That Other OS is Broken

Recently oldman claimed that he could set up a machine running that other OS and use it without malware scanning. Here is proof that that is very high-risk behaviour. It has come to light that IE provides a work-around for malware-authours of two security measures implemented by M$ to enhance security. While the vulnerability has been demonstrated for several versions of IE it is also available to other applications because M$ was thoughtful enough to make some security measures optional for DLL files.

This is what happens when an OS is so complex that long lists of exceptions must be handled to do anything as simple as linking to a library. In this case an innocent user can browse to an innocent web-site that has been compromised by altering a CSS file and IE+that other OS allows arbitrary code to be executed. Now hundreds of millions of PCs need to implement a work-around to avoid creating yet another botnet of millions of PCs doing no good.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology. Bookmark the permalink.

8 Responses to That Other OS is Broken

  1. oldman says:

    “Re-re-reboots are not a solution. They are part of the problem. ”

    System reboots are a non issue for most people Pog. My physical system boots in about 40 seconds. My VM’s in a little over a minute. Besides, do you really think that people are going to do a forklit upgrade

    “Malware artists can put your OS into a virtual machine and hide beneath it, the ultimate rootkit.”

    I am aware of the exploit, but very specific things have to happen In order for them to do this. They have to GET to my physical machine, and GET me to do something to compromise it. Since I do all my surfing in problematic places via virtual machine that uses a dedicated physical nic on a separate virtual switch with that has its on dedicated physical NIC and all of my other VM’s are isolated behind a virtual NAT firewall, The only system that can be compromised is my sacrificial VM itself, and that infection IF it happens will only lasts until the next reboot.

    “You can cure disease by killing and burning patients too but it is not a solution.”

    And I would submit that throwing away a working setup just to implement an OS that may only marginally better at resisting malware is not a solution either.

  2. Re-re-reboots are not a solution. They are part of the problem. If you think rebooting a virtual machine solves anything imagine 100 million virtual PCs all infected with some spam-generator. You CPU is loaded. Your network is loaded.

    Virtualization is a fine tool for maximizing the use of hardware but a poor tool to fight malware. Suppose the malware infects other virtual machines over the LAN. You will have to shutdown everything on your LAN to rid yourself of it. You can cure disease by killing and burning patients too but it is not a solution.

    see http://www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf

    see http://www.eecs.umich.edu/virtual/papers/king06.pdf

    Malware artists can put your OS into a virtual machine and hide beneath it, the ultimate rootkit.

  3. oldman says:

    “You can fool yourself into thinking there are very few of those.”

    Unlike yourself who seems to think that he is safer running Linux as a desktop, I have learned that NO system is safe. Life on the internet is a continuous cycle of keeping one step ahead of the bad guys. What I CAN tell you is that I have a grand total of ONE malware infection in the past 8 years, and that infection was on a system that I was retiring anyway.
    Whether you or Pog believes this or not is irrelevant to me, it is a fact!

    “It’s better to just use an operating system that is known to be far safer than the one you are using.”

    Unlike yourself, I run applications, not operating systems, and I had tw choices for OS’s running those applications – apple running OS X and Dell running Windows. I chose Windows because I am well versed in what needs to be done to keep it safe the operating system that runs those applications. As far as Linux is concerned, the applications that I use either dont exist on linux or are so inferior to what I have as to be laughable.

    The reality is that these days, all of my internet facing applications on virtualized instances with un-doable disks gets rid of 100% of the risk for now . Any infection that gets through simply ceases to exist once the system is restarted. This does not mean that I don’t keep up with my risk mitigation strategies. One never knows when the baddies will figure out a way around virtualization!

  4. Oldman says:

    Actually ray I run a number of commercial software packages for which no good equivalent exists on Linux.

    Besides, who says that FOSS can only be run on Linux?

  5. Ray says:

    Same goes with every other OS, as there’s plenty of unknown security holes in MacOS, Linux, Solaris, etc. They’re not immune to those unknown security holes.

  6. Brian Page says:

    To Oldman,

    so besides:
    1) avoiding malware
    2) running OSS applications like Firefox and Thunderbird
    3) virtualizing linux for other unnamed tasks that M$ can’t handle
    (all explained here: http://mrpogson.com/2010/12/20/anti-malware-is-anti-m/comment-page-1/#comment-38012)
    what else do you do with your computer?

    seems to me that your transition away from M$ is almost complete.

    if you just switched you wouldn’t have to do #1 or #3, which might save you some time in the end.

    well, that and the next time you have to reinstall your OS because you lost control of it – not that it would be your fault (seriously, that’s not sarcasm), you could save time on the install itself by having all your favourite apps preloaded along with drivers for all your kit!

    ~Cheers

  7. Richard Chapman says:

    Being safe from known security holes gives little solace from unknown security holes. You can fool yourself into thinking there are very few of those. It’s better to just use an operating system that is known to be far safer than the one you are using. If you wish to get into that “popularity logic”, I’d be glad to oblige. Here’s the obligatory link (I won’t be hurt if you don’t bother to look at it.):http://linuxmafia.com/~rick/faq/index.php?page=virus

  8. oldman says:

    “It has come to light that IE provides a work-around for malware-authours of two security measures implemented by M$ to enhance security. ”

    But I dont use I.E.

    And besides – from

    http://blogs.technet.com/b/srd/archive/2010/12/22/new-internet-explorer-vulnerability-affecting-all-versions-of-ie.aspx

    Microsofts workaround, which is to “Use Enhanced Mitigation Experience Toolkit (EMET) to dynamically rebase all loaded DLLs”

    One more exploit mitigated in the never ending battle against the twerps and thieves (many of them Linux users BTW) who write malware.

Leave a Reply