A Russian security company claims it found a way to beat a security measure in Microsoft’s Windows XP Service Pack 2, a major update aimed at securing customers’ PCs.
A Russian security company claims it found a way to beat a security measure in Microsoft’s Windows XP Service Pack 2, a major update aimed at securing customers’ PCs.
It has never been promised by MS that SP2 & Execution Protection gives you a 100% protection from buffer overflows – it just makes it extremely harder to exploit such overflows.
If some russian OSS geeks now state they’ve found a “security hole in XP2” then this is only a dumb, lousy reaction to the MS-news the last days (ya know, bout Linux security, Bill Gates new initiative etc.).
<<If some russian OSS geeks now state they’ve found a “security hole in XP2” then this is only a dumb, lousy reaction to the MS-news the last days (ya know, bout Linux security, Bill Gates new initiative etc.).>>
Um…
<QUOTE>
Friday, Moscow-based Positive Technologies said two minor mistakes in the implementation of the technology allow a knowledgeable programmer to sidestep the protection.
</QUOTE>
Is it too much to ask for you to RTFA? Guess it is.
Germans and Russians are a lot friendlier to Microsoft than a lot of other nations. Russians run Windows, ok? Just like 99% of the world. It does not mean that Windows is fail proof. If the world suddenly decides to use Linux, then it’s ok. I’m sure the Windows crackers and hackers could help Linux improve, because they would have the source-code. But they don’t work for free.
“If some russian OSS geeks now state they’ve found a “security hole in XP2″ then this is only a dumb, lousy reaction to the MS-news the last days (ya know, bout Linux security, Bill Gates new initiative etc.).”
[previous story]
“Linux security is a ‘myth’, claims Microsoft”
No, I’d say it’s simply Bill Gates putting his foot into his mouth.
I hate that kind of news which starts with NO SOURCE:
“A RUSSIAN”..
You follow the link..
and NO SOURCE.
The reason is not that they don’t know, the reason is that THEY DONT WANT the site to be linked instead of them.
Medias sucks
No, I’d say it’s simply Bill Gates putting his foot into his mouth.
Bill gates is not the person that made the comment. As for this vuln, this is pretty much the same thing that was determined 3 years ago when I first saw the idea of a non executable stack for the Linux kernel being debated. They determined it was an inconvenience and the protection could be side stepped any way. It is still one layer in what should be a multilayered approach to security.
The lock might be easy to pick, but still harder than if the door were not locked.
As for the comments on Linux security, MS might want to tell their employees to stay more focused on finding ways to improve windows and less time flowing at the mouth.
People like Nick McGrath do not help Microsoft any more than a fair and objective spokesperson like ESR helps Linux.
it was bound to happen, typical really of MS very lousy at fixes
http://www.maxpatrol.com/ptmshorp.asp
What’s a problem with sources? All articles link correctly up to exploit description (and code) itself:
http://www.maxpatrol.com/defeating-xpsp2-heap-protection.htm
Looking at this paper, it makes me wonder, how many similar potentially exploitable code fragments exists in any OS…
I think you posted in the wrong thread…
And two boxes below the headline is
“Linux security is a ‘myth’, claims Microsoft”…
HA HA HA HA HA HA HA HA HA HA
Sorry, my eyes are watering.
Geez, it seems that I’ve seen a dozen “XYZ Group in Bangladesh finds major loophole in MS Security Patch that could threaten life as we know it!” stories in the past five years.
How many of these hacks actually end up compromising folks’ computers?
I’ve been using XP since it first came out. I’ve had *zero* virii, *zero* worms/trojans, *zero* hacks (according to my Sygate PFP logs, anyway), and just a tiny bit of spyware that I quickly destroyed with SpyBot (and since learned my lesson, which is why I browse with Firefox now).
These stories, while probably true, usually don’t end up being the “ah-now-everyone-will-switch-to-linux” catastrophes that some on this board make them out to be.
I’ve been using XP since it first came out. I’ve had *zero* virii, *zero* worms/trojans, *zero* hacks (according to my Sygate PFP logs, anyway), and just a tiny bit of spyware that I quickly destroyed with SpyBot (and since learned my lesson, which is why I browse with Firefox now).
Well, it’s good that you use FireFox, but the reason you haven’t been infected is probably because you are behind a firewall, don’t install warez and don’t open suspicious attachments.
However, you should know that a “vanilla” XP install (i.e. before XP SP2) that connects to the Internet unprotected will be compromised in less than 10 minutes. The machine can then be used by unscrupulous crackers to relay illegal traffic, store warez or act as an attack bot for DDoS attacks.
SP2 is a step in the right direction, but with such dismal security failures in the past, people have good reason to be skeptical of MS’s capability to provide a secure computing environment.
<rant>
Why is it that every bloody post on any news site about a <insert from list below> security vulnerability results in flame wars and friggin trolls that are a waste of my reading time. Are you all friggin 12 years old? (I do admit that this thread hasn’t been bad yet, but I can see it starting to break down like the rest do).
</rant>
To Windows zealots:
Would you people shut up! At least the Linux people (for the most part) present reasonable arguements instead of just trolling (I admit, there are a few that do)
To Linux Zealots:
Would you people shut up! Linux has vulnerabilities too, instead of ranting about Windows vulnerabilities on OSAlert learn to code and fix some of the Linux ones. (again, I admit, there are a lot that do this, but there should be more)
To BSD Zealots:
You people stay shut up! I enjoy BSD articles because the BSD crowd tend to not start flamewars (again, some do, but most don’t I have noticed).
In my last post when I sent a message to Windows zealots
”
Would you people shut up! At least the Linux people (for the most part) present reasonable arguements instead of just trolling (I admit, there are a few that do)
”
in my last sentence in brackets, I didn’t mean that a few Linux zealots troll, I meant some Windows zealots present valid arguements. Reread my post and realized it didn’t look like I meant that.
There is no such thing as a BSD zealot. There are a lot of helpful daemons in the wilderness.
However, you should know that a “vanilla” Red Hat Linux Desktop install (i.e. released approximately same time as Windows XP, end of 2001) that connects to the Internet unprotected will be compromised in less than 30 minutes, according to Red Hat CTO explaining benefits of SELinux for the modern Linux distro.
I actually read the paper (http://www.maxpatrol.com/defeating-xpsp2-heap-protection.htm) and was wondering if this exploit only affects systems *without* NX support. The paper mentions NX at the top, but it doesn’t come up again in the discussion of the vulnerability. My understanding was that even if a heap frame was overwritten, the NX bit would still be set in the page table, preventing execution. Anyone know?
I’ll admit that I don’t exactly have vast knowledge on the specifications of NX, but I did read that paper, and it would seem to me that NX, being actual hardware protection, wouldn’t be vulnerable to this type of attack. I’ll agree htat the paper was a bit vague in mentioning whether NX users were affected.
you should know that a “vanilla” Red Hat Linux Desktop install (i.e. released approximately same time as Windows XP, end of 2001) that connects to the Internet unprotected will be compromised in less than 30 minutes
So, what you’re saying is that RedHat is three times as secure as Windows?
Anyway, I’d love a link, if you have one.
What I do know is that Linux security has increased a great deal over the past, as demonstrated by the Honeynet Project.
http://project.honeynet.org/papers/trends/life-linux.pdf
BTW, the average “survival time” of an unprotected XP SP1 machine is actually down to four minutes now. I’ll admit that XP SP2 is a step in the right direction, but SP1 is definitely a serious blotch on MS’s security record. The fact that there are still lots of SP1 machines out there makes it all the more scary…
>So, what you’re saying is that RedHat is three times as secure as Windows?
I am saying that enabling firewall protects both Linux and Windows from remote exploits equally well.
According to USA Today Windows XP with firewall enabled was not hacked for as long as they were running their tests.
>Anyway, I’d love a link, if you have one.
You should visit http://www.linuxsecurity.com on daily basis, if you would like to have real knowledge on the current state of Linux security.
>BTW, the average “survival time” of an unprotected XP SP1 machine is actually down to four minutes now.
BTW, you prove again you do not know the subject. The paper, which I am familiar with, refers to Win32 computers, not to Win XP SP1 specifically.
For your information, Win32 could be anything down to Win NT 3.5, nothing in that paper says othewise.
You should also read that paper to find out why they do not recommend to identify widespread trends based on their Win32 findings.
You sure did not read the paper, because it is exactly what you are doing: going against the paper recommendation.
Windows XP had firewall from the beginning. Microsoft made a mistake trusting Joe Sixpack to turn it on. We all know that.
What Linux marketing department conveniently forgets every time they scream “wolf” is how easy is to fix that mistake on any Windows XP.
With the firewall turned on, Windows XP stays safe. SP2 made it on by default, that’s it.
>The fact that there are still lots of SP1 machines out there makes it all the more scary…
I am sure that Linux advocates, while advertising their inherently more secure Linux, will conveniently forget to mention that just changing one configuration setting in Win XP SP1 (i.e., turn firewall on) will give user as much protection against remote exploits as switching to new and completely alien to that user OS.
You should visit http://www.linuxsecurity.com on daily basis, if you would like to have real knowledge on the current state of Linux security.
No, I meant a link to that direct quote, just to make sure you didn’t make it up.
BTW, you prove again you do not know the subject. The paper, which I am familiar with, refers to Win32 computers, not to Win XP SP1 specifically.
No need to be so arrogant, I got that information from other articles regarding this, such as this one:
http://www.pcauthority.com.au/news.aspx?CIaNID=17147
Now, perhaps these journalists were mistaken, but until you prove to me that they were, I’ll continue to believe them instead of you. In other words, prove to me that they weren’t XP SP1, as indicated by the articles that mentioned the study.
You should also read that paper to find out why they do not recommend to identify widespread trends based on their Win32 findings.
They didn’t say why, the only said “In addition, several Win32 based honeypots were deployed, but these were
limited in number and could not be used to identify widespread trends.”
You sure did not read the paper, because it is exactly what you are doing: going against the paper recommendation.
I did read the paper. You’ll notice that the reason I mentioned it was primarily to say that Linux security has greatly improved over the past couple of years. However, they’re not the only person to say that an unpatched Windows installation will be hacked in a matter of minutes if not behind a firewall (while a default, unpatched Linspire install won’t).
I am sure that Linux advocates, while advertising their inherently more secure Linux, will conveniently forget to mention that just changing one configuration setting in Win XP SP1 (i.e., turn firewall on) will give user as much protection against remote exploits as switching to new and completely alien to that user OS.
You’re missing the point: we’re talking about default, unpatched installs. There’s plenty of Joe Sixpacks out there who still have unpatched XP SP1 boxes without the firewall turned on. This represents a massive security risk, and MS deserves to be blamed for allowing such a situation to happen in the first place.
Apparently no one is going to shut up like I asked. Although (and no offence meant to the OSAlert editors) without flamewars OSAlert wouldn’t have much readers or people leaving comments anymore.
Eugenia should implement a tool where she can mark a post as either informative, flame or stupid, and then I can only read what I want, kinda like at Slashdot, ‘cept the editors should have complete control over it.
At least a fresh Red Hat install doesn’t get infected by blaster or sasser ten minutes after turning on.
//Apparently no one is going to shut up like I asked.//
Apparnetly, you don’t understand that nobody is forcing you to read this thread. If you don’t like it, just leave, or shut the hell up.
Apparnetly, you don’t understand that nobody is forcing you to read this thread. If you don’t like it, just leave, or shut the hell up.
We said he he..annoying people trying to play official.
oh, so the difference between xp sp1 and sp2 is that the firewall is enabled by default? lmao
linux is more secure by design. it just is. to their credit, security has been a big deal for microsoft for the last few years, and they have made great strides in that direction. sp2 was a milestone in a four year project to make windows secure. they arnt done yet. if you are saying windows is secure, that means you are disagreeing with microsoft.
linux being designed as a network operating system doesnt mean that it is bulletproof either.
as for winxp having a high survival time, ill tell you a story. a month ago world of warcraft came out, which means xp got reinstalled on my main machine. now, i couldnt find my sp2 slipstreamed disc, but i did have an sp1 disc. as i had been waiting for this game for three years now, i just figured “ill install sp2 this weekend” and just installed sp1 with the additional fixes up to the point where i made the disc. no firewall, no a/v, but the firewall on the connection was enabled. the next day after work, i came home to all kinds of popups and my network connection running at full steam even though there wasnt any reason for it. i tried going through the process of removing all the crap, but it was too late. norton, adaware, and spybot fixed things for almost an hour before new malware was installed.
needless to say, i went over to a friends house who had an xp2 disc slipstreamed, wiped and reinstalled, and havnt had a problem with it since.
this teaches us a few things
1) SP2 does something.
2) SP2 does a good enough job that with a/v and anti-spyware tools running it is still holding together a month later, even though my roommate uses my pc semi frequently and is computer illiterate
3) the lifespan of an sp1+ computer, while maybe more then 4 minutes, is still less then 24 hours before infection
i dont blame ms for this, cause i know its my own damn fault, and wouldnt have happened if i were any less addicted to the crack blizzard passes off as games. however, that was enough to prove to me that the stuff you hear about in forums and articles are true, if you dont keep your xp box up to date, it will be owned in relatively short order.
i convinced my mom recently not to let some guy install linux on her machine, i dont think linux should replace windows for home users, as home users are woefully incapable of running it, and making it runnable by them destroys everything cool about it (as can be seen with stuff like lindows). but give me a break, i can install linux and leave it on for a day, and not come back to a broken os. i know, because i have done it.
linux is more secure by design. it just is.
How ? Be specific.