Windows 7's Unfixable Glitch

**icecpu** · 04-26-2009, 08:17 AM

http://gear.ign.com/articles/976/976242p1.html

"A team of researchers located an exploit within the new operating system that can allow hackers to take control of a user's machine during the startup process. The problem was identified by Vipin Kumar and Nitin Kumar, who created a program called VBootKit 2.0 that exploits the weakness and allows a hacker to bypass the machine's hard drive entirely, making it nearly impossible to detect. Once hackers can implement the software, they can then change access permissions, passwords, and gain access to a user's sensitive information. What's worse, a program like the one created by Vipin and Nitin Kumar can be as small as 3KBs, and thus can be spread rapidly. Naturally, problems like these are common during the pre-release beta stages, but Vipin and Nitin Kumar claim that this vulnerability is unique and completely unfixable."

**Shintai** · 04-26-2009, 08:32 AM

So Windows 7 is like any other OS. Also you forgot the most important parts.

Researchers Vipin Kumar and Nitin Kumar used proof-of-concept code they developed, called VBootkit 2.0, to take control of a Windows 7 virtual machine while it was booting up. They demonstrated how the software works at the conference.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]

"There's no fix for this. It cannot be fixed. It's a design problem," Vipin Kumar said, explaining the software exploits the Windows 7 assumption that the boot process is safe from attack.

While VBootkit 2.0 shows how an attacker can take control of a Windows 7 computer, it's not necessarily a serious threat. For the attack to work, an attacker must have physical access to the victim's computer. The attack can not be done remotely.

Having physical access is like...hum...I can boot unix in singleuser mode aswell then and so on.

**faster3200** · 04-26-2009, 08:35 AM

So... how are hackers supposed to do this remotely? If you have to be there to do it, this seems kinda pointless.

EDIT: Shintai beat me.

**Psykocyber** · 04-26-2009, 08:43 AM

Just the other day I discovered another very danguros security glitch, it's called "Leaving your computer unattended"...

**tuanster1119** · 04-26-2009, 08:59 AM

This story seems like the typical anti-Microsoft fear mongering. Microsoft has their faults but for this to become a widely spread story with headlines to make it look like a deal breaker is really ridiculous. If someone has physical access to a secured system, there are plenty of other security issues to deal with rather than a hole in the OS.

**ExodusC** · 04-26-2009, 09:31 AM

Originally Posted by tuanster1119

This story seems like the typical anti-Microsoft fear mongering. Microsoft has their faults but for this to become a widely spread story with headlines to make it look like a deal breaker is really ridiculous. If someone has physical access to a secured system, there are plenty of other security issues to deal with rather than a hole in the OS.

Yes. No operating system is completely secure if the user has physical access.

**billdavis** · 04-26-2009, 09:36 AM

frickin waste of my time!!!! thanks for wasting my life icecpu

and Shintai thank you for clearing up this utterly worthless post

**IronWarrior** · 04-26-2009, 09:37 AM

No threat at all, pointless, only people who would care about this would be at internet cafes, business and crap where they give users limited access.

**Logos** · 04-26-2009, 09:37 AM

already posted, but no problem, there was no feedback there

...yeah there's no threat unless physical access to the PC is first possible.

http://www.xtremesystems.org/forums/...7&postcount=63

**Decami** · 04-26-2009, 09:58 AM

I also created a method the other day for windows 7....and every other operating system and computer out there. Unfortunately I have to have physical access to the computer to use it.

Its called Baseballbat 1.0 It is completely unfixable and a major threat!!

My method renders any computer completely useless.

**Shintai** · 04-26-2009, 10:04 AM

Latest news, besides Windows 7 all Windows versions, OSX, all Linux flavours, all BSD flavours are easily exploitable aswell! World coming to and end!

We advice to lock the serverrooms!

**Logos** · 04-26-2009, 10:05 AM

Originally Posted by Decami

I also created a method the other day for windows 7....and every other operating system and computer out there. Unfortunately I have to have physical access to the computer to use it.

Its called Baseballbat 1.0 It is completely unfixable and a major threat!!

My method renders any computer completely useless.

you're not supposed to post warez on this site

edit: I mean this is obviously a crack

**RaZz!** · 04-26-2009, 10:12 AM

lol...
this is as much a security risk as a livecd in a cdrom drive.

**Logos** · 04-26-2009, 10:25 AM

Originally Posted by RaZz!

lol...
this is as much a security risk as a livecd in a cdrom drive.

btw they did something funny on the Suse live cd (latest version). When you attempt to access a drive, EXT3 or NTFS, you get the message, "denied by OS policy"

**Tonucci** · 04-26-2009, 10:27 AM

Originally Posted by Decami

I also created a method the other day for windows 7....and every other operating system and computer out there. Unfortunately I have to have physical access to the computer to use it.

Its called Baseballbat 1.0 It is completely unfixable and a major threat!!

My method renders any computer completely useless.

Your method is very dangerous indeed

Thanks god I dont grant strangers physical access to my house / PC

**SNiiPE_DoGG** · 04-26-2009, 10:28 AM

already people are trying to bash the crap out of windows 7....

**Truckchase!** · 04-26-2009, 10:29 AM

This just in: If a robber has physical access to your whole house, and all the time and privacy he desires, he could STEAL ANYTHING HE WANTED!!!

HOLY COW! RUN!

**Fafeifa** · 04-26-2009, 10:33 AM

I really like win 7 and i see a bigger threat of me spilling coffee on the machine than this stupid program.

**Logos** · 04-26-2009, 10:39 AM

Originally Posted by SNiiPE_DoGG

already people are trying to bash the crap out of windows 7....

you thought they would stop out of respect for this new version

they need to kill the idol, over and over again.

**junkun13** · 04-26-2009, 10:57 AM

Originally Posted by Decami

I also created a method the other day for windows 7....and every other operating system and computer out there. Unfortunately I have to have physical access to the computer to use it.

Its called Baseballbat 1.0 It is completely unfixable and a major threat!!

My method renders any computer completely useless.

now that is the unfixable

**SamHughe** · 04-26-2009, 12:27 PM

I'd like to try Baseballbat 1.0 on my Mac at my office. Hope that'll help me get rid of it.

**Helmore** · 04-26-2009, 12:34 PM

Originally Posted by SamHughe

I'd like to try Baseballbat 1.0 on my Mac at my office. Hope that'll help me get rid of it.

Didn't spilling some coffee over it work? Or do you consider that a waste of your coffee?

**GTSRboy** · 04-26-2009, 12:37 PM

If a hacker has physical access to your desktop, your done period, in any scenario

**~~Xoulz~~** · 04-26-2009, 12:44 PM

Errr.. haven't we been able to drop a floppy into any computer over the last 15 years and boot off that, bypassing the OS ..?

(Given: 1st boot device)

**EnJoY** · 04-26-2009, 02:34 PM

Originally Posted by SamHughe

I'd like to try Baseballbat 1.0 on my Mac at my office. Hope that'll help me get rid of it.

I don't believe BaseballBat is compatible with the Power Mac's solid aluminum cases. MetalBaseballBat v1.1 Beta however is expected to add this capability.

Thread: Windows 7's Unfixable Glitch

Thread Tools

Search Thread

Rate This Thread

Display

Windows 7's Unfixable Glitch

Bookmarks

Bookmarks

Posting Permissions