Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment Re:Fuck secure boot. (Score 2) 274

This is an unrealistic attack and to present it as plausible and likely is laughable, since more mundane and common attacks are far more likely to be an actual problem. It's like recommending that I go outside every day with a hardhat to avoid falling meteors when the actual threat to my safety is people speeding through the neighborhood and not stopping at stop signs as I attempt to cross the street

You don't seem know much about malware and how it works. Here are some references about boot malware which UEFI secure boot can prevent.

http://www.chmag.in/article/sep2011/rootkits-are-back-boot-infection

http://www.theregister.co.uk/2010/11/16/tdl_rootkit_does_64_bit_windows/

http://www.computerworld.com/s/article/9217953/Rootkit_infection_requires_Windows_reinstall_says_Microsoft

I recommend reading atleast the first link.

Here's one juicy bit:

TDL4 is the most recent high tech and widely spread member of the TDSS family rootkit, targeting x64 operating systems too such as Windows Vista and Windows 7. One of the most striking features of TDL4 is that it is able to load its kernel-mode driver on systems with an enforced kernel-mode code signing policy (64-bit versions of Microsoft Windows Vista and 7) and perform kernel-mode hooks with kernel-mode patch protection policy enabled.

When the driver is loaded into kernel-mode address space it overwrites the MBR (Master Boot Record) of the disk by sending SRB (SCSI Request Block) packets directly to the miniport device object, then it initializes its hidden file system. The bootkit’s modules are written into the hidden file system from the dropper.

The TDL4 bootkit controls two areas of the hard drive one is the MBR and other is the hidden file system created at the time of malware deployment. When any application reads the MBR, the bootkit changes data and returns the contents of the clean MBR i.e. prior to the infection, and also it takes care of Infected MBR by protecting it from overwriting.

The hidden file system with the malicious components also gets protected by the bootkit. So if any application is making an attempt to read sectors of the hard disk where the hidden file system is stored, It will return zeroed buffer instead of the original data.

The bootkit contains code that performs additional checks to prevent the malware from the cleanup. At every start of the system TDL4 bootkit driver gets loaded and initialized properly by performing tasks as follows: Reads the contents of the boot sector, compares it with the infected image stored in hidden file system, if it finds any difference between these two images it rewrites the infected image to the boot sector. Sets the DriverObject field of the miniport device object to point to the bootkit’s driver object and also hooks the DriverStartIo field of the miniport’s driver object. If kernel debugging is enabled then this TDL4 does not install any of it’s components.

TDL4 Rootkit hooks the ATAPI driver i.e. standard windows miniport drivers like atapi.sys. It keeps Device Object at lowest in the device stack, which makes a lot harder to dump TDL4 files.

All these striking features have made TDL4 most notorious Windows rootkit and it is also very important to mention that the key to its success is the boot sector infection.

Another bit:

The original MBR and driver component are stored in encrypted form using the same encryption. Driver component hooks ATAPI's DriverStartIo routine where it monitors for write operations. In case of write operation targeted at the MBR sector, it is changed to read operation. This way it is trying to bypass repair operation by Security Products.

>I'm sure that if the linux community stops shouting

We should never stop shouting

Sure, but all the uninformed ranting may get you mod points on Slashdot but give you away as an uninformed idiot.

Comment Re:Fuck secure boot. (Score 1) 274

which is a somewhat technically literate site

No longer, my friend. It's now all kids who think it's cool to hate on MS and then many run to buy the latest iDevices and then promote it to everyone around them.

It's more about hating on MS and bringing them down than fighting for true user and developer freedom. Since Apple is a rival to MS, it gets a free pass and even promotion on Slashdot even though it goes much farther than Secure Boot and implements the Palladium spec to the letter to all programs running on it with the App Store.

All this uninformed +5 INSIGHTFUL FUD in the thread is a reflection of that. People like BMO are completely out of their technical depth in understanding how keys, hashing, signing, asymmetric cryptography work. They just karmawhore the circlejerking groupthink and get +5 INFORMATIVE. It would be sad if it weren't so pathetically funny.

Comment Re:Fuck secure boot. (Score 1) 274

Why? Where are your rants against Apple locking down the iPad and selling tens of millions a year while PC and laptop sales are declining every quarter and the OEMs are going down? iOS is even worse, you can't run programs on your device without paying 30% to Apple even for content purchased inside the apps. Maybe you have some rants against the Kindle Fire?

crickets

No? That means you're not for Freedom, but just are an anti-MS troll, Apple fanboy or both.

Comment Re:Fuck secure boot. (Score 0) 274

Because Apple did it first and fanboys fell over themselves with the OOH SHINY stuff. And now, everyone points to Apple and says we need more security to keep malware out.

The battle is lost, the train has left the station the cat is out of the bag etc. and the reason is people like you are only fixated on gnashing teeth against Microsoft on Slashdot but give other companies a free pass.

Comment Re:Fuck secure boot. (Score 1, Insightful) 274

I love it how Windows RT tablets(which are supposed to be DoA anyway according to Slashdotters) are somehow "ARM devices" but the iPads and Android tablets, Kindle Fires, Nooks with locked bootloaders with 99% marketshare in mobile are just iPads and Android tablets, Kindle Fires, Nooks. Win32 software which is a big reason for the monopoly won't even run on Windows RT. And then they call for government intervention. Meanwhile Apple is locking everything down but the fanboys keep the discussion down. Why do people get their panties in a twist when it's MS while Apple is decimating freedom by implementing Palladium(see app store) and unable to keep their locked iDevices in stock? Yelling in bold only makes you sound more retarded.

Comment Re:Kudos (Score 1) 274

First of all, adding keys should NOT be with a simple click or else malware will just instruct users to do that to watch DancingBunnies.exe

Second of all, it isn't that bad, There are GUI screens navigatable with a mouse(unlike BIOS) where you can input/remove keys. Perhaps you have ideas to make it easier while still maintaining security, instead of just kneejerk bashing and conspiracy theories of "OH THEY'RE GONNA GET US OMG".

If there are users incapable of doing that, do you really expect to be able to install Linux without blowing through the Windows partition or even search for and install drivers?

Comment Re:Kudos (Score 1, Informative) 274

First, that's to get your own binary get signed with the default installed Microsoft key, so it's meant for distributors, not users who can add/remove keys without any cost.

Also, if you think Microsoft is trying to make any money from the $99 you're sorely mistaken.

Read this and I hope you have enough reading comprehension skills to under the reasoning behind Microsoft's fee.

http://indiegames.com/2012/09/valves_solution_for_steam_gree.html

If there was no fee, every Russian malware author will apply thousand times to get boot keys defeating the whole thing, not to mention the money can be tracked down in the future if the key is maliciously used.

In other words, another bog standard stupid uninformed kneejerk karmawhoring typical retarded Slashdot anti-MS post from you. lurn2read. Don't you feel stupid making such idiotic posts?

Comment Re:Kudos (Score 4, Informative) 274

First UEFI != UEFI Secure Boot.

Second, you can turn off Secure Boot in the settings. So, I am guessing the young Mr. Torvalds would be smart enough to do that.

Third, the keys are editable, i.e you can remove Microsoft's key and add your own or Linux's key if you don't trust Microsoft and that'll stop your machine from ever booting Windows. Thus, you're really in control of your computer. The defaults are setup that way to stop undetectable bootkits infecting your mom's computers because just wants to run Excel and doesn't know or care about signing keys and hashes.

There is so much FUD and misinformation being spread by stupid people.

Comment Re:The money quote (Score 1) 142

You couldn't be more right. I remember how much fuss was made against the DRM in Vista, which was fairly benign and had to be implemented to playback BluRay discs. Remember that debunked hitpiece of a paper written by an Australian professor? Many on Slashdot *still* believe that FUD and will say Windows 7 has a lot of DRM.

When Apple implemented lockdown DRM on *apps*, the Apple fans made sure to moderate and steer the discussion about the OH SHINY part and no one talks about it anymore.

Comment Get a signature PC (Score 2, Interesting) 657

http://www.microsoftstore.com/store/msstore/html/pbPage.MicrosoftSignature

Vizio PCs dont have any crapware either.

What has this got to do with Windows 8?

If MS stopped OEMs from bundling Google toolbar, everyone here will be crying antitrust.

You want MS to make Windows a closed platform like iOS?

Freedom is not free.

Comment Re:It looks fabulous! :) (Score 1) 74

I don't see how that follows.

Sailfish has to effectively fork the Android compatibility layer to get it working. Is there an example of an OS that is compatible with Android but Google doesn't ban the OEMs from shipping?

Tizen doesn't have Android compatibility AFAIK so it has nothing to do with this.

Slashdot Top Deals

Unix will self-destruct in five seconds... 4... 3... 2... 1...

Working...