Microsoft still can't seem to get Security right...

vbraun

vbraun

Raytracing
Joined
Jul 7, 2003
Messages
3,530
Location
Arizona, USA
First Family of Windows Vista Viruses Unleashed

Microsoft's newest operating system in beta only a week, but already leaky.

Robert McMillan, IDG News Service
Thursday, August 04, 2005

An Austrian hacker has earned the dubious distinction of writing what are thought to be the first known viruses for Microsoft's Windows Vista operating system. Written in July, the viruses take advantage of a new command shell, code-named Monad, that is included in the Windows Vista beta code.

The viruses were published last month in a virus-writing tutorial written for an underground hacker group calling itself the Ready Ranger Liberation Front, and take advantage of security vulnerabilities in the new command shell. Unlike the traditional Windows graphical user interface, which relies heavily on the mouse for navigation, command shells allow users to employ powerful text-based commands, much as Windows' predecessor, DOS, did.

Who Done It

The viruses were written by a hacker calling himself "Second Part To Hell," and published on July 21, just days after Monad was publicly released by Microsoft, according to Mikko Hyppönen, chief research officer with Helsinki's F-Secure. Second Part To Hell is the pseudonym of an Austrian-based hacker who also goes by the name Mario, Hyppönen says.

Because of its sophistication, the new command shell offers new opportunities for hackers, Second Part To Hell wrote in the tutorial, a copy of which was obtained by the IDG News Service. "Monad will be like Linux's BASH (Bourne Again Shell)--that means a great number of commands and functions," he wrote. "We will be able to make as huge and complex scripts as we do in Linux."

F-Secure has named the virus family Danom (Monad in reverse). Having examined the code, Hyppönen says that the Danom family is disruptive, but not capable of causing significant damage to Windows users. "These are proof-of-concept viruses," he says, "where virus writers want to break new ground and write the first viruses for a new platform."

Most security experts had not expected to see a Windows Vista virus so soon, Hyppönen says. "The only surprise here is that it came so early," he says. "It's been eight days since the beta of the operating system was out." Monad was released several days prior to the Windows Vista beta.

Concerns Raised

Still, Danom's release does raise questions about whether Microsoft should enable the Monad shell by default in Windows Vista.

Because Monad's scripting capabilities will be used by only advanced users, Hyppönen believes Microsoft should not offer the software as part of the standard Windows Vista package when it becomes commercially available in the second half of 2006. This would make the software less prevalent, and therefore less attractive to virus writers, he says.

Microsoft "got burned" in including similar software, called Windows Script Host, by default in its Windows 2000 operating system, he says. "Since it was on the system, all the virus writers were exploiting it," he says.

Microsoft was unable to comment on this story at press time.
Click to expand...

Thats pathetic. :lol:
 
Of course, if they really got serious about splitting the Administrator account from user accounts, then this should be a minor annoyance. OTOH, if they decided that monad was only used by Administrators, so it automatically has admin privileges ... :rolleyes:
 
Padma said:
Of course, if they really got serious about splitting the Administrator account from user accounts, then this should be a minor annoyance. OTOH, if they decided that monad was only used by Administrators, so it automatically has admin privileges ... :rolleyes:
Click to expand...

exactly they just don't seem to get this. It's nearly impossible to decently run a windows platform without admin priviledges in Windows (at least if you want to do stuff like gameing, burning cd's, etc.). Linux had a powerfull command-shell from the beginning and it's pretty secure, since every user who isn't completely weary of life runs with restricted priviledges and not as root.
 
KaeptnOvi said:
exactly they just don't seem to get this. It's nearly impossible to decently run a windows platform without admin priviledges in Windows (at least if you want to do stuff like gameing, burning cd's, etc.). Linux had a powerfull command-shell from the beginning and it's pretty secure, since every user who isn't completely weary of life runs with restricted priviledges and not as root.
Click to expand...

From other articles I've seen on "Vista," M$ has addressed the general admin privilege problem. It would be painfully ironic if they left the scripting shell wide open to privilege escalation attacks, though.
 
IglooDude said:
From other articles I've seen on "Vista," M$ has addressed the general admin privilege problem. It would be painfully ironic if they left the scripting shell wide open to privilege escalation attacks, though.
Click to expand...
And that is my fear ...
 
On the /. article about that, someone posted about the security measures Microsoft is putting into Monad to avoid it being a problem. First, .msh files won't be associated with Monad by default (Hey, if they can't get it secure, they can at least break it by default...). Second, Monad will require a "digital signature" before running a script (Where have I heard this before... oh yeah, ActiveX). Third, Monad will act like bash regarding files in the current directory: you'll have to indicate that you want to run a file in the current directory before it will let you run it.
 
:lol:

Microsoft Cuts Windows Vista Feature

Experts had worried that the Monad scripting shell would be an attractive target for hackers.

Robert McMillan, IDG News Service
Monday, August 08, 2005

Just days after the first public reports of viruses being written for an upcoming feature of Microsoft's Windows operating system, Microsoft confirmed that it will not include the feature in the first generally available release of Microsoft Vista, expected in the second half of 2006.

The feature, called the Monad Shell, provides a way for users to access the operating system using text-based commands rather than the traditional Windows graphical user interface. In the past, Microsoft has said that Monad will be part of "Longhorn," the code name for both the next client and server versions of Windows.

In an interview last week, Microsoft Director of Product Management Eric Berg said Monad will not be included in the first commercial version of Windows Vista, expected in the second half of 2006. But the product is expected to be included in Windows over the next "three to five years," he said. "Our intention is to synchronize it with both client and server operating systems."

Cause for Concern

Security experts had worried that if Monad were to be included in a widely used client, it might become an attractive target for hackers, especially if the shell were to be enabled by default.

Whether it will be enabled by default is unclear. "There are multiple ways that we could introduce this technology to the client stream," Berg said.

The first Microsoft product to use Monad will be the next release of Microsoft's Exchange messaging server, code-named "Exchange 12," which is due in 2006, Berg said.

On the operating system side of things, Monad is then expected to be included in the Windows Server "Longhorn," expected in 2007, and then could be available in a future Windows Vista release, said Rob Helm, director of research with Directions on Microsoft.

"Presumably, as time goes on, all of Microsoft's products will have Monad scripting interfaces," he said.
Click to expand...

http://www.pcworld.com/news/article/0,aid,122145,00.asp

If we can't get it right lets not put it in at all!
 
I think it's more of a:
"It's not secure yet, lets wait until it is secure before we make this feature available"
I don't see why you laugh at this stuff, it's not funny :p

Hackers will always focus their attention on Microsoft products, so regardless of how (un)secure it is, Microsoft will always have the most security issues.
 
Thr problem, gainy, is that there is no reason why this shouldn't be secure. It *should* have been doable in a secure fashion 10 years ago (and more). We laugh, because MS has been in the vaporware business for years. Remember everything that was promised for "Longhorn" when it was first announced years ago? What is left? Virtually nothing. It is just an expensive patch for XP (which was just a patch for 2000, which was just a patch for NT...).
 
You must log in or register to reply here.

Similar threads

Naokaukodem
DirectX10/11 doesn't seem to work
Replies
7
Views
1K
Naokaukodem
Naokaukodem
R
How/Where to Install Visual Studio 2010 Isolated Shell?
Replies
3
Views
6K
Skiff49er
S
H
VP 4.22 + 34UC v88 Korean Mod & Modpack
Replies
0
Views
1K
HANDANI
H
Xefjord
Civ 7 and Ara: A Cross Comparison 100 hours in.
3 4 5
Replies
82
Views
6K
KayAU
KayAU
L
[Civ2] Running Civ2 MGE on a Linux Virtual Machine
Replies
9
Views
3K
Civilizator-2
C
Back
Top Bottom