Comments on: Game Over For Windows Vista’s Security? http://www.ghacks.net/2008/08/08/game-over-for-windows-vistas-security/ A technology blog covering software, mobile phones, gadgets, security, the Internet and other relevant areas. Tue, 02 Dec 2008 08:11:09 +0000 http://wordpress.org/?v=2.6.5 By: Dante http://www.ghacks.net/2008/08/08/game-over-for-windows-vistas-security/#comment-441484 Dante Sat, 09 Aug 2008 21:04:24 +0000 http://www.ghacks.net/?p=5968#comment-441484 A null pointer hack does not need activeX to succeed. And darkkosmos, if you have Vista, you have .Net :) A null pointer hack does not need activeX to succeed. And darkkosmos, if you have Vista, you have .Net :)

]]> By: Chris http://www.ghacks.net/2008/08/08/game-over-for-windows-vistas-security/#comment-441284 Chris Sat, 09 Aug 2008 18:33:46 +0000 http://www.ghacks.net/?p=5968#comment-441284 If it uses activex controls everyone knows already those are the most popular form of virus on the net to screw your computer. I don't dl them unless I need to go to a site for work. If it uses activex controls everyone knows already those are the most popular form of virus on the net to screw your computer. I don’t dl them unless I need to go to a site for work.

]]> By: darkkosmos http://www.ghacks.net/2008/08/08/game-over-for-windows-vistas-security/#comment-441192 darkkosmos Sat, 09 Aug 2008 17:46:56 +0000 http://www.ghacks.net/?p=5968#comment-441192 So what stops this "legit" looking dll from being marked as a virus? (+I don't even have .net, this is a "if") So what stops this “legit” looking dll from being marked as a virus? (+I don’t even have .net, this is a “if”)

]]> By: Dante http://www.ghacks.net/2008/08/08/game-over-for-windows-vistas-security/#comment-441033 Dante Sat, 09 Aug 2008 14:32:13 +0000 http://www.ghacks.net/?p=5968#comment-441033 to "darkkosmos" that's because the dll in question carries codes that match a virus signature. Or it is set to change your registry and it's just warning you that the registry will change. to “darkkosmos” that’s because the dll in question carries codes that match a virus signature. Or it is set to change your registry and it’s just warning you that the registry will change.

]]> By: darkkosmos http://www.ghacks.net/2008/08/08/game-over-for-windows-vistas-security/#comment-440906 darkkosmos Sat, 09 Aug 2008 09:02:30 +0000 http://www.ghacks.net/?p=5968#comment-440906 No I mean it, sometimes my anti virus stops firefox (annoying). and explain to me how a legit looking dll can cause havoc on my system? No I mean it, sometimes my anti virus stops firefox (annoying). and explain to me how a legit looking dll can cause havoc on my system?

]]> By: Dante http://www.ghacks.net/2008/08/08/game-over-for-windows-vistas-security/#comment-440783 Dante Sat, 09 Aug 2008 02:50:09 +0000 http://www.ghacks.net/?p=5968#comment-440783 Oh, sorry. Forgot something. You might be referring to anti-viruses blocking changes to the registry. But that's only because the OS allows it to block the changes to registry. .Net dll's will override that - for your own convenience of course. Oh, sorry. Forgot something. You might be referring to anti-viruses blocking changes to the registry. But that’s only because the OS allows it to block the changes to registry. .Net dll’s will override that - for your own convenience of course.

]]> By: Dante http://www.ghacks.net/2008/08/08/game-over-for-windows-vistas-security/#comment-440776 Dante Sat, 09 Aug 2008 02:28:12 +0000 http://www.ghacks.net/?p=5968#comment-440776 @ darkkosmos. Your anti-virus doesn't stop behaviors. It stops programs with codes that match existing virus codes (signatures). Or it does a heuristic scan to see if it looks even remotely like a virus code. But your anti-virus does not know what is or is not proper program behavior. This is why firewalls are recommended as a companion to anti-virus programs. They show any weird activities that your PC might have. Like suddenly dialing out to Russia. And using a null pointer hack, a hacker can load legit functioning dll's in memory. Than use it to write programs into harddrive and registry. All perfectly normal to an anti-virus program. At least, this is what I'm thinking this exploit is. Of course, I'm not a hacker :) @ darkkosmos. Your anti-virus doesn’t stop behaviors. It stops programs with codes that match existing virus codes (signatures). Or it does a heuristic scan to see if it looks even remotely like a virus code. But your anti-virus does not know what is or is not proper program behavior.

This is why firewalls are recommended as a companion to anti-virus programs. They show any weird activities that your PC might have. Like suddenly dialing out to Russia.

And using a null pointer hack, a hacker can load legit functioning dll’s in memory. Than use it to write programs into harddrive and registry. All perfectly normal to an anti-virus program. At least, this is what I’m thinking this exploit is.

Of course, I’m not a hacker :)

]]> By: darkkosmos http://www.ghacks.net/2008/08/08/game-over-for-windows-vistas-security/#comment-440659 darkkosmos Fri, 08 Aug 2008 21:39:08 +0000 http://www.ghacks.net/?p=5968#comment-440659 Dante how does memory corruption stop an anti virus? My anti virus terminates any application/loaded dll that behaves strangely and purges it into the "bucket", so even if it gets in it won't work and this all depends on .Net which I don't have and I think my anti virus scans memory too. Dante how does memory corruption stop an anti virus? My anti virus terminates any application/loaded dll that behaves strangely and purges it into the “bucket”, so even if it gets in it won’t work and this all depends on .Net which I don’t have and I think my anti virus scans memory too.

]]> By: Dante http://www.ghacks.net/2008/08/08/game-over-for-windows-vistas-security/#comment-440527 Dante Fri, 08 Aug 2008 17:00:30 +0000 http://www.ghacks.net/?p=5968#comment-440527 And I'm pretty sure he's using a Null Pointer hack to load the dlls. And I’m pretty sure he’s using a Null Pointer hack to load the dlls.

]]> By: Dante http://www.ghacks.net/2008/08/08/game-over-for-windows-vistas-security/#comment-440524 Dante Fri, 08 Aug 2008 16:54:45 +0000 http://www.ghacks.net/?p=5968#comment-440524 Sorry to disappoint, darkkosmos. I went and checked out the reports from the BlackHat conference. It appears to use .net dlls and scripting (any type of scripting). This will bypass any antivirus out there. Antivirus programs are not designed for this. Sorry to disappoint, darkkosmos. I went and checked out the reports from the BlackHat conference. It appears to use .net dlls and scripting (any type of scripting). This will bypass any antivirus out there. Antivirus programs are not designed for this.

]]> By: darkkosmos http://www.ghacks.net/2008/08/08/game-over-for-windows-vistas-security/#comment-440481 darkkosmos Fri, 08 Aug 2008 14:27:33 +0000 http://www.ghacks.net/?p=5968#comment-440481 No fear, having a real antivirus saves you from all those troubles. It's going to be fixed soon though much like the last linux root exploit. No fear, having a real antivirus saves you from all those troubles. It’s going to be fixed soon though much like the last linux root exploit.

]]> By: GRTerrero http://www.ghacks.net/2008/08/08/game-over-for-windows-vistas-security/#comment-440476 GRTerrero Fri, 08 Aug 2008 14:22:48 +0000 http://www.ghacks.net/?p=5968#comment-440476 Crap! But I have NoScript on Firefox installed. Still use IE to test blogs and websites. Still...CRAP! (That's a technical term.) Crap!

But I have NoScript on Firefox installed. Still use IE to test blogs and websites.

Still…CRAP!

(That’s a technical term.)

]]>