Just to make things clear: NETWORK SERVICE and LOCAL SERVICE are NOT "Windows services", they are special accounts with very limited rights. Various OS Services are configured to RUN IN THE CONTEXT OF local service of network service.

AndreasM

Windows Server 2008 has just been launched and the FUD has already started! :)

Sure, IIS 7 has a difficult task ahead to keep up the standard set by IIS 6 with its 0 (as in zero, none, zip, nada) security flaws last year but at let's at least wait a few months before claiming IIS 7 is a piece of security crap.

SQL Server 2008 has an even harder task, since it can't really beat SQL Server 2005 in the number of security flaws. I don't see how it can have -1 flaws...

Well, the feelings mutual from the Mac side too Joe: CNET News: MacBook Air hacked in security contest

The team had attack code already set up on a Web site, and was able to gain access to the MacBook Air and retrieve a file after judges were "tricked" into visiting the site. According to the TippingPoint DVLabs blog, a newly discovered vulnerability in Safari was used to gain control of the Air.

Last year's contest was won by exploiting a QuickTime vulnerability, which was patched by Apple in less than two weeks. As of the time I posted this, no one had gained control of the Vista or Ubuntu machines, but I'll update later as the results come in over the rest of the afternoon.

http://www.news.com/8301-13579_3-9905095-37.html?tag=nefd.top

McAfee Inc., Trend Micro Inc., CA Inc. and especially Symantec, ... say goodnight! We are about to announce MS ForeFront 2.0!
Let me make it clear that while I have tolerated these "anti-virus" vendors for years, something about their very existence has not set very well with me. I mean, having a bunch of multi-million dollar companies that depend solely on there being bugs, leaks, holes, exploitables, mistakes, oversights and problems in Windows dosen't speak very well of Microsoft. They are like carrion, buzzards, jackels, ... protecting a rotten carcass from other smaller vermin. They always argue, "But, Bu-bu-but you need us!", maybe that was true in the past, but no longer!

VISTA IS BULLETPROOF!

None of these quacks bag of tricks are any longer necessary!
Between WGA and Forefront the OS and Genuine MS apps are totally impervious to attack! They are so secure that many times even the registered owners have trouble gaining access to the computer! So then how could any hacker?

These vultures will kick, choke and whine as the user-base realizes this truth, but I say good riddance, your success reflected badly on us anyway.

Joe, its interesting you did not approve the comment I made about OS X's Safari recently being hacked. Thanks for proving who you really are.

@Andre Da Costa,

Yeah... he has blocked every single one of our last five posts. Most offered real help and answers to people.

Blocked posts? Say it ain't so, Joe!

The potential "mitigations" that I wonder about
are not whether or not I can disable the
LOCAL_SERVICE and/or NETWORK_SERVICE accounts,
but whether or not, and if/so, which granular
(as in individually "flagged") Security
Privileges, granted to LOCAL_SERVICE and
NETWORK_SERVICE, can be flagged "Disabled,"
as a viable interim mitigation. I also have to
ask if Cerrudo's exploits require local console
access of if they can be achived remotely.

All users accounts in M$' Win-dom are a
specific collection of enabled or disabled
granular Security Privileges. Why can't
we get at least that much under-the-hood?

Some Services, but not all, require the
SetImpersonatePrivilege.

Would selective (via scripting) disabling of
SetImpersonatePrivilege stop Cerrudo's
exploit?

Cerrudo is not just talking about W2k8S.

He's also tarred XP, W2k3 & Vista, which are
all being used in production.

WhiteHats need actionable news and insight,
not next-to-useless FUD.

Press realease http://www.argeniss.com/pressrel032408.html seems to be very clear, I don't see FUD there

�
There is plenty of FUD in the Argeniss
"teaser."

It is orders of magnitude more difficult to
defend/protect than it is to attack/damage.

What Cerrudo alleges is fully plausible
and likely to be true.

The FUD is over what to do in the real world
with this information?

Cerrudo has dropped significantly more
*actionable* clues for the BadGuys than
for sysadmins who have got production
systems to defend/protect.

There is a clear measure of haughty arrogance
to all of this as well.

It is not at all clear to me that the
BadGuys haven't already discovered Cerrudo's
new "wheel" for themselves.

If so, Cerrudo's fig-leafed self-promotion
has set an April shot-clock for when the
BadGuys should plan on spending these exploits,
assuming that M$ is Johnny-on-the-Spot with
QFEs.

If M$ treats this like they did MSJETDB, then
the BadGuys will have a much longer window
of opportunity during which to mount Hit and
Run ops.

alerter Says :
There is plenty of FUD in the Argeniss
"teaser."

NEWS :
With Vista breached, "LINUX UNBEATEN IN HACKING CONTEST."!!

With Vista being hacked Friday, a Linux laptop was the one system that did not get compromised at the CanSecWest PWN 2 OWN hacking contest this week.

Using the Softies theory about market-share vs. security. Windows 2008 server market share = 0.01, explain pls.

conclusion; Windows is "Swiss cheese" regardless of %90 or %.01 market share.

Andre Da Costa, Trit and portuno asked about blocked comments.

No comments are approved on Microsoft Watch. Comments post automatically UNLESS they contain links. Right now, the IT staff has set all comments containing links to go to Junk. Because of the ridiculously large amount of junk, I do not search the folder.

There is no censorship at Microsoft Watch. Andre, I found your junked comment (with a link) and manually published it. Trit, I found no comments under that name.

My advice: Either don't put in links or use partial links. In the near future, when we switch blogging platforms I will insist on a mechanism, such as CAPTCHA, to reduce comment spam while making it easier for legitimate readers to comment.

Andre and Trit, my apologies for your junked comments.

Joe

Dear n0neXn0ne, Vista WASN'T hacked, ADOBE FLASH WAS. The hacker who won the vista laptop said the exploit would work on any OS that has flash. You were saying?

James G Says:
"Vista WASN'T hacked, ADOBE FLASH WAS."

@ James G. :
Vista was hacked and Ubuntu was not!

@James :
Adobe was the entry point to take over the OS. All OSes run applications, and if an OS can be comprised thru the application layer, then there is something fundamentally wrong with the OS. Hence a bug in an application does not constitute an OS being taken over.

FYI : Ubuntu and Linux uses AppArmor and SELinux

Hope I clarified it a bit ;)

By the way, what if it was Ubuntu being hacked?
Would you have been so defensive for Ubuntu?

Score:
Vista 1
Mac 1
Ubuntu 0
--------------

Game over

James G Says :
"The hacker who won the vista laptop said the exploit would work on any OS that has flash."

@James G :
Hackers take the path of the least resistance.

If Ubuntu was easy someone would have done it in 2 mins.

side note: Folks have broken out of "Alcatraz"

There is no publicity in hacking Linux, all hackers know that it's the easier to hack

Tim :
There is no publicity in hacking Linux, all hackers know that it's the easier to hack

Tim, excuse me while I laugh at your complete lack of knowledge. Everyone knows that Windows is the easiest OS to attack, because MSFT was never concerned about security. Windows was/is based on MSDOS, which was setup as a one person desktop operating system. Therefore, there was never any real security ever built into it, unlike Unix/Linux/BSD Operating Systems, which were originally made for networking over large office systems.

Absolutely, hackers do what is most elegant and simple to get what they want. It might be hard to coin it in this way, but it's the truth. I am a CIO, and I will not allow under any circumstance IIS or Exchange to be running anywhere on the company premises. IMHO, a box with IIS running should not have a direct Internet connection. We use Centos servers and apache for all internet servers, custom built postfix for company mail, and have custom compiled hardened BSD boxes as gateway firewalls. My BSD firewalls were built with legacy PIII chips and I have never seen one of them use more than 18% resources at full load. My point being, you do not need these high resource intensive and security issue laden bundled web services to provide everything you need for an enterprise business. There are more secure solutions that perform better to be found open source. As for windows and security in general, so long as anybody who can buy visual basic can compile a program that can be executed on a windows desktop that will overwrite the windows kernel o.s. of that desktop... it will never be secure.

can you send "windows vista pack with service pack" without any cost?

Reply must./...

i appreciate infomation technology because it changes the world for good,can i be a member of this publication

Point 1: It IS Microsoft Windows products. And yes they have MAJOR market share. But a bad product is a bad product, market share be damned.

Point 2: MS products receive the most attention because they are the easiest to compromise. If other OS's were as easy to attack, then they would be. Do crackers care about market share, or about ease of access? A thousand Linux/Mac/Unix boxes or a thousand MS boxes, is still a thousand cracked boxes.

Point 3: It may have been an app that was compromised during the event. But why did they not chose to use that app to compromise the Linux box instead. Or the Mac box for that matter?

Point 4: Look not at the total number of issues per platform. But at the time from when that issue is announced to the time that it is fixed. For other platforms it can be a matter of just a few days ( or even hours ). Compared to the weeks, or even months for MS products. That is if you can even get them to admit that there is a problem. And if the fix isn't worse the the issue it "fixes".

Microsoft products have always had problems. And they always will. This is true because Microsoft is not interested in "quality" products. They are only interested in getting your money. They are not interested in the security of their products. They are only interested in "locking" you into their products. So that they can get more of your IT dollars. They could care less, as long as you keep giving them your money.

Pointing at the fact that other platforms have problems also, is meaningless. It does not make Microsoft products any better, any more secure. It does not alter the fact that Microsoft products are the most often attacked/compromised products. It changes nothing.

The fact is that Microsoft makes inferior products, security wise, when compared to other platforms. Period. Plain and simple. If you want security, then look at some other platform. There are many and they are very good. If you are not concerned, or just don't care, then stay with Microsoft. They are not concerned and don't care either. As long as you give them your money.

Me, I care. That's why I use several of the other platforms.

George