I'm still confused as to why people believe that VMs are inherently secure
You're missing the point. No system is secure. What's nice about VMs is
Yes... That way they can re-build the vulnerable system. I hear it takes a long time to steal credit card information...
Windows has a fundamental security issue that it cannot spawn nor escalate a security token higher than the parent token. In short, that means to do something as root, you have to be or ask a root process to do it for you.
Is the root process the OS...? I'm going to need an example here, because I'm not really aware of a good reason to elevate your permissions in the middle of a task. So if you cannot spawn a privileged process from within yourself without asking a "root" process (like say... the OS?) why is that a problem? Can you give me an example of a different OS, a parent process spawning a more priveleged process that it fully controls? Or why you'd ever want that? Doesn't that BREAK security? I would really appreciate an example here. I understand the security token concept, and that you cannot just blindly elevate it... because well... that makes sense.... But I don't see the request to this mythical fundamental root process..... For that matter, can you arbitrarily elevate your process to root in the middle of execution without some kind of OS intervention, or say, the OS having to do it for you?
UAC isn't really a privilege escalation function, it's more of a watchdog function that acts as a gatekeeper whenever something asks to write something to certain areas of the system.
I'm not quite sure that you are describing UAC... UAC happens when a process is launched with elevated privileges - AND if properly configured, requires credentials to be entered. Please provide an example of a process that MID PROCESS does this before accessing a system area....
I'll give you a solid example of why: Try creating a service that runs with no privileges, serves many users, and allow said users to execute OS calls as themselves, with only their own privileges. You would want to do this to exploit the OS's security handling and auditing which are certified instead of writing your own. You are allowed to request credentials.
oooook.... So let me understand this, you have a specific use case, which a different OS handles better.... You have not proven that windows security is fundamentally broken, just that this use case is.... And maybe windows isn't the best choice for what you want. Since i haven't done this exact process, I can't speak to its ease or difficulty on any OS... But how is that limitation proof of insecurity? I can't use my TV as a boat, but that doesn't mean its fundamentally broken... or insecure...
AFAIK, dynamic code injection into system code (in-memory) from an unprivileged thread was still possible as in 2008 R2 as of Jan 2010. That dates after the Win7 release. I know, because I considered (only briefly) doing it myself when I was researching the (as of then) undocumented removal of security token manipulation routines.
Still not really sure how easy this is... Since the process security model should not allow this.... Are we talking possible as in "There is a Windows API InjectCodeToMemory(0xaddr,"exec virus")" or, an exploit exists that allows that.... Thanks for the UEFI/EFI clarification... Again... security relevance? Microsoft doesn't make hardware... so this is really just a note that apple introduced a technology... which I guess is proof that Macs are safer? Not really sure on that one... Same with abstraction - how does abstraction = security? more abstraction = larger attack surface I concede that sudo is more powerful than what UAC provides. I will not argue that it offers more finely grained access to commands, but it still intercepts process creation. UAC is not really a band-aid in that sense..... I will also concede that ActiveX was a bad idea. BUT, a mistake made in 1998 DOES NOT TRANSLATE as a history or a company. Again, by that logic, the fact that Apple didn't have full ASLR until what, 2 years ago, indicates they don't have a grasp on security at all.... As for the iPhone vs. Andriod - Its an issue of control, not a security model. Android has an open marketplace, like windows, and allows users to make their own stupid choices. Apple limits those, but as was indicated by the PDF jailbreaks, they aren't invincible. Windows is getting harder to exploit, and exploit is the key word. Thats how you judge an OS's security, not by the tools they offer, etc.. In my opinion, its how easy is it for code to do things it shouldn't or users to access stuff they shouldn't. Urgh, I may have accidently rambled a little... Sorry about that... If you can hit the high points if you happen to respond again, that'd be cool...
None require a base root process to spawn an escalated privilege process like Windows does, even today in its latest incarnation - it's part of that fundamental insecurity built into the very foundation of windows.
What is that process? UAC is what provides that barrier - much like linux sudo, you don't just get to launch an un-trusted process as root without some confirmation.
All *nix systems can elevate a process by providing proper credentials. So, properly setup, there's almost nothing that can be done on a *nix system unless additional credentials are supplied.
Windows is the same way - when properly set up. IF there is a vulnerable process or binary, that is owned by root, and has the setid bit on, it doesn't matter. No prompting.
There is nothing like Active X on any system but Windows - thank goodness
But there are browser plugins, and just because there is a sandbox, doesn't mean it is impossible to break out.
Regarding DLLs/Shared objects, no OS allows generic dynamic code injection into system code from an unprivileged account, except. of course, Windows
This hasn't been true since the "UAC band-aid". If you are trying to compare current securities, you can't argue that "Windows is insecure because Windows XP is insecure", by that logic, Max OS 9 didn't have ASLR, but that doesn't mean apple is an inherintly insecure platform.
Macs have had EFI, actual process security that didn't need UAC's bandaid, sandboxed processes, and well defined abstraction layers for years.
Why is UAC a band-aid? Is sudo a bandaid? So you want process security, but don't like the fix? I'm a little confused here. While I don't know anything about EFI (except what I found on wikipedia), unless apple has something magic they also call EFI, I don't see how that's relevant. I also don't understand how abstraction layers have anything to do with inherent OS security.... There is a false sense of security by running non-windows. Malware authors are risk-reward. Why write a virus to turn your computer into a mindless zombie but only target a small market share (I won't quote numbers, since I don't know them, and don't feel like looking them up, but Mac market share Windows market share). If most malware authors focus on 1 thing, then that OS will get the hardest hit. On a properly set up system, it isn't easy - the problem is improperly set up systems. If I turn off my AV, turn off UAC, and run as administrator, ya, its gonna be way easier to exploit my system. If I run my linux machine with no root password, and run myself as root, its not going to be secure. Really, I'm more curious on your claims about windows security, because they seem a little bit.... off....
They were doing the equivalent of setting up a ladder on the sidewalk and taking multiple telephoto photos through each house's front windows on each block, in every town, in every state, then compiling and analyzing the data so they could better advertise to each household.
Citation needed.
There is overwhelming evidence to show that piracy leads to an increase in sales. It doesn't make sense to dispute that anymore. Given that taking copies doesn't cost anyone anything nor deprive anything from anyone, yet can lead to further contributions to society, it only makes sense.
Citation needed
The term `Internet site' means the collection of digital assets, including links, indexes, or pointers to digital assets, accessible through the Internet that are addressed relative to a common domain name or, if there is no domain name, a common Internet Protocol address.
So, from that definition, no. For dedicated to promoting piracy -
"DEDICATED TO THEFT OF U.S. PROPERTY- An `Internet site is dedicated to theft of U.S. property' if-- (A) it is an Internet site, or a portion thereof, that is a U.S.-directed site and is used by users within the United States; and (B) either-- (i) the U.S.-directed site is primarily designed or operated for the purpose of, has only limited purpose or use other than, or is marketed by its operator or another acting in concert with that operator for use in, offering goods or services in a manner that engages in, enables, or facilitates-- (I) a violation of section 501 of title 17, United States Code; (II) a violation of section 1201 of title 17, United States Code; or (III) the sale, distribution, or promotion of goods, services, or materials bearing a counterfeit mark, as that term is defined in section 34(d) of the Lanham Act or section 2320 of title 18, United States Code; or (ii) the operator of the U.S.-directed site-- (I) is taking, or has taken, deliberate actions to avoid confirming a high probability of the use of the U.S.-directed site to carry out acts that constitute a violation of section 501 or 1201 of title 17, United States Code; or (II) operates the U.S.-directed site with the object of promoting, or has promoted, its use to carry out acts that constitute a violation of section 501 or 1201 of title 17, United States Code, as shown by clear expression or other affirmative steps taken to foster infringement."
So, breaking that down for that definition: A) Targeted at US users
The term `U.S.-directed site' means an Internet site or portion thereof that is used to conduct business directed to residents of the United States, or that otherwise demonstrates the existence of minimum contacts sufficient for the exercise of personal jurisdiction over the owner or operator of the Internet site consistent with the Constitution of the United States, based on relevant evidence that may include whether-- (A) the Internet site is used to provide goods or services to users located in the United States; (B) there is evidence that the Internet site or portion thereof is intended to offer or provide-- (i) such goods and services, (ii) access to such goods and services, or (iii) delivery of such goods and services, to users located in the United States; (C) the Internet site or portion thereof does not contain reasonable measures to prevent such goods and services from being obtained in or delivered to the United States; and (D) any prices for goods and services are indicated or billed in the currency of the United States.
I read as: Sells stuff to US people, or doesn't explicitly prohibit the sale to US citizens (Like a Russian pharmacy, selling only to russians, would not fall under this definition, assuming they made reasonable effort not to deliver to US addresses)
The other provisions above:
B)
(I-III) Has a limited "legitimate" purpose aside from helping people infringe - (Like torrent site can't run and say "Oh no - we just help users swap files, I don't know why we have torrents of TV shows and music advertised on the front page....) (DMCA/Copyright laws are the 2 referenced titles and counterfeit goods)
(ii) People who go out of their way to fall under the DMCA safe harbor act. (Again, torrent sites come to mind) - whereas YouTube/Facebook etc respond to DMCA takedowns, so I don't see how they would fall under that section.
So, the short of it is - Gain jurisdiction for the enforcement of US laws, for acts committed on US soil, over foreign people. Much like importing counterfeit goods, or drugs, or anything like that. Its like keeping a business from working in the US because they don't follow our laws.
If human beings are stupid and corrupt then they will corrupt the institutions (media, school, business, government, activist groups)
FTFY
Yes, we will be going to OSI, Mars, and Pluto, but not necessarily in that order. -- Jeffrey Honig
