Originally Posted by Spooony
never had one you know about. You don't need a zero day to infect someone. Most people run free avs or the runtime packer option is off by default. ok I already exploited a way to get past your antivirus. I wouldve needed a vulnerability in windows to get past UAC to elevate its privileges and to create a service as well as start when windows start. But since UAC is turned off I already got that privileges hell I can turn of your av as well coz I got same privileges as it. UAC of no kernel protection so I can install drivers services without worry.
All I herd is BLA BLA BLA BLA, because without an actual detail of your exploit your just talking crap that you "can do". You read on possible exploits as if they are real in every system, it's very annoying. So if I browse in 32bit, running a 64bit kernel (because I want my dang silverlight), how do you get past any of that to my main system? You can't, you know you can't, and you are avoiding the topic.
[edit, was lazy so I did a simple google search and it proved good]
While as the name implies, native 64-bit takes advantage of the native 64-bit computing platform,
Windows-On-Windows environment, WoW, WOW64 etc. are all names that refer to an x86
emulator that allows 32-bit Windows-based applications to run on 64-bit Windows. Wow64
allows 32-bit productivity applications developed using the .NET Framework 1.0, 1.1 and 2.0 and
Win32 to run on 64-bit Windows and take advantage of the 64-bit Windows kernel which offers a
larger number of kernel handles and window handles. WoW64 supports 32-bit console, GUI and
service application, and although some 32-bit server applications may be certified to run on
WoW64, WoW64 is NOT intended for 32-bit server apps. WoW64 does NOT support 16-bit Windows
The only code that interfaces with the services and drivers is 64bit code. You would have to be able to either compile a 32bit program to be able to interface with the 64bit kernel (extremely unlikely) or know two exploits that allow you to download/run 64bit code.  I guess you could have 64bit code be able to call 32bit functions that might have exploits but I believe MS decided not to do that. They separated the 64bit apps from the 32bit apps due to the known exploits.
[edit2: extended thoughts because I'm a stoner]
When they get silverlight updated to 64bit (soon) I would then consider running at least MSE on my main rig. Just a simple, SIMPLE, driver level AV would stop just about everything. At least stop all the kiddie coders who do most viruses/rootkits. The current 64bit virus (that isn't for the portable editions) has to be made in assembly. That's a pain in the arse to code and the only way (I'm guessing) they got around driver signing.
It also only works on Intel platforms, so you would have to have the same extensive knowledge about AMD and then re-write it in assembly.
Unfortunately they don't list how you get the rootkit installed. So you still need to gain root privileges outside of WOW.
I believe you have to run in "testing" physically, which is a NO NO unless you have something you NEED to test.
Proof it can be done, doesn't detail what version of the browser. It also has (probably) been patched by now, though proof that 0days are still massively strong.
Patched, but will work without UAC.
In fact, I believe all of these bypass UAC, because none of the articles ever say that having UAC on keeps you safe. Wonder why that is? I retract the driver signing, because they did some really neat things. I also believe "bcdedit.exe –set TESTSIGNING ON" doesn't work if you are already running the kernel. You could patch the loader, as the other exploit does, though you still need to figure out how to get root privileges. I could see the 64bit browser being exploited, and as I've said (don't know how many times) that you should take advantage of WOW.
That's crazy good.
I'm sure you can get root privileges out of WOW somehow, the coding and complexity isn't for a standard programmer. As the above article states you need experience in the x64 field. The more complex these exploits need to be the less of them we see as people don't want to learn all the ins and outs. I like statistical safety, the chances of me getting infected are so huge that I'm willing to roll the dice on this. It's like skydiving, yeah you can die but look at how many people do it.
[last point I swear] If your dealing with a programmer that has the skill to make these exploits they will probably tell you UAC is useless. Because they will get around it very easily, it isn't as simple as the XP days were. Things are much harder to get around, you have to find exploits at a more lower level in the kernel and there for bypassing much more than UAC. If the programmer is this good your screwed no matter what you are running. That's why I say 0day exploits are moot, even AV doesn't have that patched.
[edit I lied]
It also helps users be more AWARE. In truth if you know what's going on and what you are installing/running then it shouldn't be a problem to have off. It is dumb security and originally was ment to be annoying.
Good read, as you can change user settings without a prompt and then change system settings/files. WOO WOO GOOD OL UAC
These exploits don't even rely on malicious code at kernel level. Not to mention if you artificially create a task (can be done) that is running as the "system" user UAC is automatically bypassed. It doesn't have that type of privileges, ever. I'm a linux advocate and I know this, because I don't use windows.Edited by mushroomboy - 6/29/11 at 12:32pm