On August 23, 2010, Microsoft released a new security tool that could prevent the loading of unsafe DLLs on the Windows operating system. DLLs, short for Dynamic-Link libraries, are libraries which contain functions and/or data that can be used by Windows Applications. A well-known way to gain access to a user's computer operating on a windows machine is an attack known as DLL Hijacking. Many programs will load a malicious DLL that could be used to gain access to your machine and all of the data stored on it.
The problem is not new however. Many years ago when Microsoft was designing the search paths for DLLs, they included the current working directory in the list of directories that Windows will search in for a DLL. Thus you could trick an application into loading a wrong copy of a DLL that was located in your current working directory.
Microsoft has recently released an update explaining that there is an ongoing investigation into DLL preloading vulnerabilities on the Windows operating system. Microsoft admits that in some cases an update to an infected application is impossible and to most applications it may take quite some time to update. With this in mind, Microsoft released a new security tool that "provides a framework for customers to modify the behavior of the DLL search path algorithm and essentially block unsafe DLL loading." The Security Research and Defense team for Microsoft released a blog on August 31, 2010 to help users enable the recommended settings of the new tool which blocks most network-based attack vectors.
The blog can be found here:
http://blogs.technet.com/b/srd/archive/2010/08/23/an-update-on-the-dll-preloading-remote-attack-vector.aspx.
Sources:
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1519514,00.html
http://www.webopedia.com/TERM/D/dll.html
http://threatpost.com/en_us/blogs/dll-hijacking-facts-and-fiction-082610
http://blogs.technet.com/b/msrc/archive/2010/08/31/update-on-security-advisory-2269673.aspx
Sunday, September 5, 2010
Subscribe to:
Post Comments (Atom)
Posts
It is interesting to read about some of the types of attacks that hackers can use to maliciously gather data and information. Being able to create a program that causes someones computer to download an incorrect update that gives someone unknown access to a computer is creepy. In addition to that, the very idea that your computer could be hacked and your information stolen without you ever having suspected an intrusion is also very unnerving. I wonder how you would even go about noticing something like this until your already compromised.
ReplyDeleteAs time passes more and more information, personal or otherwise, has become digital and companies that play to this growing trend become larger and more renown. Its easy to get too comfortable trusting that these companies have all the bugs worked out of their material. Still, getting hacked from something that most computers do automatically (updating) can be unnerving.
I agree with Michael, this really is unnerving. As a PC owner, I do not get why Microsoft cannot create something similar to the Macintosh Operating System that does not get viruses or is highly unlikely to get viruses. I did a little bit of research and found out that Apples can get viruses, but when compared to PC's the chance of it is practically .01 %. I spend probably 80 dollars a year buying the best version of Norton Antivirus that BestBuy recommends, probably because its the most expensive, to "protect" my computer and still my computer has been attacked by certain malware and viruses and I have not been able to avoid each attack. Meanwhile, Apple owners do spend a little bit more on their computers, but after that there really are not any more costs, as I learned that most Apples do not even have antivirus security. As I will be in the market for a new computer within the next year, it is really making me consider spending more money on the Apple because then I won't have to spend all of that money buying antivirus and getting my computer fixed each year by Best Buy, not to mention the 3 to 4 weeks it takes them to temporarily fix it. Professor Chapple, could you discuss the differences in Mac's and PC's and their operating systems and why PC's are much more likely to get a virus?
ReplyDelete