Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Taps Cybersecurity Expert as Director of Global Security

SandboxGeneral said:
None. But are there any exploits that attack Windows right now without user interaction? Just turning on a fully patched Win7 system and having it connected to the Internet (not behind a hardware firewall). I know there was a time with WinXP that just doing that would result in an infection just by pressing the power button. I think it was through the RAW sockets (If I recall correctly).
Click to expand...

None from just turning Windows on. But there have been some fairly recently (Nov. 2010) and consistently across time (Kneber) for Windows Live Messenger that affected fully patch Vista/7. In the most recent incidence, I do believe that Messenger was not the most current version.

This UAC bypass was released to the public prior to being patched and remained unpatch until at least 2010-12-17. This could easily be used to cause privilege escalation after exploitation of various client side softwares.

Recently, the security of Windows in the domain of malware is much improved but in reference to average users that click on anything, possibly pirate software, and etc the following does apply:

You can answer this by asking yourself the following question:

Name one piece of malware for OS X that does not require user interaction (meaning password authentication) to infect and propagate?

This excludes trojans, but Mac OS X only has four relevant unsuccessful trojans and 3 of them are detected by XProtect included in 10.6 by default.

So, 1 undetected trojan for OS X vs hundreds maybe thousands of undetected pieces of malware for Windows given that no AV software has 100% detection rates and the volume of Windows malware is going faster each year.
Click to expand...

Sorry, I realize I modified my previous post after you had responded. I had not refreshed my browser.
 
Last edited:
munkery said:
None from just turning Windows on. But there have been some fairly recently (Nov. 2010) and consistently across time (Kneber) for Windows Live Messenger that affected fully patch Vista/7. In the most recent incidence, I do believe that Messenger was not the most current version.

Recently, the security of Windows in the domain of malware is much improved but in reference to average users that click on anything, possibly pirate software, and etc the following does apply:
Click to expand...

So in essence it would seem that both Windows 7 and OS/X are equally secure or equally vulnerable, depending on point of view. And as I preach to my employees (I am an IT admin) the biggest security threat to a computer is the user.

When I was a Windows guy, I ran XP, patched, for years without an AV program and I never had any problems. Once in a while I would install an AV and run a check and never once had any malware and then I would uninstall the AV. I just know how to be safe while on the Internet and I never shared flash drives or discs with anyone. Sadly though, most people don't understand or even care to understand computer security, to their own demise usually.
 
SandboxGeneral said:
So in essence it would seem that both Windows 7 and OS/X are equally secure or equally vulnerable, depending on point of view. And as I preach to my employees (I am an IT admin) the biggest security threat to a computer is the user.

When I was a Windows guy, I ran XP, patched, for years without an AV program and I never had any problems. Once in a while I would install an AV and run a check and never once had any malware and then I would uninstall the AV. I just know how to be safe while on the Internet and I never shared flash drives or discs with anyone. Sadly though, most people don't understand or even care to understand computer security, to their own demise usually.
Click to expand...

Sorry, chasing each others refreshes again.

This UAC bypass was released to the public prior to being patched and remained unpatch until at least 2010-12-17. This could easily be used to cause privilege escalation after exploitation of various client side softwares.
Click to expand...

Some combinations of exploitation using DLL hijacking would be just as reliable as the use of that UAC bypass.

I find it interesting that the UAC bypass was publicly available around the same time of a client side worm in Windows. Maybe, there is a connection? I do not know the mechanism used by the worm.
 
Last edited:
munkery said:
I find it interesting that the UAC bypass was publicly available around the same time of a major client side worm in Windows. Maybe, there is a connection? I do not know the mechanism used by the worm.
Click to expand...

I remember that one vaguely. It has always been the suspicion that the AV companies create their own exploits in an effort to keep the continuity of their establishment going. I never subscribed to that notion as there are plenty of people out there with malicious intent that don't work for the AV companies. Although it's certainly possible that they may do so a little. but we'll never know for sure.
 
SandboxGeneral said:
I remember that one vaguely. It has always been the suspicion that the AV companies create their own exploits in an effort to keep the continuity of their establishment going. I never subscribed to that notion as there are plenty of people out there with malicious intent that don't work for the AV companies. Although it's certainly possible that they may do so a little. but we'll never know for sure.
Click to expand...

I think the connection is that criminals are using exploits like the UAC bypass to achieve privilege escalation in Windows in the wild.
 
Last edited:
munkery said:
I think the connection is that criminals are using exploits like the UAC bypass to achieve privilege escalation in Windows in the wild.
Click to expand...

Proof,

A quick search through the Microsoft Security Bulletin Summary index shows that this publicly released UAC bypass in Windows 7 is still not yet patched after 2 months (Nov, 26/2010 to Jan, 27/2011).

Interestingly, it is in the same class of exploit used to achieve privilege escalation in the Stuxnet worm that was discovered in July 2010. The win32k.sys exploit used in Stuxnet was not patched until Oct, 12/2010.

The win32k.sys exploit in Stuxnet did not work in Vista/7 so another exploit was used to achieve privilege escalation in Vista/7. This Task Scheduler exploit was not patched until Dec, 14/2010.
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back