Linked by Thom Holwerda on Sun 6th Jan 2013 23:00 UTC
Windows "It's taken longer than expected but it has finally happened: unsigned desktop applications run on Windows RT. Ironically, a vulnerability in the Windows kernel that has existed for some time and got ported to ARM just like the rest of Windows made this possible. MSFT's artificial incompatibility does not work because Windows RT is not in any way reduced in functionality. It's a clean port, and a good one. But deep in the kernel, in a hashed and signed data section protected by UEFI's Secure Boot, lies a byte that represents the minimum signing level." Good stuff. Very good stuff.
Order by: Score:
Seems like a lot of work
by BluenoseJake on Sun 6th Jan 2013 23:38 UTC
BluenoseJake
Member since:
2005-08-11

To get around this limitation. There are no apps, other than .Net apps, that will run on Windows RT. So I am not sure I see the point, other than to prove it can be done, which in thinking about, may be reason enough.

Reply Score: 3

RE: Seems like a lot of work
by Lorin on Sun 6th Jan 2013 23:53 UTC in reply to "Seems like a lot of work"
Lorin Member since:
2010-04-06

There are people out there who do it because it's fun

Reply Score: 4

RE: Seems like a lot of work
by Nelson on Mon 7th Jan 2013 00:04 UTC in reply to "Seems like a lot of work"
Nelson Member since:
2005-11-29

Windows Store apps can be in .NET, C++, or JS.

Reply Score: 3

RE[2]: Seems like a lot of work
by BluenoseJake on Mon 7th Jan 2013 09:43 UTC in reply to "RE: Seems like a lot of work"
BluenoseJake Member since:
2005-08-11

This affects desktop apps, not store apps. Because desktop apps are Win32 apps, they aren't compiled to run on ARM.

Reply Score: 2

RE[3]: Seems like a lot of work
by chithanh on Mon 7th Jan 2013 10:55 UTC in reply to "RE[2]: Seems like a lot of work"
chithanh Member since:
2006-06-18

Because desktop apps are Win32 apps, they aren't compiled to run on ARM.
But they can be compiled to run on ARM, and with the exploit now they will run.

This is of course not interesting for commercial software vendors, but people who want to build Win32 desktop apps for the Surface RT now have the ability to.

Reply Score: 3

BluenoseJake Member since:
2005-08-11

It's probably a bad business plan to base your app on a vulnerability in the base OS, but hey, that's just my way of thinking.

Reply Score: 2

RE[5]: Seems like a lot of work
by Morgan on Mon 7th Jan 2013 13:24 UTC in reply to "RE[4]: Seems like a lot of work"
Morgan Member since:
2005-06-29

Lots of Android vendors do it, and their "root only" apps are even in the official Google Play store. Why shouldn't Windows RT users have the same kind of fun?

Reply Score: 3

BluenoseJake Member since:
2005-08-11

Because MS might close the vulnerability, it's 50/50 with them, Google doesn't care, they don't do the locking themselves, carriers do.

Reply Score: 2

RE[5]: Seems like a lot of work
by Nelson on Mon 7th Jan 2013 15:26 UTC in reply to "RE[4]: Seems like a lot of work"
Nelson Member since:
2005-11-29

It's probably a bad business plan to base your app on a vulnerability in the base OS, but hey, that's just my way of thinking.


That's just reality. The Windows Runtime is the future of Windows, and Windows RT is the direction that Microsoft is headed in. I don't believe the transition will be complete until WinRT completely replaces Win32, but it will eventually happen.

This blog post is insightful and sheds a lot of light on their strategy: http://hal2020.com/2013/01/02/there-is-no-arm-in-windows-rt/

Reply Score: 2

BluenoseJake Member since:
2005-08-11

WinRT and This hack have nothing do with each other. This is a hack to allow unfettered access to the desktop, It doesn't have anything to do with the app store, WinRT or Metro.

Reply Score: 2

RE[7]: Seems like a lot of work
by Nelson on Mon 7th Jan 2013 17:59 UTC in reply to "RE[6]: Seems like a lot of work"
Nelson Member since:
2005-11-29

Its a reality to expect to have to take such measures because Win32 moving forward is of limited strategic importance to Microsoft, as such, it is unlikely that they relent on their position.

So if a company *really* wants to run their full fledged Desktop app on Windows RT, this is the only avenue they have.


Not that its a good solution. Its much better to just sideload a Windows Store app without restrictions (as I've mentioned in one of my comments below) because you get integration with the new lifetime process manager for free.

Reply Score: 2

ze_jerkface Member since:
2012-06-22

I don't believe the transition will be complete until WinRT completely replaces Win32, but it will eventually happen.


Win32 will never be replaced. It will be here as long as computers exist.

There are millions of lines of Win32 that no one even understands. The people who wrote them are all dead or retired. Do you want to go step through black box code that helps a machine process ore? Of course not which is why Win32 isn't going anywhere. Even if Microsoft went tits up Win32 be duped and supported. Win32 is needed more by society than Microsoft.

Reply Score: 3

RE[7]: Seems like a lot of work
by Nelson on Tue 8th Jan 2013 06:27 UTC in reply to "RE[6]: Seems like a lot of work"
Nelson Member since:
2005-11-29


Win32 will never be replaced. It will be here as long as computers exist.

There are millions of lines of Win32 that no one even understands. The people who wrote them are all dead or retired. Do you want to go step through black box code that helps a machine process ore? Of course not which is why Win32 isn't going anywhere. Even if Microsoft went tits up Win32 be duped and supported. Win32 is needed more by society than Microsoft.


Sorry, but judging from your last comment, I refuse to even acknowledge you have a shred of insight on anything pertaining to this topic.

Legacy will likely remain in Windows 8, but Windows RT is unmistakably Microsoft's OS moving forward.

Sure, many, many years down the line there will be an incarnation of Windows that ships with Win32, but it won't be consumer facing.

Microsoft is positioning the Windows Runtime as the replacement for Win32, and by forcing Windows Store apps to only use the Windows Runtime, it is guiding developers through that transition gradually.

You not being able to see the tea leaves doesn't really matter.

Reply Score: 3

RE[4]: Seems like a lot of work
by Alfman on Tue 8th Jan 2013 05:48 UTC in reply to "RE[3]: Seems like a lot of work"
Alfman Member since:
2011-01-28

chithanh,

"This is of course not interesting for commercial software vendors, but people who want to build Win32 desktop apps for the Surface RT now have the ability to."

It is a nice, yet temporary exploit for end users. Now that this is out of the bag, the byte is not likely to exit in future updates (which may or may not be mandatory for current users who don't want to loose functionality like the whole PS3 debacle).

Edited 2013-01-08 05:51 UTC

Reply Score: 2

RE[3]: Seems like a lot of work
by Nelson on Mon 7th Jan 2013 15:23 UTC in reply to "RE[2]: Seems like a lot of work"
Nelson Member since:
2005-11-29

Unsigned Windows Store apps have always been able to run (using the aforementioned Remote Debugger) which also allows you to use the full .NET/Win32 API in your apps for pure sideloading.

This facet of the Windows App sandbox is enforced only at Submission time by running the Windows App Certification Kit.

Its always been the case. And has therefore always been possible to run unsigned code for your own purposes on your own device (As I've been tirelessly saying for months, but which people conveniently ignore in their criticisms).

I just tested it and fired up an C++ app which uses a Win32 API (that also fails the App Certification static analyzer) and can be successfully deployed to my Surface RT.

Reply Score: 3

RE[2]: Seems like a lot of work
by ze_jerkface on Tue 8th Jan 2013 06:06 UTC in reply to "RE: Seems like a lot of work"
ze_jerkface Member since:
2012-06-22

Windows Store apps can be in .NET, C++, or JS.


Please stop spreading this myth.

.NET and C# are not the same thing.

Microsoft is not allowing .NET applications in Windows RT. C# is a supported language but without .NET that means existing applications have to be re-written in WinRT.

It's total bullshit really and an insult to .NET developers. Everything is expected to be re-written except Microsoft's software that gets access to the secret .NET/Win32 stash.

Reply Score: 1

RE[3]: Seems like a lot of work
by Nelson on Tue 8th Jan 2013 06:24 UTC in reply to "RE[2]: Seems like a lot of work"
Nelson Member since:
2005-11-29


Please stop spreading this myth.

.NET and C# are not the same thing.


I'm well aware, and there is no myth.


From MSDN: (http://msdn.microsoft.com/en-us/library/windows/apps/br230302.aspx


The .NET Framework provides a subset of managed types that you can use to create Windows Store apps using C# or Visual Basic. This subset of managed types is called the .NET for Windows Store apps and enables .NET Framework developers to create Windows Store apps within a familiar programming framework


And since you obviously are misinformed, here's a white paper for you to read: CLR and the Windows Runtime (http://go.microsoft.com/fwlink/p/?LinkId=243099)


Microsoft is not allowing .NET applications in Windows RT. C# is a supported language but without .NET that means existing applications have to be re-written in WinRT.


No. Microsoft supports .NET . It just supports the CoreCLR profile of the 4.5 BCL. That's a limited subset.

It also doesn't include WPF, WinForms, or any other things that wouldn't make sense for the Windows Store.

The BCL is there, the execution engine, IL, the JIT compiler, everything is there.


It's total bullshit really and an insult to .NET developers. Everything is expected to be re-written except Microsoft's software that gets access to the secret .NET/Win32 stash.


You want to know what's an insult to .NET developers? Your complete and utter ignorance on this subject matter.

The Windows Runtime and XAML stacks are for the most part native code. However, the WinRT projection library and some clever .NET Interop at compile-time manages the glue between WinRT and .NET pretty efficiently. A lot more efficiently than COM RCWs or P/Invoke.

You not understanding this only speaks to your ignorance as a .NET developer.

I shouldn't even have to be saying this, if you want a primer on the Windows Runtime (and judging by your sorry excuse for a comment, you need one) you can read the MSDN documentation.

Your blind, irrational, hatred for Windows 8 does not entitle you to your own facts.

Edited 2013-01-08 06:32 UTC

Reply Score: 3

RE: Seems like a lot of work
by dsmogor on Mon 7th Jan 2013 12:23 UTC in reply to "Seems like a lot of work"
dsmogor Member since:
2005-09-01

I believe that good OSS stuff like 7zip or GIMP will now eventually get ported.

Reply Score: 3

RE: Seems like a lot of work
by bassbeast on Mon 7th Jan 2013 19:44 UTC in reply to "Seems like a lot of work"
bassbeast Member since:
2007-11-11

Heck its even more pointless as Surface is a megabomb and all the other OEMs have "delayed" (read canceled) their WOA products so pretty much the only thing which this could ever be used on is the Surface which is frankly priced so stupidly its gonna just rot in the MSFT stores.

Last hard data I saw had fewer than 1 million sold and indicators so bad that MSFT called their manufacturer and cut their order in half just to keep from ending up with a warehouse full of the things.

Now one could pin their hopes on MSFT unloading all those Surface units on Woot!, like HP did with the Touchpad, but if you look at the past history of the company and what has been done to cover Ballmer's BS, such as counting every single Vista downgrade as a Vista sale to keep it from being listed as the megaflop it was? Frankly I wouldn't be surprised if he had the Surface units buried in a landfill in NM rather than admit its a complete failure.

Kinda sad really, the Tegra 3 is a nice chip and if you had an OS like Android better optimized to the hardware and with better app selection it would probably make a nice $200 tablet. But all the reports I've seen indicate the appstore is a broken mess, the apps that they DO have are money ripping knock offs like the "Steam" app that merely stick icons of your Steam games on the screen for you to look at or the dozen FB ripoffs that just call FB through the browser and mine all your data.

Reply Score: 2

Windows RT same as Windows deskop
by franko on Mon 7th Jan 2013 07:20 UTC
franko
Member since:
2012-05-25

So does that mean that Windows RT will be vulnerable to all the Windows virus, malware and other crap that windows catches?

Reply Score: 1

hyper Member since:
2005-06-29

No.

Reply Score: 0

Bill Shooter of Bul Member since:
2006-07-14

Maybe. You might have to have two different versions of the virus x86 and arm, but they possibly could exploit the same bug in windows.

Reply Score: 4

Comment by MOS6510
by MOS6510 on Mon 7th Jan 2013 10:19 UTC
MOS6510
Member since:
2011-05-12

If it's just a single byte it seems to me if can/will/might be fixed very quick by Microsoft.

Reply Score: 3

RE: Comment by MOS6510
by chithanh on Mon 7th Jan 2013 10:58 UTC in reply to "Comment by MOS6510"
chithanh Member since:
2006-06-18

From the article:

a vulnerability in the Windows kernel that has existed for some time and got ported to ARM
So Microsoft cared so little about the vulnerability that they ported it from x86 to ARM kernel?

Of course they will fix it if they determine that it is against their business interests. But I think they will observe what people do with the exploit to run their own Win32 apps. Because in the meantime, it can help badly needed sales of Surface RT.

Reply Score: 2

RE[2]: Comment by MOS6510
by MOS6510 on Mon 7th Jan 2013 11:02 UTC in reply to "RE: Comment by MOS6510"
MOS6510 Member since:
2011-05-12

Being able to install illegal software is a double edged sword I guess. It can help sell hardware, which increases the customer pool, but it also looses software sales, but without hardware in people's hands there is no software to be sold.

So you're right and it will be interesting to see when/how Microsoft will respond.

Reply Score: 2

RE[3]: Comment by MOS6510
by Thom_Holwerda on Mon 7th Jan 2013 11:05 UTC in reply to "RE[2]: Comment by MOS6510"
Thom_Holwerda Member since:
2005-06-29

Illegal software?

Only open source software can be ported to Windows RT with this (since proprietary vendors won't, of course). How is that illegal?

Reply Score: 4

RE[4]: Comment by MOS6510
by MOS6510 on Mon 7th Jan 2013 11:25 UTC in reply to "RE[3]: Comment by MOS6510"
MOS6510 Member since:
2011-05-12

Ah, I was under the impression that anything could be installed, so also cracked warez.

Reply Score: 2

RE[5]: Comment by MOS6510
by MrWeeble on Mon 7th Jan 2013 12:47 UTC in reply to "RE[4]: Comment by MOS6510"
MrWeeble Member since:
2007-04-18

No, the hacked warez would be x86 code. To work on the tablet, it would need to be recompiled for ARM, which requires the source-code to feed into the compiler. I suppose there may be some closed source stuff that people have stolen the sourcecode for, but I doubt that would be much of a large-scale issue.

Reply Score: 3

RE[2]: Comment by MOS6510
by vaette on Mon 7th Jan 2013 13:40 UTC in reply to "RE: Comment by MOS6510"
vaette Member since:
2008-08-09

The "vulnerability" is really a non-issue, the way this procedure works starts by getting administrator privileges by attaching to a system level process using the debugger. This is perfectly allowed and lands you administrator privileges at once (which more or less means that everything is already broken into). The "vulnerability" is just a question of fooling CRSS, which is basically a user-land kernel component, into poking the kernel in the ways you wish.

It is certainly not a vulnerability in the sense of permitting malicious code to do bad things, since the malicious code being able to launch and connect the debugger to arbitrary processes means that it has already done everything it needs.

Reply Score: 4

Windows 8 sucks
by Windows8_Hater on Tue 8th Jan 2013 19:51 UTC
Windows8_Hater
Member since:
2013-01-08

Wrote this review about it:

http://www.amazon.com/review/R7NPQ0AFSN3AE

Reply Score: 1