Windows 7 - Security Leak for W7 (already !)

Hi all
This looks an interesting find although it represents a problem when they used a Virtual Machine but this sort of stuff could possibly work on a REAL machine as well.

It works on the basis that Windows 7 assumes the Boot process is safe. This is where AV software has a problem since the OS has to START before the AV software (or anything) can run. -- Or at least the kernel must load enough of itself to allow application program (the AV software for example) to be loaded and executed -- too late by then.

Windows 7 hack opens OS to attackers News - PC Advisor

Not yet in reality but still it's a possible warning for Security to be tightened up yet again.

Cheers
Jimbo

While VBootkit 2.0 shows how an attacker can take control of a Windows 7 computer, it's not necessarily a serious threat. For the attack to work, an attacker must have physical access to the victim's computer. The attack can not be done remotely.

VBootkit 2.0, which is just 3KB in size, allows an attacker to take control of the computer by making changes to Windows 7 files that are loaded into the system memory during the boot process. Since no files are changed on the hard disk, VBootkit 2.0 is very difficult to detect, he said.




a good way to tighten this up would be to initialize a (bios) system boot password.... then tie a chain around it, attach an anchor, then throw overboard

This sort of stuff could easily be installed on a computer by running any old application in a Browser.

How many people on this site still use those online Driver scanners or Registry cleansers without 100% checking. Even a single program run from a browser like Check your IP can install "unwanted" stuff.

However blocking Browsers is not the easiest task in the world -- most users want to USE their computers conveniently - not jump through hoops to get an application to work -- and with emphasis on "Content delivery" and "The Cloud" more and more applications will have to be "Browser enabled".

It's easier securing a "Static OS" -- much more difficult when you are in a highly dynamic environment and have the potential resources of the entire web available for "hacking".

Anyway that's what the Security guys are paid to do -- fix this stuff.

Cheers
jimbo.

Everything can not be "easily installed" via the web browser. And As Far As I know Seven use by defaul IE8 with protected mode...(and other browser are not less secure.. nobody will install IE6 on Seven!) So it would be hard to make an attack which need physical access via the web browser on seven.

This kind of attack is like hacking the Bios of your computer before the OS boot... really hard to do remotly

If you have to physically access a computer to put malware on it- why dont you just steal the computer?

Cause you're 007 and you don't have place in your Aston Martin

I am 007.