Site icon Liquidmatrix Security Digest

Vista Koolaid

Why is it that every speaker that I I have seen on Vista security feels it necessary to devote more that 40% of their time to bashing Apple and Linux? These aren’t even folks that are on the Microsoft payroll. I got into it with todays speaker (no surprise) over lunch and he said that by virtue of the fact that I was using NeoOffice on a Mac that I was a communist. I should point out that this guy (who shall remain nameless) is from Texas. Me, a commie? Wow, is that the best come back that he could muster? Rather pathetic actually. He then went on to spew FUD from the gospel according to Ballmer.

Now, as I have said before, I have become OS agnostic. I’m a Mac user but, that by no means is indicative of my political leanings. I believe that every operating system has its place and that it is asinine to argue over who’s is bigger. It’s a circumlocutious argument that no one wins. Enough already.

He did manage to give a nice presentation on Vista but, seeing as how he managed to piss me off, I’m not going to point people to his website. He tackled the various permissions and rights that users have in Vista and even showed the crowd (250+) how to defeat the Vista Activation. Not sure the Redmond folks would enjoy that one much. Basically the way it works is that you pull up the registry editor for Windows, regedit, and search out the key SL. I can’t recall the full path and I’ll update that tomorrow. Suffice as to say there is a value within that key called SkipRearm. The value for this is set to “0”. All you would have to do is change this value to “1” or some other value to reset the activation timer. Ah, but wait, there’s more. Close out of regedit and then launch a command line.

Enter this command: C:\>slmgr – rearm

This will, if successful, return a “command complete” message and ask you to reboot (yes, a reboot)

He then went into some detail about Windows Integrity Control. This is a permission structure that Microsoft, for whatever reason, decided to drop at the last minute. The weird part is that all of the code is still in the OS. The analogy that was used equated this to removing the sink and tub and leaving all of the plumbing in the house. The premise here was that files with lower permissions would not be able to “read up” or “write up”. Example an administrator would be level 3000 and a system file would be at 4000. The rub here is that even though you might be an administrator you would not be able to delete a system file. Um, OK. Is it just me or does that seem like a bad idea?

Well, a smart malware writer could have taken advantage of this and create a rootkit that is a system level file. There are a few applications today that would allow a user to elevate their privileges in WCI and set the file permissions to system. And psexec can help you there. I won’t give anymore detail on that point.

There was more from today but, I won’t bore you with that. Just an open message to speakers out there on Windows security. Give it up with the Coke vs. Pepsi, Windows is better than (insert) routine. It’s tired.

Now put down the koolaid glass and get back to work.

[tags]Vista Security, Windows Integrity Control, Conference Speaking, Microsoft Security[/tags]

Exit mobile version