Game Over For Windows Vista’s Security?

Martin Brinkmann — Fri, 08 Aug 2008 12:44:57 +0000

I picked up an interesting story over at Neowin entitled “Vista’s Security Rendered Completely Useless by New Exploit” which reports on a new technique hat can “bypass all memory protection safeguards that Microsoft built into Windows Vista.”

The researchers were able to load whatever content they wanted into any location they wished on a user’s machine using a variety of scripting languages, such as Java, ActiveX and even .NET objects. This feat was achieved by taking advantage of the way that Internet Explorer (and other browsers) handle active scripting in the Operating System.

Instead of exploiting a security vulnerability the researchers Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. of the architecture of Windows Vista. Another researcher described the technique as “completely game over.”

It’s currently not known if other operating systems are vulnerable as well but it is very likely. The best against this attack would be an add-on like NoScript that would most likely prevent it completely.

Windows Integrity Levels for extra security in Windows Vista

Martin Brinkmann — Sun, 30 Mar 2008 15:43:03 +0000

Microsoft build in a system called Windows Integrity Controls into Windows Vista which is basically a label for files with that identify its trustworthiness. What makes them interesting is the fact that they override the visible permissions of a file or folder. Six levels of trust can be assigned to files of the same or a lower permission level. Meaning that a normal user is not able to change the integrity level of a file that he has no permission for.

The six integrity levels are Trusted Installer, System (operating system processes), High (administrators), Medium, (non-administrators), Low (temporary Internet files) and Untrusted. As you can see even an administrator is not able to change the integrity level of files and folders that belong to Trusted Installers or System.

A command line tool is available that makes it quite easy to change the integrity level of files and folders. It is called CHML and available at a website that explains the process in detail.

The command “chml filename” displays the integrity level of that file. Modifying files and folders is only possible if changes are made in the Group Policy Editor:

Open gpedit.msc
Navigate to Computer Configuration / Windows Settings / Local Policies / User Rights Assignment
In the right-hand pane, you’ll see an entry “Modify an object label;” open it
By default, there are no user accounts listing with this privilege. Add your user account.
Close the Group Policy Editor
Log off, then back on to finish getting the new privilege on your logon token

The basic command to change the integrity level of files or folders in Windows Vista is chml -i:u, l, m, h, or s. Only one letter is obviously selected which stand for Untrusted, Low, Medium, High, or System.

Three additional options are available. The -nr, -nw and -nx options deny read, write and execute rights.

I did find the reference to Windows Integrity Levels at the Donation Coder forum where Skrommel was kind enough to create an Autohotkey Script that would add the functionality to the right-click menu.

gHacks Technology News | Latest Tech News, Software And Tutorials » vista security

Game Over For Windows Vista’s Security?

Windows Integrity Levels for extra security in Windows Vista