Members
  • Total Members: 12811
  • Latest: nodrog
Stats
  • Total Posts: 28506
  • Total Topics: 8238
  • Online Today: 849
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Malware Aims to Evade Windows 7 Safeguards (ASLR, DEP, UAC)  (Read 4470 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Experts agree that Windows 7 has enhanced security to ward off attacks on vulnerabilities in old software. But what if a money-minded online scammer can persuade you to download malware onto your PC?

"Windows 7 is more secure, and upgrading to it is a big improvement," says Chester Wisniewski, a senior security advisor with software-maker Sophos. "But it's not going to stop malware in its tracks."

Exploits Take a Hit

Digital crooks generally use two tactics to install malware on a PC. Exploits often take the form of a snippet of attack code hidden on a Web page--often a hacked-but-otherwise-benign site. When you browse the page, the exploit hunts for software flaws in Windows or in third-party programs such as Adobe Flash or QuickTime. If it finds one, the exploit may surreptitiously install malware without any hint of the attack.

In contrast, social engineering attacks try to trick you into downloading and installing bot malware that poses as a useful program or video. Some attacks combine tactics, as when a scammer sends an e-mail message encouraging you to open an attached PDF file, only to trigger an exploit buried in the file that then hunts for a flaw in Adobe Reader.

Security upgrades in Windows 7 could help prevent many attacks that target software flaws. ActiveX attacks, once the bane of Internet Explorer users, may "pretty much disappear" due to IE 8's Protected Mode, says H.D. Moore, chief security officer at Rapid7 and creator of the Metasploit testing tool.

The arcane-sounding Address Space Layer Randomization makes it harder for crooks to find a vulnerability for a running program in your computer's memory. The related Data Execution Prevention feature attempts to prohibit an attack from taking advantage of any flaw that it may discover.

"These two, in particular, could have a very large impact," says Wisniewski. Still, though ASLR and DEP were expanded to protect more programs in Windows 7 than in Vista, they don't cover all applications.

Vista Safer Than XP?

For a sense of what that impact might be, we can look at how Vista fared against malware. Microsoft's latest Security Intelligence Report covers the first half of 2009, prior to Windows 7's release: http://www.microsoft.com/security/portal/Threat/SIR.aspx
It's based on data from the Malicious Software Removal Tool, which Microsoft distributes via Automatic Updates to fight common malware infections. According to that data, the infection rate for an up-to-date Vista computer was 62 percent lower than that for an up-to-date XP system.

It's possible, of course, that Vista users are technologically savvier on average, and so less likely to fall victim to malware. The sample sizes for XP and Vista, which Microsoft didn't include in the report, might skew the statistics, as well.

But Sophos's Wisniewski thinks that ASLR and DEP are factors, too. And since those features are expanded in Windows 7, there's reason to hope they'll continue to be effective.

"I don't see this going away anytime soon," says Moore. He notes that there are plenty of ways crooks can and likely will continue to ply their evil trade against the new OS. But "it does raise the bar," Moore says.

Hacking People, Not Programs

Exploit-based attacks may be harder to pull off against Windows 7, but social engineering attacks may be as dangerous as ever. And the theoretically less-annoying User Account Control does little to disable poisoned downloads.

In October, Sophos ran a test to see how Windows 7 and UAC would handle malware. First, the testers grabbed the first ten samples of malicious software that came into their lab. They then ran those samples on a fresh Windows 7 machine with UAC at its default settings, and with no antivirus installed.

Two samples couldn't run on Windows 7 at all. But at its default setting, UAC blocked only one sample, leaving seven pieces of malware that loaded right up.

Sophos's test highlights two points. First, Wisniewski and others say, UAC isn't designed to block malware as much as it is to encourage programmers to write software that doesn't require special privileges--so you shouldn't count on it for protection: http://www.sophos.com/blogs/chetw/g/2009/11/03/windows-7-vulnerable-8-10-viruses/

Second, if a bad guy tricks you into downloading a Trojan horse, ASLR and DEP don't matter. IE 8's SmartScreen filter and similar features in other browsers might block known nasties, but the malware universe is bigger than that.

Social engineering ruses include using a hijacked social network account to send malware lures to friends of the owner, sending a link to a supposed video taken of a friend, and hiding a poisoned URL in a shortened link of the type commonly used on Twitter.

Toss in other tried-and-true scams such as videos that instruct you to in­­stall a codec file (but instead lead you to a malware download), and phony documents attached to e-mail messages that appear to come from coworkers, and it becomes clear why Windows 7 users can't let their guard down.

(PCW)

Samker's Computer Forum - SCforum.info





duomaxwell22

  • SCF Member
  • **
  • Posts: 70
  • KARMA: 15
  • Gender: Male
  • If it is too good to be true, Don't believe it!
Re: Malware Aims to Evade Windows 7 Safeguards (ASLR, DEP, UAC)
« Reply #1 on: 30. January 2010., 01:02:36 »
i agree that vista is safer than xp based on my experience.. never tried win7, vista still so sticky with me..

anyone here can tell which is safer, vista or win7?

thanks..

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Top Operating System Market Share Trend
« Reply #2 on: 30. January 2010., 08:16:33 »

anyone here can tell which is safer, vista or win7?

Right now 7 is safer, but since 7 is latest Windows version (it's also much better than Vista) every day it will "grow up" in OS market share (right now 7 have about 6% only, complete chart here: http://marketshare.hitslink.com/os-market-share.aspx?qprid=11 ) probably one day 7 will be No.1 and at that day it'll be main target for most Malware creator which will look and try to exploit every possible "hole" (bug), that day Vista and 7 will change places. ;)



duomaxwell22

  • SCF Member
  • **
  • Posts: 70
  • KARMA: 15
  • Gender: Male
  • If it is too good to be true, Don't believe it!
Re: Malware Aims to Evade Windows 7 Safeguards (ASLR, DEP, UAC)
« Reply #3 on: 01. February 2010., 01:15:53 »
thanks for the info.. hmm, now it makes me think twice sticking to vista.. ^_^

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising