Microsoft Corp. last week slammed the door on a free utility out of Australia that outflanked one the company's touted security features in Windows Vista by having the program's digital certificate revoked.
LinchpinLabs' Atsiv utility, released July 20, used a signed driver to load other, unsigned code, into the Vista kernel, according to U.S.-based Symantec Corp. researcher Ollie Whitehouse. Atsiv, said Whitehouse, thus let users circumvent a feature of the 64-bit version of Vista that allows only digitally-signed code to be loaded into the operating system's kernel. The digital signing requirement is one way Vista tries to stymie hackers from infiltrating the kernel -- the heart of the OS -- with, among other things, rootkit cloaking technologies that hide malware from security software.
"This is rootkit behavior," said Whitehouse last Monday.
Atsiv's developers, on the other hand, have touted the utility as a tool useful for loading unsigned, but legitimate, drivers into Vista 64-bit.
Friday, Microsoft announced it had worked with VeriSign, the company that provided the certificate to LinchpinLabs, to have the code signing key revoked, said Scott Field, a Windows security architect in a posting to the Vista security team's blog. "VeriSign has revoked the code signing key used to sign the Atsiv kernel driver [as of Aug. 2], which means the code signing key will no longer be considered valid," Field said.
View: Full Article
News source: PCWorld
LinchpinLabs' Atsiv utility, released July 20, used a signed driver to load other, unsigned code, into the Vista kernel, according to U.S.-based Symantec Corp. researcher Ollie Whitehouse. Atsiv, said Whitehouse, thus let users circumvent a feature of the 64-bit version of Vista that allows only digitally-signed code to be loaded into the operating system's kernel. The digital signing requirement is one way Vista tries to stymie hackers from infiltrating the kernel -- the heart of the OS -- with, among other things, rootkit cloaking technologies that hide malware from security software.
"This is rootkit behavior," said Whitehouse last Monday.
Atsiv's developers, on the other hand, have touted the utility as a tool useful for loading unsigned, but legitimate, drivers into Vista 64-bit.
Friday, Microsoft announced it had worked with VeriSign, the company that provided the certificate to LinchpinLabs, to have the code signing key revoked, said Scott Field, a Windows security architect in a posting to the Vista security team's blog. "VeriSign has revoked the code signing key used to sign the Atsiv kernel driver [as of Aug. 2], which means the code signing key will no longer be considered valid," Field said.
View: Full Article News source: PCWorld
Microsoft shouldn't be able to dictate anything to anyone.
Microsoft shouldn't be able to dictate anything to anyone.
Not even hack to their OS? Seems fair to me.
You're right in that it does have legitimate uses but could also open the door for rootkits. Drivers for most modern hardware should be available for Vista x64 anyway, and I think the number of people using very old hardware with this OS would be low.
Even if it is useful it might have problems, running code that is not controlled in any way can lead to serious problems for users, BSOD and so on. A software firm must control what is done to it's products or else users will start badmouthing them for 3rd party problems. There could have other ways of granting users the ability to run older hardware on newer releases, but if no one needs new hardware companies will go bankrupt...
You're right in that it does have legitimate uses but could also open the door for rootkits. Drivers for most modern hardware should be available for Vista x64 anyway, and I think the number of people using very old hardware with this OS would be low.
Forks can be used to stab people in the eyes. Does that mean we should ban forks? It does if you want to sell people a new kind of fork that has a built-in "No eye poking" "feature", especialy if that measn that anyone who wants to make one of these new kinds of fork has to pay you for the privilege.
This is all about selling people a false sense of security. Vista's so-called security measures are mostly smoke and mirrors, but so long as they can convince the large majority of their users that it's "More secure", they can pretend that it's so. Hackers will bypass every security meansure Microsoft sells us: Always have, always will.
Now back off before I poke you in the eye with a non-Microsoft fork.
You're right in that it does have legitimate uses but could also open the door for rootkits. Drivers for most modern hardware should be available for Vista x64 anyway, and I think the number of people using very old hardware with this OS would be low.
Forks can be used to stab people in the eyes. Does that mean we should ban forks? It does if you want to sell people a new kind of fork that has a built-in "No eye poking" "feature", especialy if that measn that anyone who wants to make one of these new kinds of fork has to pay you for the privilege.
This is all about selling people a false sense of security. Vista's so-called security measures are mostly smoke and mirrors, but so long as they can convince the large majority of their users that it's "More secure", they can pretend that it's so. Hackers will bypass every security meansure Microsoft sells us: Always have, always will.
Now back off before I poke you in the eye with a non-Microsoft fork.
Question: If Vista new security features are nothing but smoke and mirrors, then why have there not been any major security problems for it?
Why are there no major security problems for Mac OS and for Linux? I'll give you two possibilities: 1) the users of both have a massive egos over the supposed superiority of their OS that wards away all the baddies, and 2) option 1 is generally compensating for lack of market share of their OS.
And I say that in good fun, because I'm currently on a Mac system and I also have systems running Linux and Windows XP. But the correct answer is market share. Even though we like to say that Windows is the majority, we should be correcting ourselves to say that Windows XP is the majority. Mac and Linux are inherently more secure than Windows XP, but they aren't infallible. Similarly, Microsoft has made a step in the right direction by designing Vista with security as a higher priority, but it isn't immune to anything and everything. Time will tell just how secure Windows Vista really is. Given that Microsoft has a terrible security record and that a number of patches have already been delivered to Vista, I'll call you an optimist for believing that Vista's security really is anything more than smoke and mirrors. If I remember correctly (and this could be incorrect, so double check it), its market share has just recently (last month) passed the Mac OS X market share. Generally, only the most widely used operating system is targeted. We'll have to see how things develop.
There's nothing "nasty" about this tool. What's "nasty" is Microsoft not allowing users any freedom of choice.
Well, good for MS, let them shoot themselves in the foot again, because this driver signing nonsense is a major reason why so few people use Vista x64.
"Why, oh why can't I delete kernel32.dll??? I WANNA MY F***ING FREEDOM OF CHOICE!!!111"
Do you think banning unsigned drivers is going to make more people use Vista x64?
Btw... unless Microsoft's plans suddenly change, Windows 7 is going to come in both 32bit and 64bit.
http://www.computerworld.com/action/articl...ticleId=9027559
???
???
I believe it has said that for a while... it is to stop spam bots and trolls that come in and post just to inflame people
Well, the applications for these certificate types are processed by the CAs (Verisign, Thawte, Geotrust, etc) not by Microsoft. No part of the process entails providing them details of what you intend to use the certificate for. However, the deterrent to making dangerous software and signing it is the amount of personal details and level of identity verification that occurs prior to issuing - it's highly probable that, should you code sign a virus, the issuing CA would provide your name, address, telephone number, and company details to law enforcement (and they DO have all those details).
The abuse potential for a tool like this is just too great though. If you really want to install unsigned drivers, there are other ways to do it explicitly.
Yeah there is. For a driver to get loaded into Kernel Mode, the driver must be signed with a WHQL certificate from the Windows Hardware Quality Labs. To obtain this, your driver is supposed to work perfectly (they defeat the purpose by allowing self-testing though)
It says "truth", but after reading it turns to lies in people's heads.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.