ReactOS security!

Here you can discuss ReactOS related topics.

Moderator: Moderator Team

Haos
Test Team
Posts: 2954
Joined: Thu Mar 22, 2007 5:42 am
Contact:

Post by Haos »

NT may be sacrificing security for functionality, but the main problem lies elsewhere. Access to OSes is more likely to be granted through social engineering and third party app exploits, than through the flaws in NT os itself. Now, Vista was designed to adress those few NT security issues, like not working with admin account by default or UAC. Sadly, those features are being heavily criticized, also from those who criticized lack of security beforehand.
oiaohm
Posts: 1322
Joined: Sun Dec 12, 2004 8:40 am

Post by oiaohm »

UAC was designed to annoy the heck out of users. So its failed. Key thing for effective security is not annoy people that bad that they turn it off. If they would learn for Linux experiences with Linux security modules they would have know better.

Haos don't use old arguments. Third party exploits have always been risks even to the Unix's protection systems have always been improving on those platforms that are seeing the risks reduced.

Social engineering also depends on a OS not working effectively and poor training. Yes user friendly if it does not provide training while being user friendly is a nice big security risk. There are Linux Distributions with the problem too.

Vista allows application limiting of access. That reduces the damage it can cause. Catch is unlike Linux's where these limiting access are provided by the Distro for most applications windows is still a open problem.

It is key to protect core of the OS. Vista provides some of this but still no where near enough.

Linux kernels added Linux security modules particularly to reduce the harm third party applications can inflict on the OS. Now this has been found not to be as effect as what it could be. So tech from solarias and its related from from freebsd is being integrated.

Tech is containers. Virtual OS zones that a intruder cannot detect anything outside the container allowed access location. Freebsd calls it Jails, Solarias calls it Zones and Linux calls it cgroups.

Doing containers on Windows has been made massively hard since applications wily nilly have been allowed to add kernel drivers. Even worse MS is still signing more. Kernel space need to be kept for what is really need. Running hardware.

Even doing device control for Linux is being massively hard and Linux guys don't have to worry about X application need its own special driver in kernel space.

This is where I have problems with some people Haos. Looking at all OS's are key to deal with these security problems.
cppm
Posts: 289
Joined: Wed May 02, 2007 10:03 pm

Post by cppm »

what would be the ideal path in terms of security for reactos to take then oiaohm?
Haos
Test Team
Posts: 2954
Joined: Thu Mar 22, 2007 5:42 am
Contact:

Post by Haos »

My argument are no older than yours.
UAC was designed to annoy the heck out of users. So its failed.
Every protection methode is to some degree annoying. Does every one of them failed? UAC`s annoyance was not its main objective but rather a byproduct, necessary to make Vista users more into the security issues. Unfortunately, many react not the right way - instead of checking the reason behind any particular UAC warning, they choose to disable UAC.
If they would learn for Linux experiences with Linux security modules they would have know better.
Good call. Compare it to su/sudo commands. Many operations in linux require root access or elevated privilidges, for example updating ndiswrapper... If you forget about this, the operation will fail, often after a hell of a stream of errors. I find this way more annoying than UAC could ever be.
Third party exploits have always been risks even to the Unix's protection systems have always been improving on those platforms that are seeing the risks reduced.
Its still the biggest threat. OS can be more or less secure, but its the third party software that may open a big gate into your system. For example recent tests of Vista, Ubuntu and one of the Mac`s systems. Ubuntu won only because Vista had a version of Adobe Flash installed, that contained a known and already published vulerability. Most will blame Ms, whereas it is Adobe who should be bashed for it.
Social engineering also depends on a OS not working effectively and poor training.
Social engineering can bypass any OS. No linux can help you if your root pass leaks out.
Vista allows application limiting of access. That reduces the damage it can cause. Catch is unlike Linux's where these limiting access are provided by the Distro for most applications windows is still a open problem.
Where is the problem? You can easily set up a limited working area, isolated from the rest of your system, effectively containing everything inside. You dont need Vista for that, its in NT since ages.
Tech is containers. Virtual OS zones that a intruder cannot detect anything outside the container allowed access location. Freebsd calls it Jails, Solarias calls it Zones and Linux calls it cgroups.
It looks like a specialised sandbox. Anyway, NT is missing such feature, although you could jury-rig partial functionality using AD, but its not exactly the same thing.
Doing containers on Windows has been made massively hard since applications wily nilly have been allowed to add kernel drivers. Even worse MS is still signing more. Kernel space need to be kept for what is really need. Running hardware.
On the other hand it allows extra functionality, unavailable to NT with other means. Of course, as any other functionality, it may be malused.

Biggest problem of NT is its biggest advantage at the same time - backward compatibility. This heritage is still influencing NT, as it cannot be dropped in one big step. We can see changes happening. Vista is a step in the right direction, being heavily criticized for moving forward.
This is where I have problems with some people Haos. Looking at all OS's are key to deal with these security problems.
In my opinion we cannot isolate OS`es from the environment they are running in. It is not only a matter of OS security model, but also all the applications, devices, drivers and finaly users. Securing OS and only OS, without considering the big picture is just not possible.
Med
Posts: 5
Joined: Mon Feb 12, 2007 12:28 pm

Post by Med »

Anyone know who ReactOS developers are going to implant a good security, is it gonna be like XP, or vista, or maybe more like Linux immune system. This is what I really want to know

thanks
Haos
Test Team
Posts: 2954
Joined: Thu Mar 22, 2007 5:42 am
Contact:

Post by Haos »

We shall surely create a security scheme as compatbile with NT as possible. This does not limit us for additional security solutions, like for example, one discusses with oiaohm, OS wide hook/injection management system.
User avatar
EmuandCo
Developer
Posts: 4461
Joined: Sun Nov 28, 2004 7:52 pm
Location: Germany, Bavaria, Steinfeld
Contact:

Post by EmuandCo »

"Linux immune system" No OS is IMMUNE. Not even holy Linux :twisted:
ReactOS is still in alpha stage, meaning it is not feature-complete and is recommended only for evaluation and testing purposes
oiaohm
Posts: 1322
Joined: Sun Dec 12, 2004 8:40 am

Post by oiaohm »

http://arstechnica.com/news.ars/post/20 ... y-you.html

Read Haos UAC was designed to annoy users. Now that is something you should never do. Main object to get people to pest software makers to alter there software. Something that should never been done. MS needs there ass kicked may ways for doing something this stupid. Its almost likely they want people hating security systems so they don't have build security.

Haos
oiaohm
Vista allows application limiting of access. That reduces the damage it can cause. Catch is unlike Linux's where these limiting access are provided by the Distro for most applications windows is still a open problem.
Where is the problem? You can easily set up a limited working area, isolated from the rest of your system, effectively containing everything inside. You dont need Vista for that, its in NT since ages.
The NT isolation is depending 100 percent on the administrator to create. Vista adding a better interface. That is the difference Haos. Idiot using a Linux distributions with its applications has some controls set by default. What this is called is application profiles. Ie profiles of what applications should be doing and should not. Its a good mitigation plan.

Container tech is a form of specialized sandbox. To the point that a application inside a container might think its running as root with full powers but really does not have any of roots powers. Good for applications that many attempt to cause security flaws.

EmuandCo nothing is 100 percent true. To be correct Linux is not the strongest beast out there look to solarias.

su and sudo in time are planed to be deprecated in Linux in time. Replaced with policy kit. Exactly from the same kind of problems you have had fun with Haos. Most desktop usage Linux gets the more its security will alter. Server use targeted some the user nice things have been over look able. But think Haos how often do you need to do operations like update ndiswrapper. The keys system in Linux was designed on sudo so you had to only reapply approval to do admin actions when the timer run out. Ie don't bug user without cause.

Note Social engineering getting root password on some Linux's is pointless Haos. Reason root is account in name only it has no privileges.

Social engineering is depending on the user being a untrained how to avoid its traps on the other end. Training is key to reduce the effectiveness of Social engineering.

Now what methods slow down third party software damage. Apply them to windows and find you have major problems.

Number 1 lock application to a limited account. Lots of applications are not containable that way. Due to fact either they will not work or have drivers that when you think there nicely contained in a limited account can reach out and do what ever they like. Idea of current Linux at worst a breach should do is damage a small section of the OS. In time secuirty will spreed standard into user space in linux.
Haos
Test Team
Posts: 2954
Joined: Thu Mar 22, 2007 5:42 am
Contact:

Post by Haos »

You are then confirming on what i was trying to say. Many NT problems with security is due to lazy/lame/cost-cutting third app programming. Instead of doing the things right and proper, they often shortcut with unnecessary hooking and dll injection.

Why do you think most NT users run their OS within admin account? It`s because apps were written that way, making work from normal user account uneffective.

If software devs cannot be persuaded to change their attitude, special means need to be used. This is why Vista tries to change the previous model. This is why UAC is so nagging. As apparently all other attempts to influence third party app devs failed, it could be either UAC, to make users put pressure on them, or totally breaking away Win32 compatibility, by doing a total API/subsystems revamp. Which one would you pick?

You think UAC is bad? It can be easily disabled, where`s the problem with it? You do it, of course, on your own decision, knowing the consequences. Personally, me i wouldn`t disable it. Experienced a lot of nagging from very strict HIDS (like Comodo, Sygate PF or nagging king - Jetico). One can live with it. Living with rootkit installed is more unpleasant on the other hand.
oiaohm
Posts: 1322
Joined: Sun Dec 12, 2004 8:40 am

Post by oiaohm »

Haos linux did the same thing with selinux. Did not work either. Linux has had its UAC moment. Early on with selinux it was being disable 90 percent of the time. Later on not bug users over and over again for actions they had approved for a application was a good thing.

You cannot change model buy annoying the heck out of users.

Haos
You are then confirming on what i was trying to say. Many NT problems with security is due to lazy/lame/cost-cutting third app programming. Instead of doing the things right and proper, they often shortcut with unnecessary hooking and dll injection.
Nice for following a really bad idea. No all software people use that is closed source can they change. There are cases with internal applications used in some companies source code being lost. So you make the suffer. UAC should be a containment system not a annoyance system.

Haos
It`s because apps were written that way, making work from normal user account uneffective.
Guess what that is exactly where LSM's failed Linux. Reason for the container tech needed. Problem is getting out the MS bit of allow applications to put drivers in kernel space without good reason.

Almost no problem you are referring to is unique to windows. The only unique one is applications being allows to play in kernel space with drivers.

Lack of separation inside windows makes to really hard for HIDS inside windows. Linux HIDS normally not that annoying. Particaluarly the ones that can use filtering of annoyances with package updates.

I have never heard of HIDS from Comodo Sygate or Jetico. I have heard of NIDS from them. http://en.wikipedia.org/wiki/Host-based ... ion_system
http://en.wikipedia.org/wiki/Network_in ... ion_system
Yes NIDS can drive you batty with false alarms and another annoying stuff. Sygate Personal Firewall is a NIDS. Yes 1 letter makes a huge difference.
florian
Posts: 469
Joined: Tue Nov 01, 2005 2:19 am
Location: Germany

Post by florian »

EmuandCo wrote:"Linux immune system" No OS is IMMUNE. Not even holy Linux :twisted:
In terms of security I thougt that OpenBSD would be the ultimate solution. But even they had to change their advertising slogan from "Five years without a remote hole in the default install!" (2002) to "Only two remote holes in the default install, in more than 10 years!" (2007). Still this quiet impressive for a noob like me.
etko
Posts: 154
Joined: Thu May 26, 2005 3:43 am
Location: Slovakia
Contact:

Post by etko »

I won't back up from my opinion if your game or any other software for that matter requires you to run as admin or install any hardware driver to enforce protection it is a broken game. Call to your distributor and want them to return you your money for selling you an broken product.

There are several quite good games which won't need admin access, nor rootkit shit to work, and many others can be easily adapted by configuration, to run the proper way. Other are simply fsked sh*t just like 99% of windows software is. Frankly just look around, for small business, the free software does better job usually, in every aspect.

Another thing is enforcing security policy. I thank to god only women work here, they truly do what I tell them. I can easily imagine stubborn bloke wanting to play some macrovisioned or sony enabled sh*t. Being all limited users with quotas, they are reasonably protected from themselves and even if their password leaks, it's nothing bad. It can be changed anytime.

Don't use broken software and you are safer, it just requires you to slightly change your point of view and you'll start to see solutions. I talking from dumb users point of view.

However regarding security I would suggest several things for ReactOS team to consider:
  • Vital is correct settings of ACLs within registry to invisible to others and read only, besides SYSTEM, during install phase. Some security tool to check and fix this would be cool. Windows so failed at this, and this is undoable by someone other besides Microsoft. Its easier to change vital data in registry then to access "System Volume Information" and that is a bad joke. Instead of all that shitty virtualisation and bogus and all crappy PR sh*t this should be done correctly from the day one. I would like to see ReactOS or some distro one day to let all the bad win32 sh*t fail. I guess that broken Windows OSS would get over this quite easily. For the others I don't care.
  • Correct settings of ACLs for all the primary files and dirs on the volume, especially write blocking for C's root etc, where MSI tends store it's sh*t. This is the first thing I usually do and then I love to watch broken things to fail.
  • Make all the ROS native apps store temporary stuff within system %TEMP% even, when used by tools like ROS MSI clone, which is IMHO just plain worst installing service ever conceived. Should the process need privacy it can setup dorectory with private ACLs itself.
  • Native registry diff tool that you can start and stop on demand to trace all the sh*t with some truly broken installs.
  • Automatic registry backup several versions back, this is what NT lacks most.
  • Ability to confortably run machine as limited user and to elevate rights only when needed. Ability to cache password in some PGP like way, might be cool, but user controllable.
I believe that security will be simply bad in many ROS versions till the correct filesystem to hold the ACL stuff persistently, will enter the main trunk. I envision that then when people start to experimenting with ACLs all stuff will simply break till the point when it gets fixed to use correct stores.
oiaohm
Posts: 1322
Joined: Sun Dec 12, 2004 8:40 am

Post by oiaohm »

etko in my mind if need to run something that needs to breach to kernel and snoop around everywhere like these anti cheat things do. They deserve to be 100 percent lied to from a sand box or some other virtualisation system.

It should the the users right to control exactly what information goes to servers.
cppm
Posts: 289
Joined: Wed May 02, 2007 10:03 pm

Post by cppm »

oiaohm wrote:It should the the users right to control exactly what information goes to servers.
I take it you haven't talked with members of MMORPG's on this topic much since that statement is incredibly ignorant of the situation in theit community. Especially as there is real money involved in this.

On a lighter note, I was getting so much shit from the Ubuntu beta with it crashing all over the place and the sound being absolutely f**ked up (don't get me wrong, ubuntu has served me very well for the last 2 years, and I sincerely hope it's ship shape by the time they release it proper, although that is only 8 days now...) That I dusted of my windows XP install.

I set up 2 accounts, an admin and a main 'limited' account. (wow that 'limited' terminology is just depressing). I installed decent (open source) software and whenever I need to install or change anything I just switch to the admin account and away I go. It's not as secure as the ubuntu system, but it's good enough, especially since i'm running thunderbird, firefox, and OO instead of Microshite. I've got ClamWin in the background, and i'm probably going to install AVG free as well.

So far it's been working a treat. Ran CCleaner and seriously cut down on the startup entries/registry crap and now it logs into my account fast as quicksilver. (faster than ubuntu with compiz ever did). And i've also noticed that DVD playback is better than ubuntu ever did as well.

The only problem was when I first dusted it of an update came in that went on to BSOD the system. However a compulsory (the 'restart later' button was greyed out!) came in straight after and I haven't had the problem again.

So in short, if this argument is about whether It's possible to get a decent NT system, it seems, in my experience, yes, but only as long as you make the right choices (not the default ones!) and reign in the excesses of OEM and Microshite software.
oiaohm
Posts: 1322
Joined: Sun Dec 12, 2004 8:40 am

Post by oiaohm »

cppm sorry to say the users right to control exactly what information is going to servers is going to come no matter what application designers want.

This has been the way it been in high end Unix and bsd's for a long time. If someone runs a program in a container tech area seeing what is outside that is impossible. This is completely designed this way. They will have to cope with all the different forms in time.

This either part of Windows or part of virtualisation containing windows will come its only a matter of time for these anti-cheat techs to be rendered basically useless problem is how do the servers know this kind of breach is not be used now.

MMORPG ok so second life clients can operate perfectly without integrating the OS for cheats. There are others that use the same where the detection is server side. Server side has many advantages. Number one how to you hack something you don't have access to. Most at risk MMORPG are ones that demand users repeating the same actions over and over again.

So repeating design is a major problem.

Depending on a flawed design logic just does not work long term cppm.
Post Reply

Who is online

Users browsing this forum: Ahrefs [Bot], DotBot [Crawler], Google [Bot] and 2 guests