New Windows driver signature bypass allows kernel rootkit installs

Posted by sandwichsphinx 10/26/2024

New Windows driver signature bypass allows kernel rootkit installs(www.bleepingcomputer.com)

305 points | 231 commentspage 2

TheRealPomax 10/26/2024|

it also allows tampering with Windows 11 to actually make it a better OS because it bypasses all the Microsoft lockdown bullshit, but let's focus on the rootkits instead.

Sakos 10/26/2024|

I've noticed that a surprising number of people here on HN are in favour of locking down Windows and preventing any kernel access at all to Windows users. It reeks of the "think of the children" arguments.

lock_it_down 10/26/2024|||

No, as a user which has no need for kernel access I want it locked down so the real things I care about, my data, is more secure.

It's called security in depth.

Sakos 10/26/2024|||

As a user who does have need for kernel access, because it's my god damn system and not yours, Microsoft's or anybody else's, I don't want it locked down.

It's called security in depth. That means you don't need to prevent all kernel access for users, because there are layers of defense.

ruthmarx 10/27/2024||

> As a user who does have need for kernel access,

Why do you need it?

TheRealPomax 10/27/2024|||

But you know what's even better? Having a choice.

Want to lock down Windows? You should have that power. It would be absolutely idiotic if you couldn't secure a computer. But, do you want to fuck with the kernel, patch out something you think should never be called by anything because there is no legitimate use case? You should also have that power.

Because one thing that stuff like this doesn't do is "make it easier for the bad guys": want to deliver a malicious payload by exploiting Windows, either because of its design or a recently found vector? I hope you die in a fire but you already have so many options that this one really doesn't give you more power than before. It's just another option in a litany of options. After all, Windows is only as safe as its users with admin powers, which is literally every home user thanks to elevated access being a single "ok" button, if they even have UAC still turned on "because it's so annoying".

perching_aix 10/27/2024|||

"heh, nice argument. unfortunately, in my head I have already depicted you as the seething pathetic baby bird and myself as the smug and unflappable red angry bird"

mrinfinitiesx 10/26/2024|

The owner of this website (www.bleepingcomputer.com) has banned your IP address (IP)

edit: VPN, ssh -D to vps & socks5 localhost worked. Can't have anything anymore.

alpaca128 10/26/2024||

If you have a dynamic IP it was probably banned because of someone else who had it in the past.

worewood 10/26/2024|||

With widespread CGNAT and the exhaustion of IPv4 addresses this will become more and more common each day...

dkasper 10/26/2024|||

Haunted IPs are a thing, same as the haunted domains article also on the front page right now! https://news.ycombinator.com/item?id=41951131

a2128 10/27/2024|||

In the future, everything will block you unless you're on a residential IP address in a Western country, running Chrome on the latest version of Windows or iOS, you have remote attestation, and your ISP's ASN isn't haunted because someone in your neighborhood had downloaded malware a few years ago

perching_aix 10/29/2024||

You mean MacOS, and I'll block that too :)

snvzz 10/26/2024|||

Headscale, the open source backend alternative to tailscale, which frontend is open source to begin with, is worth looking into.