[HH"$e[|9u_zВ3s6ЍFh@޻$\8auE1>=zg{HRsoM#6rJ9AF#:,t}w5k99rMz=>;|9|@D%SjNACm3g{zc_6gڄ2z9o2 fE63&6IE9J>֥qυB4HXߢر7R=2r3͛6B!|HJKd/B(?cc暿#=z'f^B(ʻF{ikiC2hj9TN`UƞfnڭcŰ A#c9p<v5#A%˙8Iؓ&Iuhl5D`iR13 LGeC1;T*%R*63-晚u@|͖|cXulAf@dnQӸTBp`V?J9y'C,\tY֡_׽kYoAבNAuӱCԣFr(˚79heynJ\WkQZ ^r7mù-Ӟ?89n^wfoFBEQB_vίr$([hmI5M-un es ^_wDUE`RG$_S::YgNwkQ2Z-KZPb٥v'Y̮gfVҘ gE)ԑY;lni_Wם~ 'םwfٚY JdTY3LU5Mw'gkr9i8sوlnAZjZ܌vO|3Q&ںa#j庤#3t;|jio]}:蜐$7Y>پBd}#7ReQ oȱn>@|Ӡd[q* ߱n^S;G7oRy۬) rƒ 4Ks;nZK0[#RFp\ Дa#Xذ 1"%̛ިҁye ,}PEtBAͨ8 . If(;΀/3A.r)i" 6=aL+^*,-j\כUsNVWt];7eя0-px=i[OSҿ]{[0*>cq4Y`I-. :mo:J=6RQ ^,ԕo+&rO f[Ԗ-Pò˔A >NfEG|F s>k4N< EC!ɠڴb{\fS4!E&-Ѐqpy4ڭ-%_ >< FNj$ >6(Zχ`j˦Mf@B9{ǻޚA<QБ4|a qjQ?]*~hs-w= } wA,߃9#z[LKx GN }p (~9-R;C/1{bA2 EEKy3@ $h5az/mb$w$]KI+\fD8nOu$]8gڹLX.QY,p[/ ͙JRdYu Q="`&Qea*0pRx5Qn-`oJ#UWj& MX,CtH{<7-` [N@N50OiH\U}`9ޟx=F~ h? OuG VV̚s=R.ƃ5‚L;i<͙iÂqjS9_Aa" eBC`9N{S^jkȓL%~K{0s k2 'yvw=g&.Q>j4<3_O#k[} e jJ=SsA|5i!3L&Ze n?oWur@Hod m_eƠemLGy+-m" IPצ(XkezdxE6*&CŸz҆CTCSs > XU.*r_- }d2wjeV9,Wfn (M!r?Ll5KWթw@4="zڽu@nZSπ|P9s?棄YTpܩ480T]2agRJMIas(zq |X0b=9[8[%f//+ Y{u]ؓ.[B|vnN 0|p4'Z>plZ`/R7&4wڳJ)ՇI ,䧒R.%&"I D ȸla,ri L*gXsM>QȚ a(JuѧI״&gzI4*$og+F#受aܧ^hL`Dk 570M9#LKo39>8Ģ7 `3\x+m`x䓋 ,*`ز|˘/ iX/I3$#v%*'L)`Ճ{3M\PvSןlf "9&S>j7j8Z>#ynR)brdLǖ8+ё,Xr*-ÏR vU#tT#CWta7)X]QiSZ9-Rxs޻e=UN_)"_pkx豸2] QB|F0f&P Lo P׊ ~e; ^,_]hD1(dyDF4@/=q8bk NM|8ڳ"ZJ qvsTy9kY%f+aEyݙizrujFYTy3is{9~ ޒO,gn;pi-uQby.Am /Ur-|SM:f2/cX_dU-'0dL4Ω,6 خiϼV&>e>c'}^ApaqgXo| wl>s7ѻMkls Kq3`93"豥mBt`#AAzEk-g}X#2␜ w*0΁MBPr 2=ct864>sǭi mmSQ Cz;9&KDVжU0H z7.qLspIZ7$MU"[WX HXLJ_ kbT 4DJ\SGQ>N<͠1p FM<1HJSO(NoZTRXUʅ7Ϣ C.{E/he~6Kfb;?mͥZ57g XsB5xԋ0%ezIMqza/;#nK-%. ހذ:Zk.ܒ(t].7f semn-`I3I9`{IO4c 3#f"\$X+JJYtn:0nȄOXD[~:J&2O%ss``OnΏ{ܝ9Ԍ!0F4HΝJIUKUjZ'0隆8ZRQ"YrrZRU+dP\xO+4CN\a+Tn\'G7ƒ"'! M+73,`jbUܘό&м~>A%BQ`о(&w,OɪO@T #NEw%]7!)lw9ZŗC ﵲ%<4Wsy!)X|pty*um~61%z˾NIU$(XMp4qߵs'^y {{:=\~; ElFp0Z<!hqo0unCR|IwѻGE-%{;z܉Z, YG# B\[ ǧ Bk;d4)(3~I]a3+"n@K}͙b9I.Dz=d_Ug0Tth#)۵}oc( Bf/3bB!|FgG<؇A(1 kNGvW/ё{k D&-bcaLFrEl&zRG>egu3_f Rt<~Ur;Pעo)MJ!}J_cNf4~P6=8,rh%縍vi3]a~:)}C/mN9˙~DҼ" Í7"HtSkԛC25 &r֚SE[D-{t#1ða 1|IZ;Ũu͒:p<5GK:)!OOp|N'I^VR6T$UT%!T4QLNbC]A+Cg ҿj]nOpVHp._xvIa%yx4*k85(AuNHqJiIgԢᬖ^}6y;qz])LU9$y/uϏ*zUb׽msD;1u;2x;zZ1ݾpne9?jwh{t3q=vbϓ{~\[5("Ξe氎cԆl+ҿܳRpfi#G.{ҺI09nJs 4h#s5yׅO>4dkwD /gyVz7~(,dk.}?I/K턟ݖycOKSϑ%٘&BEW5ln$jYpJe_.ȔWN HXd1.P2vA Js[gȞx~K7跷b o|}& ~W*];PI9w뻿~=mҲ(r_ZDNpw5Q${qI%.t}?.K`\Tky^v} ,$>?Gko D:*p&޸zQc%Fc?^SϗIOg 4˼gtYE`+RbW;`'h]%]sw2OE`Yfub9/ QDu>OȧԲEIѧb7x#Fۥhv`|v'leO}E𽧣|A=27 pt2OFZVʿ&!zr7EY :ON5+١3~zX~sZ0JT8xMw5!/&9qf.v?$=kЇxF\/;aF &1!wcݷhh/`@ܒg7od[r8вI`,OY z!Â1;tҷR8ҷqڜĴ)鄛S-DBtet{ed s/ b{! & [䌶S8MymXi겎D~(f#x; G,3J GvL=Ţ5 $sM$vKxKT?)%WCޮ8_{W q=XnI%v`bTJz=Ndl8S^ژu"1˓ H]%;J/΀f9xL<>b0ZfQ/yמ9 1\ ZN Z7gԮghhpYlޠwxq?Ȯ@-F:X}e#vj ސ4f7*B-ؓI?y#~9f@0C^<+[Q(Z]Ә,'-$倎ԗ!$tXHilX,Wb\{0  & nt{)_" =O Z?8!]H[`]~ nK"ŷcu N >~ILjٶ rFB mlnYq'Hy[)>G1h(Z96,nt8HT:4̩ pWL DW)!hD"ǔDZ8/D$=msj;1OU*%ek)/ftJz R0ұ V6&hBL񐩟oBx<BD4<8D" ~[D̴'Ҡw8URkr\9e|aV#9䃉y =JEq 4 B#Haо-^{9BJ<^ڕIlat QlP>łGJa}x>#XW3-68PŬ:<ʙ @-F{UB<'=U_|OIx8q0l7K|I-]wTކ|1=v@hh(@^W%;py7xZ0_ NWz5M/{ cBFB0T`yMZÄ%+. 16XE' #\|Q_z|۟;MJjA)HWcWH[3AɜWeST 8$-l-a $j}y $"r/eKN,Q]X.5sgvFs?Zv`~6/(-z:%>B'=ͭn9p]彈^v GKOINO7 9wu'h 0M;6#|– Ϡn:"/BqkH!Η#sFqQ 'KE"^ H6W^jYrJ)""(k[]e^&(76oqz|E]-ǹʙ/fYv ^1ҧx"uG93"o7yp"L|`,k^vu< ^ұ+2i?J>ͺ L# f0 C@Y̠?q47w޴>Gm"qIt-H X|{pK(a~3|l0|ea"o֙ pfW hws|( ٳ3qZݱ+0X~EE~S#we`4u\Ͳ{%⛽GKhMŗqCݑ[dx=[:XI0޿{mYom9k3u#)A5[o&@6௺eul>3/245=uaYujۈYޣ3玮zUFjjJ e85|6}Lzl~Jif#e։ )V$'0"*Θh֖ P2aD+op{B܈pi-nb1D+b@/]j 3}L?®/4s#:I^i[ũ߳yxHܨA9,7>kE_A-mҴjgϡ?1{TqĴ}bΈBqCb$JC!^tIw'y{Dd',oh6W;`aV3`n35yk9q-*ga1T!]A~2g^~ j~dRPy!Fv]Џ{Kb+I7{$qhkkj55AV^ ~/cZrD,?tUHE/]^|]~8. dP/m _Z6`z/lshh,vxSȥc.ݘjPWK.}KRG*+N+tW BZc[`Wes[ɣ.j",M jD:& x#-F5נ)x9mnbfģ Zkah;Xyh;b7==Vڹrq yK-y&,R37:U ^sÑٷS7nE[TxvXj!1c{x=<"c#@V`m 4,\ 6\πTnA4`}"gR%>(-^awUqjki\+襍ڕ v7x.e%&o[I{u><؉3m>}rJg+vl"n!Fr9t)61gwQ&'b^m9S lO0V94-^a=eE&d[j ilwIQg)q8 @\5m2d@$}bN+|G*%V¯n9*VܞVks빀oaD+ )o3AKOcSP0z"3_+@jLB(eYiv' .'G[oWp+XyPkGd}exx퐯J"r[jRY4BtMxk47+ SxC7)*E-%=lhxqـjEl~E:td'6ȝ;<"&s'?\vD! CVY `Oh$~bHp-SWld""36|:iY !CsA.7`оU #sQ_ u&.45\S{,wh <r`(r'J{CGy@{.}{:?qa)?Eo9fH s؇*훏חBPpo$u2#:́ lZhhԂIED#ThbGF#Os uϤۧ 45`BXRA~9I{F$1bNx ֭9Ӗ8d\11Fiŷ~(l;b21c|>O9p+$(W tR]ΰ*@[`g*#?B5C)%n67p>9E[hF Lma`t.PufQи/nF 33lf;. l9 :jT 1&F}.%nK YR$P!%h$bcx=9`1;B2_7=}c?ݩ2-'(  @Ka1c~PBMФPs]+J9qGwy }@YQ^*_ӄ^I+\QY / Ij WuGSIS`ٷCsrֻ&-rvnuj]EOYa[k|Sw{_NzW_:3x0calB[d_T ΓQ9luNSʙ`Q{µ,"^ûHKvE 3@cqy^ SO3xRv}YQJNa`W?z [~_ͦV\k! 4rUN>Mo )n}>e; MjV}QuxQ?f f_Cpj+彌rSi;O6}2!>A\󼳹skvN3ʡsQdc?(_6_ 05w~7 >зA.ЧA. .g7?QF/3 3ϡw槤Ixϕ]"&JRo-cENZ9.~QJxdR$d3,FDkaȁ % /ܻ Gz‰n}(KsL~<̊nOArtr m>v3y]ć^Zqz`^= Y>Y"h(x4|s&p&!H8?0HL{HNR?ǰs3@ Ez:}K=nqo804c[&Ǝ4HΝJIUKJ~+jZ'\#a *+P#}a`J^.U&K=# .m3^& 5ϡ'N!3pC>&J-F@ P1=:1_h ۼx-yTy؛ގe@V,(n[^AbkB#Vx3&kz9ɮ&\ŠMCao/a+Fö`Z';=2djy }b)049+hw]=ƾw<Ah_Mx u0e Ls.Ar&߲jOG *AlZ`nG/V|sS [-FlXXEr ;96.c˃a.yBҗ`pb9L#~YFF`˫)CЗs4w<1s(3+c]f N=Xv7i:{E-Ln_xLŒkAC!;}6bZI֠}ֽD#Z#7X[Nƀ_Po=,N7"fG9p<y x_ ˝Xܐ0bpa`O*}OqKAflk8cXK1w]Ww-'/Հ&"Pl-׵uLٝdRjx3BLr(pIdh/ 1IBm`Z(>/A0ظ!fIკ& ӃY&g@bg94Aأ_BDOv&n9/Fs{P΢$\?Wd]f A_f|bOh>Zo/TsLHKW;Ǧ e4:"XVX#e \1PSFӹ"}ǚ X?(xc\Ï$v'6AՋpO`ĵwB=XtKE-FAG}FV垓$gg_7b Fy&b3@p+? T|- 5\6$DRg }F0~N:]jV0N@9DeP^lc约1cbV!qdf[-["@# e`1l`ehDS,T6y *>% / imޢƄJu A]=_v{[=/'_pE5f*QTD K)Ybd㜙mrxgsg_(LWv:yDt[] E heӵx2 FWcV|JrX}P/)W:OOgsZ%O_Hv"]ʾ,{QAbV]s::h݆G0^qYKVl@swSa ٝ뱊vE=bꛆtE]khT[%**S6 9/ߵS3pݼ®"vyXA4gX3' ȱ ya1 g{y{~kC'>f k:a:=YʐL\ȏ,,$[녗Z']Y!hXj=E"ҁ )Q~9'f fE [Rj`Ʉn~3 f<˜4W6IĶqy4}qX0#ŸEr b#^;N~LʹcaPѽk xٚջHQ#.fY|Ԃ!gn耵]1ZBO .W654Ƙ]>T{&Lǫ6 92lt* X*KŬ"D0H'Z:tsh{h۟XsTHهl*~&6Y,{ۺнT~x