- Status
x_2fast4u_x
Distinguished
- Nov 22, 2007
- 286
- 0
- 18,780
^ You are ignorant in so many ways. Please read the stuff before you post a reply. This stuff is at hardware level, it is in essence a hardware hack, Windows ME is a terrible OS, worse then any other windows product past, present, and future. Unstable, plenty of holes in security, the list goes on. This hack can effect any form of OS/Software that requires you to load something in the memory.
As jsloan just mentioned, there are two things to note about this. First, They were running Windows 7 on a virtual machine. Meaning that they could be running files prior to the initial loader. If you are running Windows 7 on the hardware this is impossible.
Second, this is not just a Windows 7 problem. By rewriting the right segment of code even Linux/Unix machines will become incapable of realizing the hack.
But again this is impossible if you are running Linux/Unix directly on the hardware as well. I must assume that the editors at Tom's are smart enough to know this and are just printing this trash to generate conversation. But, still, shame on you Tom's what is the point of such fear mongering.
If we have learned something here today it is that you should not allow someone to boot from a portable drive on your machine and then load your OS into their VM.
Second, this is not just a Windows 7 problem. By rewriting the right segment of code even Linux/Unix machines will become incapable of realizing the hack.
But again this is impossible if you are running Linux/Unix directly on the hardware as well. I must assume that the editors at Tom's are smart enough to know this and are just printing this trash to generate conversation. But, still, shame on you Tom's what is the point of such fear mongering.
If we have learned something here today it is that you should not allow someone to boot from a portable drive on your machine and then load your OS into their VM.
dark_lord69
Splendid
- Jun 6, 2006
- 3,227
- 8
- 22,015
As long as mircosoft makes windows there will be people that hate it and want to hack it.
And the same goes for ALL companies that make an OS and get too big. Apple has been picking up steam ever since the ipod came out, now they are being hacked and have more viruses than ever. It's not always good to be the big guy.
And the same goes for ALL companies that make an OS and get too big. Apple has been picking up steam ever since the ipod came out, now they are being hacked and have more viruses than ever. It's not always good to be the big guy.
zak_mckraken
Distinguished
- Jan 16, 2004
- 1,592
- 0
- 19,780
[citation][nom]stuart72[/nom](...) which can quite easily be thwarted by setting up the BIOS to not boot from USB/Floppy and setting a BIOS password.[/citation]
This can easily be fixed in 2 ways.
Method #1: Use the BIOS reset jumper.
Method #2: In absence of such a jumper, remove battery and power cable for 30 seconds.
Voilà.
As for the rest, I tend to agree that any OS can be hacked given time and a mean of access. Want to make your computer 100% secure? Unplug the internet, keyboard and mouse!
This can easily be fixed in 2 ways.
Method #1: Use the BIOS reset jumper.
Method #2: In absence of such a jumper, remove battery and power cable for 30 seconds.
Voilà.
As for the rest, I tend to agree that any OS can be hacked given time and a mean of access. Want to make your computer 100% secure? Unplug the internet, keyboard and mouse!
[citation][nom]dark_lord69[/nom]As long as mircosoft makes windows there will be people that hate it and want to hack it.And the same goes for ALL companies that make an OS and get too big. Apple has been picking up steam ever since the ipod came out, now they are being hacked and have more viruses than ever. It's not always good to be the big guy.[/citation]
I second that comment. When you are the biggest one at the top, you are the target from every direction. Just like Mount Everest being the tallest mountain, it is the one you want to conquer the most.
I second that comment. When you are the biggest one at the top, you are the target from every direction. Just like Mount Everest being the tallest mountain, it is the one you want to conquer the most.
[citation][nom]zak_mckraken[/nom]This can easily be fixed in 2 ways.Method #1: Use the BIOS reset jumper.Method #2: In absence of such a jumper, remove battery and power cable for 30 seconds.Voilà.As for the rest, I tend to agree that any OS can be hacked given time and a mean of access. Want to make your computer 100% secure? Unplug the internet, keyboard and mouse![/citation]
110% secure is to use military grade HD formatting then drill several holes into the HD and then tossing the computer in a remote location. Then never ever using a computer again. =)
Before computers were invented, there were already hacking and privacy problems. Let's see... diaries of yore had little locking clasps. Letters had wax seals. Bottom line: This article sourced through THG is wreckless and takes objectivity of informing it's readers about actual hacking and security problems.
110% secure is to use military grade HD formatting then drill several holes into the HD and then tossing the computer in a remote location. Then never ever using a computer again. =)
Before computers were invented, there were already hacking and privacy problems. Let's see... diaries of yore had little locking clasps. Letters had wax seals. Bottom line: This article sourced through THG is wreckless and takes objectivity of informing it's readers about actual hacking and security problems.
belardo
Splendid
- Nov 23, 2008
- 3,540
- 2
- 22,795
[citation][nom]ProDigit80[/nom]...is because there are so many programs running everywhere in the background. And the more that are running, the slower the OS, the less secure the OS gets.I think a lot of IT professionals would want an OS that is less commercial, less nice looking, and much safer, by just not having these automatic soft or hardware recognition commands.In WinXP I had to disable nearly half of the system services, to get it working fast. Most of them I don't need anyways![/citation]
Er... we have an OS called Linux or other flavors of UNIX. Spacecraft sure as hell don't run Windows. This is why I've always not liked MS-Windows, always too much crap running in the background, the registery which not only allows programs to legally get their hooks into the OS, but also hide... but makes it easier for "bad" software to hide as well.
Overall, perhaps the safest computer to use on the internet is a Commodore64/128. Yes, they have HDs, web-browsers and web-servers on those 1980 computers!
Er... we have an OS called Linux or other flavors of UNIX. Spacecraft sure as hell don't run Windows. This is why I've always not liked MS-Windows, always too much crap running in the background, the registery which not only allows programs to legally get their hooks into the OS, but also hide... but makes it easier for "bad" software to hide as well.
Overall, perhaps the safest computer to use on the internet is a Commodore64/128. Yes, they have HDs, web-browsers and web-servers on those 1980 computers!
jsloan
Distinguished
- Sep 24, 2008
- 444
- 0
- 18,780
[citation][nom]rhino13[/nom]As jsloan just mentioned, there are two things to note about this. First, They were running Windows 7 on a virtual machine. Meaning that they could be running files prior to the initial loader. If you are running Windows 7 on the hardware this is impossible.Second, this is not just a Windows 7 problem. By rewriting the right segment of code even Linux/Unix machines will become incapable of realizing the hack.But again this is impossible if you are running Linux/Unix directly on the hardware as well. I must assume that the editors at Tom's are smart enough to know this and are just printing this trash to generate conversation. But, still, shame on you Tom's what is the point of such fear mongering.If we have learned something here today it is that you should not allow someone to boot from a portable drive on your machine and then load your OS into their VM.[/citation]
i realized that they were hacking a vm, i was just saying you can't stop people form hacking an os, because they can always go to the level before the os and hack that. for example if i can get control of the boot process, whether off computer or vm i can control hack the os being booted, if i can get access to the hardware where the os is stored, whether on a harddisk, thumb drive, cd, ect, i can always hack it. it does not matter if encrypted or not, encryption makes it a little harder, but not impossible. bioses can be hacked and the boot process is not magical, it can be easily hacked so the hacker sets themselv in ring 0 before the os load and can even run the os in a vm. why not, it would just take a hacker a bit of effort to mod a vm that acts like a gateway to the hardware and keeps the os thinking that its running normally. also, if you can patch the cpu microcode you can hack that.
what i also wanted to say is that it's not microsoft os alone that is at risk, it's any software or anything that will run on the cpu.
i've written code that boots up before the os does, that wraps bios calls, and then fakes a boot of the os, the os calls the wrapped bios calls being non the wiser. a hacker could do the same. it's not that hard to change the partion table, the partition booter, the os boot record or boot code, ect. and now with flash bios its not that hard to change the code on those either. in the old days you had to physically remove the bios and external hardware to read and write the bios roms, but not no more, the code to flash bios you can get over the internet, and some bios have it built in, so you just have to make bios calls...
i realized that they were hacking a vm, i was just saying you can't stop people form hacking an os, because they can always go to the level before the os and hack that. for example if i can get control of the boot process, whether off computer or vm i can control hack the os being booted, if i can get access to the hardware where the os is stored, whether on a harddisk, thumb drive, cd, ect, i can always hack it. it does not matter if encrypted or not, encryption makes it a little harder, but not impossible. bioses can be hacked and the boot process is not magical, it can be easily hacked so the hacker sets themselv in ring 0 before the os load and can even run the os in a vm. why not, it would just take a hacker a bit of effort to mod a vm that acts like a gateway to the hardware and keeps the os thinking that its running normally. also, if you can patch the cpu microcode you can hack that.
what i also wanted to say is that it's not microsoft os alone that is at risk, it's any software or anything that will run on the cpu.
i've written code that boots up before the os does, that wraps bios calls, and then fakes a boot of the os, the os calls the wrapped bios calls being non the wiser. a hacker could do the same. it's not that hard to change the partion table, the partition booter, the os boot record or boot code, ect. and now with flash bios its not that hard to change the code on those either. in the old days you had to physically remove the bios and external hardware to read and write the bios roms, but not no more, the code to flash bios you can get over the internet, and some bios have it built in, so you just have to make bios calls...
I fail to see how this approach is specific to Windows 7 or any Windows. It seems any system that boots from HD into memory is similarly affected, like any Apple OS's or Unix
NocturnalOne
Distinguished
- Mar 26, 2009
- 38
- 0
- 18,530
[citation][nom]samihaha[/nom]the fix is, reboot your computer every now and then.[/citation]
Better than that, shut down before you leave for the day and power up when you come in in the morning. Things run better that way anyway. I wonder if the same technique can be used to modify the stored hibernate image.
Anyway, if you deal with secure data that would actually be a viable target for such an attack the physical PC needs to be protected. A solid, locked case in a locked office in a guarded building on a gated campus.
Sounds like a non-issue.
Better than that, shut down before you leave for the day and power up when you come in in the morning. Things run better that way anyway. I wonder if the same technique can be used to modify the stored hibernate image.
Anyway, if you deal with secure data that would actually be a viable target for such an attack the physical PC needs to be protected. A solid, locked case in a locked office in a guarded building on a gated campus.
Sounds like a non-issue.
jsloan
Distinguished
- Sep 24, 2008
- 444
- 0
- 18,780
what i dont like are these misleading headlines "Windows 7 Can Be Hacked, No Fix"
that facts are that the problem is not a windows problem alone, what these people are doing is hurting windows, making it look like it has problems others dont have. what these people are also doing is goving people the wrong impression against windows and in favor or linux and osx, and it's a false sense of safety, these people are being setup for letdown. if people move from windows to linux to osx in hopes of avoiding these problems and instead take appropriate steps to prevent or reduce their exposure they are being left wide open. the problem is these bozos make headlines, these tricks are old news, bios, os, vm writers use them in order to create there products, vm trap, replace, overwrite, emulate, ect to allow the hosted os to run in the first place, certain instructions that an os may use when it does have control over the hardware, are not available when hosted in a vm, so the vm must play these tricks, so these people are saying they could do the same thing, sure you can change a dll in memory, i used to do that kind of stuff, if you are in a vm the easier it is because there is no cpu enforcing code segment, but even it not in vm, there are ways to map a dll and patch it in memory, even a system one, you could do it by hacking the os as it boots, by as these people are saying taking over bios int 13 and hacking the os first and then you have your hole or you could do it by exploiting existing holes that all os have for debuggers, drivers. users are always happy to press yes when given misleading message...
for god sack microsoft virtual pc 2007 has vm addons for each os that does just that. tweak the hosted os for the hosting vm... and the hosting vm has holes for tweaks
that facts are that the problem is not a windows problem alone, what these people are doing is hurting windows, making it look like it has problems others dont have. what these people are also doing is goving people the wrong impression against windows and in favor or linux and osx, and it's a false sense of safety, these people are being setup for letdown. if people move from windows to linux to osx in hopes of avoiding these problems and instead take appropriate steps to prevent or reduce their exposure they are being left wide open. the problem is these bozos make headlines, these tricks are old news, bios, os, vm writers use them in order to create there products, vm trap, replace, overwrite, emulate, ect to allow the hosted os to run in the first place, certain instructions that an os may use when it does have control over the hardware, are not available when hosted in a vm, so the vm must play these tricks, so these people are saying they could do the same thing, sure you can change a dll in memory, i used to do that kind of stuff, if you are in a vm the easier it is because there is no cpu enforcing code segment, but even it not in vm, there are ways to map a dll and patch it in memory, even a system one, you could do it by hacking the os as it boots, by as these people are saying taking over bios int 13 and hacking the os first and then you have your hole or you could do it by exploiting existing holes that all os have for debuggers, drivers. users are always happy to press yes when given misleading message...
for god sack microsoft virtual pc 2007 has vm addons for each os that does just that. tweak the hosted os for the hosting vm... and the hosting vm has holes for tweaks
NocturnalOne
Distinguished
- Mar 26, 2009
- 38
- 0
- 18,530
jsloan
Distinguished
- Sep 24, 2008
- 444
- 0
- 18,780
ive visited NVlabs and their Vbootkit is nothing but a framework that hackers can use to crack windows. sure they could have done one for linux or osx, but they chose windows. personally i think microsoft should sue these morons out of existance for puting such crap out. it's like making it easy for hackers. these people should be thrown in jail, can you imagine anyone selling a kit to break into banks and the authorities doing nothing. basically these people are making money creating something the licenses will then use to hack into our computers. it's nuts and should be illegal. so who would license it spyware manufacturers, organized crime, stupid companies who want to monitor us, maybe even law inforcement to hack into peoples machines to spy and collect evidence. ect...
ShadowFlash
Distinguished
- Feb 28, 2009
- 166
- 0
- 18,690
[citation][nom]SuckRaven[/nom]That's not really good news, but at this point an intruder may as well just take the HDD and go...[/citation]
I don't agree....It would be more beneficial to leave no trace of the breach, thus allowing any subsequent malicious activity a mystery.
I don't agree....It would be more beneficial to leave no trace of the breach, thus allowing any subsequent malicious activity a mystery.
Hmm... Isn't this the kind of attack that TPM (Trusted Platform Module) with Bitlocker are specifically designed to detect?
this is full of people whom can´t read or write proper English. Too many 12 year olds with computers in the USA or perhaps too many internet connections in India, I think...
WinXP can be hacked within one minute (for a login password lower than 8 char.). Win Vista is more safe, but technically can be hacked in 15 minutes, and requires a secondary pc with lots of RAM.
There's a reason MS discontinued support for Win 3.1 or 3.11 only recently.
Reason being for the longest time the military used win 3.x just because it's way more safe, and smaller. Sure you can't see flashfiles or play modern games on those old operating systems, but nearly nothing went automatic.
The reason why Windows is so hackable, is because there are so many programs running everywhere in the background. And the more that are running, the slower the OS, the less secure the OS gets.
I think a lot of IT professionals would want an OS that is less commercial, less nice looking, and much safer, by just not having these automatic soft or hardware recognition commands.
In WinXP I had to disable nearly half of the system services, to get it working fast. Most of them I don't need anyways!
U needed to disable services on XP to run it smoothly?
What are you running??
x486?
There's a reason MS discontinued support for Win 3.1 or 3.11 only recently.
Reason being for the longest time the military used win 3.x just because it's way more safe, and smaller. Sure you can't see flashfiles or play modern games on those old operating systems, but nearly nothing went automatic.
The reason why Windows is so hackable, is because there are so many programs running everywhere in the background. And the more that are running, the slower the OS, the less secure the OS gets.
I think a lot of IT professionals would want an OS that is less commercial, less nice looking, and much safer, by just not having these automatic soft or hardware recognition commands.
In WinXP I had to disable nearly half of the system services, to get it working fast. Most of them I don't need anyways!
U needed to disable services on XP to run it smoothly?
What are you running??
x486?
The usual bunch of m$ fanboys... panicking that their next greatest toy just got some stains.
@jsloan Are you really sure that your ranting will have any effect on the bad guys? Your attitude is more like killing the messenger of bad news. It's better to know potential threats, than pushing them under the rug - but that's usual m$ policy, sticking the head in the sand.
What everyone missed (with the notable exception of ShadowFlash) is that Vbootkit was mainly designed to leave no traces. The running OS - as all applications running in it - hasn't the faintest idea of being compromised.
@jsloan Are you really sure that your ranting will have any effect on the bad guys? Your attitude is more like killing the messenger of bad news. It's better to know potential threats, than pushing them under the rug - but that's usual m$ policy, sticking the head in the sand.
What everyone missed (with the notable exception of ShadowFlash) is that Vbootkit was mainly designed to leave no traces. The running OS - as all applications running in it - hasn't the faintest idea of being compromised.
OMG -7 for my win95 post LOLOLOL. It is TRUE THOUGH! I have Win95 OSR 2.5 sitting in a mini tower desktop next to my 42" television set plugged in via VGA port. IT ROX U ALL! and it has a Diamond Monster 3D voodoo1 graphics card in it >
u have all been owned.
u have all been owned.- Status
TRENDING THREADS
-
News Windows 11 will reportedly display a watermark if your PC does not support AI requirements- Started by Admin
- Replies: 19
-
-
-
Discussion What's your favourite video game you've been playing?- Started by amdfangirl
- Replies: 3K
Facebook
Twitter
Instagram