There's something about this story that brings a warm glow to my heart. Hackery as it should be.
Hackers prove security still a myth on Windows PCs, bag $320,000
Day one of the 2015 Pwn2Own hacking contest in Vancouver, Canada, saw big wins for contestants and headaches for software makers: competing teams successfully exploited fresh vulnerabilities in Adobe Flash and Reader, Microsoft's Windows and Internet Explorer, and Mozilla's Firefox, to hijack PCs. The competition, now in its …
COMMENTS
-
-
-
Saturday 21st March 2015 09:58 GMT P. Lee
Re: Windows kernel "features"
I'd have thought with CPU power now outpacing demand we might be able to spare a bit to put graphics back in userland.
For the price of memory these days, I'd settle for two copies of the graphics stack and a launcher flag saying which one you'd like to use. There are many apps where I'd be happy to accept slightly slower screen updates in return for eliminating a whole class of vulnerabilities. Currently I run all my Windows "productivity" apps under vmplayer. Things which ideally want speed (video, games) run under the linux host, though that could easily be another copy of Windows.
Sadly, MS seem to be obsessed with changing the UI and scripting tools. I guess that's cheaper than improving the OS design. Am I picking on MS rather than Linux? Perhaps, but I think its ok to expect more if you're paying for something than if you get it for free.
-
-
-
Friday 20th March 2015 21:24 GMT Anonymous Coward
Re: Windows kernel "features"
It's not a 'legacy' feature. Graphic performance dictates it. Linux too brought more and more graphic code in the kernel for the same very reason. True Type and Open Type fonts are not just something that is parsed, is something that needs to be rendered with some complex features - antialiasing, kerning, etc. It's no longer the ugly bitmap fonts of years ago. For the matter, ask where a lot of 3D rendering happens...
-
-
-
-
-
Friday 20th March 2015 04:30 GMT Destroy All Monsters
Re: Destroy All Monsters
I see. Language Insecurity on steroids?
-
Friday 20th March 2015 14:42 GMT Anonymous Coward
Re: Destroy All Monsters
The legacy of the idiot Gates.
Cutler: WNT has critical stuff in separate processes, communicating in a managed way. It's more robust (ie secure) that way.
Gates: But Windows 98 is faster at games.
Cutler: eff off. WNT is more robust.
Gates: But PC Magazine is making me cry because Doom(?) is faster on W98 than WNT.
Cutler: All right then. But on your own head be it.
As not told to some bloke not called Mageek.
Timestamp: 13:34 GMT
-
-
-
-
-
Friday 20th March 2015 13:18 GMT A Non e-mouse
Re: fresh vulnerabilities in Adobe Flash and Reader
...why the hell doesn't it stay in user-space?
The article just says that Flash & Reader security precautions were by-passed. A further vulnerability (in Windows font processing so outside of Adobe's control) was then used to elevate privileges.
-
-
Friday 20th March 2015 15:46 GMT theblackhand
Adobe
While both Adobe Reader and Flash are common, surely they provide to little challenge to include in a hacking competition?
Maybe use PC's without Adobe products and the teams can use PC's with Adobe products to quickly discover 2-3 flaws as a warm up? Keeps the costs down for the competition and maybe stops the constant dribble of Abode patches....
-
Friday 20th March 2015 21:51 GMT Henry Wertz 1
Madness
" Linux for instance still runs all drivers as part of the kernel. With Windows at least you have the choice not to."
There are things like FUSE, and interfaces for block devices, network devices, and so on, in user mode. libusb allows interfacing with usb devices without a kernel driver. Printer drivers in Windows usually run in kernel-mode (although they can run in either mode), in Linux they are always user-mode.
The video driver thing; just as with Windows NT, old enough versions of XFree86 (and then XOrg) did in fact run the X Server as root; the X Server (after telling the kernel to quit trying to show a text console) would directly access the video card RAM and I/O ports, driving the video card completely from user mode. But the thing is, when they switched to kernel mode video drivers, they kept security in mind (although not enough, they did add more sanity checks later) and only put the ACTUAL video driver in kernel mode, not the entire video stack.
Windows? Font handling's in the kernel. It decodes BMP (windows bitmap) and WMF (windows metafile) graphics files in the kernel. The exploit last month shows it draws THE SCROLL BARS are drawn entirely in kernel mode. That's just plain bizarre to me. All sorts of stuff.