Windows 7 Can Be Hacked, No Fix?

[Necorum]

Earlier today at the Hack In The box Security Conference, security researchers showed how easy it is to hack into Windows 7. Ouch.

ZoomThe question to ask first is this: can't every piece of software be hacked in some fashion? Quite frankly, yes. However, Microsoft (unfortunately) deals with hackers on a daily basis, patching security holes in the Windows operating system, Internet Explorer, and various programs in the Office suite. In some ways, hackers bring job stability to those who specialize in thwarting security intrusions, those who fill holes where perpetrators like to sneak in. But what if the problem can't be fixed? What if the window is wide open and there's not one thing Microsoft or any other company can do to shut it closed?



Windows 7 Can Be Hacked, No Fix - Tom's Hardware

[Gizmo]

Err.......the attack pretty much requires the perpetrator to be sitting at the console. If the Bad Guy has physical access to the machine, that machine has been pwned, end of subject.

There are an entire class of attacks based around the principle of compromising the hardware in one way or another. For example, maybe I want to steal somebody's password, but it is stored on the disk using an encryption that is, for all practical purposes, unbreakable. However, that password has to be loaded into RAM and decrypted before it can be used. If I can snoop the bus, then I can access the memory containing the decrypted password, without the OS even being aware.

Only catch is, I have to have physical access to the machine.

What I'm getting at is, at some point the OS has to be able to trust the hardware it is running on. If it can't, there's no amount of software-based security that will work, and that statement is true for ANY OS, not just Windows.

Supposedly, TPM (Trusted Platform Module) will alleviate these issues by allowing for the storing of cryptographic keys in hardware as well as performing encryption and decryption of data in secure format in hardware. However, even this mechanism has been proven to be vulnerable to certain types of attacks (I believe they are referred to as 'cold boot' attacks).

Bottom line: if the bad guys have access to the system, they WILL break it in a way that is undetectable from within the system. I have yet to see a commercial hardware encryption system implemented that wasn't cracked by determined people. Heck, I used to routinely crack the DirectTV and Dish Network security cards and write my own software to keep the receiver from knowing they had been broken.

[Aedan]

As Gizmo points out, the general assumption is that if someone can get physical access to your machine, it's game over, however you slice and dice it. (Although I can think of a number of ways that would make this particular attack a lot more difficult to perform - for instance, set your BIOS not to boot from anything but the hard disk, and then password protect the BIOS.)

It's also NOT a Windows issue. It affects any OS that is booted via the BIOS. The way to fix this is to fix where the problem is, and that is the BIOS itself. The boot mechanism used by the BIOS hasn't changed much since 1980, and hence it'll boot whatever code is in front of it.

However, this particular attack targets machines that use the old BIOS boot mechanism. It won't affect machines that use an EFI BIOS - they ignore the boot sector code.

[PorPorMe]

Two observations and one of them is personal. I'll leave it till the last.

When I was in the hospital, I watched 3hrs [I wish it would have been every minute of his seminars] of Bill Gates doeing sminars at The University of Washington. Filmed and loosly moderated by PBS, It was was a week-end in which Gates sat talked and answered students questions. The only stipulation was that the questions & discussions had to be, at least loosly, about that paticular siminar. After that-anything was fair game. PBS air'ed 3hrs. I sure wish I could have seen the whole thing. I wish you guys could have seen just the 3hrs!

You guys know about this stuff-I don't, but i can gleen some nuggets here and there. Gates was evasive about nothing. If he didn,'want to talk about a certion subject, he said so. He had a big smile when he said he wasn't going to discuss Vista

One thing he said that I could see some of the moves being made now. He said MS doesn't hav even a 1/3 of it's recourcess on the OS. of any kind.
Gates put it right out in the open, saying MS is makeing transition and it's rescources are going into the search engine. But nothing like we have eve seen before. Gates words were that none of us would recognise the internet,computer world we have today-or there will be no microsoft. I sure wish you guys could have seen it!

Personal note:
When I was just getting used to Googles Chrome-and liking it, out pops the big security leak [that makes me qurious] and I dropped Chrome jus as soon as I could un-install it!
But Windows 7 has a hole big enought to drive in with your drunken buddies.
And I'll keep right on workig with it.

[dsio]

Guess the thing is its all relative. Think it was Theo De Raadt that said all core2 processors should be avoided due to their security flaws.

I like living dangerously.

[MUff1N]

Actually the bottom line is this...
Do you have any information (or anything else) worth stealing off your computer?

For me the answer is NO, I have NOTHING...
No credit card numbers, Bank account info, nothing...

So even "IF" I do get hacked they will walk away with nothing...

[Aedan]

That assumes that whoever attacks your machine is simply after information. If they're after the resources your machine provides, so that your machine appears to be the source of an attack (for example), then it's a different thing entirely. Imagine a forensic analysis that shows there's no malware on a machine that sourced an attack, and therefore it must have been the operator of the machine...

[MUff1N]

Quote:

Originally Posted by Áedán

That assumes that whoever attacks your machine is simply after information. If they're after the resources your machine provides, so that your machine appears to be the source of an attack (for example), then it's a different thing entirely. Imagine a forensic analysis that shows there's no malware on a machine that sourced an attack, and therefore it must have been the operator of the machine...

Very good point! I didn't really think about that line of approach, but I am now!!!
Either way, it's always good to keep the bad guys out if possible with whatever preventative measures can be taken if available.

[ccperf721p]

Not very likely this attack would be used on a computer in someone's house. It would be like robbing 50 random people when you could just as easily rob one bank for the same amount of cash with less risk.

If information is what they are after, they would concentrate on going somewhere that has a lot of it on hand. The good or bad part of it, nobody knows the system was compromised..

[Aedan]

I agree that it's not a grand attack against home users, although I'm sure that in certain hands it could be effective when targeted against a specific individual.

It's also a problem that can be part mitigated by setting your computer to only boot from the hard disk, and not to boot from CD-rom, USB etc.

[Necorum]

I agree with you giz no system is safe if the person attacking it sitting right there. If im there your system isnt safe unless you take your drive with ya :P BIOS is easily worked around. A "perfect" setup would have a bios reset key so you cant use a jumper need akey of sorts, no watch battery more of a keyed locked down battery no exposed circuitry, well never going to happen meh im tired of thinking

Jst saw the article and didnt have time to throw my 2 cents with it.

[Gizmo]

Don't apologize for posting the article dude. It was definitely an item worth posting.