If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Question about viruses in Windows 8
I've been wondering something. Considering Windows 8's main interface
sandboxes each application and the Desktop is treated like an application, if Windows 8 was to be affected by a virus, would it exist exclusively within the Desktop and not affect the rest of the system? -- Silver Slimer Wikipedia & OpenMedia Supporter |
Ads |
#2
|
|||
|
|||
Question about viruses in Windows 8
Silver Slimer wrote:
I've been wondering something. Considering Windows 8's main interface sandboxes each application and the Desktop is treated like an application, if Windows 8 was to be affected by a virus, would it exist exclusively within the Desktop and not affect the rest of the system? Your description is like an unfinished painting. There's lots of details missing. The kernel runs in Ring 0. The drivers run in Ring 0. That TDSS root kit you just picked up, runs in Ring 0. It doesn't give a rat's ass about your puny "sandbox". It now owns the computer. For a virus (running in Ring 3) to get you, all it needs is an exploit that elevates it. And while Windows may throw in a few additional accounts like TrustedInstaller, and screw around with Regedit permissions, to make life more difficult, I don't think this causes even a moment of grief for a black hat. If a virus found an exploit that left it running as a limited user, it wouldn't really be able to go anywhere (barring sloppy changes to the system by a user running as administrator). No matter what sandbox you use, the attack surface of the whole system is huge, and if there's a way in, if there are bugs in the code, a black hat will find them. If you write 50 million lines of code, and your software people are any good, there are 50,000 bugs in that code (average). And only a percentage of those have been corrected. And some will never be corrected (too hard, conceptual mistake etc.). Everything has holes. When virtualization was invented, people swore on a stack of bibles that it was bulletproof. And then someone came out with Blue Pill. http://en.wikipedia.org/wiki/Blue_Pill_(software) So no matter how many clever diagrams you draw on that white board of yours, someone out there is laughing at you right now, while they break into your computer. Paul |
Thread Tools | |
Display Modes | Rate This Thread |
|
|