Thursday, April 23, 2009

New Windows 7 Hack Sounds Familiar

A recent Engadget article on a supposedly "unfixable" hack devised for Windows 7 had me scratching my head a bit. While the article was short on details, it seemed to have a familiar ring to it. So I looked over GRC's archive of Security Now episodes and found the podcast entitled "Blue Pill." Blue Pill was a hack that attacked early Beta versions of Windows Vista running on AMD processors. It took advantage of a relatively new features meant to support "virtualization" which, among other things, allows a computer to more easily run multiple operating systems at the same time. A good example of this are programs like Parallels and Virtualbox which allow Mac users to run Windows. Blue Pill was a root kit which like this supposedly unfixable hack, installed itself at boot time and bypassed the hard drive.

In order to support virtualization technology, Windows Vista introduced a "hypervisor" to control the operating system. Blue Pill essentially set itself up as a hypervisor for Windows. This new hack is probably doing the same thing. Which probably points to the way that this unfixable hack will be fixed. Windows will need to be running its own hypervisor at boot time. Of course, most people assumed that this was what Windows would be doing this ever since Blue Pill showed up. Oh well.

No comments: