Month: November 2008

An exploit requiring admin privilege is NOT an exploit

10 Comments

I’m going to pick on a post that I saw on the forum recently, “Root kits for .NET framework been found” [sic]. Now, I believe this person was just doing due diligence and reporting something they thought might honestly be important. So, “sharpy” (if that is your real name!), this is not meant as a dig on you. The post points to another forum discussion at dslreports.com, which then has some other links I’ll let you explore yourself.

In short, the author of some paper or exploit is claiming they have hacked the .NET Framework such that they can bypass strong-name validation, or replace code in mscorlib.dll, etc. I’ll publish the first line of the first reply to the post on dslreports:

“The ‘exploit’ starts with the modification of a framework dll (assembly) from outside the runtime using administrative privileges.”

Spot the refutal? I put it in bold 🙂 It’s like Raymond Chen has blogged about on at least one occasion:

“Surprisingly, it is not a security vulnerability that administrators can add other users to the Administrators group.”

Here’s a pop quiz. If you have administrator access to someone else’s machine, which of the following would you do?

  1. Format the hard drive.
  2. Steal data, then format the hard drive.
  3. Display a dialog box saying, “Gotcha!”, and then format the hard drive.
  4. Decompile mscorlib.dll, inject extra code into the IL for the Assembly.Load() method, recompile the new IL into a new mscorlib.dll, replace the existing mscorlb.dll with your hacked version, edit the system configuration to bypass verification, remove the optimized “NGEN” version of mscorlib.dll, delete the pertinent log entries to cover your tracks, and then wait an undetermined amount of time to see that someone launching Paint.NET or their NVIDIA Control Panel gets a formatted hard drive instead.

 
“When the looting begins remember to consider the weight/value ratio. Here we have a few examples of high value, low effort.” http://www.safenow.org

I don’t know about you, but I’d probably just go with #1 or #3. I have all the data I need already, thankyouverymuch. No need to take a graduate course in compilers in order to do the job via #4.

Everything being done in #4 is possible for someone with administrator privilege. They’re only doing what they already have access to do. However, if a non-administrator can do this, then it’s an elevation of privilege issue. If it’s trivial to trick or mislead an administrator into doing it, then it could be called an “admin attack”. But all this is a discussion for another time.

So in conclusion, I wouldn’t be worried about this. The moment you see something about an attack or exploit requiring administrator privilege, or in some cases even just physical access, feel free to relax. (After all, if you have physical access to the computer, just hit the reset button and install Linux, right?)

* Disclaimer … Note that this is a slightly cynical post, and it’s by no means comprehensive.

Advertisement

October 2008 usage statistics

12 Comments

First, I’m very glad that Obama won the election. It was the first time I’ve ever voted, in fact. I think he will provide some much needed hope and invigoration. Congratulations!

Anyway, on to the stats! I haven’t posted on this since September 2007, and it’s way long overdue for an update.

Since then, usage of Paint.NET is up an amazing 222%. Wow! Vista share has grown a lot, from about 15% all the way up to almost 28%! The share of 64-bit users has also doubled, from 1.24% to 2.66%. Windows 7 is even making a peek-a-boo appearance, at 0.01% 🙂 These are all very good indicators for me. The number of Russian users has grown significantly — it used to be at 1.67%, but is now over 4.0%. Turkish share grew even more — from 0.73% up to 3.0%.

Standard disclaimer: As a reminder, these statistics represent hits to the auto-updater manifests, which means they approximately reveal the Paint.NET application’s usage (as opposed to the number of installed copies). Unless the auto-updater is disabled, it will check for updates up to once every 5 days at application startup. This is done by downloading a text file whose filename is decorated with OS and language information. Having 2.7 million hits to the manifests does not mean that Paint.NET has 2.7 million installations, or 2.7 million active users. It is merely a tool for comparing usage trends amongst different time periods (month to month, in this case).

Let’s see, some other thoughts, especially since I’ve haven’t blogged in a full month:

  • Nehalem, aka Intel Core i7. It rocks! It will be the absolute fastest chip on the planet for Paint.NET, as publicly reported by some benchmarks over at bit-tech.net. These numbers agree with what I have seen in my own benchmarking. Paint.NET loves cores, loves threads, and loves Nehalem. The 2.66ghz i7-920 will be a very popular chip over the next 3 months. I really hope the next chip generation from AMD packs a punch, to keep things interesting.
  • Windows 7. I’ve been using it a lot, and it’s awesome. I am very encouraged by the direction things are going. I watched many of the PDC sessions on what’s going on with the likes of Direct2D, DirectWrite, and Direct3D, and had to borrow a mop to wipe up my drool.
  • Windows XP. All the new graphics API’s are going to be for Vista/Win7 only. However, I obviously cannot stop support for Windows XP right now (we’ll file that under D for “duh” :)). However, its days are numbered, although it may take another 3-4 years before Paint.NET moves to requiring Vista as a minimum. The numbers you see in these usage statistics will be what drives this type of decision. I didn’t axe support for Windows 2000 until it was clear that it was at 4 – 5% and steadily shrinking.
  • WPF (versus WinForms). I’ve finally started learning it, something that I’ve been avoiding for the last 2 years, partly because it was still very much a “version 1” technology. So far I’m really liking it, and the support for custom pixel shaders is a major enabler. It is now possible for the entire Paint.NET rendering pipeline, including all of the layer blending modes, and including all adjustments and effects, to be done completely on the GPU without resorting to Direct3D or CUDA interop muck. Now if only it had Direct3D 10 and Pixel Shader 3/4/5 support (it only supports D3D 9 and PS 2.0 right now).
  • Fallout 3. It’s very good, and I highly recommend it.
  • Paint.NET v3.5. Don’t worry, it’s not been forgotten about 🙂 I have, however, been taking things “easy”. I was a bit burnt out for awhile, and I just started a new job within Microsoft, so it will not be available in time for the holidays. There are three major work items to complete: a better front-end rendering cache, a rewritten selection outline renderer that does not use GDI+, and final translations.

Here are the numbers:

Total hits 2,728,795
Hits per day 88,025
   
32-bit 97.34%
64-bit 2.66%
   
Windows XP 71.65%
Windows 2003 0.41%
Windows Vista / 2008 27.94%
Windows 7 0.01%
   
English 43.20%
German 15.79%
French 7.98%
Portuguese 5.85%
Spanish 5.39%
Japanese 2.00%
Italian 3.09%
Polish 1.78%
Netherlands (Dutch) 1.53%
Russian 4.16%
Chinese (Simplified) 0.94%
Chinese (Traditional) 0.63%
Turkish 3.00%
Korean 0.47%
All other languages 1.34%
   
Have translations 84.71%
Don’t have translations 15.29%

Bold indicates a language that Paint.NET includes a translation for.

Other disclaimers:

  • I own stock in AMD, Intel, and Microsoft.
  • I am a Microsoft employee. What I say here is my personal opinion, and not necessarily that of my employer.