Computer Internet network security News

A Microsoft marketing scheme persuading consumers to buy PCs “capable” of running Windows Vista could cost more money than Microsoft made from the program.

An expert witness giving evidence in the class-action suit against Microsoft’s Windows Vista Capable program has estimated the cost of upgrading so-called “capable” PCs to machines able to run premium editions at between $3.08bn and $8.52bn.

Microsoft, by contrast, is calculated to have earned just $1.505bn in Windows licensing from the program, which ran between August 2006 and July 2007.

The calculations, based on data from Microsoft and analyst Current Analysis, are important because they could be used by U.S. District Court Judge Marsha Pechman to calculate damages in the case, should she find that Microsoft mislead US consumers through the program. These numbers would not include fees Microsoft pays its legal team or other case fees, so the final cost of the program to Microsoft could go even higher.

University of Washington associate economics processor Keith Leffler arrived at the numbers after he was asked by plaintiffs in the case to calculate the impact of the program on the demand and prices of PCs and judge whether there’d been an adverse impact on consumers.

More at http://www.channelregister.co.uk/

News vista, Windows-Vista

An authority on Microsoft’s Security Development Lifecycle (SDL) – which aims to get developers to design more secure code – posted an extensive entry on the brand-new SDL blog that outlined lessons learned from the ANI vulnerability.
“SDL is not perfect, nor will it ever be perfect,” Howard acknowledged. “We still have work to do, and this bug shows that.”
That bug, which first surfaced late last month and posed enough of a threat that Microsoft went out of cycle to patch it, affected all older editions of Windows as well as the newest, and supposedly more secure, Windows Vista. Some security researchers, in fact, took Microsoft and its SDL process to task for not catching the flawed code as Vista was written, debugged, tested and polished.
Some of those same researchers immediately weighed in on the unusual mea culpa by Microsoft. “This is really out of character,” said Jonathan Bitle, the manager of the technical accounts team at Qualys. “Microsoft historically has played security issues much closer to the vest.”
Oliver Friedrichs, director of Symantec’s security response team, was a bit tougher in questioning Microsoft’s motives. “They’re attempting to be more transparent to explain why this vulnerability was missed. They received a lot of criticism for not catching this earlier and for letting it into Vista, and I think this was one of the only ways for them to explain both to the technical and the management-level communities how they actually missed it.”
Specifically, Howard called out flaws that the ANI vulnerability revealed in Vista’s security components, as well as in Microsoft’s development tools and processes.
The /GS switch, a function of Microsoft Visual Studio’s compiler that’s designed to protect stack variables from overflows that could result in arbitrary code execution, was one.
Some third-party researchers, notably Ollie Whitehouse of Symantec, have criticised Microsoft for not /GS compiling all of Vista’s binaries. Turns out, however, that in the ANI case, that wasn’t the problem.
“Because there are no candidate buffers on the function’s stack, there is no /GS cookie added to the stack, even though the code is compiled with /GS,” said Howard. “This is not the first time we’ve seen code with no cookie, and this has made us rethink the heuristics used by the compiler when it determines whether to place a cookie on the stack or not.”
Another Vista security feature, Address Space Layout Randomisation (ASLR), which is supposed to randomly assign data to memory to make it tougher for attackers to determine the location of critical OS functions, also didn’t have the intended impact on the ANI vulnerability.
“If the vulnerable code is wrapped in an exception handler that catches many errors [as was the animated cursor code], a failed attempt will not crash the component and the attacker can try again with a different set of addresses,” Howard said.
David LeBlanc, also of Microsoft and the co-author with Howard of the just-released book Writing Secure Code for Vista, blogged about the danger of using exception handlers on 3 April, the same day that Microsoft patched the ANI bug.
“I’ve said a lot of times that incorrect use of exception handlers will get you hacked,” LeBlanc warned at the time.
Howard backed him up: “[An exception handler] can usually be good for reliability, but it has an interesting security side effect. By itself [its] ‘catch everything’ construct is not a security bug, but it can aid an attacker if the exception handler wraps vulnerable code.”
Some of Microsoft’s own development and testing tools also failed to flag the code, which Howard said was taken from Windows 2000, a seven-year, two-month-old operating system.
“Our static analysis tools do not flag this construct as a security bug because it’s a very low-priority warning,” admitted Howard. Why? “Code that uses calls such as ‘memcpy’ is hard to flag as vulnerable without generating a great many false positives. This is a research problem that no one has solved, here or elsewhere.” Howard said Microsoft will investigate further and may ban calls like memcpy in new code to prevent a recurrence.
Fuzz testing, which drops random data into applications or operating system components to see if – and where – breakdowns occur, also missed the bug. “The animated cursor code was fuzz-tested extensively per the SDL requirements,” said Howard. “[But] it turns out none of the .ANI fuzz templates had a second ‘anih’ record. This is now addressed, and we are enhancing our fuzzing tools to make sure they add manipulations that duplicate arbitrary object elements better.”
These moves, warned a commenter to Howard’s blog, are only cosmetic fixes. “Security has to be written right into the code; you can’t add it in later with a bit of compiler magic,” said someone identified as Xepol. “Pretending you can ‘fix’ old code with a few compiler flags is going to result in problems like this repeating endlessly. At some point, you have to stop, go back and fix the foundation, or you might as well be building on quicksand.”
Both Bitle and Friedrichs sounded a similar clarion call. “What Microsoft highlighted here is that while the SDL is thorough, reused code is going to be their downfall,” said Bitle. “Old code will be the Achilles’ heel of SDL.”
“This is the gap that we’re seeing in the [SDL] process,” added Friedrichs, “in that flawed legacy code can make it into a current version of Windows. And this gives them an incentive to analyse that legacy code. I would if I were in their shoes.”
“They’re obviously recognising that detecting

Windows security aslr, sdl, Windows-Vista

One animated cursor bug, many animated critics.
Microsoft ’s failure to spot the animated cursor bug in Windows Vista could be a disconcerting sign that Vista’s security-oriented development process slipped up, researchers have suggested.

“Apparently Microsoft still hasn’t learned that counting vendor acknowledged vulnerabilities isn’t a good way to establish the security of an OS. As an analysis of Microsoft’s claims on Full Disclosure shows, we see that the methodology used was badly flawed. A bug in Firefox (not to mention emacs), counts as a flaw for Linux, while IE bugs get ignored on Vista’s chart. Then we see that vulnerabilities aren’t vulnerabilities when they’re security-challenged features such as Vista’s Teredo. Also, there’s far too little consideration given to severity, given that it stoops to counting even extra access restrictions on a file in OSX to have something to show. In short, the original Microsoft analysis was good PR and poor research.”

“A version of Vista that removes security-related functionality has the potential to be an even greater turkey,” it said. “Security is a major concern for the European market and needs to be addressed on multiple different fronts. If the EU is going to ask Microsoft to remove security-related functionality then it needs to be very precise in its request and very clear why it is making the request. It has the potential to cause a major market disruption, with no benefit for the end-consumer whatsoever.”

Windows security Microsoft-security, vista, Windows-security, Windows-Vista

The researchers of the network Exo performance network announced in a current Blog that Vista SP1 (service luggage) is a performance brake. Who expects more speed as a user after the update, will be disappointed – so the result of the group of researchers after several tests in the own laboratory. Many enterprises waited with the installation of the new operating system, until the SP1 at the market is. They did this on the assumption that the fast recognizable inadequacies of the new system with the first update would take care of themselves. Vista became thereby as as a better XP – however at least just as fast. Far been missing, read now the hard judgement from Florida, Heimat of the open SOURCE company Devil Mountain software, which releases developers for the research net. These consulted the RCO (v.658) for their tests from SP1 and this against different scenarios run to have. Basis was a Dell Notebook with dual core processor and 1 GB RAM. Various scenarios were then tested against two environments: Once also and once without the update. Was paid attention to align the scenarios if possible close at the working life in companies both, which concerns the Office tasks, and different multitasking functions. As it meant, the results were comparable in each case. Vistas SP1 was noticeable only marginally and in individual cases by better achievement, but the performance was therefore alike or worse predominantly as with the test without SP1. In the final result they denied to the update to increase the performance or bring noticeable easements. Somewhat laconically the researchers closed their entry with the words: “if you up to now with the achievement of Windows Vista were dissatisfied, should you better to it get accustomed: SP1 is simply not the universal remedy, of which many spoke. Finally it is Vistas architecture, and not a lack to Tuning or fixed, which provides for it that it works so badly, also under systems, those with Windows XP genuine Bringer was.” And how does it actually stand with safety functions with Vista? Not well, the answer of some IT professionals in the USA reads. They said in relation to the US press on the occasion of the first yearly with the operating system that Microsoft would have concentrated better on the business use. The focusing on safety functions did not help the enterprises from the outset with the introduction and use, so the opinion from US companies. With the updates address Microsoft security – however questions like the performance were considered less.

Windows security performance network, vista, Windows-Vista

This wouldn’t be the first time a file masquerading as something else proceeds to delete all kinds of delicious media off your hard drive. A new worm is making the rounds, one that will delete all your MP3 files though it doesn’t seem to target anything else.

On average, the typical computer contains around 3GB of MP3 files but around here, it’s a lot more. The W32.Deletemusic searches your hard drive and deletes any MP3 file it comes across, hence, the name. It won’t stop with your primary driver either, it will spread to all attached media devices including other hard drives and flash drives. If it makes it’s way on to a flash drive, it will continue the path of destruction on the next computer the drive is plugged in to.

According to ArsTechnica this has been done before. The Nopir worm posed crossed our paths two years ago posing as DVD copying software but actually deleted MP3 files and the Erazer trojan deleted just about every media file you can think of and then some.

The W32.Deletemusic virus affects everything from Windows 95 to Vista, talk about your backwards compatibility! It should be noted that any computer with a half competent real time virus scanner should detect and deal with the threat, Symantec released first response updates on July 30, McAfee responded with updates on August 1. And, if your antivirus is set to check all media devices before launching then the threat will be dealt with even before it can do any damage.

Symantec rates W32.Deletemusic as a “low risk” as it should be, it seems it’s not spreading very fast or well (which is a good thing).

Windows security Windows security, Windows-Vista

A New Yorker is seeking support for a class action suit against the video card manufacturer because he says drivers for the company’s high-end 8800 card have caused him problems.

A new Web site seeking support for a class action suit against video card manufacturer Nvidia has appeared on the Internet.
A message on the site — www.NvidiaClassAction.info — asks consumers who purchased the high-end Nvidia 8800 card with the intention of installing it on Windows Vista-equipped PCs to join the proposed lawsuit.

“Nvidia said the 8800 was built for Windows Vista … it is anything but,” said Dan Goldman, the site’s founder, in an interview Tuesday.

Goldman, a New York City-based investor and IT consultant, said he purchased a version of the $700 card sold by Asus International before Windows Vista was released for sale to the public at the end of January. After upgrading his computer to the new Microsoft operating system in February, and installing Nvidia drivers that were supposedly Vista compatible, “all hell broke loose,” Goldman said.
Goldman’s PC screen started to blank out intermittently and constantly flash an inscrutable error message that read: “Video driver nvlddmkm stopped responding and has recovered.”

Goldman claimed Nvidia’s drivers for Windows Vista caused the problem and that the company ignored his requests for help. Now, he wants payback. “I’m entitled to damages I incurred as a result of Nvidia’s misleading marketing campaign, and so are a lot of other people,” he said.

Goldman, who said he spent about 100 hours unsuccessfully trying to fix the problem on this own, is in talks with three law firms in preparation for a class action suit.

Nvidia officials were not immediately available for comment.

Windows security Windows security, Windows-Vista

Your PC powers up correctly, it passes the POST, all drives are detected correctly, but Windows does not load automatically. Instead you see the following error message:

Cannot find a device file that may be needed to run Windows or a Windows application.
The Windows registry or SYSTEM.INI file refers to this device file, but the device file no longer exists.
If you deleted this file on purpose, try uninstalling the associated application using its uninstall or setup program.
If you still want to use the application associated with this device file, try reinstalling that application to replace the missing file.
(filename)
Press a key to continue

This happens when a Windows system file is renamed or deleted by accident. Most importantly, when you see this screen, stop and write down the name of the file in question. Then push a key and see if Windows will continue to load after all, often it will. To correct the problem, you need to extract a copy of the missing file from the Windows Cab files. If you have Windows 98, this can be done pretty easily if you can still get into Windows with a command called System File Checker, or short SFC. If you cannot get into Windows anymore or don’t have Windows 98, you need to use the Extract command from the DOS prompt.

Operating systems security, Vulnerabilities, Windows security Operating systems security, Vulnerabilities, Windows security, Windows-Vista

Your PC powers up correctly, it passes the POST, all drives are detected correctly, but Windows does not load automatically. Instead you see an error message “Cannot find WIN.COM, unable to continue loading Windows”. Check to see if WIN.COM is still present on the hard drive. It should be located in the C:\Windows folder. If it was accidentally renamed and you can identify the file, name it back to WIN.COM and reboot. If the file was deleted and you are not able to restore it, reinstall Windows over itself. It will recreate all the system files including WIN.COM while retaining all the settings from your existing Windows installation.

Operating systems security, Windows security Operating systems security, Windows security, Windows-Vista

When you run a setup program, UAC should automatically prompt you to run it as an administrator using the UAC prompt (which Microsoft calls the “consent” prompt). If you don’t see this, right-click the program, and then click Run As Administrator. Then, it will really run as an administrator. It should have prompted you, but for some reason, Vista didn’t realize it needed Administrator rights. It woudln’t hurt to check the software developer’s website for a version of the program made for Vista; that would also fix the problem.

If you really get sick of this, you can try disabling UAC–you’ll be giving up a lot of Vista’s security benefits, though, so it is not recommended.

Windows security Windows-Vista

Control (UAC) enabled because it helps protect you from spyware and viruses. If you frequently make configuration changes to your computer and your sick of the UAC confirmation prompts (I feel your pain), you can disable UAC by following these steps:

1. Click Start, and then click Control Panel.

2. In Control Panel, click User Accounts And Family Safety.

3. Click User Accounts.

4. Click Turn User Account Control On Or Off.

Though the link appears on a single user’s Control Panel page, it will affect all users.

5. Clear the Use User Account Control (UAC) To Help Protect Your Computer checkbox, and then click OK.

6. When prompted, restart your computer

Windows security Windows-Vista

Tags: windows vista, security, computer security, vista

Windows security Windows security, Windows-Vista

Vista’s content protection requires that devices (hardware and software drivers) set so-called “tilt bits” if they detect anything unusual. For example if there are unusual voltage fluctuations, maybe some jitter on bus signals, a slightly funny return code from a function call, a device register that doesn’t contain quite the value that was expected, or anything similar, a tilt bit gets set. Such occurrences aren’t too uncommon in a typical computer. For example starting up or plugging in a bus-powered device may cause a small glitch in power supply voltages, or drivers may not quite manage device state as precisely as they think. Previously this was no problem — the system was designed with a bit of resilience, and things will function as normal. In other words small variances in performance are a normal part of system functioning. Furthermore, the degree of variance can differ widely across systems, with some handling large changes in system parameters and others only small ones. One very obvious way to observe this is what happens when a bunch of PCs get hit by a momentary power outage. Effects will vary from powering down, to various types of crash, to nothing at all, all triggered by exactly the same external event.

With the introduction of tilt bits, all of this designed-in resilience is gone. Every little (normally unnoticeable) glitch is suddenly surfaced because it could be a sign of a hack attack, with the required reaction being that (from the spec) “Windows Vista will initiate a full reset of the graphics subsystem, so everything will restart”. According to Microsoft this will only take a few seconds and will only affect the graphics subsystem (so it’s not a complete restart of Vista), but the true impact of this mechanism remains to be seen. In addition even if it’s relatively quick, systems with high availability requirements probably won’t appreciate the overhead of periodic soft-reboots of the graphics subsystem. So the effect that these tilt bits will have on system reliability should require no further explanation.

Content-protection “features” like tilt bits also have worrying denial-of-service (DoS) implications. It’s probably a good thing that modern malware is created by programmers with the commercial interests of the phishing and spam industries in mind rather than just creating as much havoc as possible. With the number of easily-accessible grenade pins that Vista’s content protection provides, any piece of malware that decides to pull a few of them will cause considerable damage. The homeland security implications of this seem quite serious, since a tiny, easily-hidden piece of malware would be enough to render a machine unusably unstable, while the very nature of Vista’s content protection would make it almost impossible to determine why the denial-of-service is occurring. Furthermore, the malware authors, who are taking advantage of “content-protection” features, could claim protection under the DMCA against any attempts to reverse-engineer or disable the content-protection “features” that they’re abusing.

Tags: visa, windows vista, windows

Windows security Windows security, Windows-Vista