theregister.co.uk — Microsoft has modified Windows Vista to prevent a high-profile exploit demonstrated at security conferences this summer but the fix creates as many problems as it solves, according to the security researcher who identified the original problem.
Oct 24, 2006 View in Crawl 4
Closed AccountOct 25, 2006
It should be renamed to Windows Vis-GenuineAdvantage-ta. Designed from the start to combat piracy with no advantage for customers at all. Or lesser known can of worms.
grimdotdotdotOct 25, 2006
"It is a bad thing because the ever-so-reliable Register says so."No it doesn't - the Register has been quite careful to make it clear that it is reporting something that someone else said, not what el Reg thinks.
archlichOct 25, 2006
@ GMorgan so true... the porn industry had a huge market share in vhsporn made the internet popularWhere are all the naked chicks using linux?
Closed AccountOct 25, 2006
If you read some of the replies, you will start to see Joanna argument start to unravel.Especially karen, whom seems to be schooling Joanna in how write access works.I guess she was nothing more than an alarmist after all.
goat2Oct 25, 2006
there isnt.
hchaudh1Oct 25, 2006
@astroI think you are over-simplifying things too much here. Practically speaking, its just bad coding practice. Software should be modular. Just the same way when something in Linux or OSX crashes or even Firefox, it does not hose the system.Everything, the kernel or just a toString method should have a well defined contract or interface. It is up to the API provider, in this case MS to provide this interface. If an application, and I mean any application satisfies this contract, awesome, let it run. I don't think it should be upto MS's discretion to decide which apps run and which do not.
nerdofpreyOct 25, 2006
@archlichNot Safe For Work (don't look at me like that, blame StumbleUpon):<a class="user" href="http://www.linuxsluts.com/">http://www.linuxsluts.com/</a>
bkipOct 26, 2006
She provides a perfect example - go back and check out the following paragraph from Joanna's blog: (<a class="user" href="http://theinvisiblethings.blogspot.com/2006/10/vista-rc2-vs-pagefile-attack-and-some.html):">http://theinvisiblethings.blogspot.com/2006/10/vista-rc2-vs-pagefile-attack-and-some.html):</a>"Now, with the blocked write access to raw disk sectors from usermode, the company would have to provide their own custom, but 100% legal, kernel driver for allowing their, again 100% legal, application (disk editor), to access those disk sectors, right? Of course, the disk editor's auxiliary driver would have to be signed – after all it’s a legal driver, designed for legal purposes and ideally having neither implementation nor design bugs! *****BOLD BOLD BOLD***** But, on the other hand, there is nothing which could stop an attacker from “borrowing” such a signed driver and using it to perform the pagefile attack. The point here is, again, there is no bug in the driver, so there is no reason for revoking a signature of the driver. Even if we discovered that such driver is actually used by some people to conduct the attack!" *****END BOLD BOLD BOLD******
t3st3rOct 29, 2006
Of course, guillotine is the most effective way to eliminate headache.Forever.That's how MS does "fixed" it.Do not need such system where I'm administrator and still can't get raw disk access without MS's approval, thanks.Additionaly, this can be abused by MS to stop competitors.Do not want competitor's software to run?Huh, just refuse to sign it's driver!Actually, refusing to allow Administrator to access kernel and disk is not seems to be about YOUR security but rather about security of MS's f...ng DRM...Will not use Vista, sorry so I will be able to access my HDDs without stupid MS's permission to do it, sorry :D.That's why I shifted to Linux.Better choice for those who needs to be fully-featured admin :)