AtomBombing - More good news for Windows 10

Skybird · 11-10-16, 01:49 PM

http://blog.ensilo.com/atombombing-a...rity-solutions

http://www.infosecurity-magazine.com...s-millions-of/

A serious security hole that cannot be patched since it exploits no broken code or flaw, but the way W10 specifically was designed to be. Affects all Windows versions, but especially W10, it seems.

Learn to live with it - or abandon Windows.

Still wanting a cashless-"money"-society?

11-11-16, 11:16 AM

Don't worry. Russian tanks driven by transexual Islamic fundamentalists are massing on the borders right now, and money will be worthless within a week anyway.

Seriously, Skybird, do you ever look at the internet for anything other than sky-falling-in stories?

CaptainHaplo · 11-13-16, 10:39 AM

Thw idea it can not be patched is a fallacy. The article also misrepresents code injection and its ability to not be found.

Running in a sandbox alleviates the problem as well....

Rockin Robbins · 11-13-16, 01:17 PM

Actually there's a way to check for that happening which is quite simple. Open up an administrator Command Window. Start button, type cmd in the search box, see cmd.exe in the results window, right click that and choose "run as administrator."

Now, in the command window, type "sfc /scannow" mash enter or return (your choice!) and wait while the magic happens. SFC means System File Check.

No, Windows is not an all-inclusive GUI. There are many functions which still must be done from the mangled, shrunken husk of DOS. This is one of them. It will scan all system files on your system for changes. If it finds changes, it will restore them to the certified code. Code injection detected if present and corrected.

11-13-16, 02:51 PM

Yup. Windows is crap, but claiming that there are 'unpatchable' security holes simply doesn't make sense. It is code. Code can be changed. And if it is impossible to fix code flaws by changing it, simple logic would show that it wasn't a Windows problem, but a fundamental problem with computer architecture.

Many of these Windows security scares seem to be ultimately sourced to people who have a vested interest in promoting them - antivirus software producers, and other marketers of IT security solutions. The issue needs to be taken seriously, but hyperbole doesn't help.

Skybird · 11-13-16, 05:42 PM

Its not a patch what Robbins suggests. The problem remains, and cannot be patched - which is not my claim, but a fact.

And many - the overwhelming majority of - Windows users do not know what he suggested. In fact they never have even heard of atom tables, and so stay vulnerable to the described problem and its consequences

Leave your known personal antipathy for me to GT forums' threads, AndyJWest, it must not have a place in here. This is no politics at all.

http://news.softpedia.com/news/malwa...e-509721.shtml

http://stackoverflow.com/questions/2...787875#2787875

11-13-16, 06:03 PM

If you want to keep politics out of threads, I suggest that next time you don't post entirely irrelevant comments about 'Still wanting a cashless-"money"-society'.

And as I have already pointed out, this story is sourced to a company that sells 'Cyber Security'. It is in their interest to claim that it can't be fixed.

Skybird · 11-14-16, 06:57 AM

A "fix" it would be only if you abandon atom tables. You cannot because then Windows does not work anymore. The problem is due to the most profound internal design of Windows. That Windows is how it is - that is the problem here. The only fix would be to kill Windows. Everything else is just a workaround to live with the staying problem.

You could as well say that stop breathing would be a cure to stop the spreading of flu, and so "flu can be cured".

Tech infrastructure that is so easy to manipulate and so vulnerable to hacking and abusing it, is not the right basis for cashless money systems. To this this is no pltical a problem, but a technological problem - and I again see no cure for that. Already today the damage done digital bank robberies and fraud are much greater than real world cash money crime.

Stop running after your tail, you start to look ridiculous in your desperate effort to pull off another pointless collision with me. Its a hobby of yours. Or better: an obsession.

11-14-16, 08:16 AM

Skybird, the obsession is yours. You clearly spend hours looking for anything and everything you can find on the web which vaguely conforms to your apocalyptic world view just so you can post it on the Subsim forums. I have to ask, why here? Or is this just one of many forums you use as a soapbox? For the sake of who ever else has to put up with this nonsense, I hope not...

Rockin Robbins · 11-14-16, 09:40 AM

Actually, Windows could merely encrypt the atom tables and use checksums to verify them. It would be impossible to inject anything into them. Those articles, while containing an element of truth, obscure more than they reveal.

And Skybird is right. System file check does nothing to prevent alteration from happening. It detects and corrects, much like antivirus or antimalware software does. We're generally happy with how the latter two categories of software work, why would we not be similarly protected by periodically doing an "sfc /scannow" to eliminate alteration of system files?

BarracudaUAK · 11-14-16, 02:28 PM

I saw Skybird's original post, and had typed a reply, but I went to resize my browser window, and instead closed it... I wasn't in a mood to retype it at that point...

Code injection can be useful... (Although I think these only do it in RAM.)

Fallout Script Extender (FOSE), and New Vegas Script Extender (NVSE)...

I use these when I run FO3 and FO:NV. Many of the mods made for these two games would NOT work without code injection.

I've seen many similar "patches" (actually a program that launches the games .exe itself) for games that warn that virus and malware scanners may report them as a virus...

So I don't know why those sites would say that AV software can't find it, when some people have posted on the various download sites that their AV software IS finding it.

Just a few thoughts.

Barracuda

EDIT: "Code Injection" may not be the correct term for what I'm thinking of...

11-10-16, 01:49 PM	#1
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 40,547 Downloads: 9 Uploads: 0	AtomBombing - More good news for Windows 10 http://blog.ensilo.com/atombombing-a...rity-solutions http://www.infosecurity-magazine.com...s-millions-of/ A serious security hole that cannot be patched since it exploits no broken code or flaw, but the way W10 specifically was designed to be. Affects all Windows versions, but especially W10, it seems. Learn to live with it - or abandon Windows. Still wanting a cashless-"money"-society? __________________ If you feel nuts, consult an expert.

11-13-16, 10:39 AM	#3
CaptainHaplo Silent Hunter Join Date: Apr 2007 Posts: 4,404 Downloads: 29 Uploads: 0	Thw idea it can not be patched is a fallacy. The article also misrepresents code injection and its ability to not be found. Running in a sandbox alleviates the problem as well.... __________________ Good Hunting! Captain Haplo

11-13-16, 01:17 PM	#4
Rockin Robbins Navy Seal Join Date: Mar 2007 Location: DeLand, FL Posts: 8,899 Downloads: 135 Uploads: 52	Actually there's a way to check for that happening which is quite simple. Open up an administrator Command Window. Start button, type cmd in the search box, see cmd.exe in the results window, right click that and choose "run as administrator." Now, in the command window, type "sfc /scannow" mash enter or return (your choice!) and wait while the magic happens. SFC means System File Check. No, Windows is not an all-inclusive GUI. There are many functions which still must be done from the mangled, shrunken husk of DOS. This is one of them. It will scan all system files on your system for changes. If it finds changes, it will restore them to the certified code. Code injection detected if present and corrected. __________________ Sub Skipper's Bag of Tricks, Slightly Subnuclear Mk 14 & Cutie, Slightly Subnuclear Deck Gun, EZPlot 2.0, TMOPlot, TMOKeys, SH4CMS

11-13-16, 05:42 PM	#6
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 40,547 Downloads: 9 Uploads: 0	Its not a patch what Robbins suggests. The problem remains, and cannot be patched - which is not my claim, but a fact. And many - the overwhelming majority of - Windows users do not know what he suggested. In fact they never have even heard of atom tables, and so stay vulnerable to the described problem and its consequences Leave your known personal antipathy for me to GT forums' threads, AndyJWest, it must not have a place in here. This is no politics at all. http://news.softpedia.com/news/malwa...e-509721.shtml http://stackoverflow.com/questions/2...787875#2787875 __________________ If you feel nuts, consult an expert.

11-14-16, 06:57 AM	#8
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 40,547 Downloads: 9 Uploads: 0	A "fix" it would be only if you abandon atom tables. You cannot because then Windows does not work anymore. The problem is due to the most profound internal design of Windows. That Windows is how it is - that is the problem here. The only fix would be to kill Windows. Everything else is just a workaround to live with the staying problem. You could as well say that stop breathing would be a cure to stop the spreading of flu, and so "flu can be cured". Tech infrastructure that is so easy to manipulate and so vulnerable to hacking and abusing it, is not the right basis for cashless money systems. To this this is no pltical a problem, but a technological problem - and I again see no cure for that. Already today the damage done digital bank robberies and fraud are much greater than real world cash money crime. Stop running after your tail, you start to look ridiculous in your desperate effort to pull off another pointless collision with me. Its a hobby of yours. Or better: an obsession. __________________ If you feel nuts, consult an expert.

11-11-16, 11:16 AM	#2
AndyJWest Stowaway Posts: n/a Downloads: Uploads:	Don't worry. Russian tanks driven by transexual Islamic fundamentalists are massing on the borders right now, and money will be worthless within a week anyway. Seriously, Skybird, do you ever look at the internet for anything other than sky-falling-in stories?

11-13-16, 02:51 PM	#5
AndyJWest Stowaway Posts: n/a Downloads: Uploads:	Yup. Windows is crap, but claiming that there are 'unpatchable' security holes simply doesn't make sense. It is code. Code can be changed. And if it is impossible to fix code flaws by changing it, simple logic would show that it wasn't a Windows problem, but a fundamental problem with computer architecture. Many of these Windows security scares seem to be ultimately sourced to people who have a vested interest in promoting them - antivirus software producers, and other marketers of IT security solutions. The issue needs to be taken seriously, but hyperbole doesn't help.

11-13-16, 06:03 PM	#7
AndyJWest Stowaway Posts: n/a Downloads: Uploads:	If you want to keep politics out of threads, I suggest that next time you don't post entirely irrelevant comments about 'Still wanting a cashless-"money"-society'. And as I have already pointed out, this story is sourced to a company that sells 'Cyber Security'. It is in their interest to claim that it can't be fixed.

11-14-16, 08:16 AM	#9
AndyJWest Stowaway Posts: n/a Downloads: Uploads:	Skybird, the obsession is yours. You clearly spend hours looking for anything and everything you can find on the web which vaguely conforms to your apocalyptic world view just so you can post it on the Subsim forums. I have to ask, why here? Or is this just one of many forums you use as a soapbox? For the sake of who ever else has to put up with this nonsense, I hope not... Last edited by AndyJWest; 11-14-16 at 01:51 PM. Reason: typo

11-14-16, 09:40 AM	#10
Rockin Robbins Navy Seal Join Date: Mar 2007 Location: DeLand, FL Posts: 8,899 Downloads: 135 Uploads: 52	Actually, Windows could merely encrypt the atom tables and use checksums to verify them. It would be impossible to inject anything into them. Those articles, while containing an element of truth, obscure more than they reveal. And Skybird is right. System file check does nothing to prevent alteration from happening. It detects and corrects, much like antivirus or antimalware software does. We're generally happy with how the latter two categories of software work, why would we not be similarly protected by periodically doing an "sfc /scannow" to eliminate alteration of system files? __________________ Sub Skipper's Bag of Tricks, Slightly Subnuclear Mk 14 & Cutie, Slightly Subnuclear Deck Gun, EZPlot 2.0, TMOPlot, TMOKeys, SH4CMS

11-14-16, 02:28 PM	#11
BarracudaUAK Captain Join Date: Apr 2016 Posts: 520 Downloads: 33 Uploads: 0	I saw Skybird's original post, and had typed a reply, but I went to resize my browser window, and instead closed it... I wasn't in a mood to retype it at that point... Code injection can be useful... (Although I think these only do it in RAM.) Fallout Script Extender (FOSE), and New Vegas Script Extender (NVSE)... I use these when I run FO3 and FO:NV. Many of the mods made for these two games would NOT work without code injection. I've seen many similar "patches" (actually a program that launches the games .exe itself) for games that warn that virus and malware scanners may report them as a virus... So I don't know why those sites would say that AV software can't find it, when some people have posted on the various download sites that their AV software IS finding it. Just a few thoughts. Barracuda EDIT: "Code Injection" may not be the correct term for what I'm thinking of... Last edited by BarracudaUAK; 11-16-16 at 12:20 PM.