Windows 7 Threat from co-workers???

john3347

Extraordinary Member
Premium Supporter
Joined
Jan 12, 2009
It would seem that this security hole would be an extremely serious flaw for people such as independent researchers who have co-workers who could have access to a computer during time periods that the rightful user was off duty. Bosses could easily "spy" on their employees, which would be a minor issue; but it would also open the door for peers to "spy" on peers and access/steal information that they are not authorized to access. I can see an angry worker accessing a co-worker's computer and modifying saved documents such that the rightful user selects a document by file name and sends it to a client with a completely different message from the original. (original message: "we would love to meet with you and discuss terms." modified message: "we would love to meet with you and screw you royally.") This security hole could, and should, kill the operating system for use by a particular company or in a particular environment. I am surprised that this hole has not gotten more publicity than it has.


Win7: Security Hole 'Unfixable', Experts Say / Infopackets.com
 
hmmm,,, I hadn't though of the other implications that this little exploit does allow.
Maybe cause I didn't completely read the whole post.
 
Appears to be a HUGE hole

hmmm,,, I hadn't though of the other implications that this little exploit does allow.
Maybe cause I didn't completely read the whole post.

I can picture someone from Company A planting a spy with the cleaning service that Company B hires to clean their offices. This spy cleans the offices where computers that have access to all confidential company information are housed and has full access to Company B's secret information. I can see employees in a small company accessing pay and performance records of all employees and causing havoc throughout the company and the company never knowing how the information got out. ( I remember one time I tapped into an un-authorized area in my company's computers and copied out all the employee's pay rates. A few employees got some handsome raises as a result. Nearly got myself fired, too. Hole got plugged in a hurry, too.) I can see children gaining access to parent's computer and accessing credit card numbers, and other confidential information. There are SOOOOOOO many ways this Windows 7 hole can be exploited. I don't see myself affected so much by this, but I see others quite in the line of fire of a BIG bullet.
 
Explain, Please

This will not be an issue

Mike2k9, can you expand on your reply a bit, please? I would like to be convinced that this is not an issue, but from what I have read, it really is a major issue in many environments. It is not an issue in my personal computer environment, but I see big problems in other environments.
 
I am still not fully convinced that this can not be detected. Or cleaned or prevented from installing.
One thing that a lot of companies don't do though is lock down their computers. Or purchase the right licenses (ie. Enterprise or Ultimate) to take full advantage of full disk encryption, or purchase something like PGP.

It may be wise for companies to start utilizing that BIOS boot password that has been there for a decade that no one uses.
 
Is the boot password not the huge vulnerability of this issue? This hack allows the boot password to be disabled then re-enabled when "leaving". This is the point that makes it so large an issue in my mind. Granted, an attacker must have physical access to a subject machine to perform their "handiwork", but their are ways to accomplish this in many environments. Perhaps full disk encryption may be a deterrent.
 
No, it's not the boot password itself that is hacked, but the users passwords.
I am assuming the last logged on user, but I have not read that much about this.

It hooks itself to a process during bootup and clears the need for a password to login to the pc as a user.
The BIOS boot password would not prevent this attack, however, it would prevent the attacker from being to login past the BIOS.
 
Oh, OK. I guess my lack of understanding may be causing me more concern than others are expressing. I was under the impression that boot password and user password would be one and the same. Of course, if a determined attacker has the same physical access to a machine that this exploit requires, there are several ways they could do big time havoc.
 
I would not necessarily say this is not a big deal.
But, as long as you have a BIOS boot password set, then it doesn't matter. The exploit is useless.

I have read the Presentation on this and it's first hook is the MBR, but you don't get to that till you pass the BIOS.
See screenshot attached.

So, it is preventable to a point. I have not read on how this is installed. I will research that (maybe) and post what I find.
It won't be difficult to install if a user gets up and walks away without locking their system.
Which is why policies are set to lock a system after so many minutes (the policy a lot of users don't like and want disabled or extended). However, it only takes a few seconds to install a tiny program like this.

I think I read something about bootsector viruses having all but disappeared.
Looks like it's time to start focusing on them again.

But, (and this can never, not ever be stressed enough, ever)
The first line of security and defense is the USER.
 
After further thought on this issue, I would like to point out some ways to prevent this from being installed in the first place.
These are the very basic of security measures all users should take no matter what PC they are using.
Most people find this to be a pain in the a$$, but they are all essential to a strong first line defense.
Without these as part of your daily PC use routine, all the Antivirus, Spyware/Malware detectors, firewalls on the planet will NOT save you.

1.) Set a strong password, people do not take this seriously enough
.... a.) do not write down your password and leave it anywhere near your system (there is no point to a password if it's on paper and easily accessible)

2.) Lock your computer when you walk away, even for a few seconds, people Also do not take this seriously enough

3.) Don't let anyone else use your account to login and use the system (ever, for any reason)

4.) Set a BIOS Boot Password (if able to), Check with your company on a policy for this, it could get you fired, as some systems, without proper verification, can not be unlocked,reset or otherwise usable.

5.) Disable Auto Run for external devices and CD/DVD Discs or Don't plugin devices or use CD's you do not trust.

6.) Don't run programs you know nothing about or do not trust

7.) see all the above and repeat till it all sinks in :)
 
Back
Top Bottom