:trust:Massive Windows 7 vunerability not fixable
By Hilbert Hagedoorn, April 25, 2009 - 7:57 PM
Researchers claim the Windows 7 operating system's boot up sequence is flawed and completely unfixable.
This week the world's leading cybersecurity professionals gathered in Dubai at the Hack In The Box Security Conference to discuss the state of the industry, identify new threats, share pro-tips, and play Dungeons and Dragons. Ok, probably not that last part, but you get the point; high-nerdery was clearly afoot at the Sheraton Dubai Creek.
One of the more prominent topics of discussion was Microsoft's latest operating system, Windows 7. While a number of exploits and potential vulnerabilities of the system were discussed at the conference, one identified loophole in the system has security professionals troubled… and morbidly fascinated.
A team of researchers located an exploit within the new operating system that can allow hackers to take control of a user's machine during the startup process. The problem was identified by Vipin Kumar and Nitin Kumar, who created a program called VBootKit 2.0 that exploits the weakness and allows a hacker to bypass the machine's hard drive entirely, making it nearly impossible to detect.
Once hackers can implement the software, they can then change access permissions, passwords, and gain access to a user's sensitive information. What's worse, a program like the one created by Vipin and Nitin Kumar can be as small as 3KBs, and thus can be spread rapidly. Naturally, problems like these are common during the pre-release beta stages, but Vipin and Nitin Kumar claim that this vulnerability is unique and completely unfixable. "There's no fix for this. It cannot be fixed," said Vipin during his presentation in Dubai. "It's a design problem." Microsoft has yet to comment on the exploit or formally acknowledge its existence, however, if Vipin and Nitin's claims are true, it could mean serious trouble for the forthcoming operating system's sales. For all the latest on Windows 7 [ via IGN - thanks Devolution]
Bojim se samo da ovo ne znači i odlaganje izlaska Win7 na ko zna koliko,no dobro,da sačekamo šta će reći sam Microsoft.
Probaj desni click i compatiblity mod, izaberi vistu 64
Pa valjda će antivirus programi da odrade nešto.Jedini zaista veliki potencijalni problem koji vidim je ako je moguće uraditi plant tog programa dok je sistem aktivan, pa da se prilikom sledećeg restarta on uglavi ispod sistema.
Windows 7 će imati ugrađenu podršku za XP mod rada (XPM) - praktično virtuelizovani XP u okviru Win7, tako da će u njega korisnici moći da instaliraju aplikacije koje rade samo na XP-u, bez uticaja na rad Win7. Ovim potezom Microsoft omogućava podršku za starije aplikacije bez potrebe da opterećuje Win7 sa gomilom XP koda koji bi inače bio potreban.
Microsoft će uz Win7 licencu davati i XPSP3 licencu!
Link ka vesti: http://www.tomshardware.com/news/microsoft-windows-xp-vista-win7,7631.html
Nije bas obican sobzirom da ces moci da drzis na desktopu host OS-a precice do programa koji su instalirani u virtuelnoj masini.Ovo je obican Microsoft Virtual PC. To postoji odavno i mozes rucno da instaliras.
Nista novo.
Microsoft have warned users several times that downloading unofficial releases via torrents isn’t advised, and news that some of the leaked Windows 7 RC copies contain a trojan, may make some users who rushed out and installed the Windows 7 RC build regret it.
The trojan in question can potentially open a security hole in the user’s system once the installation file is run, installing both Windows 7 RC and also the malware.
If you do install an official RC build then you should confirm that the MD5 checksum on the ISO is the same as a known safe MD5. Known safe MD5s are:
* Windows 7 RC Build 7100 x86 is 8867C13330F56A93944BCD46DCD73590
* Windows 7 RC Build 7100 x64 is 98341af35655137966e382c4feaa282d
If you’ve already installed the windows 7 RC build, then all is not lost as some AV software is catching the trojan, so if you were infected you’d probably know by now.
Do sada je bilo da samo za 64bit guest OS treba virtuelizacija ali ko zna kako je u novoj verziji.Hmmm mi na faxu VirtualPC teramo na E5200 koji valjda ne podrzava Intel VT?
Follow along with the video below to see how to install our site as a web app on your home screen.
Napomena: this_feature_currently_requires_accessing_site_using_safari