Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Assarbad

Pages: [1]
1
Hi there,

I am getting the following symptom: http://nakedsecurity.sophos.com/2013/04/12/patch-tuesday-fatal-system-error/ and that must be due to the Windows update I ran prior to the reboot.

It rebooted kinda successfully once, but I take that this was mostly because some of the patch processing happens after reboot.

However, even when I had this seemingly successful reboot, I got a (PE/DLL) loader error code directly in the native error format: 0xC000007B, which has the symbolic name STATUS_INVALID_IMAGE_FORMAT according to my copy of the Windows Driver Kit.

So since I got that when attempting to start VMware Workstation 8 (which suggests that a particular DLL is involved here), I rebooted. From then on I received the fatal system error similar to the above.

Now, I tried the Startup Repair, obviously, which was "fixing disk problems" the first time around.

I'm not really looking for solutions from you folks (I have an older backup I can use), just wondering whether anyone else sees that error. Obviously I let the Startup Repair send the error report, which - I guess - would mean that MS has the info about the patch problem already.

2
Security Alerts & Briefings / MD5 is dead
« on: December 01, 2007, 11:40:13 AM »
http://www.win.tue.nl/hashclash/SoftIntCodeSign/

(... should probably be in the "Security Alerts & Briefings", but since no one has write access there, but the mod)

3
Suggestions and Site Feedback / Educate computer users!
« on: October 28, 2006, 01:55:51 PM »
Why is spyware (using the term to refer to spyware, adware and all these buggers at once) such a problem? Unlike for viruses[1] I would say that spyware is mostly a problem of uneducated computer users. The important phrase here is "computer users". I don't say that anyone here is uneducated with regards to not being able read or write. it is more how to handle computers, how to work with them securely and so on.

There is a myriad of factors that contribute to whether or not you will be a spyware victim. However, in my impression you don't need to be a computer expert to prevent your machine from being infected with spyware.

Since the "dawn or rootkits" in the spyware sector it is becoming increasingly complicated to defeat these threats. Also it is becoming increasingly dangerous to leave a previously compromised system running. For rootkits one should generally say that a compromised system should not be trusted ever again - with one exception: if the rootkit can be identified with a 100% certainty and has been analyzed to 100% (and I don't mean viewing the file in Notepad :lol:) it will be safe to remove it and its components without leaving remainders of it on your hard drive. Otherwise I say: reinstall.

But back to the topic. I am certainly the last to become a "Microsoft-Basher", but they have a great share of responsibility for the current misery. Here some of my theses. We'd have a safer internet if
  • ... the Internet Explorer would not have been bundled with the operating system
  • ... if the default account wasn't one with admin privileges
  • ... if software vendors would not ask for admin privileges upon installation of their applications all the time (e.g. access to HKLM)
  • ... if ActiveX did not exist in its current form
  • ... if the Internet Explorer would not be so tightly integrated with other OS components (partially mitigated with IE7)
  • ... users were educated enough to see, understand and mitigate the problems they create

Yes, you read right: I said the users are part of the problem. Although Microsoft can be accused of a lot of negligence when it comes to the separation of the TCB from normal (read: uneducated) users[2], the users could well find a wealth of information on the internet and in books to make their systems more secure. One of the biggest problems with the so called "data-highway" (i.e. the internet) is that basically everyone is allowed to "drive" there - having a "driver license" (i.e. the skills) or not. This is ridiculous. Of course I understand that there will be no way (except censorship, which no one wants) to force users from "driving" the "data-highway". However, one can appeal to the responsibility of the users thus motivating them to educate themselves or let others help to educate them. And frankly it is not just a matter of education - instead ignorance is a huge problem as well.

Let me give an example. I worked as a network administrator of a Windows domain for 6 years (and a little more on a voluntary basis). As such I also had "user-contact" quite often. Despite my and lately (when another admin joined in) our attempts to educate the users, we had no results. Let us take MS Word which is (too) often used by the students to write their thesis. Apart from giving up control about your information[3] the application was flaky and would often crash with bigger documents or documents with many (and large) pictures. However, even those who had their thesis almost lost because of Mr. Flaky-Ms-Word-2000, returned to it afterwards (once even just to almost lose the thesis again). The problem was that the document file could just not be opened again, MS Word would crash if you tried. The only rescue was OpenOffice.org (or StarOffice before) although much of the layout got lost then[4]. In German there is a proverb literally saying that a damage will make you wise - not so in case of Microsoft products as it seems. Whenever you try to get a user to use an alternative product this is turned down by some comment like: I don't know how to work with that. Funnily it can happen that in the next minute you get asked by the very same user how to do this or that in his "favorite" MS product - ridiculous. Same holds for Internet Explorer - users are reluctant to use a safer product (and I talk of the times of IE5, 5.5 and 6) and justify it with the "fact" that they aren't used to the other program. What the heck? If one saw most of our students surf the web it really doesn't make any difference which browser they use, as long as it is not a text browser. Well, what we did then was the hard way: we locked down all possibilities to use IE and put Opera and Netscape/Firefox on the desktop. And it really worked after a short transition time.

As one can see, ignorance is a huge problem, too. Let's face it, MS had not worked on IE for several years and not only was the usability a horror, the security was a much bigger issue. What are these poor users going to do now that they have to transition from IEx to IE7? Everything has changed ... menu items have disappeared or were relocated. Will they be as reluctant to it as they were when changing from MS Word 2000 to an alternative product or from IE to Opera and Netscape/Firefox? I bet not. Because it's labelled Microsoft again ... it does not "smell" differently.

So what can we do then? I say we should educate the users instead of investing to much in the removal of symptoms. Uneducated users are a problem and one that is very visible if you get the connection between the spam in your mailbox and the botnets on the internet. Spyware (actually all malware for this matter) is no more just a private problem of the user being infected with it. Often enough it is a problem to all of us. And users hold two keys to the solution of the problem in their hands:
  • They can put pressure on software vendors such as MS through their "consumption" behavior.
  • They can learn to be more security aware and help make the net a bit safer.

As noble as it is to help the victims of an infection, as much it is necessary to educate these people and make them "multiplicators" of this newly gained knowledge. I think it should be set down in the forum rules as the very first point that a user agrees to "safe-computing" for the future[5]. As I said, it is nice that users can turn here to get help. But instead of getting only help they should find help to help themselves. In my opinion the users and their behavior are the keys to an internet with less malware - not the fight against symptoms. (Yes, I know that often users turn here only after they have been infected. Reason enough to attempt changing that.)

Hope you got not too bored from reading this ;)

Footnotes:
[1] - viruses use covert channels to intrude a system. Often skilled users will not be able to detect such an intrusion without helper programs (such as AV/AS programs).
[2] - the TCB (or Trusted Computing Base) is a theoretical part of the operating system into which only trusted entities can inject code. However, since the administrator on Windows is a trusted entity (though not strictly part of the TCB), he is allowed to help code take the step into the TCB (i.e. install drivers or services). The problem here is, that as opposed to how this reads, the administrator needs not to take any interactive steps - code running in the user context of the administrator just has his rights and that's it. Vista helps mitigating this by requiring an interactive step by the (human) administrator to acknowledge a certain action (UAC).
[3] - MS Word 2000 was saving a lot of unrelated information in the .doc files
[4] - ... somthing users love to complain about. Not seeing that MS has not documented the .doc file format and developers of other products have therefore to try find out how the format works.
[5] - of course he will get help the next time. But making a promise to be more security aware in the future could be a step to force the security issue into their awareness.

Pages: [1]