:flame: Windows' newest security vulnerability is called Linux :flame:

mott555

Sean Michael Kerner  /  Aug 5, 2016

Black Hat: Windows 10 at Risk From Linux Kernel Hidden Inside

At Black Hat USA, a researcher exposes design and control flaws in Windows 10.

[quote]
Embedded within some versions of the latest Windows 10 update is a capability to run Linux. Unfortunately, that capability has flaws, which Alex Ionescu, chief architect at Crowdstrike, detailed in a session at the Black Hat USA security conference here and referred to as the Linux kernel hidden in Windows 10.
[/quote]

FrostCat

@mott555 "Among the issues that Ionescu is still concerned about is the fact that AppLocker, which is Microsoft's whitelisting service for Windows applications, doesn't work for Linux applications. As such, if an enterprise has enabled Linux on systems, Linux apps can potentially run without first checking with AppLocker."

I don't understand the problem. Linux people always tell me Linux doesn't have security problems like Windows does, so why do apps need to be whitelisted?

anotherusername

@FrostCat it has nothing really to do with security and everything to do with your IT department being able to control (whitelist) the applications you're allowed to use on your work PC.

boomzilla

@anotherusername so this is like them white listing a non-pre-compiled language like python or something and then noting that users could run any python program.

Jaloopa

@boomzilla I wonder if you could then use wine from the Linux environment to run any Windows app.

FrostCat

@anotherusername You, ah, did see that emoji at the end of my post, right?

I get that companies would want to control what apps users can run, although I'd never want to work at such a company.

HardwareGeek

@FrostCat said in Windows' newest security vulnerability is called Linux :

I'd never want to work at such a company.

accalia

@FrostCat said in Windows' newest security vulnerability is called Linux :

I'd never want to work at such a company.

QFFT

anotherusername

@boomzilla said in Windows' newest security vulnerability is called Linux :

@anotherusername so this is like them white listing a non-pre-compiled language like python or something and then noting that users could run any python program.

It's more like Windows patching in built-in support for Python, and then someone noting that users could run any Python program.

sloosecannon

@FrostCat said in Windows' newest security vulnerability is called Linux :

@anotherusername You, ah, did see that emoji at the end of my post, right?

I get that companies would want to control what apps users can run, although I'd never want to work at such a company.

I can see legitimate uses of that feature though - namely for public-facing computers (Word-processing only, for example).

But yeah, doing that with employee computers is just silly.

groo

@HardwareGeek If I'd take a restriction like this I would end in a far worse place, I had to take this. It's not that terrible, but it's annoying.

FrostCat

@sloosecannon said in Windows' newest security vulnerability is called Linux :

But yeah, doing that with employee computers is just silly.

I did contract for a while, years ago, with a company that ran nightly software inventories and would send you an email bitching at you if they found "unauthorized" programs on your machine, which was really obnoxious for a developer. At one point, we were evaluating purchasing a product, and I got dinged for having a demo of it on my PC, so I had to go back to my manager and get permission to keep it.

HardwareGeek

@FrostCat said in Windows' newest security vulnerability is called Linux :

send you an email bitching at you if they found "unauthorized" programs on your machine

I'm pretty sure I've posted before about the place I worked that did occasional audits. They explicitly allowed "reasonable" personal use of work computers, so their audits were just to make sure everything was properly licensed. Whether you bought it personally, OSS, or something your department had bought without going through corporate IT, as long as you had a valid license (and, I suppose, it wasn't malware), the auditors were happy.

My current position, my laptop is owned by the consulting company, and technically I'm not supposed to use it for anything not work. So far, I haven't seen any indication the client cares all that much, and the client will nuke and pave it before the consulting company sees it again, so I'm not too worried. Still, I've installed very little personal stuff on it — I think only one thing that the stupid installer wouldn't let me put on an external drive.

However, for a while, my work computer was the only computer I had access to. I would have been very, very unhappy if I couldn't have had anything personal on it.

dkf

@FrostCat said in Windows' newest security vulnerability is called Linux :

Linux people always tell me Linux doesn't have security problems like Windows does

That's because it has security problems like Linux does, not like Windows does.

Arantor

@dkf but since everyone studies the source and compiles from source, no bad code is ever run unless the user wants to, right?

Or did I miss something?

I kid, of course.

cartman82

This whole emulation idea is fucking stupid. If I wanted a separate nix world with disk drive integration, I can just set up a VirtualBox and run it in Seamless mode. Microsoft's BASH shell seems to have zero advantages over that, and seems to causes additional problems.

The should have added a few linux compatibility features (eg. linux-like file permissions) and co-opted msys2/cygwin.

NTAuthority

@cartman82 said in Windows' newest security vulnerability is called Linux :

The should have added a few linux compatibility features (eg. linux-like file permissions) and co-opted msys2/cygwin.

That's pretty much every past attempt at POSIX support on NT since, like, 1992. Clearly, that didn't work out well enough.

WSL, on the other hand, is just repurposing the scraps of ADSS ('Android Subsystem', Astoria) to appeal to the modern tech crowd who hates NT OS and loves everything POSIX and overhypes completely broken shit. MSFT's own marketing for WSL also involves a lot of... doing stuff that already worked with every past user-mode POSIX emulation library, except those could actually interoperate with the Win32 world a lot better than this mess.

Also, if you've ever tried to run any complex application over VirtualBox' shared folders with a NT host (or apparently any other host, as well), you'd know that's a real performance hell.