At this point, you’ve almost certainly heard the tale of Eric Lundgren, the electronics recycler who is now looking at spending 15 months in prison because he was duplicating freely available Windows restore discs. Of no use to anyone who doesn’t already have a licensed copy of Windows, these restore discs have little to no monetary value. In fact, as an individual, you couldn’t buy one at retail if you wanted to. The duplication of these discs would therefore seem to be a victimless crime.
Especially when you hear what Eric wanted to do with these discs. To help extend the functional lifespan of older computers, he intended on providing these discs at low cost to those looking to refurbish Windows computers. After each machine had its operating system reinstalled, the disc would go along with the computer in hopes the new owner would be able to utilize it themselves down the road.
It all sounds innocent enough, even honorable. But a quick glance at Microsoft’s licensing arrangement is all you need to know the whole scheme runs afoul of how the Redmond giant wants their operating system installed and maintained. It may be a hard pill to swallow, but when Eric Lundgren decided to use Microsoft’s product he agreed to play by their rules. Unfortunately for him, he lost.
When news broke on Meltdown and Spectre ahead of the original disclosure plan, word spread like wildfire and it was hard to separate fact from speculation. One commonly repeated claim was that the fix would slow down computers by up to 30% for some workloads. A report released by Microsoft today says that “average users” with post-2015 hardware won’t notice the difference. Without getting into specific numbers, they mention that they expect folks running pre-2015 hardware to experience noticeable slowdowns with the patches applied.
The impact from Meltdown updates are easier to categorize: they slow down the transition from an user’s application level code to system level kernel code. The good news: such transitions were already a performance killjoy before Meltdown came along. There exists an extensive collection of tools (design patterns, libraries, and APIs) to help software developers reduce the number of user-kernel transitions.
Performance sensitive code that were already written to minimize kernel transitions will suffer very little from Meltdown updates. This includes most games and mainstream applications. The updates will have a greater impact on the minority of applications that frequently jump between kernel and user worlds. Antivirus software (with their own problems) have reasons to do so, and probably will end up causing most of the slowdowns seen by normal users.
Servers, with their extensive disk and networking IO — and thus kernel usage — are going to have a much worse time, even as seen through Microsoft’s rosy spectacles. So much so that Microsoft is recommending that admins “balance the security versus performance tradeoff for your environment”.
The impact from Spectre updates are harder to pin down. Speculative execution and caching are too important in modern CPUs to “just” turn off. The fixes will be more complex and we’ll have to wait for them to roll out (bumps and all) before we have a better picture.
The effects might end up being negligible as some tech titans are currently saying, and that probably will fit your experience, unless you’re running a server farm. But even if they’re wrong, you’ll still be comfortably faster than an Intel 486 or a Raspberry Pi.
Florida is a great place to live, especially around January when it’s sunny and 24 degrees outside (76F) while all of your friends from back home are dealing with scraping ice off of their windshields every morning. In the late summer, though, this pleasant tropical paradise can sometimes take a turn for the worse, because Florida is one of the handful of places that frequently see some of the worst storms on the planet: hurricanes. As a Floridian myself, perhaps I can shed some light on some of the ways that the various local governments and their residents have taken to mitigate the destruction that usually accompanies these intense tropical storms when it seems that, to outsiders, it might be considered unwise to live in such a place.
Whenever there’s a new Windows virus out there wreaking global havoc, the Linux types get smug. “That’ll never happen in our open operating system,” they say. “There are many eyes looking over the source code.” But then there’s a Heartbleed vulnerability that keeps them humble for a little while. Anyway, at least patches are propagated faster in the Linux world, right?
While the Linuxers are holier-than-thou, the Windows folks get defensive. They say that the problem isn’t with Windows, it’s just that it’s the number one target because it’s the most popular OS. Wrong, that’d be Android for the last few years, or Linux since forever in the server space. Then they say it’s a failure to apply patches and upgrade their systems, because their users are just less savvy, but that some new update system will solve the problem.
There’s some truth to the viruses and the patching, but when WannaCry is taking over hospitals’ IT systems or the radiation monitoring network at Chernobyl, it’s not likely to be the fault of the stereotypical naive users, and any automatic patch system is only likely to help around the margins.
So why is WannaCry, and variants, hitting unpatched XP machines, managed by professionals, all over the world? Why are there still XP machines in professional environments anyway? And what does any of this have to do with free software? The answer to all of these questions can be found in the ancient root of all evil, the want of money. Linux is more secure, ironically, at least partly because it’s free as in beer, and upgrading to a newer version is simply cheaper.
If you are a Linux user that has to use Windows — or even a Windows user that needs some Linux support — Cygwin has long been a great tool for getting things done. It provides a nearly complete Linux toolset. It also provides almost the entire Linux API, so that anything it doesn’t supply can probably be built from source. You can even write code on Windows, compile and test it and (usually) port it over to Linux painlessly.
However, Cygwin’s package management is a little clunky and setting up the GUI environment has always been tricky, especially for new users. A project called Swan aims to make a full-featured X11 Linux environment easy to install on Windows.
The project uses Cygwin along with Xfce for its desktop. Cygwin provides pretty good Windows integration, but Swan also includes extra features. For example, you can make your default browser the Windows browser with a single click. It also includes spm — a package manager for Cygwin that is somewhat easier to use, although it still launches the default package manager to do the work (this isn’t a new idea, by the way).
The Cybellum team published a new 0-day technique for injecting code and maintaining persistency on a target computer, baptized DoubleAgent. This technique uses a feature that all Windows versions since XP provide, that allows for an Application Verifier Provider DLL to be installed for any executable. The verifier-provider DLL is just a DLL that is loaded into the process and is supposedly responsible for performing run-time verifications for the application. However, its internal behaviour can be whatever an attacker wants, since he can provide the DLL himself.
Microsoft describes it as:
Application Verifier is a runtime verification tool for unmanaged code. Application Verifier assists developers in quickly finding subtle programming errors that can be extremely difficult to identify with normal application testing. Using Application Verifier in Visual Studio makes it easier to create reliable applications by identifying errors caused by heap corruption, incorrect handle and critical section usage. (…)
The code injection occurs extremely early during the victim’s process initialization, giving the attacker full control over the process and no way for the process to actually detect what’s going on. Once a DLL has been registered as a verifier provider DLL for a process, it would permanently be injected by the Windows Loader into the process every time the process starts, even after reboots, updates, reinstalls, or patches.
So it’s all over for Windows right? Well… no. The thing is, to register this DLL, the registered process has to have administrator rights so it can write the proper key to the Windows Registry. Without these permissions, there is no way for this attack to work. You know, the kind of permissions that allow you to install software for all users or format your own hard-drive. So, although this technique has its merit and can present challenges to processes that absolutely must maintain their integrity (such as the Cybellum team points out in the Anti-Virus software case), some other security flaw had to occur first so you can register this sort of ‘debugging DLL’.
If you already have administrator permissions you can do pretty much what you want, including DLL injection to fool anti-virus software. (Though it might be easy just to disable or remove it.) This new tool has the advantage of being stealthy, but is a 0-day that requires root a 0-day?
[Victor Frost] has a deep voice and a fancy top of the line camera. While one would assume this to be a more than generous situation for life to put a person in; it’s got its own set of problems. Mainly that his fantastic fancy camera uses the most modern version of the popular h.264 encoding scheme, h.265. Gasp!
While that too seems like a pro, unfortunately h.265 doesn’t play as nice with his editing software. The solution seems easy, just transcode it and get on your way. However, when you start talking about transcoding 4K video from a top-of-the line source and retaining the quality. Well… It can bring a processor to its knees. Since he’d rather be playing overwatch than transcoding video on his main computer, he decided to offload and automate the drudgery to his spare.
That’s how the Ingest-a-Tron 9000 came into play. It uses a lot of open source software and, yes, windows batch files to take the files off his camera, process it on one computer, and dump it to another. Now he can game (or edit) while he waits. For those of us who are estranged from Linux thanks to our favorite software, it’s good to know that there are still ways to automate away the pain. Video after the break.