Hack Expert Says Windows 7 is Hard to Hack

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Status
Not open for further replies.
" But he did emphasize that Flash not be installed no matter what browser or OS is used by the consumer."

What was he on? What is the point of running a browser without Flash? Until HTML5 becomes a usable standard Flash is a must. A piece of advice Charlie Miller, use any car you want but never put any gas in it.
 
PS I have Flash on all my PC's and my chances of getting hacked are about as good as winning the lottery. Don't let these bogey men frighten you. If you take sensible precautions there is little to worry about.
 
How pathetic

Winwows is not secure.. no root priv needed to run any virus to pawn that system.
 
This is probably not quite on topic, but win server 2008 r2 doesn't have any activation protection lol, plus the way it installs and tries to intermingle all the roles - it's just asking to be assaulted. If anyone's ever used it firsthand they'd see how jumbled everything gets. That miller guy is a noob - all consoles have been hacked. If the guy that did the ps3 wanted windows 7 hacked, i'm sure he would do it before this miller dufus could. and "hard" is a relative term. Hard for him, but not hard once you find the answer. It's just like debugging - you're busy ripping your hair out for a good couple of hours before someone looks over your shoulder and goes, why don't you insert a debug statement here? Ah, there it is.
 
Mac's are not good targets because except for the US Mac's account for only a very small percentage of computer user's worldwide. Living in the US you get a false sense of how popular Mac's are. PC's are obviously the target and will be for as long as reasonable predictions can be. Linux is only safe because it has even fewer user's. Why target a group under 5% of user's when Windows has 92%???
 
unless these hackers are working for the companies and letting them know of vulnerablities wihout making the exploits known to malicious hackers, these guys should be in jail
 
what can u achieve by hacking a stupid console? personal information of some console gamer, dumb by default for choosing the platform, is useless anyways...
 
[citation][nom]dogofwars[/nom]Well Chrome use encapsulation and IE 8 do "some" kind of encapsulation.From my own experience I think Chrome is safer but it take a lot of memory.HTML5 I don't know if it will be more secure, will it be more related to the browser than 3rd party??[/citation]

My Mother have one in her room.
 
[citation][nom]tomtompiper[/nom]PS I have Flash on all my PC's and my chances of getting hacked are about as good as winning the lottery. Don't let these bogey men frighten you. If you take sensible precautions there is little to worry about.[/citation]

Does your computer come with some type of magical protection that keeps you from being vulnerable to 0-day exploits? Don't know if you realize this or not but there are and have been viruses and worms that spread with absolutely no user interaction, the computer simply needs to be on, connected to the internet, and running vulnerable software.

And to the people talking about hacking consoles, he's not talking about running pirated games, he's talking about running arbitrary code from a remote location that either steals personal data, turns the console into a bot, or damages it. Much like the code that was intentionally bricking PSP's a few years back.

 
[citation][nom]skit75[/nom]The "expert" identified 3rd party softwares (Java & Flash) as the primary intrusion point. Not much any OS can do if the backdoor is wide open, despite which ever "fanboy" tag you wear.[/citation]
Well, they did call him a "hack" expert right in the headline...
 
[citation][nom]shawn4242[/nom]Viruses are a non-issue from a security standpoint. No one should EVER get a virus, especially not in a business. If you get hit with a virus or worm, you should line up your IT staff and fire pink slips at them, then hire people who actually know how to properly build & manage IT systems.If security isn't an issue for Macs, then why is there a 50,000 strong mac botnet?Proper security is an issue for every platform. Security isn't a product, it's a process.[/citation]

Sorry to burst your bubble but here in the real world users especially IT folks who should know better work their darndest to make it impossible to keep the computers on your network 100% safe. In the end it is all about balancing security and usability while maintaining vigilance. For instance I would love to yank Java, Flash, and Acrobat from all of my systems but you know what I can't too many internal and external systems rely on those pieces of crap. So that means we must rely on Antivirus software guess what... none of them protect you 100% sorry.. I don't care what kind of fancy behavior systems or detection engines they use the virus writers eventualy find a way around them or you encounter applications important to your business that just won't work without poking holes in your antivirus defenses.
 
[citation][nom]Parsian[/nom]what can u achieve by hacking a stupid console? personal information of some console gamer, dumb by default for choosing the platform, is useless anyways...[/citation]

maybe not. think about the possibility of using that many consoles (like it or not, in the future, more consoles will need to be Online) as zombies. the processing power of future consoles may be just enough to run the game and a trojan in paralel.
 
[citation][nom]skit75[/nom]The "expert" identified 3rd party softwares (Java & Flash) as the primary intrusion point. Not much any OS can do if the backdoor is wide open, despite which ever "fanboy" tag you wear.[/citation]

Good to know someone is thinking this way. Although the last article clearly stated that the biggest vulnerability in a computer is the nut sitting in the chair.
 
The biggest vulnerability in a computer is social networking sites they account for most of the worms, trojans and fake av's out there.

I clean machines for a living most people using facebook or myspace have a fake av vs people who don't surf places like that.

Saying ie8 is more secure than say firefox is also not true if your run an exe from ie8 it will run it if your run it from firefox with adblock plus and noscript it will block it and the link, firefox plugs exploits faster than ie8, firefox+adblock plus+noscript = safest way to surf period.
 
@ koga73:

Flash has been around a long time and is extremely widespread. This means that it is a prime target for hackers and that they have had ample time to figure out how to circumvent its security.

Since the people making it are not that concerned with security as they could be...
 
[citation][nom]Parsian[/nom]what can u achieve by hacking a stupid console? personal information of some console gamer, dumb by default for choosing the platform, is useless anyways...[/citation]

you've obviously never used a modern console... at least on the xbox 360, there would be a generous helping of credit card info and/or user account info that would allow gold level access or points... these might not be important to you, but they are to a great many...
 
wait, Snow Leopard installs Flash by default? But I thought Apple hates flash! That's why they banned it from iPhone/iPads. So do they not care about their customers on SL? But that would mean Apple is being hypocritical, but that's impossible because Apple is never wrong, right?? RIGHT??? *Head explodes*
 
TOM'S HARDWARE GUIDE > News > Solutions > Software > Hack Expert Says Windows 7 is Hard to Hack
Hack Expert Says Windows 7 is Hard to Hack
Next news
12:00 PM - March 2, 2010 by Kevin Parrish
X
Send link to this page by email :
Your email address *
Your name *
Recipient address *
Send
* The email addresses collected via this form are not recorded on our servers and are only used for the sending request

* Email |
* Print |
* Comments (44) |
* Share

Windows 7 is harder to hack than Apple's Snow Leopard--mainly due to Flash being installed by default on SL.

Zoom

Security expert Charlie Miller has participated in the Pwn2Own contest over the last two years, and has won both times. Held in the CansecWest Conference in Vancouver, British Columbia, Canada, the contest challenges contestants to find "big bugs" in web browsers, operating systems, and even in mobile devices. With the 2010 conference just around the corner (March 24), oneITsecurity conducted an interview with the champ and asked Miller which was harder to crack: Windows 7 or Snow Leopard?

"Windows 7 is slightly more difficult because it has full ASLR (address space layout randomization) and a smaller attack surface (for example, no Java or Flash by default)," he said. "Windows used to be much harder because it had full ASLR and DEP (data execution prevention). But recently, a talk at Black Hat DC showed how to get around these protections in a browser in Windows."

He also added that a safe browsing combination would be to use Chrome or Internet Explorer 8 on Windows 7, however he said that there isn't enough difference between the two browsers to "get worked up about." But he did emphasize that Flash not be installed no matter what browser or OS is used by the consumer.

The interview also covered exploits on game consoles. As the interviewer points out, the devices are in our living rooms, in our dens and offices, yet there are still few exploits and vulnerabilities discovered. Why aren't security researchers working on finding exploits on these devices? Because there are more PCs, and game consoles don't need to be connected to the Internet.

"I’ve had Wii for a year or so and its never been on the Internet," Miller said. "Its hard to remotely attack the box when you can’t get packets to it :) Also, computers, and phones to a lesser extent, are designed to be customized, to download and use/render content from the Internet. This is where vulnerabilities exist and exploits are created. Game consoles don’t do this as much so the attack surface is much smaller. The final reason, is it is hard to do research on them. Its not easy to get a debugger running on an Xbox, for example."

To catch the full interview, head here.

Source : Tom's Hardware US
Related news
Patches Released for Critical Security Issues for Microsoft Windows
Trojan attacks via unpatched vulnerability in Word
Windows Vista security flaw uncovered
Hacker: Windows More Secure Than Mac OS X
Hacker uncovers Internet Explorer 7 phishing hole

* Previous
Leading Intel Executive Suffers Stroke
* Next
Windows 7 Tablet Gets CPU Upgrade, More

Topics being discussed on the forums

* i got spammed by bill gates!!!! [Old Man/Woman's Club]
* How to prevent malware from running on your PC [General Networking]
* Why a software firewall? [General Networking]
* Microsoft Phasing Out Win98 !? [Windows 95/98/ME]
* Is the MAC dead? [Audio]

See more topics
Questions? Ask Tom's community!
Talkback
Add your comment
Read the comments on the forums

* First
* Previous
* 2 / 2
* Next
* Last


Gin Fushicho 03/03/2010 1:42 AM
Hide
Insert quote. Report -1+

But...but... Flash is used almost everywhere! D=
TheDuke 03/03/2010 2:36 AM
Hide
Insert quote. Report -1+

maybe hackers will start making an effort on Macs to shut up all those Mac fanatics and their pseudo security
llemm 03/03/2010 2:57 AM
Hide
Insert quote. Report -0+

dogofwars :
Well Chrome use encapsulation and IE 8 do "some" kind of encapsulation.From my own experience I think Chrome is safer but it take a lot of memory.HTML5 I don't know if it will be more secure, will it be more related to the browser than 3rd party??



My Mother have one in her room.
idlerp 03/03/2010 5:49 AM
Hide
Insert quote. Report -0+

tomtompiper :
PS I have Flash on all my PC's and my chances of getting hacked are about as good as winning the lottery. Don't let these bogey men frighten you. If you take sensible precautions there is little to worry about.



Does your computer come with some type of magical protection that keeps you from being vulnerable to 0-day exploits? Don't know if you realize this or not but there are and have been viruses and worms that spread with absolutely no user interaction, the computer simply needs to be on, connected to the internet, and running vulnerable software.

And to the people talking about hacking consoles, he's not talking about running pirated games, he's talking about running arbitrary code from a remote location that either steals personal data, turns the console into a bot, or damages it. Much like the code that was intentionally bricking PSP's a few years back.



This magical protection is called Linux. I surf the web using it, I only switch to Windoze for games. As I said if you take reasonable precautions there is nothing to worry about. Dualbooting is easy, try a live CD first to check your system and find a distro to suit you then install. My Distro of choice at the moment is PCLinuxOS, great hardware detection and installs in 20 mins.
 
Status
Not open for further replies.