Thu, Apr 28 2005 20:46
Law number 2 - get ready for LUA folks
Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore
In the end, an operating system is just a series of ones and zeroes that, when interpreted by the processor, cause the computer to do certain things. Change the ones and zeroes, and it will do something different. Where are the ones and zeroes stored? Why, on the computer, right along with everything else! They're just files, and if other people who use the computer are permitted to change those files, it's "game over".
To understand why, consider that operating system files are among the most trusted ones on the computer, and they generally run with system-level privileges. That is, they can do absolutely anything. Among other things, they're trusted to manage user accounts, handle password changes, and enforce the rules governing who can do what on the computer. If a bad guy can change them, the now-untrustworthy files will do his bidding, and there's no limit to what he can do. He can steal passwords, make himself an administrator on the computer, or add entirely new functions to the operating system. To prevent this type of attack, make sure that the system files (and the registry, for that matter) are well protected. (The security checklists on the Microsoft Security website will help you do this).
There are a couple of things that are in the near future and one that we majorly need to get on the backs of our application vendors on that are touched by Security Law number 2. This law says that if you don't protect your system registry, you may not have a good system.
Well guess what class...what do most of us do to our system registry? We leave it wide open to be messed with all the time. Show of hands... how many [including myself as I've got a couple of desktops that I haven't fully done this to] are running with full rights to that desktop? We leave our registries wide open for attack. I'll be the first to admit it's not easy running with least privilege user rights...what we have to do to classesroot to get Quickbooks to run in LUA is insane.
So we don't even do ANYTHING to help even get close to protecting ourselves on law number 2, we leave ourselves wide open from the get go. And this is something we need our vendors to help out on. My Threatcode site is back on the air and we truly need to get these vendors ready for Longhorn and LUA.
Filed under: Security