Sharing my thoughts with the world.
SANS ISC is reporting that various sources are saying that we may see XP SP3 before the end of the month. With OEMs and MSDN subcribers seeing the patch on April 21st and an end-user release date of April 28th.
Confused? I know I was... but this is actually quite interesting.
OS Version (via systeminfo)
Vista Ultimate Release: 6.0.6000 N/A Build 6000
Vista Ultimate Service Pack 1: 6.0.6001 Service Pack 1 Build 6001
Server 2008 Standard Release: 6.0.6001 Service Pack 1 Build 6001
You can read more about it here.
For quite some time now I've been a regular user of Cooperative Linux (coLinux), which I think is best described on its website:
Cooperative Linux is the first working free and open source method for optimally running Linux on Microsoft Windows natively. More generally, Cooperative Linux (short-named coLinux) is a port of the Linux kernel that allows it to run cooperatively alongside another operating system on a single machine. For instance, it allows one to freely run Linux on Windows 2000/XP, without using a commercial PC virtualization software such as VMware, in a way which is much more optimal than using any general purpose PC virtualization software
I've been using it for quote some time but I've never bothered to spend the time to take it beyond a console (mind you I see on their website that it'll run Knoppix Japanese Edition with a full GUI). A few months ago andLinux came to my attention. andLinux uses coLinux at it's core and then integrates the Xming server, allowing you to easily run Windows and XWindows applications side by side, both running natively. I think this is absolutely amazing, and something that is definitely needed. My laptop currently have notepad and firefox open on the Windows side and XFCE panel, firefox and Gnome Terminal (with apt-get install build-essential) open on the Linux side. It brings quite a bit of power and flexibility to the table.
I recently went from Ubuntu back to Windows on my laptop because I purchased a Vonage V-Phone. andLinux allows me to easily and conveniently maintain my favourite Linux apps along side my favourite Windows applications. If you've never used it, I highly recommend jumping over to the website and checking it out.
So I was browsing Task Manager on my Vista box as Admin (Show all users processes) and I noticed wininit.exe. This file has that "virus ring" to it, so I decided to check it out. I'm positive my system hasn't been infected with anything, but there's never harm in checking. I did some searching and the first two results on Google are:
Interesting... I don't know how this got here, but let's kill it. Click on wininit.exe, click end process, blue screen. That's right... blue screen. Apparently wininit.exe is a crucial system file in Vista and shouldn't be killed by anyone, yet the administrator can kill it and easily blue screen the system. This probably shouldn't happen, and it's most likely something Microsoft should consider looking into... no user should be able to end task a single process and blue screen the system... not even the Administrator... I'd probably label this as a vulnerability, but I'm sure Microsoft sees it as a stability issue. This would be similar to lsass.exe on Windows XP with the nice pop-up that says, 'This is a critical system process... Task Manager cannot terminate this process' (or something similar).
So end result:
Running Vista:
WinInit.exe is a system critical process, even though some malware scanners identify it as a bad apple. This file should exist in C:\Windows\system32 (or more accurately - %windir%\system32)
Details (Windows Vista Home Premium) as of Today:
File Description: Windows Start-Up Application
File Version: 6.0.6000.16386
MD5: D4385B03E8CCCEE6F0EE249F827C1F3E
Pre-Vista Windows:
Trust your AntiMalware Software.
Anyone with other versions of Windows... see if your wininit.exe is the same (I'm assuming they all are, but if it's different... please post the version of Vista and the MD5 Hash... Thanks.
Today there are a lot of people talking about the release of the Windows Server Protocols and the Windows Communication Protocols. They are series of specs defining various proprietary Microsoft protocols. There are plenty of them and they are rather in depth. These are being released right on the heels of last week's release of the Microsoft Office file format specs. The release of these is, of course, tied to the EU decision that Microsoft has to be more open to interoperability.
Most people, who are talking about the protocol specs so far, are security researchers. This plays a major role in the research game for us. I can remember a few MS Tuesdays that were spent with IDA Pro attached to some listening service, trying to figure out how to generate valid data that would traverse the service to a specific breakpoint. In a lot of ways this will make that research quite a bit easier... and this is what most people are talking about.
While researchers are sitting saying, ‘WOW, this is amazing.' There are a few things that we need to remember:
The improvements we'll see in open source projects. Projects like Samba, mod_ntlm and others will most likely undergo changes to implement portions of the protocols that were never properly understood, or never properly implemented. Someone did point out, however, that developers on some open source projects who enjoyed reversing the protocols may fade away from the projects, bringing in new developers who ‘just want to code'.
Another interesting thing will be the updates to packet analysers and protocol dissectors. I'm sure that we'll see some impressive updates out of Wireshark... but I'm also guessing we'll see the introduction of several small protocol-dependant sniffers. The specs are there, so why not write them?
While security researchers are excited... I'm willing to bet that will stop on the first or second MS Tuesday following this release. Something tells me that this will lead to better fuzzers and more vulnerabilities. This will create a lot of work for those of us in Vulnerability Management, IDS/IPS, etc.
We may also see malware authors looking at various services for new covert channels in which to hide their phone home capabilities... I guess we'll just have to wait and see.
In the end this is really exciting... I will probably spend my entire weekend staring at my new 22" wide-screen monitor reading some of these specs. It'll be interesting to see what the next few months hold.
Does anybody have any thoughts or concerns over these protocols opening up? Any project ideas they are willing to share or propose?
I decided to install PowerShell for Vista today, specifically because Michael keeps talking about PowerShell Scripting over at Terminal23.net. Now, I have Vista Home Premium (it came with the PC) and I failed to realize that PowerShell won't install on my version of Vista. However, this post is about what happened before the installer even told me I couldn't install it.
When I double clicked the installer, I was greeted by UAC and after pressing continue, I received the following message:
Installer encountered an error: 0x80070422
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
It seems that if you have the 'Windows Update' service disabled, you cannot use the Windows Update Standalone Installer. Now those XP users out there that dislike 'Automatic Updates' will be accustomed to the concept of disabling the AU service. However, with Vista, Automatic Updates are controlled via the 'Windows Update' service. So, just as I would on XP, I disabled the service when tweaking a couple of weeks ago, low and behold, this also disabled the ability to install standalone updates that you download from the website. After looking at the 'Windows Update' service again it makes sense, as part of the description states, "programs will not be able to use the Windows Update Agent (WUA) API."
Now maybe it's just me, but I don't think that installing software/update should require a running service, this seems to be like a waste of resources.
Chalk one up for VMWare... One of the (minor) problems with VMWare is that getting VMWare tools installed reliably in a VM can be a bit of a pain.... some *nix distributions just don't play nice. VMWare has responded to this problem by releasing an open source version of VMWare Tools called Open VM Tools.
Functionality includes:
* File transfer between a host and guest
* Improved memory management and network performance under virtualization
* General mechanisms and protocols for communication between host and guests and from guest to guest
The LinuxWorld Conference and Expo recently ended, and related headlines are filtering into the press. One of these headlines, 'Vista Aiding Linux Desktop, Strategist Says', makes me wonder what it takes to be a strategist. Cole Crawford, an IT Strategist for Dell, spoke at the conference and, based on the article, did nothing but hurt the Linux community... unless the Linux community is looking to promote Linux via idiocy and drivel.
The article mentions a few things which drove me nuts, some more than others... so let's start at the top.
"A number of companies have moved back to Windows XP after deploying Vista"
How many is "a number" given just how many companies exist? There are still companies running Windows 2000 because they don't feel XP is up to par, there were companies waiting for XP SP1 before they would switch and there were companies that still didn't feel comfortable doing it after XP SP2. Companies that made the jump to Vista were probably i) purchasing new computers that came equipped with Vista or ii) jumping in the water without checking for sharks first. This is why companies wait, you don't throw a brand new product into an organization and any company with an IT staff worth their salt would know this.
"The Linux desktop can do all of that. It can be interoperable with earlier versions of the operating system, is generally interoperable with Windows, can ship with an enterprise kernel and can be remotely managed by existing management solutions"
I have to question what any of this really means. Are products interoperable, or just the OS itself? Generally on Linux there are fairly severe dependencies and requirements and that's why, unless you're working from source, every distribution, and (generally) version of distribution, has it's own package. Are we talking about "standard" commands being the same across the board? If that's the case, I'd point out that configuring the firewall changes with almost every major kernel version (ipfwadm, iptables, ipchains). What is an enterprise kernel? How do we define an enterprise kernel and how is it different from a "non-enterprise" kernel? Lastly, what is this form of management? Is it SSH or telnet because that isn't really remote management... not enterprise quality remote management. Windows would never have succeeded if Terminal Services was the only form of enterprise management. Every Linux distro has it's own GUI config tool as well, and none of them have anything close to Active Directory and Group Policy for managing computers in a domain. Every time you want to install a new package, are you supposed to write a script to push out the tarball via scp and log in via ssh and execute all required commands? Lastly, and I can realize what this wasn't addressed, we have the issue of enterprise applications. They don't exist. There's no debating the subject... We don't have something to fully replace Exchange yet, nor do we have replacements for the Office line of products, including Project, Visio, Outlook, etc... We don't have a Sharepoint replacement, we're missing a lot of enterprise applications, which is really the reason why Linux isn't enterprise ready.
Now for my favourite comment... and yes, I do believe Mr. Crawford was serious when he said this.
He said Linux is a lot more secure than Windows as it has no registry, since everything is a file, which needs permissions to execute. There is also no such thing as a DLL, which Crawford described as the second most evil thing in Windows behind ActiveX.
I'm trying not to laugh as I type the rest of this but it's difficult. Linux is a lot more secure than Windows because there's no registry?!?! I hope this is some sort of joke, even the rationale behind it fails, mostly because it's unrelated. I would argue that you need permissions in Windows as well... the difference is the "default" level of security that exists... Vista does a lot to address this and make execution much more Linux like. Wireshark is actually a prime example. On my Ubuntu laptop if I don't run Wireshark as root then I don't have access to the interfaces, yet in Windows XP, it doesn't matter how I run Wireshark, I can see the interfaces. In Windows Vista, the response is similar to Ubuntu... I'm required to "Run As Administrator" in order to see the interfaces in Wireshark. I also get a huge kick out of the second part of the comment, that "DLLs are the second most even thing in Windows", and more so the thought that Linux doesn't have DLLs. Now Linux may not use the extension DLL but seriously... who would attempt to speak as a subject matter expert and not recognize that Dynamically Linked Libraries (DLL) are the same as Shared Libraries (Shared Objects) in the Linux world. How about a quote from the IBM website:
"a shared object has nothing to do with object-oriented technology! What we're talking about are dynamically linked libraries on the Linux platform (analogous to DLLs on Windows)."
Now do you see why I can't help but laugh? However this all brings me back to the title of this post? What is an IT Strategist? Are they required to have an understanding of IT? I'm really curious... but I have to say thanks to eWeek for publishing the article... I needed the humour to kick start my morning.
I've had Vista on a laptop for a couple months now, and a few weeks back I bought a desktop with Vista. So far I've been fairly happy with it... I don't understand a lot of the complaints that people have been making. Well a few weeks ago I needed to console into a Cisco switch. I've done this just a few times before, so I go about my business as I normally would -- Start -- Programs -- Accessories -- Communications -- Wait a second... No HyperTerminal. So I do some searching online and I find the answer. Vista doesn't ship with HyperTerm anymore. They suggest using the command line telnet for telnet connections, and completely forget about serial communication. So I had to go find a freeware option on the net. The option I found was Poderosa. Which supports telnet, ssh, local cygwin shell and serial communication.
Now, a week or so later, I wanted to telnet into a pop3 server (I wanted to test credentials) and I don't have netcat on this box yet. So I go to the command prompt and I type telnet. I'm rather surprised by the result:
C:\Users\Tyler>telnet
'telnet' is not recognized as an internal or external command,
operable program or batch file.
I don't get it... The Microsoft help page told me to use command line telnet. I do a bit more searching and find this page. Telnet was removed as a default install option for Vista, you have to go into Programs and Features --> Turn Windows Features on or off and install it. So Vista ships without a single telnet client installed, while previous versions shipped with two and that's it... that's my first beef with Vista.
It's fairly well known that I'm quite the Microsoft advocate... right now they still produce the superior product. However, that's not what I want to discuss... I want to discuss this blog post that keeps appearing on the SecuriTeam RSS feed as new (various little things are updated in it), that other websites have picked up as well. It discusses "cracking" Windows with the DVD.
Now I think there's a language issue here, as I in no way, shape or form consider this cracking or anything remotely close to cracking; nor would I use the word cracking to describe the process occurring with third party software. What bothers me is that anyone, anywhere, with even a shred of technical background would attempt to make a big deal about this. We're talking FUD and nothing but FUD.
So what is this FUD exactly? Well, when you boot with the Vista DVD and use the System Recovery feature, you can get a high privilege command prompt. Why is this FUD? Well, Mr. Rousku, this discoverer of this "crack", states, "This is the first time when cracking Windows operating systems is really easy and needs no deeper technical knowledge." I'm confused here... downloading knoppix requires no technical knowledge. I suppose you could make the argument that you have to navigate Linux but it's a GUI... I'd say the Windows Command Prompt is more difficult to navigate than a Linux window manager. What about a BartPE disk or ERD Commander? Both of these give you nice, easy to use GUIs again easier than a clunky command prompt.
The defense against this is to change your boot order (removing your optical disk) and set a BIOS password. Home users don't need to take this action... why would they, generally home users share a single account so there's no need to worry about this. This applies to business, and in most businesses you should already have secured your computers against the possibility of boot disks. If you haven't then you were already at risk to the software I listed above.
I also don't see how this is different than Linux and lilo's 'init 1' or grub's 'single'. A process that is still used in the Red Hat Enterprise Linux 4 Manual.
Solaris, AIX, and HP-UX also have methods of booting a single user mode. So why did Mr. Rousku beat up on Microsoft? Did he want to see his name in the paper? A better question is why does SecuriTeam, a group of experienced security researchers, continually push this as a security issue... updating and maintaining the post so that it continually reappears in their RSS feed. This is nothing more than unfairly attacking Microsoft and spreading FUD.
Design by Beccary and Weblogs.us
·
XHTML
·
CSS
·