Linked by Thom Holwerda on Sat 31st Dec 2005 16:55 UTC
Windows Microsoft acknowledged late Wednesday the existence of a zero-day exploit for Windows Metafile images, and said it was looking into ways to better protect its customers. Even worse, by the end of the day nearly 50 variants of the exploit had already appeared. One security company said the possibilities were endless on how the flaw could be exploited. 'This vulnerability can be used to install any type of malicious code, not just Trojans and spyware, but also worms, bots or viruses that can cause irreparable damage to computers,' said Luis Corrons of Panda Software.
Thread beginning with comment 80759
To read all comments associated with this story, please click here.
Perfect example!
by Windows Sucks on Mon 2nd Jan 2006 00:44 UTC
Windows Sucks
Member since:
2005-11-10

Here is a perfect example for all the silly Windows supporters! The ones who say "If Linux was more popular then it would be attacked more etc because hackers go after the more popular OS"

But yet here is a hole big as a house in Windows, not found by "Hackers" but by security experts! And Microsoft as always has no answer for it!

Doesn't matter if there were 500 Windows machines in the world or 500 million, the holes are still there and you are crazy to think it will get any better!

So please get off the crack and use BSD, Linux, Mac OS (BSD) or something else! Windows is insecure, over priced and a mess!

And Vista will be a little more secure then XP but not much, there is no way they can put a full Linux/Unix style permission set in Windows cause it would freak their user base out. Plus it would freak out Windows administrators. People are so used to just being able to install whatever, whenever with nothing stopping them. Administrators are so used to being able to use the System Account to get around the problem of trying to remotely install software and patches while there is no privlaged user logged in.

Who gonna teach all these people different? What is going to happen (like in XP) is that during the install process (And this is actually a problem with Linspire Linux and Mac OS. Even though in Mac OS its not so bad cause you still must enter your password for software installs etc even though the first user you create after you do an install is an Admin (Not root though like in Linspire) ) you will have the option to add higher security but not forced to. When you get an OEM install the higher security will not be on so that when you boot up you will be just taken to a desktop and not have to make accounts etc. And as always MS will blame users for this, even though MS has never told regular users to do anything else (Trying to keep that Windows 95/98/ME feel)

That is why I like the Mac OS and Ubuntu, yea it's a pain for power users to use sudo in Ubuntu but all you have to do is type : "sudo passwd root" create a password and then go in to options and allow GDM or KDM to let root login. (sudo passwd -l root will turn root back off, then you turn root off in KDM and GDM)

My point is that even if Microsoft puts in better user level security I doubt that they will educate their user base on how and why they need to use it. And Windows supporters along will MS will continue to blame Hackers and stupid users for their problems!

Reply Score: 1

RE: Perfect example!
by hal2k1 on Mon 2nd Jan 2006 06:04 in reply to "Perfect example!"
hal2k1 Member since:
2005-11-11

> "An executable will run on a Windows system without any local user giving it permissions to run. The only thing that a Windows system requires in order to attempt to run an executable (from anywhere) is that the executable has a particular extension (one of about twenty or so)." <

"And your point it is?"

The point is that this is the API for executable programs on Windows systems.

Windows doesn't check if a file has been given executable permissions by any user at all (let alone the admin) who knows a password on the local machine - Windows just runs it anyway.

Since the notion of "users", "accounts" and "priveleges" was totally absent in the design of Windows circa 1995, and since modern versions of this OS are backwards compatible with that API - then necessarily the notion of "users", "accounts" and "priveleges" is a bolt-on afterthought.

Windows often loses track of who has invoked what - indeed it will often allow something to be invoked without any idea of who invoked it or where it came from - Windows will run it anyway - this very vulnerability is a good example.

Windows ACLs are a part-way solution around these severe security deficiencies in Windows design - but far to often they are not invoked or are easily worked around.

As far as over 95% of Windows installations out there goes - Windows is not secure at all. By design, and by default.

As a matter of experience for example I know of Windows XP installations where accounts have been disabled - anyone who turns on the machine is automatically logged on (without any password) as root!

Reply Parent Score: 1

RE[2]: Perfect example!
by makfu on Mon 2nd Jan 2006 08:50 in reply to "RE: Perfect example!"
makfu Member since:
2005-12-18


Since the notion of "users", "accounts" and "priveleges" was totally absent in the design of Windows circa 1995, and since modern versions of this OS are backwards compatible with that API - then necessarily the notion of "users", "accounts" and "priveleges" is a bolt-on afterthought.

You have absolutely NO idea what you are talking about. The DACL model used in NT has been there since day one (1993). Win32 originated on NT, not Windows 95 (it was bolted on to the DOS/VMM386 kernel, NOT the other way around). The rest of your post is just so much FUD.

You need to understand that there are people who have CONSIDERABLY more knowledge regarding systems internals than you do. If you want to have a critical discussion about Windows, that's fine. However, it would be wise in the future to actually KNOW what you are talking about before shooting your mouth off.

Oh, and yes, if I either remove the ACE or set an explicit deny entry on the ACL on ANY object referenced by the Security Reference Monitor you will not be able to access that object. Everything in NT is an object managed by the Object Manager executive subsystem and every object has a security descriptor with an ACL enforced by the Security Reference Monitor executive subsystem (obviously if you are using a legacy filesystem with no defined NT SDDL ACL, the object will be instantiated by the system with a blank ACL). If you wish to view the pervasiveness of this functionality use process explorer from www.sysinternals.com .

Reply Parent Score: 2