ESET discovers first LoJax UEFI rootkit malware by Sednit group

Seriously?!


Apple, Ubuntu or and other Linux system runs as a User at startup, you need "R00T" (Or Administrator as in Windows) permission to make changes to the OS.
Windows runs as a Administrator at startup giving full access and control of the operating system. . . . .

"W10, users with administrator privileges have complete control over the OS and their apps have unrestricted access to the computer. Running as administrator, an exploit can more easily gain control of your system. It can install rootkits, keyloggers, and other suspect services without you knowing. A malicious program can also modify and delete files, and even prevent devices from booting.

However, using a user account with fewer privileges can block most attacks."

why should you run a Windows computer from the user account - Google Search

Penny K said:

Seriously?!


Apple, Ubuntu or and other Linux system runs as a User at startup, you need "R00T" (Or Administrator as in Windows) permission to make changes to the OS.
Windows runs as a Administrator at startup giving full access and control of the operating system. . . . .

"W10, users with administrator privileges have complete control over the OS and their apps have unrestricted access to the computer. Running as administrator, an exploit can more easily gain control of your system. It can install rootkits, keyloggers, and other suspect services without you knowing. A malicious program can also modify and delete files, and even prevent devices from booting.

However, using a user account with fewer privileges can block most attacks."

why should you run a Windows computer from the user account - Google Search

Have you heard of UAC? Vista onwards runs in User mode until elevated by what should be a global restriction to be allowed to run in Adminstrator mode on a per process basis.

winactive said:

Have you heard of UAC? Vista onwards runs in User mode until elevated by what should be a global restriction to be allowed to run in Adminstrator mode.

Do you know the difference from the Administrator and User, Temp Folder, and how malware executes or drops its payload from there? Do you know how it gets there?
Most people, or at lest the majority of the infected turn down the prompt so as not to be bothered by it ....
https://www.rsa.com/en-us/blog/2017-...he-temp-folder

ANYWAYS .... THIS IS OFF TOPIC ... Go to Safer-Netwoking or MBAM forums to learn more.

Superfly said:

Guys don't get confused... Standard User is like normal Linux user - no change priviledges - Admin is a half-arsed Windows priviledge (Trusted Installer is closer) to Root in Linux

You can't run a system in a Standard User. I think the problem described is just as easily solved by knowing what you download and knowing what you elevate. That's no help to your average user as unfortunately the average user is ignorant.

Your average user will not run the system as Standard User even if they create a separate Administrator User. The problem with that model is the Administrator must be validated by password. It's just another area where the average user is ignorant and will possibly even set a poor Adminstrator password. Heck, there was even a groundswell of opinion to disable UAC in Vista when it first appeared. The suggestion could be useful, but it's of no use to those who might listen. The Adminstrator with UAC enabled is the best solution.

Superfly said:

Yup.... :) UAC / Smartscreen etc is necessary but running as Standard user

I'm happy to agree to disagree as it isn't benefitting the thread TBF :)

Hi there
Actually if one took a leaf out of the old IBM Mainframe MVS systems from way back in the 1970's it was quite easy to protect the OS.

IBM systems had a special hardware status key (Called PSW I think - Program Status word) - similar thing could be in Bios for example). If a certain bit was set to a 1 then programs could run in privileged state. To get into privileged state the service had to make a call to the kernel (Nucleus IBM called it) via a special request called an SVC (supervisor call) which validated the request etc, This essentially simple system I believe was almost unhackable unless you were actually on site and able to re-create a nucleus (System Generation it was called in those days) .

MVS and its later derivatives have actually proved virtually unhackable -- breaches have come from within and not via external agents.

So while users could have different privilege levels it was almost impossible to get "root" type stuff without a lot of hard work in set up.

Maybe windows could learn from a nearly 50 year old OS !!!!! Linux has essentially a similar type of protection too although it doesn't use a "PSW" mechanism.

Cheers
jimbo