Can a Rootkit Be Certified for Vista?

Forget what Microsoft says about Vista being the most secure version of Windows yet. More to the point, what do the hackers think of it? In a nutshell, they think it's an improvement, but at the end of the day, it's just like everything else they dissect—that is, breakable. "Not all bugs are being detected by Vista," pointed out famed hacker H.D. Moore. "Look at how a hacker gets access to the driver: Right now I'm working on Microsoft's automated process to get Metasploit-certified. It [only] costs $500." Moore is the founder of the Metasploit Project and a core developer of the Metasploit Framework—the leading open-source exploit development platform—and is also director of security research at BreakingPoint Systems. The irony of his statement lies in the idea that Vista trusts Microsoft-certified programs—programs that can include a hacker exploit platform that walks through the front door for a mere $500 and a conveyor-belt approval process.

Moore was one of a handful of white-hat hackers in the audience of a session on Vista security here at Ziff Davis Enterprise's 2007 Security Summit on March 14. The session, titled "Vista: How Secure Are We?," was presented by David Tan, co-founder and chief technology officer at CHIPS Computer Consulting. For her part, Rutkowska granted that yes, one way to own a Vista system is by getting a rootkit certified, but if you want a compromised system, you don't even have to waste your time and money with certification—"It can be a graphics card with a stupid bug," she said. "You can't do anything about it. You can't sue the vendor for introducing a bug. You can't prove it was done intentionally."

View: Full Story
News source: eWEEK

Report a problem with article
Previous Story

Norman Malware Cleaner 2007.03.16

Next Story

Google Earth 4.0.2742

21 Comments

Commenting is disabled on this article.

I would argue that certifying a rootkit would be folly since this would effectively give the OS an extremely easy way to identify "bad" certified programs by the signature of the program. Almost immediately you would see a blacklist of known malicious "certified" programs show up.

"Forget what Microsoft says about Vista being the most secure version of Windows yet"

who actually believe Microsoft marketing bs about being "most secure os" ? only blind actually believe Microsoft bs.

JonathanMarston said,
OK...if you're so smart, how about you explain to us fools what makes Vista less secure than XP?

correction I never said Vista less secure than xp. is not my problem if you believe every bs comes out Microsoft marketing team.. between Microsoft always claim there os is secure every release, I do read inside ad while you installing and there site about there os feature, etc.... yes I could be wrong about Vista but Microsoft never proven to be secure as the claim without third party help.

p.s I'm not "so smart" I wish, just because I don't believe there marketing bs doesn't make me the smart man alive, between if Vista doesn't break XP record of hot fix and flaws.. you could pm in the future rub it in my face how fcking wrong I was.. I apologize I meant no insult about "fool" I take it back.

mel00 said,
correction I never said Vista less secure than xp.

You did, however, impy it by saying that we should not believe Microsoft's marketing department about Vista's security, who I am only aware of making the claim that Vista is the most secure version of Windows to date. I could be wrong, though.

I'm not suggesting that we should just blindly accept whatever Microsoft's marketing department tells us; that would be, as you said, foolish. Having said that, based on what I've seen of Vista so far, I'd be willing to acccept their claims on Vista's security - as far as I know, no major security holes have been found to date, while many people believed we'd see full exploits before Vista hit retail.

And I apologize for the sarcastic tone of my last reply, it was not in good taste...

As with all previous versions of Windows...Vista's code is different. XP was a major improvement over 98...but that OS has gotten the hell beat out of it from either viruses/malware/spy/adware....browser hijackers...and crippling buffer overruns. Each day leading to more patches...and each day people finding more doorways in which to intrude on the OS.

Now that Vista has come out.....it's under the same flag of "better security" than XP ( as XP was with 98 ). Yes...it does have different security measures...better? Only time will truly tell....but in that same time, those that know ... will find the weaknesses and adjust their code to compensate.

3rd party security measures?? Yes. Why? It's all too easy for a group of individuals to concentrate their efforts on one application....be it the OS...and find it's exploits. Having to go thru 3rd party apps such as multiple combinations of different AV/firewall/anti-malware apps....popup blockers, script blockers and what have you...is far too time consuming for all but the elite of those willing to take the time to bring a system down.

If you leave all your eggs in one basket....you have become a much easier target then the rest of us.

The UAC app ....well, just plain annoying....and the false sense of security may not lie within it's operating capacity. It does what it does....and that's what may bring it down. The little fly buzzin around your head is "there for a reason" but I have the feeling that even every day users (non-power users) will start to see that as a pest, rather then a friend. They'll either become immune to it and just click click click like they did in XP (and brought it crashing down)....or turn it off. Think of it as a stop light...there to control traffic....but one day you're late getting to work or what have you...and there's just too many red lights between you and your goal. Chance going thru one? Sure....we're human, and it's going to happen.

franzon said,
This news is certified for FUD

^
Hey, look: Kettle calling the pot black. There's something you only see every day.

Forget what Microsoft says about Vista being the most secure version of Windows yet.

That was only marketing propaganda, I know. Vista can be hacked just as well.
The pseudo-security features in Vista (Uac, Defender, Firewall) are all *very* poorly done and at the very most only give a false sense of security.

Thats bold. Are you saying that users are better off w/o those features so that they will invest in better 3rd party solutions?

Granted Defender has nothing to do with this particular security really...
The firewall works as well as any software firewall, and software firewalls have at least onr huge fadvantage over hardware firewalls(apsp specific port access as opposed to just plain openign the ports)
And UAC works as well as it does in any other OS, be it Unix, Linux or MacOS.

Except for that Security in vista lies in entirely different things than these 3 things that are the only things the actual users sees and interfaces with. Too bad what you are sayign has noo root in reality though.


Now tell me how you would do UAC without it being either more annoying, or loosing any security whatsoever.


Keep spreading the FUD

I wouldn't necessarily consider AU's comment FUD. There is a real danger when you instill a false sense of security into users. They are much better off if they keep the guard up against malicious attacks than relying on technology that can't keep them 100% safe.

Vista _IS_ the most secure version of Windows _YET_. Yes it can still be hacked, however XP has already been hacked many times many different ways, Vista fixes the vast majority of that and moves on. New vulnerabilities will be discovered, but Vista is still MORE secure than XP. Also, you're talking about stuff like Defender, etc, being the 'new security features' -- derp, wrong. The new security features are enhanced group policies, rewritten networking stack, security profiles for services, address space layout randomization, signature requirements for drivers, shatter attack protection, etc. Defender and that other stuff is just to help put Symantec, McAfee and the rest out of business and further increase the MS market share.

Unplug your RJs, password BIOS/currentOS and you will be safe from any hacker considering that you won't do dumb thing like give away information in general. Otherwise consider the small chance that you might be hacked someday.

I see the idea, but this happened with Sony, and they got slaughtered for it with there BMG music, that if I'm reading this article right. So I doubt major companies would do such a thing, and just be careful and don't install random crap. Hopefully Antivirus software will look into this as well to help.

You are not reading it right. The point is someone can certify their evil driver for $500 with a stolen card or something and get a valid signature which Vista will happily let you install. What they are saying is that Microsoft, since they are charging $500 for the certificate, should at least put as much effort into verifying its source as does VeriSign, for a $400 SSL certificate, for example.

bucko said,
I see the idea, but this happened with Sony, and they got slaughtered for it...
That was only because they were caught.

A stealthier, perhaps certified (as the article states), or leveraged in off of a driver bug (also mentioned in the article) rootkit can be tucked away in a system for who knows how long???

markjensen said,
That was only because they were caught.

A stealthier, perhaps certified (as the article states), or leveraged in off of a driver bug (also mentioned in the article) rootkit can be tucked away in a system for who knows how long???

Seriously read the article, it has NOTHING TO DO WITH MICROSOFT MAKING A ROOTKIT!!!!!!!!!!!!! It's about a third party who is NOT MICROSOFT buying a certificate FROM Microsoft and using it for their virus/rootkit/whatever.

It is NOT about MICROSOFT making a ROOTKIT.

hapbt said,
Seriously read the article, it has NOTHING TO DO WITH MICROSOFT MAKING A ROOTKIT!!!!!!!!!!!!! It's about a third party who is NOT MICROSOFT buying a certificate FROM Microsoft and using it for their virus/rootkit/whatever.

It is NOT about MICROSOFT making a ROOTKIT.

habt,

I know that you like to argue/troll, but I never said Microsoft would make the rootkit. How ridiculous is that, anyway, when they own the kernel already?

I read the articles (and the article that the link linked to). I was talking exactly about the "purchased certificate" issue, and malicious people using a flaw in a signed driver. Not Microsoft at all.

God, I have never said this to anyone on the forums here before, but SHUT UP!

markjensen said,
habt,

I know that you like to argue/troll, but I never said Microsoft would make the rootkit. How ridiculous is that, anyway, when they own the kernel already?

I read the articles (and the article that the link linked to). I was talking exactly about the "purchased certificate" issue, and malicious people using a flaw in a signed driver. Not Microsoft at all.

God, I have never said this to anyone on the forums here before, but SHUT UP!

I agree with both of you.

Certainly the article is an interesting one but the header is definitively sensationalism, something so very important to escape in my mind that i prefer to get news from alternate sources such as this one neowin. It could have just been a mistake by the submitter but in the future i hope submitters and editors take more care to identify if the heading of an article matches the information it contains (everyone knows how slashdot lost that battle), and also that editors try to stay away from sensationalism (lets they become a FOX affiliate :P )

As for hapbt's post, well, he clearly made the mistake of using caps lock to write entire sentances. A big no no which instantly removes any credability of his post. He is however technically right, as i said in the previous paragraph. You should know markjensen that i believe his anger was directed more towards the article and raising attention to its sensationalised heading then it was to abuse you.