im a noob, what about winxp? can we hack it easily?

That's not really good news, but at this point an intruder may as well just take the HDD and go...

Considering (as was stated) that the hacker has to be present to make it work, I have no worries. Its remotely taking control that worries people, but if the hacker can physically plug in a flash drive or external drive to load his code before loading the OS, then we're all right.

Seriously, it doesn't matter what security you have on your computer (or on a safe, for that matter). If the person looking to steal from you has in his/her possession the computer, he can get the data he wants anyway. I'd even suggest an easier method: take the hard drive out of the computer you want to hack and manually pull the data. There will be a password on it, but there are free password removal programs for that, even ones that run in portable executible mode.

That wont happen if everybody uses Linux as main OS beacause the security features of...

*Gets shot in the head*

hmm i was thinkin about gettin win7 LOL i hope they fix it by release!!!

If they are taking over the VM hypervisor (or whatever you want to call it), it seems like this type of exploit is really applicable to any OS. It is a kind of "man in the middle" attach. If the OS accesses a resource, whether it is to talk to a disk controller, or make a packet request over the network hardware, and some agent can, at the lowest level, subvert the request and concoct a false response, there isn't a lot the OS can do.

ppl that believe this hack is not as big as it is forget the frequency and prevalence of infected USB flash drives being passed around. this issue is not as benign as some would believe.

WinXP can be hacked within one minute (for a login password lower than 8 char.). Win Vista is more safe, but technically can be hacked in 15 minutes, and requires a secondary pc with lots of RAM.

There's a reason MS discontinued support for Win 3.1 or 3.11 only recently.
Reason being for the longest time the military used win 3.x just because it's way more safe, and smaller. Sure you can't see flashfiles or play modern games on those old operating systems, but nearly nothing went automatic.
The reason why Windows is so hackable, is because there are so many programs running everywhere in the background. And the more that are running, the slower the OS, the less secure the OS gets.
I think a lot of IT professionals would want an OS that is less commercial, less nice looking, and much safer, by just not having these automatic soft or hardware recognition commands.
In WinXP I had to disable nearly half of the system services, to get it working fast. Most of them I don't need anyways!

I don't understand how this hack only applies to Windows 7... It seems like you could easily hack any OS if you had physical access to it and the right code.

please. If someone physically has access to your computer, they can fairly easily gain access to it regardless. This way may be faster, but im really not worried about it

Nice idea! Now the Russians and the Chinese will find how to do it remotely in the next 168 hours.
Good luck!

As long as they can't hack my brain then I'm good. Just don't waterboard me.

I'm sure any os with enough time can be hacked if you are on the actual computer instead of remotely, i think you have more problems to do with home security if you should be worried about someone taking your computer.

The first layer of any multi-layered network security system is always physical. If the bad guy is actualy sitting at the PC then as SuckRaven said, he's just going to take the HDD and go. Honestly - if you have physical accesss to the PC there are a thousand easier ways to compromise sceucrity than one like this, which can quite easily be thwarted by setting up the BIOS to not boot from USB/Floppy and setting a BIOS password.
Having said that, the way they did it was pretty cool.

It's people like you that make us look bad...

Give him a break. He was trying to make a joke (i hope)

Any OS can be hacked with someone sitting the keyboard. You can make it a bit more difficult by locking the BIOS and the case, but no computer is completely secure. Mentioning Windows 7 as the target was just a ploy for attention.

OK, they hacked a BETA OS. Isn't that the whole point of having a beta; to find out these things so you can fix them before you release the software?
Also, saying the problem can't be fixed is just as naive as saying it couldn't be hacked in the first place.

Just seems to me like they are stating the obvious. If you go low level enough you can hack anything you want and there isn't much you can do. Anyone else remember that new hddvd/br encryption? Easiest way to hack it was just to look at the stuff in memory.

Considering the MBR seems to be the first thing to be hacked, and not Windows 7 itself, I think the title is just there to sensationalize.

Simple fix : Some BIOS have MBR protection. Simply turn that stuff on by default, make it a default feature on all board if it isint already and make it password protected. vbootkit won't work.

Just make the MBR read only and password protect it.

BIG GLEAMING GLARING caveat that the hacker has to be at the computer to initially start the attack. 99% of all hacks are remote, http, or software/email download. Come on now! If someone already has possession of your computer right in front of them, what's the point of doing any hack? A hammer and a couple of kicks to the computer is plenty enough.

It's too much Spy vs. Spy that someone is sneaking up to your computer (physically) and putting crap on it. AND if someone does, you pretty much know a handful of people who have been around or used your computer.

This is like saying you stole a car because someone left the door open and the keys in the ignition. Where's the skillz here?

Yeah and the people who let others plug a USB flash drive in their computer are morons. PLUS you would know who put the USB flash drive in your computer. I assume that if you let someone insert anything into your computer, you know them.

Let's not get into the Spy vs Spy crap where some stranger sneaks onto your computer when you are away... there's bigger consequences than that ie. They just steal your computer.

That wouldn't fix it, you can get around a bios password by simply clearing the CMOS (as far as i know, i could be a bit dated on this point), and then you can changing it to boot from whatever you want. However, you can still encrypt your hard drive, which would make getting into it much more challenging

the above hack is not specific to windows, the same idea can be used to hack any os, including linux and osx... basically if you can control the machine before the os boots and security is in place you can do what you want, if you can control the hardware, the bios, ect you control what happens... you can hack an os by booting off a cd, dvd, thumb drive, usb drive, another drive or just taking out the disk drive and connecting to a computer you control, then changing the oses files so that you gain control and then booting the hacked os. you can even do this on an encrypted drive, just have to break the encryption first, see google. and you can hack a motherboards bios.

This why I still use Windows Me. Nothing like this ever happened with Windows ME!

I really dislike news like this. This is the kind of thing that makes people panic. Case and point:

It's really making a mountain out of a mole hill, as numerous people have stated any system is vulnerable when there is physical access. The trick they use is neato and all but it's really quite arbitrary considering the slew of other work arounds someone can use when they have physical access.

I still have a computer with windows 95 on it it owns u all!!!!!!11one

^ You are ignorant in so many ways. Please read the stuff before you post a reply. This stuff is at hardware level, it is in essence a hardware hack, Windows ME is a terrible OS, worse then any other windows product past, present, and future. Unstable, plenty of holes in security, the list goes on. This hack can effect any form of OS/Software that requires you to load something in the memory.

the fix is, reboot your computer every now and then.

As jsloan just mentioned, there are two things to note about this. First, They were running Windows 7 on a virtual machine. Meaning that they could be running files prior to the initial loader. If you are running Windows 7 on the hardware this is impossible.
Second, this is not just a Windows 7 problem. By rewriting the right segment of code even Linux/Unix machines will become incapable of realizing the hack.
But again this is impossible if you are running Linux/Unix directly on the hardware as well. I must assume that the editors at Tom's are smart enough to know this and are just printing this trash to generate conversation. But, still, shame on you Tom's what is the point of such fear mongering.
If we have learned something here today it is that you should not allow someone to boot from a portable drive on your machine and then load your OS into their VM.

As long as mircosoft makes windows there will be people that hate it and want to hack it.
And the same goes for ALL companies that make an OS and get too big. Apple has been picking up steam ever since the ipod came out, now they are being hacked and have more viruses than ever. It's not always good to be the big guy.

This can easily be fixed in 2 ways.

Method #1: Use the BIOS reset jumper.

Method #2: In absence of such a jumper, remove battery and power cable for 30 seconds.

Voilà.

As for the rest, I tend to agree that any OS can be hacked given time and a mean of access. Want to make your computer 100% secure? Unplug the internet, keyboard and mouse!