Sign in with
Sign up | Sign in
Your question

AM2 major threat to users security?

Last response: in CPUs
Share
June 29, 2006 7:46:36 PM

I... just cant... stop laughing :lol:  :lol:  :lol: 

http://www.eweek.com/article2/0,1895,1983037,00.asp
http://theinvisiblethings.blogspot.com/2006/06/introduc...

I wonder how long it will take until her Blog will be called "intellablethings" or something like that =)
a b à CPUs
June 29, 2006 8:32:56 PM

lol, where are the horde now?

Great Find Ycon
Related resources
Can't find your answer ? Ask !
June 29, 2006 8:34:19 PM

W




T




F




?




What on earth does this have to do with AM2?
June 29, 2006 8:37:56 PM

I really hope you just stumbled across that, because it would be pretty sad if you just went out looking for an AMD flaw to start a thread about. That pretty much puts you on the same level of close-minded fanboyism at those you constantly complain about.
June 29, 2006 8:49:27 PM

Thanks to the latest virtualization technology from AMD called SVM/Pacifica it is possible for Joanna Rutkowska to build a rootkit called "BLUE PILL" and odds are that if it can be done AMD has big issues!
June 29, 2006 8:50:43 PM

Quote:
I... just cant... stop laughing :lol:  :lol:  :lol: 

http://www.eweek.com/article2/0,1895,1983037,00.asp
http://theinvisiblethings.blogspot.com/2006/06/introduc...

I wonder how long it will take until her Blog will be called "intellablethings" or something like that =)


Interesting, but wouldn't this affect Intel's visualization technology as well, when/if it comes/came out with a little modification. Either way, the world will come to that crossroads when it has to.
June 29, 2006 8:52:52 PM

Quote:
I... just cant... stop laughing :lol:  :lol:  :lol: 

http://www.eweek.com/article2/0,1895,1983037,00.asp
http://theinvisiblethings.blogspot.com/2006/06/introduc...

I wonder how long it will take until her Blog will be called "intellablethings" or something like that =)


that is not a flaw. It's a function. hypervisors are supposed to isolate the OS.
She even said it doesn't take advantage of flaws and that if it can be detected then there is a bug in Pacifica.

it's just anothe rcas where malicious people take a good thing and useit for something bad
June 29, 2006 8:56:38 PM

Quote:
Thanks to the latest virtualization technology from AMD called SVM/Pacifica it is possible for Joanna Rutkowska to build a rootkit called "BLUE PILL" and odds are that if it can be done AMD has big issues!


thats' like saying that if someone releases a bug for windows that doesn't rely on a flaw Windows is screwed.


Code injection is not somethign that the CPU can adequately guard against.

I'll be surprised if this doesn't work on Intel VT also.
June 29, 2006 9:00:53 PM

What I find odd about stuff like this is that legit people actually go out and tell the world about these things. That just inspires hackers and even gives them a direction to go in. If they didn't tell anyone about it, then the problem would stay far more contained and there would be a less likely chance that anything malicious would result from it.

Tell AMD, Microsoft and the other big players. Don't tell the world.
June 29, 2006 9:01:08 PM

Calm down fanboys, VT malware is already available for Intel and will be presented at Black Hat US. It seems these days we will nedd a Hypervisor just to keep these VT exploits away. Of course if you use Linux and secure it properly these VT exploits are just much more difficult to implement.

See BlackHat Conference , and search for "Dino Dai Zovi".
June 29, 2006 9:14:11 PM

I think that just about everyone who has heard about this trusted computing/virtualization bit knew that this was bound to happen sometime. And for those of you that don't know, AMD is in the same TC group that intel is.

Yay for making our computers "more secure" by taking control away from the users! I'm switching to gentoo....
June 29, 2006 9:19:15 PM

I Doubt It, But Its Possible, You Wont Know Until It Happens (If Ever)
June 29, 2006 9:21:56 PM

Gentoo Linux is the way to go man. But if you're coming from Windoze you might have to take a red pill :-))
June 29, 2006 9:23:25 PM

Well I'm of the "not really givin a sh*t crew" since as we all know computers are expensive toys and are bound to explode sooner or later. The FUD can be from any side in this. What's her name has not released anything yet though if possible it could be a mammouth issue for AMD.

Like the other guys here I can hardly stop lauging even though I have AMD computers. It is simply too funny not to laugh. Conroe is bad enough but this if true could be a recall sort of a thing LOL ROFLOL LMMFAO...

What will AMD do?? Will they fix all the 939s and AM2s?? Will they go to Mars? Toooooooooo funnnnny!!!!
June 29, 2006 9:34:38 PM

hackers really need to get a life...
June 29, 2006 9:43:26 PM

Quote:
Well I'm of the "not really givin a sh*t crew" since as we all know computers are expensive toys and are bound to explode sooner or later. The FUD can be from any side in this. What's her name has not released anything yet though if possible it could be a mammouth issue for AMD.

Like the other guys here I can hardly stop lauging even though I have AMD computers. It is simply too funny not to laugh. Conroe is bad enough but this if true could be a recall sort of a thing LOL ROFLOL LMMFAO...

What will AMD do?? Will they fix all the 939s and AM2s?? Will they go to Mars? Toooooooooo funnnnny!!!!


How is it a massive issue? Someone already posted that the same thign is possible with Intel.

It's the same as any exploit if the user clicks install, the CPU is out of the picture. This is not a flaw or a problem, it's an exploit of a technology tat does what it's supposed to do.

AGAIN THERE IS NO FIX CAUSE IT'S NOT CAUSED BY AN ERRATA. it just manipulates something that is there.
June 29, 2006 9:49:46 PM

Quote:
Thanks to the latest virtualization technology from AMD called SVM/Pacifica it is possible for Joanna Rutkowska to build a rootkit called "BLUE PILL" and odds are that if it can be done AMD has big issues!


Re-read the article. You caught the wrong flaw.

"Now, Rutkowska is pushing the envelope even more, arguing that the only way Blue Pill can be detected is if AMD's Pacifica technology is flawed."

In summary: Blue Pill would run the main OS as a virtual machine without the user being aware. She is saying AMD must have a flaw in its chip because it detects the fact Blue Pill is running.

If you understand the article this is basically a "security" flaw that would affect every OS and chip that supports virtualization. I.E. a maliscious user would insert the Blue Pill as a surrounding layer to the actual OS.
June 29, 2006 9:56:31 PM

I want to avoid the entire explanation that Kamel5547 wrote. My point was that if this is all true there is a problem w/ the chip and that would be K8 chips so.......... Uuuuut oooooooooo
June 29, 2006 9:57:14 PM

Quote:
Thanks to the latest virtualization technology from AMD called SVM/Pacifica it is possible for Joanna Rutkowska to build a rootkit called "BLUE PILL" and odds are that if it can be done AMD has big issues!


Re-read the article. You caught the wrong flaw.

"Now, Rutkowska is pushing the envelope even more, arguing that the only way Blue Pill can be detected is if AMD's Pacifica technology is flawed."

In summary: Blue Pill would run the main OS as a virtual machine without the user being aware. She is saying AMD must have a flaw in its chip because it detects the fact Blue Pill is running.

If you understand the article this is basically a "security" flaw that would affect every OS and chip that supports virtualization. I.E. a maliscious user would insert the Blue Pill as a surrounding layer to the actual OS.

? she said its' a flaw if a RED PILL can be used to detect the blue pill.
June 29, 2006 10:27:59 PM

Quote:
Gentoo Linux is the way to go man. But if you're coming from Windoze you might have to take a red pill :-))


If everyone moved to linux tomorrow, the virus writers would move to linux, and there'd be virii a plenty. Nevermind the fact that the masses would be clueless how to patch the OS....or even when to patch the OS.
June 29, 2006 10:45:51 PM

Quote:
If everyone moved to linux tomorrow, the virus writers would move to linux, and there'd be virii a plenty. Nevermind the fact that the masses would be clueless how to patch the OS....or even when to patch the OS.


That's a mistaken concept. If you properly secure a linux distro, a virus would have a very hard time getting through. First, the virus writer has to find a way to insert his malicious code in the system from an unpriviledged user-space. That's only possible if you find an exploitable flaw (like a buffer-overflow). Given the nature of open-source, back doors and exploitable flaws are very short-lived, because there are thousands of people who develop and test the code before they are declared stable. So virus writers only have a chance with installations that are old and haven't been "patched".
As for people not knowing how to "patch" the kernel, they don't really need to know, if a distro is well thought-out. The "patch" can be installed from an online-update service, and then all the user has to do is reboot. I am alien to this principle though, since I always compile my own kernel.
But I recognize that there are people that wil never want to switch to Linux, comfortable as they are to being treated as an ignorant idiot by the software moguls, who think users are best left not being able to think for themselves and having no business as to how to run and configure their own computers (Palladium, Trusted Computing, DRM, etc..).
June 29, 2006 11:20:41 PM

Hmm, its interesting.

Saying that this will cause a problem for AMD or Intel is a bit stupid though.

I just hope that eventually all of this idiotic DRM crap will bite paranoid companies in the butt so hard that it becomes illegal to subvert the operating system for ANY reason, be it virus writing or DRM garbage. But honestly, that is wishful thinking.
June 29, 2006 11:25:59 PM

Quote:
Well I'm of the "not really givin a sh*t crew" since as we all know computers are expensive toys and are bound to explode sooner or later. The FUD can be from any side in this. What's her name has not released anything yet though if possible it could be a mammouth issue for AMD.

Like the other guys here I can hardly stop lauging even though I have AMD computers. It is simply too funny not to laugh. Conroe is bad enough but this if true could be a recall sort of a thing LOL ROFLOL LMMFAO...

What will AMD do?? Will they fix all the 939s and AM2s?? Will they go to Mars? Toooooooooo funnnnny!!!!


How is it a massive issue? Someone already posted that the same thign is possible with Intel.

It's the same as any exploit if the user clicks install, the CPU is out of the picture. This is not a flaw or a problem, it's an exploit of a technology tat does what it's supposed to do.

AGAIN THERE IS NO FIX CAUSE IT'S NOT CAUSED BY AN ERRATA. it just manipulates something that is there.

They didn't give a link to prove Intel's VT suffers from this particular exploit.
June 29, 2006 11:35:25 PM

Quote:
They didn't give a link to prove Intel's VT suffers from this particular exploit.


Well yes I posted a link:


See http://www.blackhat.com/html/bh-usa-06/bh-usa-06-speake..., and search for "Dino Dai Zovi".

Please read the posts carefully before replying. In case your link is not working, here is a reproduction:
Quote:

Hardware Virtualization-Based Rootkits
Dino Dai Zovi, Principal, Matasano Security, LLC

Hardware-supported CPU virtualization extensions such as Intel's VT-x allow multiple operating systems to be run at full speed and without modification simultaneously on the same processor. These extensions are already supported in shipping processors such as the Intel® Core Solo and Duo processors found in laptops released in early 2006 with availability in desktop and server processors following later in the year. While these extensions are very useful for multiple-OS computing, they also present useful capabilities to rootkit authors. On VT-capable hardware, an attacker may install a rootkit "hypervisor" that transparently runs the original operating system in a VM. The rootkit would be loaded in physical memory pages that are inaccessible to the running OS and can mediate device access to hide blocks on disk. This presentation will describe how VT-x can be used by rootkit authors, demonstrate a rootkit based on these techniques, and begin to explore how such rootkits may be detected.
June 29, 2006 11:36:55 PM

Quote:
If everyone moved to linux tomorrow, the virus writers would move to linux, and there'd be virii a plenty. Nevermind the fact that the masses would be clueless how to patch the OS....or even when to patch the OS.


That's a mistaken concept. If you properly secure a linux distro, a virus would have a very hard time getting through. First, the virus writer has to find a way to insert his malicious code in the system from an unpriviledged user-space. That's only possible if you find an exploitable flaw (like a buffer-overflow). Given the nature of open-source, back doors and exploitable flaws are very short-lived, because there are thousands of people who develop and test the code before they are declared stable. So virus writers only have a chance with installations that are old and haven't been "patched".
As for people not knowing how to "patch" the kernel, they don't really need to know, if a distro is well thought-out. The "patch" can be installed from an online-update service, and then all the user has to do is reboot. I am alien to this principle though, since I always compile my own kernel.
But I recognize that there are people that wil never want to switch to Linux, comfortable as they are to being treated as an ignorant idiot by the software moguls, who think users are best left not being able to think for themselves and having no business as to how to run and configure their own computers (Palladium, Trusted Computing, DRM, etc..).

Yet here we are 2006 and hackers are still getting around the most gifted programmers on the planet, Linux or Windows it doesn't matter. As well Linux isn't anymore virus, Trojan, or spy ware, proof then Windows. The malicious software attacks the same way as well, they attach themselves to API hooks, insert themselves into code loops, hide in buffers, or mask themselves under different memory addresses, to name a few ways they get in. Linux and more specifically the Kernel are just as vulnerable as the Windows Kernel.

You also miss a great point there is money in the Windows market lots of money. While Linux and its 2^64 distros aren't.
June 29, 2006 11:38:43 PM

Quote:
If everyone moved to linux tomorrow, the virus writers would move to linux, and there'd be virii a plenty. Nevermind the fact that the masses would be clueless how to patch the OS....or even when to patch the OS.


That's a mistaken concept. If you properly secure a linux distro, a virus would have a very hard time getting through. First, the virus writer has to find a way to insert his malicious code in the system from an unpriviledged user-space. That's only possible if you find an exploitable flaw (like a buffer-overflow). Given the nature of open-source, back doors and exploitable flaws are very short-lived, because there are thousands of people who develop and test the code before they are declared stable. So virus writers only have a chance with installations that are old and haven't been "patched".
As for people not knowing how to "patch" the kernel, they don't really need to know, if a distro is well thought-out. The "patch" can be installed from an online-update service, and then all the user has to do is reboot. I am alien to this principle though, since I always compile my own kernel.
But I recognize that there are people that wil never want to switch to Linux, comfortable as they are to being treated as an ignorant idiot by the software moguls, who think users are best left not being able to think for themselves and having no business as to how to run and configure their own computers (Palladium, Trusted Computing, DRM, etc..).

Yet here we are 2006 and hackers are still getting around the most gifted programmers on the planet, Linux or Windows it doesn't matter. As well Linux isn't anymore virus, Trojan, or spy ware, proof then Windows. The malicious software attacks the same way as well, they attach themselves to API hooks, insert themselves into code loops, hide in buffers, or mask themselves under different memory addresses, to name a few ways they get in. Linux and more specifically the Kernel are just as vulnerable as the Windows Kernel.

You also miss a great point there is money in the Windows market lots of money. While Linux and its 2^64 distros aren't.


The problem is that hackers ARE the most gifted programmers on the planet and maybe working at MAJOR SW firms right now.
June 29, 2006 11:39:14 PM

Quote:
They didn't give a link to prove Intel's VT suffers from this particular exploit.


Well yes I posted a link:


See http://www.blackhat.com/html/bh-usa-06/bh-usa-06-speake..., and search for "Dino Dai Zovi".

Please read the posts carefully before replying. In case your link is not working, here is a reproduction:
Quote:

Hardware Virtualization-Based Rootkits
Dino Dai Zovi, Principal, Matasano Security, LLC

Hardware-supported CPU virtualization extensions such as Intel's VT-x allow multiple operating systems to be run at full speed and without modification simultaneously on the same processor. These extensions are already supported in shipping processors such as the Intel® Core Solo and Duo processors found in laptops released in early 2006 with availability in desktop and server processors following later in the year. While these extensions are very useful for multiple-OS computing, they also present useful capabilities to rootkit authors. On VT-capable hardware, an attacker may install a rootkit "hypervisor" that transparently runs the original operating system in a VM. The rootkit would be loaded in physical memory pages that are inaccessible to the running OS and can mediate device access to hide blocks on disk. This presentation will describe how VT-x can be used by rootkit authors, demonstrate a rootkit based on these techniques, and begin to explore how such rootkits may be detected.


The link doesn't work.
June 29, 2006 11:39:42 PM

Quote:
If everyone moved to linux tomorrow, the virus writers would move to linux, and there'd be virii a plenty. Nevermind the fact that the masses would be clueless how to patch the OS....or even when to patch the OS.


That's a mistaken concept. If you properly secure a linux distro, a virus would have a very hard time getting through. First, the virus writer has to find a way to insert his malicious code in the system from an unpriviledged user-space. That's only possible if you find an exploitable flaw (like a buffer-overflow). Given the nature of open-source, back doors and exploitable flaws are very short-lived, because there are thousands of people who develop and test the code before they are declared stable. So virus writers only have a chance with installations that are old and haven't been "patched".
As for people not knowing how to "patch" the kernel, they don't really need to know, if a distro is well thought-out. The "patch" can be installed from an online-update service, and then all the user has to do is reboot. I am alien to this principle though, since I always compile my own kernel.
But I recognize that there are people that wil never want to switch to Linux, comfortable as they are to being treated as an ignorant idiot by the software moguls, who think users are best left not being able to think for themselves and having no business as to how to run and configure their own computers (Palladium, Trusted Computing, DRM, etc..).

Yet here we are 2006 and hackers are still getting around the most gifted programmers on the planet, Linux or Windows it doesn't matter. As well Linux isn't anymore virus, Trojan, or spy ware, proof then Windows. The malicious software attacks the same way as well, they attach themselves to API hooks, insert themselves into code loops, hide in buffers, or mask themselves under different memory addresses, to name a few ways they get in. Linux and more specifically the Kernel are just as vulnerable as the Windows Kernel.

You also miss a great point there is money in the Windows market lots of money. While Linux and its 2^64 distros aren't.


The problem is that hackers ARE the most gifted programmers on the planet and maybe working at MAJOR SW firms right now.

And?
June 30, 2006 12:01:50 AM

Quote:
Yet here we are 2006 and hackers are still getting around the most gifted programmers on the planet, Linux or Windows it doesn't matter.


For a well configured Linux environment, there is no way a hacker can get around the user priviledge model.

Quote:
As well Linux isn't anymore virus, Trojan, or spy ware, proof then Windows.

I didn't quite understand that sentence.

Quote:
The malicious software attacks the same way as well, they attach themselves to API hooks, insert themselves into code loops, hide in buffers, or mask themselves under different memory addresses, to name a few ways they get in.

Again, the attack is only possible if the installation is not configured properly, or the user who infects the system is working as root. From an unpriviledged user account, an infection is only possible if a flaw is known and present in the system. Otherwise it's a no-go.

Quote:
Linux and more specifically the Kernel are just as vulnerable as the Windows Kernel.

Well, lets specify things here. Linux *is* the kernel. Most of the rest of the system utilities come from the Free Software Foundation. That's why Linux systems should be properly called as GNU/Linux. Now, to claim that Linux (the kernel) is as vulnerable as the Windows kernel is really innapropriate. To start with, the windows kernel image file can be written to from any user account. Try that with a well-configured Linux system. No way. The kernel image file is usually in a separate partition (/boot) and is not writable by unpriviledged users.
The Linux kernel image in memory cannot be modified by user-space programs.

Quote:
You also miss a great point there is money in the Windows market lots of money. While Linux and its 2^64 distros aren't.[/quote

True, if individual users are the target. If you want to hack the servers of large corporations that use Linux as critical real-time servers, than a lot of money could be made. Why don't we hear of that? Because it's a lot harder than targeting individual Windows users.
June 30, 2006 12:44:17 AM

Quote:
Yet here we are 2006 and hackers are still getting around the most gifted programmers on the planet, Linux or Windows it doesn't matter.


For a well configured Linux environment, there is no way a hacker can get around the user priviledge model.

Quote:
As well Linux isn't anymore virus, Trojan, or spy ware, proof then Windows.

I didn't quite understand that sentence.

Quote:
The malicious software attacks the same way as well, they attach themselves to API hooks, insert themselves into code loops, hide in buffers, or mask themselves under different memory addresses, to name a few ways they get in.

Again, the attack is only possible if the installation is not configured properly, or the user who infects the system is working as root. From an unpriviledged user account, an infection is only possible if a flaw is known and present in the system. Otherwise it's a no-go.

Quote:
Linux and more specifically the Kernel are just as vulnerable as the Windows Kernel.

Well, lets specify things here. Linux *is* the kernel. Most of the rest of the system utilities come from the Free Software Foundation. That's why Linux systems should be properly called as GNU/Linux. Now, to claim that Linux (the kernel) is as vulnerable as the Windows kernel is really innapropriate. To start with, the windows kernel image file can be written to from any user account. Try that with a well-configured Linux system. No way. The kernel image file is usually in a separate partition (/boot) and is not writable by unpriviledged users.
The Linux kernel image in memory cannot be modified by user-space programs.

Quote:
You also miss a great point there is money in the Windows market lots of money. While Linux and its 2^64 distros aren't.[/quote

True, if individual users are the target. If you want to hack the servers of large corporations that use Linux as critical real-time servers, than a lot of money could be made. Why don't we hear of that? Because it's a lot harder than targeting individual Windows users.

Ill put down my 1st born child and the second and my wife whenever I get married that Linux can be hacked destroyed and mauled just like Windows. NSA can do it the US Military can do it, and its been shown here. You want to see real programmers/hackers go there and watch those boys roll each other, its very exciting to see.

Let’s try it again the Linux Kernel is no less susceptible to attacks from a virus than the Windows Kernel.

Anything meant to be hacker proof is broken maybe you have missed the last 40 years of hacking.

Your arguement is flawed since Windows properly configured is just as resistant as Linux is to malicious software.

You don’t hear about it because top 500 companies don't say anything when they have been compromised. See here, it's just the tip of the iceberg so to speak.
June 30, 2006 12:45:13 AM

Quote:
If everyone moved to linux tomorrow, the virus writers would move to linux, and there'd be virii a plenty. Nevermind the fact that the masses would be clueless how to patch the OS....or even when to patch the OS.


That's a mistaken concept. If you properly secure a linux distro, a virus would have a very hard time getting through. First, the virus writer has to find a way to insert his malicious code in the system from an unpriviledged user-space. That's only possible if you find an exploitable flaw (like a buffer-overflow). Given the nature of open-source, back doors and exploitable flaws are very short-lived, because there are thousands of people who develop and test the code before they are declared stable. So virus writers only have a chance with installations that are old and haven't been "patched".
As for people not knowing how to "patch" the kernel, they don't really need to know, if a distro is well thought-out. The "patch" can be installed from an online-update service, and then all the user has to do is reboot. I am alien to this principle though, since I always compile my own kernel.
But I recognize that there are people that wil never want to switch to Linux, comfortable as they are to being treated as an ignorant idiot by the software moguls, who think users are best left not being able to think for themselves and having no business as to how to run and configure their own computers (Palladium, Trusted Computing, DRM, etc..).

You're under the mistaken assumption that joe and jane sixpack are going to keep their PC up to date. more than 50% of the people I know don't do that with Windows, and all they have to do (at most) is turn on auto D/L and install.

The reality is that most people don't know anything about their computer, other than how to turn it on, run the web browser, word and whatever other apps they use....and that's it.

I want to add that if you look at most, if not all, of the HUGE outages that have taken place happened, because people downloaded an attachment via email.

In short, it happened, because most users are clueless and naive (less so now than in the past, but there are still people that fall for the Nigerian scam).
June 30, 2006 12:46:08 AM

Quote:
If everyone moved to linux tomorrow, the virus writers would move to linux, and there'd be virii a plenty. Nevermind the fact that the masses would be clueless how to patch the OS....or even when to patch the OS.


That's a mistaken concept. If you properly secure a linux distro, a virus would have a very hard time getting through. First, the virus writer has to find a way to insert his malicious code in the system from an unpriviledged user-space. That's only possible if you find an exploitable flaw (like a buffer-overflow). Given the nature of open-source, back doors and exploitable flaws are very short-lived, because there are thousands of people who develop and test the code before they are declared stable. So virus writers only have a chance with installations that are old and haven't been "patched".
As for people not knowing how to "patch" the kernel, they don't really need to know, if a distro is well thought-out. The "patch" can be installed from an online-update service, and then all the user has to do is reboot. I am alien to this principle though, since I always compile my own kernel.
But I recognize that there are people that wil never want to switch to Linux, comfortable as they are to being treated as an ignorant idiot by the software moguls, who think users are best left not being able to think for themselves and having no business as to how to run and configure their own computers (Palladium, Trusted Computing, DRM, etc..).

You're under the mistaken assumption that joe and jane sixpack are going to keep their PC up to date. more than 50% of the people I know don't do that with Windows, and all they have to do (at most) is turn on auto D/L and install.

The reality is that most people don't know anything about their computer, other than how to turn it on, run the web browser, word and whatever other apps they use....and that's it.

Word.
June 30, 2006 12:51:16 AM

Quote:

The malicious software attacks the same way as well, they attach themselves to API hooks, insert themselves into code loops, hide in buffers, or mask themselves under different memory addresses, to name a few ways they get in.

Again, the attack is only possible if the installation is not configured properly, or the user who infects the system is working as root. From an unpriviledged user account, an infection is only possible if a flaw is known and present in the system. Otherwise it's a no-go.


Last time I checked, most of the attacks on windows were accomplished with the help of the user. By that, I mean they install software with a virus (probably a trojan, but why let that get in the way).

What's more, if every windows user ran from a user account, instead of one with administrator (root in the linux world) access most still wouldn't work.

So if we're going to compare, let's make sure that your linux user is running as root, because while I run my windows account as a user 99.99% of the time, most do not.
June 30, 2006 12:56:58 AM

Quote:
You're under the mistaken assumption that joe and jane sixpack are going to keep their PC up to date. more than 50% of the people I know don't do that with Windows, and all they have to do (at most) is turn on auto D/L and install.

The reality is that most people don't know anything about their computer, other than how to turn it on, run the web browser, word and whatever other apps they use....and that's it.


No, I'm not mistaken about Joe and Jane:

Quote:
But I recognize that there are people that wil never want to switch to Linux, comfortable as they are...


I know very well Linux in it's current state isn't for anyone. Only those who want to actually do some thinking should apply. However, Linux and open source software are always under development, there is no end to this cycle. It's usability someday will catch up to Joe and Jane.
June 30, 2006 12:58:39 AM

Quote:
It's usability someday will catch up to Joe and Jane.


It'll be too late by then.
June 30, 2006 12:59:48 AM

Quote:
The link doesn't work.


He has a comma INSIDE the parentheses.
June 30, 2006 1:00:56 AM

Quote:
The link doesn't work.


He has a comma INSIDE the parentheses.

Why read someones link when they aren't sharp enough to use THG URL generating link.
June 30, 2006 1:07:59 AM

@the cute wittle kitty kat

Quote:
The problem is that hackers ARE the most gifted programmers on the planet and maybe working at MAJOR SW firms right now.


And?



WHat?

If the person who is attacking your system went to the same schoolas you and is intentionally trying to be malicious, he can setup a private network at home and practice, practice, practice.

If we're talking about a person who is "intimately" familiar with the inner workings of the compiler and kernel, he or she can make the kernel dance.
I personally don't think it's worth it, but some people do.
June 30, 2006 1:10:26 AM

Quote:
@the cute wittle kitty kat

The problem is that hackers ARE the most gifted programmers on the planet and maybe working at MAJOR SW firms right now.


And?



WHat?

If the person who is attacking your system went to the same schoolas you and is intentionally trying to be malicious, he can setup a private network at home and practice, practice, practice.

If we're talking about a person who is "intimately" familiar with the inner workings of the compiler and kernel, he or she can make the kernel dance.
I personally don't think it's worth it, but some people do.

Moo.
I Don't Want To Argue Dude I'm Starting To Get Frazzled!
June 30, 2006 1:10:55 AM

Quote:
Last time I checked, most of the attacks on windows were accomplished with the help of the user. By that, I mean they install software with a virus (probably a trojan, but why let that get in the way).

What's more, if every windows user ran from a user account, instead of one with administrator (root in the linux world) access most still wouldn't work.

So if we're going to compare, let's make sure that your linux user is running as root, because while I run my windows account as a user 99.99% of the time, most do not.


Sorry, but I don't see the point of comparing to root, since as root the system is wide open for the administrator to configure the system. I never run under root, except if I'm configuring the system. That's the whole point of having the user priviledge model; to implement security.
Most of the producitvity software in Linux that are only available as binary can be installed under a user account. A secure installation would do that in a sandbox user account, under a chroot jail, so the software will not be able to change the production filesystem. That way the software can remain under test for some time before being accepted.
June 30, 2006 1:16:15 AM

Quote:
Why read someones link when they aren't sharp enough to use THG URL generating link.


Personal attacks akready? No need to be rude here, dude. This is a technical discussion right?

For those who tried to open the link, I apologize. But if you're sharp enough, you can always correct the URL without much effort. Here is the correct link:

BlackHat Conference
June 30, 2006 1:20:17 AM

Quote:
Why read someones link when they aren't sharp enough to use THG URL generating link.


Personal attacks akready? No need to be rude here, dude. This is a technical discussion right?

I apologize in another thread I was confronted with a fellow that tried to make a joke about my parents rolling over in their graves, happens to be my parents are dead so it hit a nerve, I'm gonna take a break from the forum for a bit I'm a bit aggitated.

Again I apologize I have no right to attack your intelligence based on a error in provideing a link.
June 30, 2006 1:22:32 AM

I feel your pain. My parents have also passed away. Apologies accepted.
June 30, 2006 1:24:12 AM

capable of creating malware that remains "100 percent undetectable"..........thats a bold statement!!!!

As for as technology goes.....there's nothing thats 100%, its simple as that!!

Someone should ask Joanna Rutkowska to place a bet on it that if anyone ever cracks it (finds a way to detect it in Windows or whatever OS she said it wouldnt detect), her firm will pay one million dollars USD as prize money!!!

I bet she'll avoid the question!!!!

It's all been done before.......think of how many of these malware, worms, etc...........have surfaced in the past, its just a program and there is no such thing as a full proof program!!!

Any programmers would know!!

If it is 100% like she said it is, does this mean her firm will not develop something new ever......afterall they have the ULTIMATE malware!!!!

Everyone in her firm should just sit back and cash in!!!!!
June 30, 2006 1:29:24 AM

Quote:
Why read someones link when they aren't sharp enough to use THG URL generating link.


Personal attacks akready? No need to be rude here, dude. This is a technical discussion right?

For those who tried to open the link, I apologize. But if you're sharp enough, you can always correct the URL without much effort. Here is the correct link:

BlackHat Conference


I see you noticed the COMMA. :wink:
June 30, 2006 1:41:05 AM

Quote:
capable of creating malware that remains "100 percent undetectable"..........thats a bold statement!!!!

As for as technology goes.....there's nothing thats 100%, its simple as that!!

Someone should ask Joanna Rutkowska to place a bet on it that if anyone ever cracks it (finds a way to detect it in Windows or whatever OS she said it wouldnt detect), her firm will pay one million dollars USD as prize money!!!

I bet she'll avoid the question!!!!

It's all been done before.......think of how many of these malware, worms, etc...........have surfaced in the past, its just a program and there is no such thing as a full proof program!!!

Any programmers would know!!

If it is 100% like she said it is, does this mean her firm will not develop something new ever......afterall they have the ULTIMATE malware!!!!

Everyone in her firm should just sit back and cash in!!!!!



The only issue with this would be the size of available RAM. IF we're talking about a machine that has 1-2GB RAM, then the visor may cuase a lockup since memory locations would have to be generated for the VT register base. In order for the kernel to load this it would have to allocate RAM. For a server that is just booting it may be possible to insert this, and for a user's system in a network they would have to have either accessible privileges or sensitive info locally... with Windows.

I would be interested as to the payload size. Of course the delivery method is as simple as "I love You, Melissa, cuase this is a red alert and I'm the nimda - oops, dyslexic slip - admin."

That's the true difference in Windows and Linux. linux relies less on wizards and more on "behind the scenes" denial. MS is moving "in the right direction" with UAC in Vista but so many WIndows computers are operated by people who don't understand even the mention of "rootkit" or "firewall" that it's a free for all.
June 30, 2006 1:55:42 AM

Quote:
I see you noticed the COMMA. Wink


:)  man this is not my day is it? Now it is fixed. Thanks. :) 
June 30, 2006 2:04:55 AM

Quote:
f it is 100% like she said it is, does this mean her firm will not develop something new ever......afterall they have the ULTIMATE malware!!!!

Everyone in her firm should just sit back and cash in!!!!!


I know a certain firm in Moscow that would be extremely interested in this...

Starforce anyone?
!