Windows 8 virus situation

[tyosei]

Are there any viruses in Windows 8 that can be installed without permission from the user?

I'm talking about things like buffer overflow, using scripts to exploit a browser vulnerability, malicious Javascript PDFs, the old autorun virus from Windows 7 etc... basically things that can install a virus on a user's computer without triggering UAC or an install prompt.

Does this exist in Windows 8 yet?

 

[smakme7757]

It's not a matter if it exists or not, but a matter or finding a vulnerable function or DLL or something along those lines. Every operating system is full of exploits, some are just harder to find than others.

With that being said i highly doubt anyone who knows about a zero day vulnerability would post it publicly here. These sort of things are either kept private for criminal purposes or brought to the attention of the company who is writing the software so they can fix it.

If you're interested in this sort of stuff you should sign up for the Bugtraq mailing list http://www.securityfocus.com/

If you're asking from a standpoint as a user just wanting to stay safe my best advice is to stay up to date. Use the most recent version of all your software and try to stay away from known red areas of the web.

 

[mikeymikec]

Does this exist in Windows 8 yet?

A safe and logical assumption is "Yes". Even if the answer is no, it is completely unimportant. For all you know, someone with a malicious intention has just discovered such a vulnerability at this moment. Anyone who makes a decision based on the assumption that a product has no vulnerabilities is a complete fool.

 

[postmortemIA]

Are there any viruses in Windows 8 that can be installed without permission from the user?

I'm talking about things like buffer overflow, using scripts to exploit a browser vulnerability, malicious Javascript PDFs, the old autorun virus from Windows 7 etc... basically things that can install a virus on a user's computer without triggering UAC or an install prompt.

Does this exist in Windows 8 yet?

Running EXE that does not need admin permissions will not trigger the UAC. UAC is triggered when elevation of privilege is needed.
It is just that virus running in user mode can't damage much beside that user settings, including messing up internet explorer and Firefox that you can't use internet anymore.

 

[mechBgon]

Running EXE that does not need admin permissions will not trigger the UAC. UAC is triggered when elevation of privilege is needed.
It is just that virus running in user mode can't damage much beside that user settings, including messing up internet explorer and Firefox that you can't use internet anymore.

Malware running as the user could still do some damage, such as encrypting your files and holding them for ransom, or deleting them. I could think of some more examples. At any rate, if that attack vector is a concern, then I have some suggestions:

1. like the guys said, keep your stuff up-to-date. Change your Windows Update to full-blown Microsoft Update, uninstall software you don't need (especially Java), and use Secunia PSI to check your stuff for known patches it needs.

2. install and configure Microsoft EMET 4.0 for maximum protection. http://www.microsoft.com/en-us/download/details.aspx?id=39273

3. use Software Restriction Policy or at least Parental Controls to block execution of unauthorized stuff. http://www.mechbgon.com/srp for some guidance on that.

4. disable AutoRun completely. http://www.mechbgon.com/build/autoplay.html

5. if possible, stick with the simple PDF reader included with Win8. It runs in an AppContainer for extra damage containment. Next-best would be Adobe Reader in a high-security configuration: http://www.mechbgon.com/build/security2.html#more_tips

6. Max out UAC to the "Always notify" setting.

 

[Savatar]

In the security world, there is a lot of focus on vulnerable third-party applications to get initial 'access' to the system, such as different versions of Adobe Acrobat, Flash Player, or Java browser plug-ins. Since those are fundamental flaws in the third-party applications, they are just as vulnerable on Windows 7 as Windows 8, and are probably the #1 way home systems get infected (also malicious email attachments, which are just as plausible on Windows 7 as Windows 8). One of your examples, malicious javascript in PDFs, would definitely still be viable depending on the version of Adobe Acrobat the user has installed. Microsoft is helping to protect systems from these kinds of attacks, however, with Windows Defender (a virus/malware scanner) that comes out of the box - which can help with some of the more common attacks. I haven't heard of remote 'out-of-the-box' exploits for W8 yet, but just glancing at Bugtraq you can see how ridiculously common Java vulnerabilities are. Signing up for Bugtraq as smakme7757 suggested is a decent idea, but if you want to learn more about security in general I recommend Security+ and/or CEH courses. Hope this helps to answer your question!

 

[PrincessFrosty]

The truth is that no one knows for sure, these kinds of vulnerabilities are so important that a lot of people finding them are going to either keep them secret or sell the vulnerability on, the kind of vulnerabilities you're talking about are worth a small fortune to the right people.

You won't know about it until someone builds a tool that exploits it and releases it in to the wild, only then can it be found and patched, but then you're also vulnerable...all you can do is keep patches for OS and software up to date and avoid dodgy websites and files. The best protection is education of the users to avoid bad sources of data.

 

[Tuffrabbit]

Quote; "In the security world, there is a lot of focus on vulnerable third-party applications to get initial 'access' to the system, such as different versions of Adobe Acrobat, Flash Player, or Java browser plug-ins".


More and more motherboards are coming out with a feature called UEFI (Unified Extensible Firmware Interface) Is this effective at combating the above quoted vulnerability ?

 

[PrincessFrosty]

Quote; "In the security world, there is a lot of focus on vulnerable third-party applications to get initial 'access' to the system, such as different versions of Adobe Acrobat, Flash Player, or Java browser plug-ins".


More and more motherboards are coming out with a feature called UEFI (Unified Extensible Firmware Interface) Is this effective at combating the above quoted vulnerability ?

Not really.

However...

UEFI has a feature called secureboot which is fairly new to computing world, it allows signing of the operating system, when the OS is signed it means only "legit" versions of the OS can boot, if an application tries to make modifications to the core OS processes (i.e. a root kit) then that will stop booting or notify you.

Once OS's are signed to be OK they can continue the "trust" chain by then signing software underneath them, it's not something to my knowledge has been practically deployed yet but it's a logical extension of secure boot, the idea is you start with a trusted OS and by extension you can decide to trust processes running under it.

Those 3rd party apps as attack vectors to get on to a system will still always be a threat themselves, UEFI, secure boot and potentially secure code signing for apps could stop viruses and other malicious processes from causing damage even if they can infect 3rd party apps. It's a step towards mitigating the damage one app can do the rest of the system, if that app becomes infected or untrustworthy.

 

[Tuffrabbit]

Ok, Thanks for that info Frosty...

 

[Savatar]

Just wanted to add my two cents:
As Princess pointed out, SecureBoot would help protect only certain system-level components of the operating system... provided the keys used to sign those components don't get leaked or cracked. This will most likely happen eventually, just as the Blu-Ray keys and PS3 keys were eventually figured out... heck, even some MS root certificates were compromised because of a difficult-to-pull-off collision attack in parts of Flame. Once this happens, all bets are off... certain keys can be revoked but that would in turn require new keys to be issued, components to be signed, and so on - these updates would be pushed in BIOS firmware updates, potentially resulting in your system (and thousands of other systems) being unbootable.

There's a lot of controversy around SecureBoot and how it may actually do more to hinder honest users from using their systems the way they want, without ponying up $$ for things to be signed by MS... this is especially problematic with linux. Here is a decent overview of some of the controversy: http://www.windowsecurity.com/artic...ecure-Boot-Controversy-What-does-mean-IT.html