Risk Profile Vs Antivirus Definition age - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Risk Profile Vs Antivirus Definition age

Virus Guy wrote:

Quoted text here. Click to load it

Not everyone (in fact you've got to be in a very tiny minority) wants to
continue to work with stone age software.

Quoted text here. Click to load it

You sure?   LOL

--
   -bts
   -This space for rent, but the price is high

Re: Risk Profile Vs Antivirus Definition age

Virus Guy wrote:

Quoted text here. Click to load it

Not everyone (in fact you've got to be in a very tiny minority) wants to
continue to work with stone age software.

Quoted text here. Click to load it

You sure?   LOL

--
   -bts
   -This space for rent, but the price is high

Re: Risk Profile Vs Antivirus Definition age

Virus Guy wrote :
Quoted text here. Click to load it

A large majority of malware these days isn't written to run on non-NT
based OSes. Even if a vulnerability is discovered that affects W98 the
chances are that the rest of the malware program that leverages that
vulnerability isn't written to run on W98.



Re: Risk Profile Vs Antivirus Definition age

FromTheRafters wrote:
 
Quoted text here. Click to load it

I paid close attention to all the CVE's that were announced for windows
up until maybe 2008, and paid close attention to Secunia's list of
security issues for win-98 up until it went EOL in 2006.  Also all of
Micro$oft's security bulletins during those years (2002 - 2008).

The absolute fact is that even during the years when win-98 was still in
it's support phase and running on a significant fraction of computers
(and therefore a sufficiently large target for hackers), the fact is
that almost all of the vulnerabilities that were discovered for IE back
during the 2002 - 2006 timeframe applied only to 2k/XP and not to
win-98.  There were hardly any non-IE vulnerabilites discovered for
win-98 during that time, but tons for NT-based OS's.

I would argue that home and soho systems running win-98 from 2000 to
2004 would have been EXTREMELY useful to penetrate because (a) there
were a LOT of them in use during those years, and (b) the likelyhood
that they were connected to the net through insecure modems without
NAT.  The facts are that pretty much the only way those systems were
exploited was through activation of viral e-mail attachments -
user-facilitated or user-controlled exploitation - which you can't fault
the OS for.

Re: Risk Profile Vs Antivirus Definition age

on 9/8/2012, Virus Guy supposed :
Quoted text here. Click to load it

To be fair, you should count all privilege escalation vulnerabilities
for NT based OSes as if they were also W98 vulnerabilities. The reason
being that W98 has no security in that respect so there is nothing to
'get over' as far as privilege restrictions are concerned.



Re: Risk Profile Vs Antivirus Definition age

FromTheRafters wrote:
 
Quoted text here. Click to load it

So let's see how this works.

In the real world, any privilege escalation exploit must contain the
exploit (A) and some payload (B) designed to do something useful for the
hacker / criminal.

An NT-based OS presents a door by which the exploit (A) operates on -
and passes through and brings (B) with it, and launches B on the inside.

You're saying that Win-9x doesn't have that door - instead it has an
open hole that (B) could just walk right through.

I don't buy that.  I think that instead of a "secure" door in this case,
Win-98 presents a brick wall that the NT-designed exploit (A) just
bounces off of.  And even if there was a hole in this wall somewhere
else, the payload (B) doesn't have legs of it's own, so it can't walk
through any open holes by itself.  Any payload needs something to carry
it through a hole or open door and then invoke it once inside.

So no, I would argue that you can't say that privilege escalation
exploits for NT-based OS's are in some way by default also counted as
exploits against win-9x/me.

If a given privilege escalation exploit is found to contain a payload
that runs correctly on both NT and 9x, then you've got to show me that
this exploit can leverage some 9x vulnerability to get the payload up
and running.

Re: Risk Profile Vs Antivirus Definition age

on 9/8/2012, Virus Guy supposed :
Quoted text here. Click to load it

Not exactly, but for the sake of argument let's say that is the case.
Quoted text here. Click to load it

Okay, same as above.
Quoted text here. Click to load it

Sort of.

Let's consider a remote code execution exploit with an exploit based
payload. The remote code execution exploit, say via a browser
vulnerability, runs code with the user's token. It has not enough
privilege to do what the author wants, and so targets another
vulnerability to escalate privilege. Now it can do what the author
wanted.

Let's consider the same on W98.  The remote code execution takes place
and *already* has all of the privilege it needs to do the author's
dirty work. What is done via two exploits on NT is done by only one on
W98.

Any vulnerability that escalates privilege that is *not needed* to
attack W98 shouldn't be counted as something negative for your
comparison of the two OSes. The only reason NT based OSes have
privilege escalation vulnerabilitites is because they have those
privilege levels to surmount.

[...]



Re: Risk Profile Vs Antivirus Definition age


Quoted text here. Click to load it

Can you hear the deafening silence? That's reality, punching Virus_Guy
right in the nose.


--
There ain't no rest for the wicked. Money don't grow on trees. I got
bills to pay. I got mouths to feed. Ain't nothing in this world for
free. Oh No. I can't slow down, I can't hold back though you know I wish
I could. Oh no there ain't no rest for the wicked, until we close our
eyes for good.




Re: Risk Profile Vs Antivirus Definition age

Dustin explained on 9/8/2012 :
Quoted text here. Click to load it

At least he now seems to grasp that an exploit and a payload are
separate entities and that a published exploit might work on W98 even
if the accompanying payload with the exploit in the wild doesn't.



Re: Risk Profile Vs Antivirus Definition age

FromTheRafters wrote:
 
Quoted text here. Click to load it

But that's two separate exploits - one of which gets you through the
front door, the other allows you to change your hat (become admin) and
have special abilities on the inside.

I've never seen Micro$oft identify Win-98 as being "affected" by
anything it called a privilege-escalation vulnerability.

Is there an example of a privilege-escalation exploit where the
"front-door" part of the exploit operated properly under win-9x?

Re: Risk Profile Vs Antivirus Definition age

on 9/8/2012, Virus Guy supposed :
Quoted text here. Click to load it

Okay, use a classic trojan vector then. Same thing applies. A software
exploit is needed in NT where it isn't even needed in W98.
Quoted text here. Click to load it

Of course not, that's my point. The token already has the needed
privilege in W98, no need to escalate. In this aspect W98 is vulnerable
by design.

Quoted text here. Click to load it

If I understand your question correctly, then possibly. I'd have to do
some looking around though. In this case the privilege escalation is
not from restricted user token to admin token it is from user/admin
(which is the same entity on W98) to system which has direct memory
access among other things that admin can't easily reach.



Site Timeline