I can connect via one computer to the internet - praise the lord. And as the feed is provided by a cable internet operator, which has a pool of computers of its own, I am not even sure of what is secure and what is not - Ignorance is a bliss. And I have lost a lot of money and time Lord, give me the strength to forgive those who do not know what they are doing Re:Bad design 4 Security - Bad 4 Servicing Everything I've heard on TV and Radio that's been more than just "There is a new virus" that has an attitude that I just can't stand.
Linux needed to help keep Windows secure Score: 5 , Interesting. OS X is completely locked up Score: 4 , Informative. Here's a sample portscan with no user-services ssh,httpd, afp, etc running. Port Scan has started Port Scanning host: With write priviledges only to their own sandbox, then, none of this would be happening.
Instead, you've got IE and Outlook running as a user's account, so, despite the prevalance of a workable user based access control list based security system in Windows, Microsoft does not use it where it really counts. Dumb dumb dumb. The main problem with windows is the users..
That friend is complete noob with computers and now he had a problem. This is pretty much what was said: Friend: Hey. I got a problem with my computer. It has shut itself two times today, without me doing something. What do you think is wrong? I heard something about a virus. Me: Yeah there is a few major virus's flowing around the net right now. Have you patched your system? Friend: Patched? Me: Yeah. You know downloaded updates for windows.
Friend: No.. Me: Oh well. Here is a link to a virus scanner try and run that first. After awhile, me trying to explain him how to scan for viruses. Me: Good now to update your system. I, after awhile, get him pointed to the windows update and the patch for blaster. Again I think he got it installed Me: So, Now I suggest you update your system with patches from windows update. Friend: Why?
What should I waste time download all that? What good does it do me? Me: Well It secures your system, give you updates to windows programs and IE and new drivers.
You know. Makes it upto date. Friend: But how do I do it? I try to explain him how to use windowsupdate but is almost giving up since he just dont get he just gotta press scan for updates and then install updates. Well in the end he gives up and says he dont care And there is the entire windows Security problem.
Users that just come to their computer to surf abit and download a few programs like kazaa or emule just dont feel the need for updates. And they end up spreding the viruses to the entire net. And it dont help that MS dont allow pirate versions of windows to be updated fully. I can see why it would in sense suck for them to give free updates to people that havent payed for the system. But people dont get updates when its all blocked. Which in end leads to viruses like this to run wild.
Conspiracy theory Score: 5 , Interesting. I'm late to the party with this reply, but I'm posting it anyway for posterity. Someday I'll find this message and link back to it.
Windows IS insecure by design. The Virii and worms that are happening now are pissing people off. In the future, Microsoft will bring the 'security' scheme from the XBox to Windows And in the end, you and I won't be allowed to fire up a compiler and write a trivial little 'Hello World' program without buying a runtime license from Microsoft, which will be embeded in every program you write.
Innovation will be stifled I doubt Microsoft will be very license-friendly to Sun, or Apache, or Cygwin, etc. Microsoft's own lax security is a plan to pave the way to their heavy handed takeover of your computer. It's in 2. There's also useful documentation at the sysadmin level [nsa. It's not a magic bullet, but mandatory security just went mainstream. Complete with ad for "Windows Server. I thought it was amusing when I surfed over to the Post to read the article there was an ad for "Windows Server" on the page.
I had to take a screen shot. Windows does not have to be insecure. I haven't patched anything. I don't trust the patches and especially not the Service Packs. They can break things and slow things down. If my box is working, why tempt fate? There are a few, very simple things to do that will keep Windows almost entirely secure: 1 - No scripting host. If you don't need it, kill it.
Outlook is bad. IE is almost as bad. Everyone should know this by now. And if you must use it Why is this so difficult? Well, it's because people never You wouldn't eat something from a package simply labled "food" without having some clue what's in it, so why double-click an icon without knowing what it will do?
Learn what these extensions are, and Google it if you're not sure what a given one means. Mozilla's now advanced and stable enough that you should almost never have to use IE to properly view a site.
I never have a problem with popups, and I've never had my browser hijacked. Using IE tempts people to break If you weren't specifically looking for what a site wants you to install, chances are you don't need it. Read the license agreement. Sure, I like to check out neat toys on Download. See 6. Google each one. This is a pain in the ass the first time, but do it once and then you'll know when something's not supposed to be there.
Get two. That's it. I run no antivirus software and my system thanks me for it with good performance. I have not loaded a Service Pack, a patch, anything. None of this is difficult. These rules are simple enough for almost anyone to follow, and the major ones are extremely easy. This story is nice Score: 5 , Funny. So Windows is insecure by design, huh? It's so nice to see Microsoft finally get something right. Re:Why was this posted? It was posted because people have been saying for a long time that windows is insecure, but Joe Shmoe computer user won't know that you mean there's computers that don't run windows?
This is the media attention a lot of linux geeks have been waiting for. I agree. The Washington Post is a very well known newspaper that many people get. Even my father who subscribes to WP read the article this morning and showed it to me because he thought I might find it interesting. He isnt the type to read stuff like slashdot. Just a note.. I saw it at news. Comment removed Score: 4 , Insightful.
Comment removed based on user account deletion. Not exactly Apache is more deliberately used than IIS. IIS, however, has a very widespread install base amongst clueless users who don't even realise that they're running it, thanks to Microsoft's boneheaded install procedures.
Obligatory Question and Score: 5 , Insightful. There's something more fundamental about the differences in security -- yes, MS is a bigger target, but that doesn't mean that it can't also happen to be the easiest target and it is. Funny, you say that. That excuse is getting to its old age. But it makes a great difference on Windows right in a moment after you: step1 Disable Internet Connection to Explorer and Outlook almost no one virus can connect to internet to download it's other part or upgrade, because they mostly use ActiveX download object step2 Start using Mozilla or Opera or even better Thunderbird and Firebird in this step you disable IFrame and OCX viruses step3 Teach users not to open.
Based on that: YES, Windows is insecure in its roots. Give me a break. Linux and Mac don't have a huge share of desktops, but more and more companies the kind of companies you want to hack and steal credit card numbers from are running Linux-based servers.
The source code for Linux is on millions of computers, naked to the world. I learned about preventing buffer-overruns when I was in high school. This "most computers are running Windows" excuse for viruses is a cop-out, plain and simple.
I think this has to do more wiht the type of user we are talking about here. Joe Sixpack doesn't know anything about computers and thus uses Windows. Then we blame him when his computer has a worm. Well, if JS used Linux he wouldn't update his system either. Perhaps that is why so many exploits are found, because people are targeting it religously, start targeting Mac and Linux as much and see who is insecure Actually, virus writers write virii targetting windows machines because windows machines are easy targets, not because there are so many licenses sold.
Re:Choice Score: 5 , Insightful. Re:Choice Score: 5 , Informative. If you read the computer requirements [vt. In FAQ [vt. If you do not run Windows on your computer, you will miss an educational opportunity to learn Windows administration, which is a marketable skill. However, if you choose to run Windows 95 or 98, you will almost certainly experience increased difficulty in the programming classes. Re:Apple and Linux systems are insecure too!
Oh wait, no we don't. Re:Corporate Blinders Score: 5 , Interesting. That seems to be a rather easy thing to say if you're not actually trying to manage a business with a large, complex interconnected system of technologies I'm not saying it's a bad idea, just a potentially unpractical one in many real corporate situations.
Working with the single devil you know as opposed to a vast army of individually varied devils may be preferable, at least in theory. Re:Corporate Blinders Score: 5 , Funny. What is it going to take? Ships sinking? Trains being derailed? Satellites dropping out of orbit? Re:It's not Windows' fault Score: 5 , Informative.
This has nothing to do with Unix and certainly isn't a standard hell, Samba doesn't even support this. This was totally a MS-original. A lot of the http virii are based on MS-extensions or broken non-standard behavior of the MS clients. If MS has followed what you refer to as "obscure unix standards", this wouldn't be an issue.
Despite what you may thing, Unix systems were designed with security in mind whereas Windows was designed as a user-operating system. Re:It's not Windows' fault Score: 5 , Insightful.
In a response to a recent story, someone mentioned that UNIX standards were generally based upon specifications which had been made publically available for comment. This is something that many take for granted, but it is quite important. This is in contrast to Linux, which was multi-user from the very beginning. This makes a huge security difference.
In addition, the Windows design philosophy is to have all programs and system services interoperate at the lowest possible level. That means any bugs, trojans, worms, or viruses affecting one part of the system can quickly move on to the whole thing.
Linux just doesn't work like this. The fact that Windows does will make it a perennial target for script kiddies and trojan-writing spammers for the forseeable future. Windows cannot be made secure without changing it to such a degree that most of the programs on it will break. Think that's an exaggeration? Microsoft has already stated that the security improvements in XP Service Pack 2 will break some applications.
The problem's not in the code, it's in the design. Log in to post comments Windows is insecure by design - or is it? In these, the situation is actually reversed: The kernel is multitasking and multiuser, and probably could be used as the basis of a secure OS, but it is buried under unsafe GUI and backward-compatibility layers By the way, reading LWN and other Linux boards, I frequently get the impression that people think of Windows as it was at about the Windows 98 level or even at Windows 3.
However, Windows has not been standing still, no doubt having been greatly spurred on by the competition from Linux. It is a lot more solid than it used to be. Linux can keep ahead, but it is not automatically a given.
Windows is insecure by design - or is it? I didnt compare Linux to anything, I just pointed out that the poster was incorrect and that the fundamentals of Unix security are pretty weak. Now, in common usage and practice, Windows may have a worse security record than Linux, or not, but that is a matter of practice, not the fundamental models on which those security practices are built.
Newer stuff like Linux and Solaris Privileges aka Capabilities do help strengthen the security model on Unix though where available. I wouldnt touch Windows with a bargepole unless its for family or a good friend , but saying Windows is fundamentally insecure is FUD, and FUD is bad no matter who propogates it. As I said before I can't see what your problem is with the security model of most Linux distros. I guess you must be referring to the security implementation: It is true that any password hashing based system is pretty insecure.
But I think anything other than One Time Pad is a weak product since it has built in obsolesence: as cpu speeds increase, asymmetric keys need to get longer and longer. The OTP bundles come from a central security place. Further OTPs between a person and, say a vendor, are exchanged via the central security place. As both vendor and user can trust central security place, they can then trust each other. Unlike the asymmetric model, if your OTP bundle is suspected or known to be compromised, you can flush it and get another bundle from the central security place physically, not over the net : the big difference is that trust can easily be re-established.
If someone brute forces verisign's organisational root certifier for example with a giant internet hacker supercomputer via backdoor inserted by worm like SoBig etc etc , then someone can make any certificate name under the organisstional root certifier that certifies when you check it with verisign, meaning you don't even have to brute force all organisation certifiers.
WinObj allows you to see a plethora of information about the machine without any special privileges. WinObj can be run with or without Administrator privileges, however, I suggest using Administrator privileges during investigation because sometimes you cannot "list" one of the directories above, but you can "list" sub-folders. User-mode anti-cheat developers hunt for information leaks in these directories because the information leaks can be significantly subtle. Since by default Everyone can access the Device directory, they can simply check if any devices have a blacklisted name.
More subtle leaks happen as well. A classic detection vector for all kinds of anti-cheats is the anti-cheat enumerating windows for certain characteristics. Maybe it's a transparent window that's always the top window, or maybe it's a window with a naughty name. Windows provide for a unique heuristic detection mechanism given that cheats often have some sort of GUI component.
To investigate these leaks, I used Process Hacker 's "Windows" tab that shows what windows a process has associated with it. For example, coming back to the Cheat Engine example, there are plenty of windows anti-cheats can look for. There can be many things anti-cheats look for in windows, whether that be the class, text, the process associated with the window, etc.
The next most lethal tool in the arsenal of these anti-cheats is NtQuerySystemInformation. This API allows even unprivileged processes to query a significant amount of information about what's going on in your computer. There's too much data provided to cover all of it, but let's see some of the highlights of NtQuerySystemInformation. This is only a small subset of what NtQuerySystemInformation exposes and it's important to remember these data sources while designing a secure cheat.
Time for my favorite part. What's it worth if I just list all the possible ways for user-mode anti-cheats to detect you, without providing any solutions? In this section, we'll look over the detection vectors we mentioned above and see different ways to mitigate against them.
First, let's summarize what we found. To restate the investigation section regarding filesystems, we found that user-mode anti-cheats could utilize the filesystem to get access they once did not have before. How can an attacker evade filesystem based detection routines? By abusing security descriptors.
Security descriptors are what truly dictates who has access to an object, and in the filesystem this becomes especially important in regards to who can read a file. If the user-mode anti-cheat does not have permission to read an object based on its security descriptors, then they cannot read that file. What I mean is, if you run a process as Administrator, preventing the anti-cheat from opening the process and then you remove access to the file, how can the anti-cheat read the file?
This method of abusing security descriptors would allow an attacker to evade detections that involve opening processes through the filesystem. You may feel wary when thinking about restricting unprivileged access to your process, but there are many subtle ways to achieve the same result. Instead of directly setting the security descriptor of the file or folder, why not find existing folders that have restricted security descriptors? The directory by default disallows unprivileged applications from accessing it, requiring at least Administrator privileges to access it.
What if you put your naughty binary in here? Another trick to evade information leaks in places such as the Device directory or BaseNamedObjects directory is to abuse their security descriptors to block access to the anti-cheat.
I strongly advise that you utilize a new sandbox account, however, you can set the permissions of directories such as the Device directory to deny access to certain security principles. Using security descriptors, we can block access to these directories to prevent anti-cheats from traversing them. All we need to do in the example above is run the game as this new user and they will not have access to the Device directory.
Since security descriptors control a significant amount of access in Windows, it's important to understand how we can leverage them to cut off anti-cheats from crucial data sources. Whether it be matchmaking, lobbies, peer-to-peer functionality, etc; there are many attractive features the service offers to game developers. Before we continue with any security review, it's important to have a basic conceptual understanding of the product you're reviewing.
This context can be especially helpful in later stages when trying to understand the inner workings of the product. I found it peculiar that the only "client roles" that existed were GameServer and GameClient. The GameClient role "can access EOS information, but typically can't modify it", whereas the GameServer role "is a server or secure backend intended for administrative purposes".
If you're writing a peer-to-peer game, what role do you give clients? GameClient credentials won't work for hosting sessions, given that it's meant for read-only access, but GameServer credentials are only meant for "a server or secure backend". A peer-to-peer client is neither a server nor anything I'd call "secure", but Epic Games effectively forces developers to embed GameServer credentials, because otherwise how can peer-to-peer clients host sessions?
The real danger here is that the documentation falsely assumes that if a client has GameServer role, it should be trusted, when in fact the client may be an untrusted P2P client.
I was amused by the fact that Epic Games even gives an example of the problem with giving untrusted clients the GameServer role:. Going back to those requests we intercepted earlier, the client credentials are pretty easy to extract.
In the authentication request above, the client credentials are simply embedded as a Baseencoded string in the Authorization header. Decoding this string provides a username:password combination, which represents the client credentials. With such little effort, we are able to obtain credentials for the GameServer role giving significant access to the backend used for Satisfactory.
We'll take a look at what we can do with GameServer credentials in a later section. The core components of session creation that are high value targets include session creation, session discovery, and joining a session. Problems in these processes could have significant security impact. The first process to look at is session creation. Creating a session with the Sessions interface is relatively simple. Although this function will end up creating your session, there is a significant amount you can configure about a session given that the initial structure passed only contains required information to create a barebone session.
For example, let's talk about how matchmaking works with these sessions. A major component of Sessions is the ability to add "custom attributes":. These "attributes" are what allows developers to add custom information about a session, such as the map the session is for or what version the host is running at. EOS makes session searching simple. This structure has the minimum amount of information needed to perform a search, containing only the maximum number of search results to return.
Before performing a search, you can update the session search object to filter for specific properties. EOS allows you to search for session based on:. Although you can use a session identifier or a user identifier if you're joining a known specific session, for matchmaking purposes, attributes are the only way to "discover" sessions based on user-defined data.
Satisfactory isn't a matchmaking game and you'd assume they'd use the unique session identifier provided by the EOS-API. Unfortunately, until a month ago, EOS did not allow you to set a custom session identifier.
Instead they forced game developers to use their randomly generated 32 character session ID. When hosting a session in Satisfactory, hosts are given the option to set a custom session identifier. When joining a multiplayer session, besides joining via a friend, Satisfactory gives the option of using this session identifier to join sessions. How does this work in the background?
Although the EOS-API assigns a random session identifier to every newly created session, many implementations ignore it and choose to use attributes to store a session identifier.
Being honest, who wants to share a random 32 character string with friends? I decided the best way to figure out how Satisfactory handled unique session identifiers was to see what happens on the network when I attempt to join a custom session ID.
Of course, this returned no valid sessions, but this request interestingly revealed that the mechanism used for finding sessions was based on a set of criteria. The first idea I had when I saw that filtering was based on an array of "criteria" was what happens when you specify no criteria?
0コメント