Windows 7 Disaster? Or Not?

[MonkeyMhz]

Sure does look beautiful.

April 24, 2009 - This week the world's leading cybersecurity professionals gathered in Dubai at the Hack In The Box Security Conference to discuss the state of the industry, identify new threats, share pro-tips, and play Dungeons and Dragons. Ok, probably not that last part, but you get the point; high-nerdery was clearly afoot at the Sheraton Dubai Creek. One of the more prominent topics of discussion was Microsoft's latest operating system, Windows 7. While a number of exploits and potential vulnerabilities of the system were discussed at the conference, one identified loophole in the system has security professionals troubled…and morbidly fascinated.


A team of researchers located an exploit within the new operating system that can allow hackers to take control of a user's machine during the startup process. The problem was identified by Vipin Kumar and Nitin Kumar, who created a program called VBootKit 2.0 that exploits the weakness and allows a hacker to bypass the machine's hard drive entirely, making it nearly impossible to detect. Once hackers can implement the software, they can then change access permissions, passwords, and gain access to a user's sensitive information. What's worse, a program like the one created by Vipin and Nitin Kumar can be as small as 3KBs, and thus can be spread rapidly. Naturally, problems like these are common during the pre-release beta stages, but Vipin and Nitin Kumar claim that this vulnerability is unique and completely unfixable.

"There's no fix for this. It cannot be fixed," said Vipin during his presentation in Dubai. "It's a design problem."

Microsoft has yet to comment on the exploit or formally acknowledge its existence, however, if Vipin and Nitin's claims are true, it could mean serious trouble for the forthcoming operating system's sales.

For all the latest on Windows 7, stay tuned to IGN Gear.

Source:
http://gear.ign.com/articles/976/976242p1.html

I'm surprised IGN would even post such a thing without getting the official word from Microsoft of what is really going on.

Saying a operating system is un-fixable, is possibly one of the most foolish things someone could say. It sounds like someones trying to get attention, and its pathetic. If you have to be at boot up to take hold of this vulnerability well then its not much of a feat, since anyone could do anything if they are physically infront of the computer.

What do you think about this article?
I think its a pile of flaming you know what.

Unless if Microsoft really screwed up If they did, ill go down with the ship.

 

[Evilsizer]

dont see how MS could have messed up win7 since its just a stripped down vista with some tweaks... from your comments alone, that link isnt worth my time to read.

 

[Jon]

Has already been posted.

 

[joedymueller]

as the guy who posted about this article , regardless of the OS if you can bypass the HD you can do anything. win XP make a Trojan that installs and redirects HD to Live ubuntu. reboot and you are now at ubuntu... harder than that but still possible. all you need is an idiot on the guest side to click where they shouldn't to install it.

 

[Adragontattoo]

If I can touch your machine, it is already comprimised, the issue is NO WHERE near as big as it is being made out to be.

 

[turbohans]

If I can touch your machine, it is already comprimised, the issue is NO WHERE near as big as it is being made out to be.

Yup like said in the earlier post, any drive that is not incripted totally but just passward protected in the OS can be dual booted from say a USB drive and riped of everything verry quickly...

 

[usp8riot]

So bootloaders are a security vulnerability? *gasp*

 

[Methal]

same thing with all the windows OS's. They are not built for anything other than to make money.

If its security you want, Linux/Unix is your only real choice.

5 years of experience working with linux, 15 years of experience working with windows. I was able to hack into my companies private windows 2003 server in under 10 minutes. Windows is a 25+ year old OS with a different skin every 5ish years.

STILL stuck on 64k mem mapping.

 

[bz2klag]

If there were ever any complaints about the fancy new UI design utilitzed by the newer Vista and 7, and the performance and resource utilization impact of such, as compared to XP, they fell on deaf ears. This is what we have to work with from now on, plan your builds accordingly.

There was a lot of hardware from the Win95/Win98 days that didn't make it to XP just 2 to 3 years later. They use different kernels, and the XP (NT) kernel doesn't support DOS device drivers like 95/98 could.

It feels like now is the time for another one of those transitions, for example, consider how seamless 64-bit has become as the last few kernels have evolved. Sometimes there are legitimate reasons for why a new kernel may take a slight performance hit, or a bit more memory. For example, when USB support was added back in the 90s, this increased operating system overhead. There must be a reason why the Vista and 7 kernels are the way they are, and it may even have to do with something they support which XP does not. I'm almost pretty sure that there was no order given to slow it down on purpose for no reason.