The Caffeinated Penguin

musings of a crackpot hacker

Windows (in)security

Posted By on January 25, 2009

I know I harp on this a lot, and make broad, sweeping statements about “Windows is insecure as a side-effect of its design and it's really hard to make it secure without breaking stuff”.

Well, don't take my word for it, read what this guy, who used to write adware says.

Specifically, things like:

At the same time, we also made a virtual process executable. I’ve never heard of anybody else doing this before. Windows has this thing called Create Remote Thread. Basically, the semantics of Create Remote Thread are: You’re a process, I’m a different process. I call you and say “Hey! I have this bit of code. I’d really like it if you’d run this.” You’d say, “Sure,” because you’re a Windows process– you’re all hippie-like and free love. Windows processes, by the way, are insanely promiscuous. So! We would call a bunch of processes, hand them all a gob of code, and they would all run it. Each process would all know about two of the other ones. This allowed them to set up a ring … mutual support, right?

and

We also wrote a device driver and then a printer driver. When you write a device driver you get to do all sorts of crazy things, even crazier than the things you typically get to do in Windows.

Now, I'm not saying Unix (either System V or BSD, the latter which includes OSX) or Linux are perfect. However, the fact that all of these systems were designed from the get-go as multi-user, and a lot of time and effort has been paid to protect and isolate processes from each other, puts them ahead of Windows in this regard.

Remember, when Microsoft advertising talks about how great Windows is as a platform, and how it's easy to attach to and debug running processes and write multiprocess applications with easy interprocess communication, this should translate to: It allows one application to steal data from another!

(Processes talking to each other is fine, but the danger is when any process can talk to any other running process, without both processes expecting/wanting it. Another facet of this are various DLL injection techniques).


Comments

Loading Facebook Comments ...

Leave a Reply

Please note: Comment moderation is currently enabled so there will be a delay between when you post your comment and when it shows up. Patience is a virtue; there is no need to re-submit your comment.