Plentyoffish dating forums are a place to meet singles and get dating advice or share dating experiences etc. Hopefully you will all have fun meeting singles and try out this online dating thing... Remember that we are the largest free online dating service, so you will never have to pay a dime to meet your soulmate.
     
Show ALL Forums  > Technology/Computers  > Windows Black Screen of Death: What You Need to Know      Home login  
 AUTHOR
 /don
Joined: 10/6/2009
Msg: 1
Windows Black Screen of Death: What You Need to KnowPage 1 of 2    (1, 2)
They are still working out some bugs but for those who jumped right into Windows 7, here is some need to know info.
Really it's not as bad as it sounds, apparently it's better than getting a 'blue screen of death' so maybe Windows 7 has even improved on it's crashing feature (which comes with all previous versions of Windows too)
http://www.pcworld.com/article/183440/windows_black_screen_of_death_what_you_need_to_know.html?tk=nl_ptx_h_cbintro


Windows Black Screen of Death: What You Need to Know

Brennon Slattery

UPDATE 12/02 : Since this report originally ran there have been new developments that no longer point to Microsoft's security patches (KB976098 and KB915597) being the cause of the so-called "black screen of death" problem. Prevx, the company whose research many media reports were based on, conceded this point in an statement issued to its Web site late last night. PC World has published several updates to this story including: Microsoft: 'Black Screens of Death' Not Due to Patches, Microsoft: Don't Believe the Black Screen of Death Hype, and Black Screen of Death: A Lesson in FUD.

(Original report follows)

Any Windows owner is familiar with the Blue Screen of Death, that much-dreaded white text on a blue background that essentially says you're through. But what you may not know is that there's a new contender in town: the Black Screen of Death. So what is this horrible-sounding thing, where did it come from, what's being done to fix it, and how bad is it? Here are five things you need to know about the Black Screen of Death.

It stems from Microsoft security updates

After the latest Microsoft patch was delivered on Tuesday, November 10, 2009, users began reporting a crippling black screen. The Black Screen of Death causes your PC to seize up and removes everything except, in some cases, a single open My Computer window. So what happened?

Microsoft apparently made changes to the Access Control List (ACL), a list of permissions for a logged-on user. The ACL interacts with registry keys, creating visible desktop features such as a sidebar. However, the latest patches appear to make some changes to those registry keys. The effect is that some installed applications aren't aware of the changes and don't run properly.

It's not Windows 7-specific

Windows 7 haters: step back. The Black Screen of Death isn't relegated to Microsoft's latest OS. Security firm Previx states that the Black Screen of Death can affect Windows XP, Vista, and Windows 7 without prejudice. So if you're considering uninstalling Windows 7, fearful that it is the source of the problem, don't bother. You won't dodge any bullet.

Microsoft is investigating

Gotta give it to Microsoft: It has a clever way of neither confirming nor denying the existence of a PC illness. In an e-mail statement obtained by PC World yesterday, a company spokesperson wrote: "Microsoft is investigating reports that its latest release of security updates is resulting in system issues for some customers. Once we complete our investigation, we will provide detailed guidance on how to prevent or address these issues."

So does it exist or not? Yes it does. But Microsoft won't say for absolutely positively certain until it has finished investigating. That's when they broadly release a fix for the issue and maybe, if we're lucky, apologize for the inconvenience.

Security firm Prevx has a fix

Prevx, a UK security company that first discovered the issue, released both step-by-step instructions and a download to eliminate the Black Screen of Death. For those who like (and are capable of) popping open the hood of their PC, you can also modify registry settings, though this doesn't come recommended if you're unfamiliar with the guts of a Windows machine.

Not as bad as Blue Screen of Death

So how powerful is this beast? Does it compare to the Blue Screen of Death? Nope -- they are entirely different problems. The Blue Screen of Death represents a hardware or driver failure, meaning something is wrong deep within the computer. The Black Screen of Death has relatively easy fixes and doesn't necessarily mean there is something physically wrong with your equipment.

By now some of you may be sick to death of problems stemming from Microsoft and want a clean slate. Here's how to wipe your PC clean and start from scratch. It may not necessarily be the solution to your problem, or problems, but it can be a gush of therapeutic refreshment to eliminate (most) everything that's wrong with your computer.

Stay tuned to catch Microsoft's official fix as soon as it is released.
 Bluesman2008
Joined: 4/2/2008
Msg: 2
Windows Black Screen of Death: What You Need to Know
Posted: 12/2/2009 5:39:18 PM
There has been an update to that. They found out it was NOT the windows update causing it but they still don't know what it is.

http://www.prevx.com/blog/141/Windows-Black-Screen-Root-Cause.html
 Cheburashka
Joined: 7/19/2009
Msg: 3
view profile
History
Windows Black Screen of Death: What You Need to Know
Posted: 12/2/2009 6:28:00 PM
More FUD from the Anti Microsoft camp!
 Cheburashka
Joined: 7/19/2009
Msg: 4
view profile
History
Windows Black Screen of Death: What You Need to Know
Posted: 12/2/2009 6:29:50 PM

I like the commercial where...

- It doesn't have any of the problems windows vista had
- It doesn't have any of the problems windows xp had
- It doesn't have any of the problems windows 2000 had
...

lol


When Apple develop an OS from the ground up and have it run like their version of BSD does they can crow about it all they like, until then Apple are just small men standing on the shoulders of giants!
 TheBigAndy
Joined: 9/23/2008
Msg: 5
Windows Black Screen of Death: What You Need to Know
Posted: 12/2/2009 7:54:33 PM
Apple also has the fine luxury of controlling all the hardware that goes into their system. Certainly simplifies compliance testing.
 cooldude
Joined: 4/26/2004
Msg: 6
Windows Black Screen of Death: What You Need to Know
Posted: 12/2/2009 8:26:16 PM

When Apple develop an OS from the ground up and have it run like their version of BSD does they can crow about it all they like, until then Apple are just small men standing on the shoulders of giants!


Actually it was very smart of them. Instead of trying to keep on patching up their own, get rid of it and started from a clean slate with a more stable platform. Also increased their popularity in the process.



Apple also has the fine luxury of controlling all the hardware that goes into their system. Certainly simplifies compliance testing.


By designing their operating system around their own hardware, it gets rid of almost all incompatibility issues that other operating systems have. Obviously having an OS to install and work with all the different hardware out there is bound to run into problems sooner or later.

I am a bit surprised as I recently talked to a few people and they having been getting the BSOD on windows 7. The black screen of death I have not heard of as yet. Not making fun of Microsoft as I think windows 7 is definitely better then Vista. The majority I talk to so far did not have this problem though.
 scorpiomover
Joined: 4/19/2007
Msg: 7
view profile
History
Windows Black Screen of Death: What You Need to Know
Posted: 12/2/2009 9:25:51 PM
RE Msg: 3 by Bluesman2008:
There has been an update to that. They found out it was NOT the windows update causing it but they still don't know what it is.

http://www.prevx.com/blog/141/Windows-Black-Screen-Root-Cause.html
I followed your link, Bluesman2008. Here is what it says:
We've been working with Microsoft to get to the bottom of the specific black screen issues in our earlier blog. We have made some significant progress in determining specific triggers of the black screen event.


The issue appears to be related to a characteristic of the Windows Registry related to the storage of string data. In parsing the Shell value in the registry, Windows requires a null terminated "REG_SZ" string. However, if malware or indeed any other program modifies the shell entry to not include null terminating characters, the shell will no longer load properly, resulting in the infamous Black Screen with the PC showing only the My Computer folder.


SysInternals was one of the first companies to discover this characteristic of the registry a number of years ago in their utility: RegHide http://technet.microsoft.com/en-us/sysinternals/bb897446.aspx which modifies registry entries to prevent them from being accessible within the operating system. This technique is frequently used by malware authors which is why it is recommended to first query the length of a registry value, and then read it into a buffer, forcing the null termination of strings whether or not null terminated by their content.


Having narrowed down a specific trigger for this condition we've done quite a bit of testing and re-testing on the recent Windows patches including KB976098 and KB915597 as referred to in our previous blog. Since more specifically narrowing down the cause we have been able to exonerate these patches from being a contributory factor.


We have not analyzed further whether a change occurred in the OS interpretation of this or other registry values. In any case, we believe there are significant benefits in the OS using the length of the value as recommended by the SysInternals article.


We have always strongly recommended keeping Windows and all other software up-to-date to reduce the window for exploitation by new threats. We'll keep you updated with further progress if we find anything new.


We apologize to Microsoft for any inconvenience our blog may have caused. This has been a challenging issue to identify. Users who have the black screen issue referred to can still safely use our free fix tool to restore their desktop icons and task bar.
However, I have a problem with that. I've used the Windows API calls to access and update the registry keys before. But AFAIK, when you passed a String value, they did NOT require you to add a Null value to end of the String yourself. That was done by the Windows API itself. A good thing too, because it's such an easy mistake to make, to leave off the Null code, that if anyone did that, they could easily corrupt any or all of the registry.

Then I thought that maybe someone could edit the registry files to remove the Null terminator. But I've tried to access the registry files directly before, and Windows won't let you. The registry files are locked exclusively by the OS programs while it is running, and won't unlock them until the OS has shut down. So I cannot see any way to update them manually to remove the Null terminator either.

I cannot see any way to remove a Null terminator from a Windows machine, not unless you booted the machine into a different install of Windows, and edited the files on the first install directly. But that wouldn't shut down your computer. It would only stop you booting the first install, if you had a second install, and had booted into that. It would also mean that the second install would still work.

Whatever way I look at this, I just cannot see a way to remove a Null terminator from a String value in the current Windows registry, and that's exactly what's being claimed here.

I also tried to follow the link to that claimed to verify this issue from years ago. But all I got was that the link had been removed.

Then I just tried it again. This is the relevant bit:
Hidden Registry Keys

A subtle but significant difference between the Win32 API and the Native API (see Inside the Native API for more information on this largely undocumented interface) is the way that names are described. In the Win32 API strings are interpreted as NULL-terminated ANSI (8-bit) or wide character (16-bit) strings. In the Native API names are counted Unicode (16-bit) strings. While this distinction is usually not important, it leaves open an interesting situation: there is a class of names that can be referenced using the Native API, but that cannot be described using the Win32 API.

How is this possible? The answer is that a name which is a counted Unicode string can explicitly include NULL characters (0) as part of the name. For example, "Key\0". To include the NULL at the end the length of the Unicode string is specified as 4. There is absolutely no way to specify this name using the Win32 API since if "Key\0" is passed as a name, the API will determine that the name is "Key" (3 characters in length) because the "\0" indicates the end of the name.

When a key (or any other object with a name such as a named Event, Semaphore or Mutex) is created with such a name any applications using the Win32 API will be unable to open the name, even though they might seem to see it. The program below, RegHide, illustrates this point. It creates a key called "HKEY_LOCAL_MACHINE\Software\Sysinternals\Can't touch me!\0" using the Native API, and inside this key it creates a value. Then the program pauses to give you an opportunity to see if you can view the value using any Registry editor you have handy (Regedit, Regedt32 or a third-party Registry editor). Because Regedit and Regedt32 (and likely an third party Registry editor) use the Win32 API, they will see the key listed as a child of Sysinternals, but when you try to open the key you'll get an error. This is because the Registry editor will try to open "Can't touch me!" without the trailing NULL (which is interpreted as the end of the string) and won't find this name. After you've verified this exit the program and this special key will be deleted.
They have a sample program, which is worth trying. While the program is running, if you open the registry editor, and then go to "HKEY_LOCAL_MACHINE\Software\System Internals", you'll see that the key "Can't touch me!" exists. But when you click on it to see its values, then the program says there was an error opening the key.

The error is that the Native API can make and access any type of String, including ones with Nulls in them. But the Windows API can only make and access Strings that are formatted as an acceptable Windows string, and that doesn't include ones with Nulls in them.

Why do you even have 2 sets of APIS? I don't know. Maybe the Windows API calls the Native API. Why didn't Microsoft make sure that the Native API cannot make any Keys or Values that the Windows APIS couldn't use? That's what every programmer would have to do. If not, anyone could screw up the registry, especially hackers. Or so you might think.

It turns out that you cannot access the Native API from a Windows program. To access the Native API, you need a Native Windows program. You can compile such a program using a hidden parameter in Microsoft's Driver Development Kit.
http://technet.microsoft.com/en-us/sysinternals/bb897447.aspx

But Microsoft never documented that how to make a program that could access the Native API, and didn't document the Native API either. So the only people who could make use of this, were the only people to know about it, Microsoft themselves.

There are 2 ways that Microsoft could make use of this:

1) They could make hidden settings in the registry that no-one would know was there, except them. But only Native programs could access them. So that means that if Windows wanted to use such hidden codes, they'd need programs that no-one knew were Native applications, but Microsoft did. Possible, as who knew of them anyway?

2) They could use these hacks to screw up ANY registry settings they wanted, just like they did with the "Shell" setting. Yep, that's right. If any developers wanted to use the registry, and Microsoft didn't like the competition, they could target a specific registry setting, add a download to Automatic Updates to include a Native application that would do the same as this hack, and then the same thing would happen, the program that relied on the registry setting would not be able to access that setting. They could mess up your programs big time if you relied on the registry.

But I seriously doubt anyone else could do this. You'd need to know that you could do this, and that you'd need a special program to do it, and how to compile such a special program and all of that knowledge was locked up inside Microsoft. I found it on the web. But only when I knew what I was looking for. But anyway, if any hackers had known of this, they could have used it any one of a dozen different ways. If hackers had known of this, you'd have been hacked hundreds of times by now.

FYI, this isn't the only security hole that is exposed this way, and this security hold affects everything in the registry, which is, well, everything in Windows. Screw up the registry and you screw up the OS.

Either way, it sounds like Microsoft screwed up in several ways:
1) They tried to add hidden codes via the Automatic Updates, did a bad job of it, and screwed up the machines royally.
2) They never wrote the proper error-trapping that was required of all programmers to make sure that it didn't screw up like this in the first place.
3) Microsoft have now revealed, to those who can figure it out, that the Windows Registry is full of LOTS of hidden codes, that you'll never see in a Registry Editor, and that you'll never see with any program compiled to run as a normal Windows program.
4) This security hole has been known by some for at least 4 years, and Microsoft had to have known about it since forever. Microsoft could have closed it years ago, with Automatic Updates, or at least with a security update that would fix the problem on rebooting the machine.

But let's be honest. Who besides anally-retentive me, is going to look this deeply into it? Who? So besides you and me, who is going to know? Yet again, another wonderful security hole in Windows remains open, and 99% of the world is none the wiser.

Yes, I know. It sounds like a conspiracy theory. But that's not how it started out. I just wanted to know what caused the problem, and why I hadn't got the problem on XP yet, if everyone had gotten it on Windows 7, and it was supposed to attack XP as well. I just wanted to know what was going on.

Someone, please, force Microsoft to close this one FOR GOOD! Just so's I can feel safe that no-one can screw up my Windows XP install.
 Cheburashka
Joined: 7/19/2009
Msg: 8
view profile
History
Windows Black Screen of Death: What You Need to Know
Posted: 12/3/2009 12:29:51 PM
sorry scorpiomover, maybe you need to revist basic windows startup API.

Its all well and good calling conspiricy theory but you have to start a process some how!

Thw Windows API which is started by the Native API cant start by itself, and while you can hide code in the Native API why would you bother unless your up to something jubious, and if you are there are scanners that can detect it, ones that run independant of the Windows API underneath it, which is where it would need to run, becuase its inaccessable after the fact.

Thats how malware can use it, they add the code so it starts before the Win API does...

Microsoft cant "close this ine for good" because it works the way it works...
Look at WoW and WoW64!
 scorpiomover
Joined: 4/19/2007
Msg: 9
view profile
History
Windows Black Screen of Death: What You Need to Know
Posted: 12/3/2009 4:44:37 PM
RE Msg: 9 by |TheOne|:
sorry scorpiomover, maybe you need to revist basic windows startup API.

Its all well and good calling conspiricy theory but you have to start a process some how!

Thw Windows API which is started by the Native API cant start by itself,
That's true. But that's why you have to lock it off from any options that aren't covered by existing APIs. That's how the whole concept of the interface started, because the underlying API classes would allow you to do things that the application-level API classes shouldn't be able to do, and that invariably crashed systems. But you know this. You've written your own API layers, just like me.

and while you can hide code in the Native API why would you bother unless your up to something jubious,
That's the problem. Unless you want to do dubious things, then you would lock it off. Microsoft has had a history of court cases where they were accused of doing exactly this, putting problems in other software that ran on Windows.

and if you are there are scanners that can detect it, ones that run independant of the Windows API underneath it, which is where it would need to run, becuase its inaccessable after the fact.

Thats how malware can use it, they add the code so it starts before the Win API does...
Antivirus check for unknown programs that are in the boot sequence. They also check for accessing the registry via the Windows API. But they cannot check the registry access in the Native API, because that's too low-level. They can shut off the program altogether or only let it run.

Anyway, that would be an argument that if someone doesn't have antivirus installed, that any malware program could kill Windows easily. Another security hole.

Microsoft cant "close this ine for good" because it works the way it works...
That's like saying that Microsoft should leave ALL security holes open, "because it works is the way it works".

Look at WoW and WoW64!
I don't know what you are getting to.

Maybe you would write code like that. But I've had to write complex multi-layered applications. I know what happens when you leave it open like this. You need to make an upgrade to your application, and you cause it to crash endlessly. That's why when I do this, I lock it off.
 Cheburashka
Joined: 7/19/2009
Msg: 10
view profile
History
Windows Black Screen of Death: What You Need to Know
Posted: 12/4/2009 5:29:55 PM
How would you do that?

I mean close it after the Windows API has started
 scorpiomover
Joined: 4/19/2007
Msg: 11
view profile
History
Windows Black Screen of Death: What You Need to Know
Posted: 12/5/2009 11:32:45 AM
RE Msg: 11 by |TheOne|:
How would you do that?

I mean close it after the Windows API has started
The reason you have the Native API and the Windows API, is because the Windows API accesses the registry through the Native API. So as long as the Windows API is loaded and usable, the Native API has to remain loaded and usable as well.

That's why I use validation to lock off making improper calls. It adds time on each function call, though. So I normally need to lock them off, by declaring them all private, except for the ones I want to be accessible, which I make public, and then they have to have validation, just to avoid these kinds of problems. It's a pain. But error-trapping in programming is in its infancy still.
 Cheburashka
Joined: 7/19/2009
Msg: 12
view profile
History
Windows Black Screen of Death: What You Need to Know
Posted: 12/5/2009 12:21:34 PM
I know why they are there, and what they do in ralation to eachother.

They have validation, and public function, and private function calls, but you cant close all off can you, well I guessing you cant otherwise they would.
 /don
Joined: 10/6/2009
Msg: 13
Windows Black Screen of Death: What You Need to Know
Posted: 12/5/2009 1:04:37 PM

They have validation, and public function, and private function calls, but you cant close all off can you, well I guessing you cant otherwise they would.

Microsoft?
Seems to me like they keep a lot of things on and open...just because.
Windows Services for example, until recently, by default there were all kinds of unnecessary services running & unnecessary ports open. They still do that but have gotten better about it in more recent versions.

You have to admit, making changes to ACLs (Access Control Lists) sounds a little suspicious after reading recent news...


http://intelligencenews.wordpress.com/2009/11/20/01-312/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+intelNewsOrg+%28intelNews.org%29

Privacy concerns as NSA admits “helping” Microsoft
November 20, 2009
· 2 Comments

By JOSEPH FITSANAKIS | intelNews.org |
Security experts raised privacy concerns after a US National Security Agency official revealed that the Agency collaborated with Microsoft during the development stage of Windows 7. The revelation was made in a prepared statement by NSA information assurance director Richard Schaeffer, before the US Senate’s Subcommittee on Terrorism and Homeland Security, which operates under the Judiciary panel. Speaking during a hearing on cybersecurity on November 17, Schaeffer acknowledged that the NSA drew on its “unique expertise and operational knowledge of system threats and vulnerabilities to enhance Microsoft’s operating system security guide”. Schaeffer ‘s prepared statement is available on video here (forward to 32nd minute). Commenting on Schaeffer’s revelation, security experts and watchdog groups expressed privacy concerns, citing the Agency’s controversial domestic intelligence operations in recent years. Marc Rotenberg, executive director of the Electronics Privacy Information Center (EPIC), said “the obvious concern is [that the NSA has built] in back doors that enable tracking users and intercepting user communications”. This is the third time in recent years that the NSA is found to have collaborated with Microsoft in developing operating systems. The secretive Agency worked with the US-owned vendor on Windows 9X, Windows XP, Windows 2000, and Windows Vista.



http://www.pcworld.com/article/183440/windows_black_screen_of_death_what_you_need_to_know.html?tk=nl_ptx_h_cbintro

It stems from Microsoft security updates

After the latest Microsoft patch was delivered on Tuesday, November 10, 2009, users began reporting a crippling black screen. The Black Screen of Death causes your PC to seize up and removes everything except, in some cases, a single open My Computer window. So what happened?

Microsoft apparently made changes to the Access Control List (ACL), a list of permissions for a logged-on user. The ACL interacts with registry keys, creating visible desktop features such as a sidebar. However, the latest patches appear to make some changes to those registry keys. The effect is that some installed applications aren't aware of the changes and don't run properly.

It's not Windows 7-specific

Windows 7 haters: step back. The Black Screen of Death isn't relegated to Microsoft's latest OS. Security firm Previx states that the Black Screen of Death can affect Windows XP, Vista, and Windows 7 without prejudice. So if you're considering uninstalling Windows 7, fearful that it is the source of the problem, don't bother. You won't dodge any bullet.

Microsoft is investigating

Gotta give it to Microsoft: It has a clever way of neither confirming nor denying the existence of a PC illness. In an e-mail statement obtained by PC World yesterday, a company spokesperson wrote: "Microsoft is investigating reports that its latest release of security updates is resulting in system issues for some customers. Once we complete our investigation, we will provide detailed guidance on how to prevent or address these issues."
 Cheburashka
Joined: 7/19/2009
Msg: 14
view profile
History
Windows Black Screen of Death: What You Need to Know
Posted: 12/5/2009 2:12:36 PM

Microsoft?
Seems to me like they keep a lot of things on and open...just because.
Windows Services for example, until recently, by default there were all kinds of unnecessary services running & unnecessary ports open. They still do that but have gotten better about it in more recent versions.

You have to admit, making changes to ACLs (Access Control Lists) sounds a little suspicious after reading recent news...

I hadnt realised conspiracy theoriests were so absessed.

Ever consider the NSA were helping to make it more secure, rather than adding their own holes?
 /don
Joined: 10/6/2009
Msg: 15
Windows Black Screen of Death: What You Need to Know
Posted: 12/5/2009 3:26:19 PM
Politicians control the government. Unfortunately I can't say that I trust politicians as long as they are benefiting from kickbacks and other personal gains while our countries have unfulfilled needs. Until they take the money out of politics, I remain suspicious of their motives.

In this case the NSA might actually need access/backdoors to all computers to ensure the safety of the people...but updated articles of the thread topic say that it was unrelated to Microsoft's update.
And since it's possible that terrorists could root all insecure PCs, it's a little scary what kind of attack they would be capable of launching against the government, so yes, they could very well be protecting the people by better securing the most common OS used today.
 Cheburashka
Joined: 7/19/2009
Msg: 16
view profile
History
Windows Black Screen of Death: What You Need to Know
Posted: 12/5/2009 4:47:06 PM

In this case the NSA might actually need access/backdoors to all computers to ensure the safety of the people...but updated articles of the thread topic say that it was unrelated to Microsoft's update.
And since it's possible that terrorists could root all insecure PCs, it's a little scary what kind of attack they would be capable of launching against the government, so yes, they could very well be protecting the people by better securing the most common OS used today.


Thats the way I read it, an open system in the hands of a friend is as bad as a closed system in the hands of an enemy as Im sure you know, an open system is anyones system.

Anyway any kind of back door into Windows inserted by the NAS could be used to spy on people from other countries too, which would fall into the CIA remit rather than the NSA remit.
 /don
Joined: 10/6/2009
Msg: 17
Windows Black Screen of Death: What You Need to Know
Posted: 12/5/2009 5:00:32 PM

Anyway any kind of back door into Windows inserted by the NAS could be used to spy on people from other countries too, which would fall into the CIA remit rather than the NSA remit.

Yeah, maybe they'll have to work together on it...lol
They're going to do whatever they're going to do, I just hope they do it right.
 scorpiomover
Joined: 4/19/2007
Msg: 18
view profile
History
Windows Black Screen of Death: What You Need to Know
Posted: 12/5/2009 6:29:22 PM
RE Msg: 13 by |TheOne|:
I know why they are there, and what they do in ralation to eachother.

They have validation, and public function, and private function calls, but you cant close all off can you, well I guessing you cant otherwise they would.
It's not the only security hole.

Another is that when you access the registry, technically, you have the ability to set permissions on each key. But it's only optional. If you ask me, when the registry is edited, then security should be mandatory.

1) When you install software by any vendor, say Adobe, then Adobe have to supply the name and password of their own Secure User account, to access their settings.
2) If no such Secure User account exists, then it's made for them automatically.
3) Windows gets their own account, for their own registry settings. But they don't get to access anyone else's.
3) ONE System Administrator can always access the whole registry, just as a backup.
4) If your program needs to update other registry settings, say, to add a startup program to the Windows registry settings, then it has to make a special request, that allows Windows to decide if that program should or should not be allowed to do that.

My idea behind that, is that if another virus like MSBlast started trying to mess with the registry, then it couldn't mess with any settings other than the ones it makes for itself. Also, if it had to go through a special request service to add things to the startup programs, then if you are online, Windows could even check that online against a list of virus programs. So MSBlast could have been shut down before it could have got going.

It would also make the whole system far more secure, because no settings can be messed with, except by the programs supposed to mess with them, and they will be designed to not screw them up.

Right now, it's optional. So a lot of software simply doesn't bother, because they don't have to.

I'm just highlighting one problem, and one way of handling it. There could be plenty of others.

RE Msg: 17 by |TheOne|:
Thats the way I read it, an open system in the hands of a friend is as bad as a closed system in the hands of an enemy as Im sure you know, an open system is anyones system.
Only if your friend is really your friend. Remember Nixon and Watergate?

Anyway any kind of back door into Windows inserted by the NAS could be used to spy on people from other countries too, which would fall into the CIA remit rather than the NSA remit.
Yes. But then it might look we're spying on China, and it's not good to get caught spying. You get shot.

This way, the CIA can claim that the NSA did it, not the CIA, and the NSA can say they did it, to protect Americans from Americans, not Americans from China. If it just so happens that "some" CIA agents happen to have the info on NSA back doors fall into their laps, well, it's not their fault, is it? It'd be a shame to have that, and not use it.
 Cheburashka
Joined: 7/19/2009
Msg: 19
view profile
History
Windows Black Screen of Death: What You Need to Know
Posted: 12/5/2009 6:39:47 PM

Another is that when you access the registry, technically, you have the ability to set permissions on each key. But it's only optional. If you ask me, when the registry is edited, then security should be mandatory.

1) When you install software by any vendor, say Adobe, then Adobe have to supply the name and password of their own Secure User account, to access their settings.
2) If no such Secure User account exists, then it's made for them automatically.
3) Windows gets their own account, for their own registry settings. But they don't get to access anyone else's.
3) ONE System Administrator can always access the whole registry, just as a backup.
4) If your program needs to update other registry settings, say, to add a startup program to the Windows registry settings, then it has to make a special request, that allows Windows to decide if that program should or should not be allowed to do that.


Its an open system policy, its not locked down like Apples OS is.

You dont want to spend on it already, I cant see you wanting to spend more on an OS that is going to be in reality harder to use.

The system your talking about would need a creation of the validation system in the first place, unless its added by Microsoft, which would put the install size sky high, unless you are going to leave out most of the worlds developers, and if you create the validation password yourself, or rather let the software create it then you have just installed a piece of malisious software and given it permission to password protect its own keys to prevent you tampering with it, and remember with it being password protected a scanner would not be able to access the keys, unless you go the administrator can see/do all on his account, but you kinda already have they system if you use it properly...
 scorpiomover
Joined: 4/19/2007
Msg: 20
view profile
History
Windows Black Screen of Death: What You Need to Know
Posted: 12/6/2009 8:34:41 AM
RE Msg: 20 by |TheOne|:
Its an open system policy, its not locked down like Apples OS is.

You dont want to spend on it already, I cant see you wanting to spend more on an OS
I agree with that. I could buy a Mac. I'm not planning to, and cost is probably the main reason.

That doesn't stop me noticing huge flaws with the system I currently have.

that is going to be in reality harder to use.
I've used Macs before. They take a bit longer to get used to. But that's mainly because Windows is so prevalent, that people are just more familiar with a different method of operation. So it has a slightly bigger learning curve to say "Oh, you don't open Control Panel, you open System Preferences". But once you get used to it, then learning new things is much quicker, because they are often exactly where you expect them to be.

The system your talking about would need a creation of the validation system in the first place, unless its added by Microsoft, which would put the install size sky high,
I was originally going to suggest that such a security system should exist. Then I googled it, and found it already does exist. It has been in Windows since 2000. Install size: 0. Already installed.
http://www.windowsecurity.com/articles/Securing_the_Windows_2000_Registry.html

But they aren't made easy. They are set up in the Policy Editor, using SACLS on specific keys. They are optional, and complicated. So that encourages them not to be used.

unless you are going to leave out most of the worlds developers, and if you create the validation password yourself, or rather let the software create it then you have just installed a piece of malisious software and given it permission to password protect its own keys to prevent you tampering with it,
A piece of software that doesn't allow you to mess with it and screw it up, is called "secure".

A piece of software that fiddles with OTHER software and the OS itself, without permission, is called malicious.

Making the registry secure would go a long way to make it much, much harder for any malicious software to screw up your PC, even ones that are new, and no anti-virus yet protects against them.

and remember with it being password protected a scanner would not be able to access the keys, unless you go the administrator can see/do all on his account,
Yes. But when you install a registry scanner, say an anti-virus, it only makes sense to let the anti-virus see all the registry keys, but nothing else.

but you kinda already have they system if you use it properly...
Yes, if you don't install any viruses, and you don't access any sites that do. But the average desktop user isn't that knowledgeable about Windows to do that, and even experienced and knowledgeable users often don't have that kind of system. Only Windows security experts can be expected to have that kind of expertise. You could pay a Windows security expert to set it up for you. But then, you could equally pay for a Mac. Plus, a Windows security expert cannot guarantee a system is secure if it's been changed in any way, which means you cannot afford to install any new software anyway.

My way would make one of the most easy ways to write millions of malicious viruses, trojans, worms, and more, practically unfeasible.

There would be a learning curve for software developers, just like there was when Windows demanded that from Windows 2000 onwards, that all new device drivers needed to be written using device driver classes. But it worked for Windows 2000, and XP, and Vista, and 7. It even worked for .NET for many developers.

About the only time it doesn't work, is when Microsoft make the new routines so different from the old ones, that converting the coding becomes a nightmare to do so. I'm talking about adding in 2 new parameters, which is not a big deal. You could even leave them out, and simply set the parameters to define registry security up at the process level. That's adding 2 lines of code when you recompile your program. It could even be added automatically by the compiler, or by the IDE, something that Microsoft have done before.

If it was set up at the process level, the only way your registry access would be a problem, would be if you tried to access another software's part of the registry, and that is never a good idea to do. That should always be done through an interface to that software, to ensure you aren't a malicious virus, trying to corrupt the system.
 Cheburashka
Joined: 7/19/2009
Msg: 21
view profile
History
Windows Black Screen of Death: What You Need to Know
Posted: 12/8/2009 5:24:47 AM
Thats just one more step towards a closed system

For instance if Adobe password protect their reg keys, and I come along as a developer with a killer addin for Premiere I cant intergrate it without knowing the password, which means getting into bed with Adobe at some point...

Knowing a little of how Adobe work with liceicing thats not a nice prospect.

Of course with regards to adobe software you cant really do it without permission anyway, but its an example, there are software vendors who dont require permission, but would if they password protect keys.

Its a good theory, not a good pratice
 scorpiomover
Joined: 4/19/2007
Msg: 22
view profile
History
Windows Black Screen of Death: What You Need to Know
Posted: 12/8/2009 2:19:23 PM
RE Msg: 22 by |TheOne|:
Thats just one more step towards a closed system
Only a system that is closed to those things that should have been closed in the first place.

For instance if Adobe password protect their reg keys, and I come along as a developer with a killer addin for Premiere I cant intergrate it without knowing the password, which means getting into bed with Adobe at some point...

Knowing a little of how Adobe work with liceicing thats not a nice prospect.

Of course with regards to adobe software you cant really do it without permission anyway, but its an example, there are software vendors who dont require permission, but would if they password protect keys.
Actually, you cannot do that with any software. In order to develop an add-in for any software, the software has to support add-ins, by establishing an interface that will be called by the add-in. If no interface exists, then no matter what you do with the registry, the system will not recognise it. If the interface exists, and it looks in the registry to see which add-ins to load, then you can edit the reg keys to add the add-in to the software. But then, it would be something that the software designers want to be open, so it would be put in its own section. That would make it clear to the software manufacturers that it's a publicly-accessed part of their software, and they'd put in validation to ensure that no-one has added an add-in that would hack their software or corrupt it. Bu as it stands, no-one thinks of that, because they don't have any protection in the first place.

The only advantage that this gives people wanting to make add-ins, is if Adobe make their own add-ins, and use the registry to keep track of them, but refuse to allow others to make their own add-ins. Then you could hack Adobe by making your own add-in, and add it into the registry for Adobe to pick it up. But you're still hacking Adobe. You're still using a security hold in Adobe's software. Anyone else could do the same, and then make Adobe crash every time, giving you the impression that Adobe is a cr*p product, encouraging you to buy their own inferior but more expensive product. Great way to encourage commercial sabotage.

Its a good theory, not a good pratice
It's a great way to run a system. It ensures that software is far more secure.

For instance, Apache makes many registry entries. But they are either set up automatically to support Windows Installer, or are registering modules to allow Windows OS to support them. The actual settings are not held in the registry. So far, it's shown to be one of the most reliable software I have, and yet, it doesn't use the registry to store its internal settings at all.

The registry was just not what I would call a "well thought out idea". I can see that it made life easier for Microsoft, and it made it very much easier to get out Windows 95 and Windows NT quickly. But "easier" is often more prone to crashing, errors, corruption, hacking, and a lack of performance.

But this is a done deal. It's the same issue as the lack of security in the program folders in Windows 95, which is still only an optional feature in Windows NT/2000/XP, and still leaves any Windows install open to all sorts of hacks. It also lets people do stupid things like deleting dlls when they don't know they do, just to "fix" their system. Yes, people do do that. One sensible thing that Microsoft did do with the registry was to not put a shortcut to the registry editor (regedit.exe) on the Start Menu. If they had done that, a lot of users would have used it, deleted settings, and, well, you know what would have happened. BSOD, followed by a Windows that won't boot, and needs to be re-installed.
 whenwillthiswork26
Joined: 11/13/2008
Msg: 23
view profile
History
Windows Black Screen of Death: What You Need to Know
Posted: 12/12/2009 5:21:58 PM
My 3 week old hp $800 computer had a black screen of death instead of booting into windows 7. There was only a little blinking dash in the upper left corner of the monitor. I left it turned off for a week and then turned it on and it w0rks perfectly like nothing ever happened.
 Finola5
Joined: 9/5/2011
Msg: 24
view profile
History
Windows Black Screen of Death: What You Need to Know
Posted: 9/11/2011 10:46:04 PM
I have Windows XP and when I see one of my friends is online, I click on their link and all that comes up is a black screen-nothing for me to click on, etc. What am I doing wrong? Thanks!
 TeeToTheEyeToTheEm
Joined: 9/5/2011
Msg: 25
Windows Black Screen of Death: What You Need to Know
Posted: 9/12/2011 12:23:37 AM
Anyone tried selecting the "Last Known Good Configuration" from the boot menu? You might also try scrubbing your registry with a free program CCleaner. It removes all the duplicate registry entries that accumulate over time that probably cause errors. Another good free program is FreshDiagnose. This program does a thorough search of your system and finds conflicts and errors and even offers to fix them. It wouldn't hurt to get into your device manager and check all the drivers to see if they are either current or working properly. If you find conflicts simply right click, properties, driver, and uninstall the driver. Reboot and the OS will sense the driver(s) are missing and repair itself from either online, from the disc, or the recovery partition with the current drivers.
Show ALL Forums  > Technology/Computers  > Windows Black Screen of Death: What You Need to Know