I'd just like to say...
MICROSOFT FA oh wait
A security researcher has discovered a sneaky social engineering trick that might be used to disguise the go-ahead to run hostile code on Windows 8 machines. The so-called keyjacking technique, uncovered by Italian security researcher Rosario Valotta, is similar to clickjacking. However, instead of fooling marks into …
IF you've got SmartScreen turned off AND IF you've changed UAC to allow anything to do anything AND IF you don't have any AV, including Windows Defender THEN a) this might allow somebody to execute some code on your machine and b) you're a massive retard.
Is that about right?
No. The code may be on site not known as malicious by SmartScreen, uac may not help you here as for hundred thousands other viruses still running on windows, and the AV does note always stop any threat just because it is here.
3 nice tricks that does not always work, or at least one of them would be out of business...
Final thoughts
a) remote execution exploits are usually listed as most critical security issues, and should not be overlooked
b) that condition you mention is already satisfied if the user choosing VistaBob 8
You're right, there are vanishingly small chances of any of these not working. Vanishingly small. Multiply those probabilities to get the odds of them all not working at the same time. ooooooooooh, scary. Not.
And you qualified on the second condition by your petty choice of abusive monikers.
>IF you've changed UAC to allow anything to do anything
Basically you have to do this if you are running unsigned kernel mode drivers or services for which the code signing certificate has expired, otherwise UAC will constantly interrupt whatever you are doing as it doesn't have any facility to remember user settings for these specific conditions...
i laughed out loud when i saw this bit: "the approach doesn't work on IE8 because the browser features pop-up warnings." so IE8 is more secure than newer version then :-)
it's a serious point for security though. In the old days when windows UI was relatively consistent and predictable, people knew what an OS dialog or a browser window looked like. With windows 8, things fly across the screen or take up full screen and the user has no way of knowing whether it's malware or an OS prompt.
the user has no way of knowing whether it's malware or an OS prompt.
And probably doesn't care anyway because they are sick and tired of stupid dialog boxes popping up asking them to confirm everything. Coming to a screen near you soon: "Are you sure you want to move your mouse to the right? [Yes], [No]"
"Are you sure you want to move your mouse to the right? [Yes], [No]"
Reminds me of an example of bad programming where the software author has not bothered putting custom text on the Yes/No buttons, of which there are many examples today. The best one I can roughly remember was:
The reactor has gone in to melt down and will explode in 10 seconds unless you do something. The only way to shut it off is to open the vent valves. However I was too lazy when programming this so have not changed the text on the buttons below. However, pressing YES will override the automatic opening of the vent valves and you really want to press NO to let them open on their own.
[YES] [NO]
"there are a lot of ways to circumvent Smartscreen, so it means you can execute code with just one click. If you don't believe it you can test the online demo"
"This site is attempting to download multiple files. Do you want to allow" .. This type of file can harm your computer. Do you want to keep CosmicBreak_BR_setup.exe anyway?"
Ran CosmicBreak_BR_setup.exe in CrossOver and nothing happened ..
Nor will any other OS you care to name or imagine - that is in the nature of the problem. Simply howling your distaste for Redmond will not change the fact that what one person can create another can circumvent - no system, whatever it might be is intrinsically secure. Anyone claiming otherwise is a snake oil salesman and should be tarred and feathered and run out of town on a rail.
Does Linux allow you to run a remote executable direct from the browser then? Because OS X doesn't. I can't even imagine what was going through their minds when they thought that typing 'R' in a browser pop up was a useful shortcut for 'execute whatever follows', I'm guessing it was Vodka, should have been a brick.
I can not only imagine, but name 2 from personal experience that are completely secure.
The first and obvious candidate is the venerable MVS (in its many incarnations) from IBM.
The second is RISCOS as installed on my much loved Archimedes.
Neither of these is currently available however both are exemplary.
Now you could reasonably argue that MVS is a special case and not a 'consumer' OS (which is what I suspect you meant) however RISCOS was a personal machine OS. It was secure because it was ROM based.
The problem isn't with Windows it's with opening "pop-under" windows in the browser. The demo doesn't work in FireFox (or at least on mine) because the window pops up on top. This is all that's needed to be done by the vendors to fix this - the "do you want to run..." window must always be the topmost window.
In fact, ANY window opened by the browser which is not to show a page should always open (and be forced to remain) above all HTML windows - can't hide anything then can they?...