Linked by Thom Holwerda on Fri 20th Oct 2006 14:35 UTC
Windows Microsoft has blocked the attack vector used to slip unsigned drivers past new security policies being implemented in Windows Vista, according to Joanna Rutkowska, the stealth malware researcher who created the exploit. Rutkowska, who demonstrated the exploit at the Black Hat conference in August, said she tested the attack against Windows Vista RC2 x64 and found that the exploit doesn't work anymore. "The reason: Vista RC2 now blocks write-access to raw disk sectors for user mode applications, even if they are executed with elevated administrative rights," Rutkowska wrote on her Invisible Things blog.
Permalink for comment 173556
To read all comments associated with this story, please click here.
it seems...
by bytecoder on Fri 20th Oct 2006 21:10 UTC
bytecoder
Member since:
2005-11-27

It seems like it would be a better idea to let the user decide whether or not the program should have access. No, I'm not talking about having another one of those stupid security dialogs (hint: they don't work!), but rather, force the user to acknowledge what the program might do by linking it with what it could modify, in this case the hard drive. The best way I can think of doing this is to have the user drag and drop the hard drive onto the program to signify that it has priveleges to use it, with the added bonus that it tells the program which drive to use.

Incidentally, this works well for specifying priveleges in general and does an excellent job at containing damage, unless the user is stupid enough to, e.g. give the program permission to modify his home directory. Of course, stupid people will always find ways to hurt themselves, but at least the other people won't shoot themselves in the feet as much.

Reply Score: 1