If someone were to gain physical access to a Windows 7 PC, he can control the PC - according to security researchers at HITB event.
Windows 7 Security Issue
(8 posts) (5 voices)-
GMMan, Hexadecimal Blacksmith
BlockedHmm... might be a problem in corporations. But I can't imagine me not finding out if my friend came over and was being sneaky on my computer with Vbootkit.
Posted 15 years ago # -
Physical access to a computer isn't just a Windows 7 security issue - it has always been an issue (particularly vulnerable to the "Steal the computer attack")
http://www.governmentsecurity.org/hacking_physical_access
And refer to Law 3 of the oft quoted "10 Immutable Laws of Security"
Clearly the "security researchers at HITB event" are doing some groundbreaking research (with some more funding they will discover "that opening strange email attachments can result in system problems")
Posted 15 years ago # -
Anonymous
Unregisteredhttp://blogs.zdnet.com/hardware/?p=4627&tag=nl.e539
Should "Standard User" be the default in Windows 7?
The problem with systems running with these two settings is that it’s possible to use a code-injection vulnerability to silently run code or other applications with administrative privileges behind the user’s back. Even Windows super-guru Mark Russinovich acknowledges that a problem exists
Posted 15 years ago # -
watcher13
MemberIt's kind of a 50-50. The vast majority of users were using an admin account before the advent of Vista, but it's not like EVERYBODY was eventually compromised because of that. On the other hand, I always have felt that using a user account with UAC was an improvement that I appreciated. It was just unfortunate that users couldn't become acclimated to it. If I go on 7, I plan to use a user account and UAC with the normal settings, not compromised.
In the end, though, it's still M$'s fault. They knew 10 years ago or more that they were having this permissions problem and couldn't come up with anything until Vista. If they had made what they say is a major security vulnerability a major issue right from the beginning, users today would be acclimated to something like this system and most wouldn't even remember the day when they had to run an admin account to get anything accomplished. But, when you rush everything out and most of your innovation comes from absorbing other companies, I think it's to be expected.
Posted 15 years ago # -
Anonymous
Unregisteredhttp://blogs.msdn.com/aaron_margosis/
The new “LUA bug” of Vista/Win7
Posted 15 years ago # -
Anonymous
Unregisteredhttp://blogs.zdnet.com/security/?p=4222&tag=nl.e550
Windows 7, Vista exposed to 'teardrop attack '
Exploit code for a remote reboot flaw in Microsoft’s implementation of the SMB2 protocol has been posted on the internet, exposing users of Windows 7 and Windows Vista to the teardrop attacks that used to be popular on Windows 3.1 and Windows 95.
SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionality.
Posted 15 years ago # -
Anonymous
Unregisteredhttp://www.nzherald.co.nz/windows-7/news/article.cfm?c_id=1502845&objectid=10607265
Windows 7 'vulnerable to 8 out of 10 viruses'
2:07PM Wednesday Nov 04, 2009Security specialist Sophos warns to get virus protection for your shiny new copy of Windows.
"Windows 7 is no cure for the virus blues, so be sure to bring your protection when you boot up."Posted 15 years ago #
Reply
You must log in to post.