gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76793 Posts in 13502 Topics by 1651 Members - Latest Member: Arnold99 November 16, 2024, 03:58:48 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Vista Security Dealt A Death-Blow
gfx
gfxgfx
 

Author Topic: Vista Security Dealt A Death-Blow  (Read 790 times)

0 Members and 1 Guest are viewing this topic.

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Vista Security Dealt A Death-Blow
« on: April 08, 2007, 11:28:58 am »
It was just a matter of time it seems until bills much vaunted secure operating system was turned on itself.

http://www.alex-ionescu.com/?p=34

Quote
All applications such as virus scanners, malware protectors, and any other kind of application that hooks all system processes, injects threads into them or even discretely reads their memory doesn’t work on Vista when it hits a protected process.
To help offset this dillema, protected processes can only be loaded if they are signed, and with a special license which comes with heavy restrictions on what the process can do, how it can behave, and so on. Because of this, only true media applications will ever be protected, and legitimate applications which were used to scanning address spaces will simply skip the process, inherently assuming that the DeCSS descrambler in Windows Media Player isn’t trying to hack their MMORPG.

Unforunately, it is trivial to make a process protected or unprotected by bypassing all the Code Integrity checks and sandbox in which protected processes are supposed to run. I wrote a small application which I called D-Pin Purr which does exactly this. I tried it on the only two protected processes I know on Vista (audiodg.exe and mfpmp.exe). While ProcessXP usually shows only limited information for them, after using my tool, I could see all the information. WinDBG attached to it fine:

The interesting thing is that I can make any application of my choosing protected, and thus undebuggable, uninjectable and with its address space secure. I’ll add dpinpurr to the download area soon, and provide a link.

While I don’t want to condone writing more powerul malware or MMORPG hacking tools (or whatever else can benefit from being protected), I think it’s time to signal a wakeup call to all the developers who were counting on simply ignoring protected processes and assuming they’re legitimate media applications.


No doubt we shall see this abused to create viruses that sign themselves as secure and verified, and therefore under Vista security system, unremovable, this really is a disaster if it becomes reality, and I,m sure someone will be working on it as I type  :(

Offline SamSeeSam

  • Forum Member
  • The Sky will never Fall on our heads
Re: Vista Security Dealt A Death-Blow
« Reply #1 on: April 08, 2007, 01:03:18 pm »
Wonderful :lol:

New and better os, and even better viruses.
And I've heard more than many people say," It's the best os conceived in terms of security"

Cheers :P
Reconnect to winmx with the blocking patch :)
Patch link :
 https://patch.winmxconex.com/

Spread the word now :)

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Vista Security Dealt A Death-Blow
 

gfxgfx
gfx
©2005-2024 WinMXWorld.com. All Rights Reserved.
SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.008 seconds with 22 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!