undefined | Better HN

0 pointsnradov3y ago0 comments

What specifically does a modern Windows installation include that is inappropriate or insecure in terms of default services or access rules?

0 comments

mr_mitm3y ago

Just exposing SMB on port 445 by default is a huge issue. The vast majority of systems does not need to provide this service, yet there have been two catastrophic RCE vulnerabilities (MS08-067 and MS17-010) in this service. Also, it's basically like an SSH service for attackers to move laterally within the network. If it's not a file server, domain controller or print server, it should probably be turned off or at least severely restricted for a whitelist of hosts.

Next, the NTLMv2 authentication protocol is on by default and vulnerable to relay attacks and offline password guessing attacks. Plus: pass-the-hash vulnerable. Huge problem in corporate networks.

I'd argue the broadcast domain name resolution protocols like NBNS or mDNS are unsafe as well.

Disclaimer: if you were just talking about Windows on your home desktop PC, then yeah nevermind.

taeric3y ago

Certainly a fair question, but a big part of the problem is I don't know the specifics of what is on a new installation anymore. Worse, I'm not sure where to find such a list.

Just scanning on the things they are proud to list at https://learn.microsoft.com/en-us/windows/whats-new/windows-..., I'd be worried about Teams, Windows 365, and Widgets. I'd also be worried about all trial software that is on the machine. I could not find a list of that, though.

And again, this is not unique to Windows. It used to be OEM bloat that was added to all things. In linux land, it would have been all of the "power tools" included by default.

nradovOP3y ago

Do the popular Linux distributions for both desktop and server environments provide such a list? Have Teams, Windows 365, or Widgets been used as attack vectors against real systems?

Generally users in most enterprises are going to need instant messaging and online meeting tools, so if it's not Teams then it will be something else with an equivalent attack surface area. Windows 365 appears to be highly secure.

I'm not trying to defend Microsoft here. They have had many security flaws and there will be more to come. It's just not clear whether the alternatives are significantly better.

galleywest2003y ago

> Do the popular Linux distributions for both desktop and server environments provide such a list?

Yes, this is common. You are generally given the option at install how "minimal" you wish to go (do you even want a GUI installed, etc). These are often listed on the distributions website.

For example here is a few from Arch:

- Base (bare minimum) install: https://archlinux.org/packages/core/any/base/

- Base-devel (what you need to run makepkg): https://archlinux.org/packages/core/any/base-devel/

taeric3y ago

I already said this is not unique to Windows. Such that I don't see the point of the first question. On whether those have been source of attacks, I don't have numbers. I do remember getting hacked through Office back in the day. The whole "open this document" crap college students did to each other. To that end, I fully cede this could just be a false view from my side.

I'd expect most attacks are still of the "what is your password" variety. That along with a giant shared drive that everyone just dumps everything into.

And I don't mean this as an offensive against just Microsoft. They are/were somewhat unique in the success they had with embrace/extend. That said, the blame almost as surely rests on typical "growth at all costs" mental model that is modern business.

j / k navigate · click thread line to collapse

0 comments

mr_mitm3y ago

Next, the NTLMv2 authentication protocol is on by default and vulnerable to relay attacks and offline password guessing attacks. Plus: pass-the-hash vulnerable. Huge problem in corporate networks.

I'd argue the broadcast domain name resolution protocols like NBNS or mDNS are unsafe as well.

Disclaimer: if you were just talking about Windows on your home desktop PC, then yeah nevermind.

taeric3y ago

Certainly a fair question, but a big part of the problem is I don't know the specifics of what is on a new installation anymore. Worse, I'm not sure where to find such a list.

And again, this is not unique to Windows. It used to be OEM bloat that was added to all things. In linux land, it would have been all of the "power tools" included by default.

nradovOP3y ago

Do the popular Linux distributions for both desktop and server environments provide such a list? Have Teams, Windows 365, or Widgets been used as attack vectors against real systems?

I'm not trying to defend Microsoft here. They have had many security flaws and there will be more to come. It's just not clear whether the alternatives are significantly better.

galleywest2003y ago

> Do the popular Linux distributions for both desktop and server environments provide such a list?

Yes, this is common. You are generally given the option at install how "minimal" you wish to go (do you even want a GUI installed, etc). These are often listed on the distributions website.

For example here is a few from Arch:

- Base (bare minimum) install: https://archlinux.org/packages/core/any/base/

- Base-devel (what you need to run makepkg): https://archlinux.org/packages/core/any/base-devel/

taeric3y ago

I'd expect most attacks are still of the "what is your password" variety. That along with a giant shared drive that everyone just dumps everything into.

j / k navigate · click thread line to collapse