-
add to favourites
Shopping for Trojans
Friday, July 14, 2017
Operating system developers are very eager to get rid of anti-viruses. Microsoft took another stab at it by releasing Windows 10 S. The product was presented as “the most secure version of Windows”.
Microsoft repeatedly claimed that the OS was protected from the most ubiquitous malware, including ransomware programs.
How does it differ from other Windows versions? Users can't freely install applications—they can only install them from the Windows Store. Naturally the Store's owner will determine the access terms, including the limitations placed on those offering programs that compete with the default anti-virus. So we already know that a user cannot, for example, change their default browser and search engine. In Windows 10 S, users can't access system components and certain categories of software.
The Command prompt, Power Shell and Windows Registry Editor are unavailable.
Neither can users install data back-up and recovery solutions from a third party. Anti-viruses that haven't been developed by Microsoft aren't allowed either even if their respective developers can find a way to make them available in the Windows Store.
It is assumed that an infection can't sneak into software via the Store, and, therefore, an anti-virus is not needed. However, users are free to use modern office suites. Links, macros and scripts are still allowed. The consequences of this should be obvious to our readers.
Mathew Hickey from Hacker House circumvented all Windows 10 S security mechanisms in three hours. He was able to compromise Windows 10 S using MS Word macros. The expert designed a Word document with a malicious macro that enabled him to deploy a DLL file and bypass restrictions by injecting code into an authorised process. In this case the document was opened via the Task Manager, using administrator privileges.
To protect the system, Microsoft offers users the Protected View mode in which documents are opened without executing macros or initialising downloads from the Internet. Mathew Hickey found a way around that: he downloaded the document from a network share regarded as a trusted source by Windows.
Once the researcher was able to access a shell using administrative permissions, he was able to install Metasploit software and elevate his privileges to the SYSTEM level. Thus he gained full remote access to the laptop.
The Anti-virus Times recommends
Google, which implements a similar application policy, couldn't prevent malware from appearing in its store. Now we’re awaiting the appearance of Trojans in the Windows Store too.
![[Twitter]](http://st.drweb.com/static/new-www/social/no_radius/twitter.png "Shared 0 times")
Tell us what you think
To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.
Comments
Неуёмный Обыватель
04:25:52 2018-07-22