No, no. For sure. I am not going to give you advise how to hack – but look at this video: http://www.offensive-security.com/movies/vistahack/vistahack.html. I am always amazed about these kind of videos, which still surprise people. If look years back, we published the 10 Immutable Laws of Security, which contains Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore. The hack shown above needs physical access….
But if you want to protect Windows Vista from these kind of physical attacks, why do you not just switch on Bitlocker (and here on Technet)? If you switch it on, these problems are gone and this attack would fail – and it is part of the OS, no additional fees, nothing…
PingBack from http://www.ditii.com/2008/05/27/hacking-windows-vista/
This vector isn't new to Vista.
As bitlocker isn't a standard feature it's not a universal fix for Vista either, only shipping on two of the Vista SKUs - Enterprise and Ultimate which represent a small proportion of the systems shipping with Vista.
Surely this could be easily fixed by forcing Vista to check that the Utilman.exe file hasn't been tampered with? I still agree with you on Law #3, but it seems like this particular hack could be prevented.
True, but this would prevent this single attack only. At the end of the day we need a way to completely protect software from being tampered, which would mean, having the trusted stack
I agree with you, Roger, but I think that any executable that can be launched prior to logging in could be checked to see if it has been tampered with. This would include utilman.exe as well as any other process that can launched under the system account before I've logged in.
Valid point. This would add trust to the stack
that is a valid point i also agree with roger but also think that stuart is correct
This is also known to happen with the sticky keys program (sethc.exe); what blows my mind is: why o why do you allow this actions to take place *without* anyone logged on to the console of the OS?
Of course I agree that having physical access to the system nearly gives you access to it, but why facilitate it? Why are these programs allowed to execute without logging in? That is just sloppy from MS, especially if one knows that this 'feature' has been present in all windows systems at least since windows 2000.