Windows 7's Unfixable Glitch

From IGN.com
Researchers claim new operating system's boot up sequence is flawed and completely unfixable.
This week the world's leading cybersecurity professionals gathered in Dubai at the Hack In The Box Security Conference to discuss the state of the industry, identify new threats, share pro-tips, and play Dungeons and Dragons. Ok, probably not that last part, but you get the point; high-nerdery was clearly afoot at the Sheraton Dubai Creek. One of the more prominent topics of discussion was Microsoft's latest operating system, Windows 7. While a number of exploits and potential vulnerabilities of the system were discussed at the conference, one identified loophole in the system has security professionals troubled…and morbidly fascinated.

A team of researchers located an exploit within the new operating system that can allow hackers to take control of a user's machine during the startup process. The problem was identified by Vipin Kumar and Nitin Kumar, who created a program called VBootKit 2.0 that exploits the weakness and allows a hacker to bypass the machine's hard drive entirely, making it nearly impossible to detect. Once hackers can implement the software, they can then change access permissions, passwords, and gain access to a user's sensitive information. What's worse, a program like the one created by Vipin and Nitin Kumar can be as small as 3KBs, and thus can be spread rapidly. Naturally, problems like these are common during the pre-release beta stages, but Vipin and Nitin Kumar claim that this vulnerability is unique and completely unfixable.

"There's no fix for this. It cannot be fixed," said Vipin during his presentation in Dubai. "It's a design problem."

Microsoft has yet to comment on the exploit or formally acknowledge its existence, however, if Vipin and Nitin's claims are true, it could mean serious trouble for the forthcoming operating system's sales.

http://gear.ign.com/articles/976/976242p1.html

So.... if that's tur, be carefull storing things on it...

The program as/is does, but any rootkit could install such a patch, as it operates as a local use.

Yes, it's beta but vista once got tons of problems after beta... nothing's perfect

This also exposes a potential Linux security exploit too. Give someone your root password and let them sit down for a while at your PC and you're screwed. We should all be afraid, very afraid.

The exploit requires physical access to your computer. As long as you don't let random strangers sit down at your PC and hack, I'd very sure you have nothing to worry about.

LOL

I'll stay on vista for a while untill things from microsoft be cool, even I had changed my mind for downloading the beta that will be available soon.

"Wake On Network" provides a means to awaken a computer running in Sleep mode. It is not a clean boot, and therefore no - it is not possible to implement a bootkit in this manner.

All your data is belong to us... If you let us sit uninterupted at your machine for a few hours.. regardless of OS or security...

Why does every little thing have to be an issue these days? You know what, the network at my work probalby isnt very secure to a skilled hacker at all, and never will be.. But all the dudes with guns walking around sure are! Anyone who is actually worried about people breaking in to hack has security in the form of large fellows with pistols... anyone else probably doesnt have more than 2 or 3 people ever touch their computer anyway...

I agree... this could be done with almost any OS... it's not specific to Windows 7.