One reason i didn't upgrade to Vista

*rolls eyes*

Good old Windows XP...

Reply

This piece is misleading -- it gives people the sense that BITS has a vulnerability when that's not really the case. Putting restrictions on BITS would be a classic example of closing the gate after the cows are out of the barn since it is only meaningful to hackers after the machine has already been compromised. It would make just as much sense to put restrictions on HTTP traffic (i.e., no sense at all).

Reply

Linux. Mac.

Reply

"Or Microsoft could only allow BITS to download files from trusted sources." Please don't tell me they implemented this automated service *without* specifying a trusted source?

Oy.

Reply

BITS is just a download service. Once an attacker has infiltrated a system, there are way more ways he could get around the firewall -- on any system, Linux, Mac, Windows -- it doesn't matter. All it does is download files.

As someone said before, the security venurability is whatever originally infected the system. Want another way to get around the firewall? Write a plugin that runs in-process of a process that already has access (IE, Outlook, Word, FireFox, Trillian -- whatever accepts plugins)....

Reply

It doesn't come off as alarmist, it comes off as misleading and incorrect. They aren't using "Windows Update" any more than running an MSI to install a trojan would be using "Windows Update" to compromise the machine. The difficulty of coming up with a good headline doesn't justify the misdirection.

How about "Microsoft component used to download malicious code" or "Background Transfer Service used by hackers"? Reasonably descriptive headlines aren't all that difficult to imagine.

Reply

doesn't seem like they would need to use BITS in the first place. If your dumb enough to open an anonymous attachment once you'll probably dumb enough to open one again.

what's the point of this story anyway? People that blindly open attachments don't read these kinds of articles.

Reply

This is nonsense. Once your PC has already been compromised, NOTHING is safe. That's like saying network cards are security problem because "hackers" use them to "download all sorts of files".

This is just downloadsquad once again trying to flame up some rabid anti-MS stir in another misguided attempt to get page views.

Reply

heh, they didn't now the BHSZ http://linkyme.com/g2wqek
but they sure did try! lol, nice post.

Reply

The way to use this exploit is to already have compromised the system. In that case it doesn't matter what OS you have...if a hacker has your system compromised then they can do whatever. For once this isn't really Microsoft's fault...they of course could set it up to download only from trusted sources (but it's not like files can't be patched or anything). A good security policy and downloading only from trusted sources is a pretty good way to keep your computer clear. Shitty security practices isn't the fault of Microsoft, but the fault of the user.

I use Linux (Ubuntu Edgy :D) and the same concept applies there.

Reply

The Windows firewall never catches BITS, but Zone Alarm does. It asks every time you connect to the internet whether to allow Windows update(don't know about your settings). And who the helss neds an update of Windows??? Its better being disabled.

Reply

M$ will die of re-working on their OS :)

Reply

This is bunk, alarmist FUD. Guess what, once an attacker has control over your machine they can do whatever they want without BITS. Let us say an attacker has gotten inside your Mac or Linux box by getting your password and installing a virus manually (I won't even get into the argument of attacking to prevent people from trying to hijack the point). Now that they control your account from a running process, can they download some files over http? Yes, yes they can. Rediculous article.

Reply

This article needs to be renamed. It's title suggest that Windows Update has been compromised.

The Computer World article is also a little more than a little off. BIT is a documented API that microsoft has made available to programmers. While the use of it to download malicious content is disagreeable doing so doesn't represent any type of hijacking of a Windows component.

Disabling BITS would cause more trouble than good. It would make it difficult for developers with well intent from being able to easily use it for rapid development and would not prevent a hacker from implementing a similar protocol.

Reply

Just another avenue of exploitation. No matter what hackers will always find a way in. A necessary evil; without it few issues would get resolved or "patched"

Reply

If you were able to somehow change the dns entry maybe with a MITM attack, you should be able to make windows download from the wrong source with out ever directly attacking the windows machine. You could do this with ettercap fairly easily. Or, if you can take control of their router (if they use one) and the router is providing dns resolution that would be another way to do it.

Reply

You need to educate yourself...tard. How about you read a little before posting a doofus opinion based on zero know how.

Douchenozzle.

Reply

This is 100% spreading FUD (fear, uncertainty, and doubt). The headline is totally misleading - hackers are most definitely NOT using Windows Update to download malicious code - and the article even says so!

BITS is an auto-resuming, auto-throttling FTP client that is used by Windows Update (and other products) to send files over your network connection in the background - so your regular browsing & email is not impacted. It's a very cool service.

Yes, Hackers can use BITS. But first the Hacker has to have control of your machine. BITS is not a way in.

If a burglar breaks into your house through a window then goes and opens the garage door to back up a truck, we're not all going to get rid of our garage doors! We put bars on the windows, or (as Will recommends) move to another neighborhood where noone will try to break in.

Reply