Page 2 of 8

Re: Windows 4.3.18 specifically for errors due to security

Posted: 14. Oct 2014, 17:37
by RalfK
Hi,

also with 4.3.18 I have problems to start a new VM:

Host: WIN 7 SP1 64bit German
AV: Avira Free Antivirus 14.0.7.306
Failure-Messages.jpg
Failure-Messages.jpg (50.71 KiB) Viewed 18344 times
Thanks

RalfK

Re: Windows 4.3.18 specifically for errors due to security

Posted: 14. Oct 2014, 20:09
by Memiself
Hello,
Still no joy for me.. Haven't got a VM started yet.
Server 2012 Essentials (not R2), no AV.
Ran sfc /scannow on suggestion of MS TechNet, which did some stuff, but no mention of crypt32.dll in CBS.log
VirtualBox 4.3.18-96516:

Failed to open a session for the virtual machine Sogo.
The virtual machine 'Sogo' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'D:\VirtualBox\Sogo\Logs\VBoxStartup.log'.
Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}

Re: Windows 4.3.18 specifically for errors due to security

Posted: 15. Oct 2014, 12:59
by mpack
@Bird, is there any chance of you looking at adding some kind of exception for "uxtheme.dll"?

Sample discussion here: viewtopic.php?f=3&t=64151

Many people use a hacked version of this DLL in order to get around Microsoft imposed limitations on the look and feel of a particular Windows version, e.g. allowing free Win7 like themes on Win8.

I'm thinking there might be a specific patch which you would check for and allow.

Re: Windows 4.3.18 specifically for errors due to security

Posted: 15. Oct 2014, 13:38
by michaln
mpack wrote:@Bird, is there any chance of you looking at adding some kind of exception for "uxtheme.dll"?
You're basically asking to completely disable the hardening (because it then becomes an open invitation for malware to subvert uxtheme.dll). I think I know what the answer will be :)

Re: Windows 4.3.18 specifically for errors due to security

Posted: 15. Oct 2014, 13:43
by Jacob Klein
michaln:

Depending on the implementation, it doesn't have to be a "blind exception for uxtheme.dll". It may be a "targeted heuristic exception to a part of the patched uxtheme's behavior". I'm not 100% positive, but I believe that is what bird is doing -- targeted behavioral exceptions, not entire-dll exceptions.

Re: Windows 4.3.18 specifically for errors due to security

Posted: 15. Oct 2014, 13:53
by Petr Vones
michaln wrote:You're basically asking to completely disable the hardening (because it then becomes an open invitation for malware to subvert uxtheme.dll)
A malware can also infect ntoskrnl.exe, any device driver, MBR or BIOS. You can hardly detect this while it also affects your product. Will you try to scan MBR and BIOS next time ?

A "workaround" could be to copy the original unmodified uxtheme.dll into directory where virtualbox.exe resides to be loaded from that location (assuming the LoadLibrary rules still applies) to satisfy your new forced anti-malware guardian role :roll: Note there are also modified versions of DWrite.dll around (by a wrapper DLL) to prevent horrible blurry font rendering in IE9+ and HTML Help viewer that can not be disabled by any user setting.

Re: Windows 4.3.18 specifically for errors due to security

Posted: 15. Oct 2014, 15:27
by mpack
michaln wrote:You're basically asking to completely disable the hardening
I wouldn't cry if that happened, but no, I'm basically asking you to find a way to make it work. An obvious possibility is to allow "uxtheme.dll" files having one of N known MD5 checksums. Even allow the user to somehow enter what the acceptable checksum should be - possibly extend the idea into a user whitelist, let the user take responsibility.

This is off the top of my head without understanding all the details. I'm sure you can do better.

Re: Windows 4.3.18 specifically for errors due to security

Posted: 15. Oct 2014, 15:34
by mpack
Petr Vones wrote:A "workaround" could be to copy the original unmodified uxtheme.dll into directory where virtualbox.exe
That would be no good. The whole point of a theme is that we don't want individual apps choosing their own look and feel.

For some users, e.g. the visually impaired, this can be of vital importance.

Re: Windows 4.3.18 specifically for errors due to security

Posted: 15. Oct 2014, 16:42
by klaus
All, please accept the fact that we have no choice but to carefully check whether all DLLs which end up in a VM process are trustworthy. Our "stubborn" refusal to make compromises in this area should make it obvious that it is a key security requirement and any significant backing down means throwing the security out with the bathwater. The only viable way we see is relying on signatures, and this means any DLL patching will immediate set off the alarm. We're trying to find a solution where a user can declare a particular DLL as trustworthy even if it has been tampered with, but that's tricky and most likely will require signing by the user. Not finalized. Please be aware that we know that the pain level is quite high for some users. However, no matter how bad the pain is, we will not make cheap compromises at the expense of the security of our users.

Personally I put a lot of hope in the next major release (which should bring full separation of the GUI from the VM process), which has the potential to greatly reduce the number of DLLs which are loaded into a VM process.. On the other hand I'm skeptical that it will turn out as good as it sounds, as so many products out there inject their DLLs into each and every process, no matter if it makes sense or not. There are many things fundamentally wrong with security on Windows, but only Microsoft would have the power to fix this by tightening a large number of rules. The flaws in the security architecture on Windows cause a large portion of the effort and pain on our side.

Re: Windows 4.3.18 specifically for errors due to security

Posted: 15. Oct 2014, 17:45
by Petr Vones
<Off topic chat deleted by mod>.

Re: Windows 4.3.18 specifically for errors due to security

Posted: 15. Oct 2014, 18:54
by MuldeR
VirtualBox 4.3.18 won't launch VM's on Windows 7 x64 (SP-1 installed, fully patched):

Image

Back to VirtualBox 4.3.16 and everything works as expected again...

Re: Windows 4.3.18 specifically for errors due to security

Posted: 15. Oct 2014, 20:04
by SteveS73v3
I am still seeing the issue with Digital Guardian / dgmaster.sys after upgrading to 4.3.18

My bluescreen looks the same as the one listed by @RelakS posted in the 4.3.16 thread
(viewtopic.php?f=6&t=63556&sid=182e7a2ab7c04b932701fd5e730987c5&start=195) Sorry, I can't post URLs until tomorrow. :oops:

Re: Windows 4.3.18 specifically for errors due to security

Posted: 15. Oct 2014, 20:14
by mpack
That's enough chatter on the wisdom of the hardening feature please. I realize that I'm as guilty as the next person, but we do need to stay focused in this topic.

Re: Windows 4.3.18 specifically for errors due to security

Posted: 15. Oct 2014, 22:29
by here647
1. Win7 64bit

2. VBoxStartup.zip enclosed

3. Microsoft security essentials, windows firewall


The UI also displayed the errors below when trying to launch the VM.

---------------------------------------------------------------------------

Failed to create the VirtualBox COM object.

The application will now terminate.



Callee RC: E_INVALIDARG (0x80070057)


--------------------------------------------------------------------------------------------------------------


Failed to open a session for the virtual machine slk.

The virtual machine 'slk' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\...\VirtualBox VMs\slk\Logs\VBoxStartup.log'.

Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}

Re: Windows 4.3.18 specifically for errors due to security

Posted: 16. Oct 2014, 10:44
by mullnerz
3D acceleration does not work, because Virtualbox can't use host operation systems OpenGL drivers?! And therefore only sw rendering used (Microsoft Corporation GDI Generic).
There is some minor problem with driver signing at the file c:\Windows\system32\igdusc64.dll, I think this is the cause.

Host:
Windows 8.1 64bit
Windows Defender, Windows Firewall (does not matter whether it is on or off)
Chipset Intel® H87 Express
Intel® HD Graphics 4600
Latest offical Intel HD Graphics Driver installed. The same driver can also be installed from Windows Update.
igdusc64.dll can be found in win64_15363.zip (Intel® Iris™ and HD Graphics Driver for Windows* 7/8/8.1 64bit)

Brief detail from VBox.log:

Code: Select all

[b]00:00:01.585921 supR3HardenedErrorV: supR3HardenedScreenImage/Imports: rc=VERR_LDRVI_UNSUPPORTED_ARCH fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume4\Windows\System32\igdusc64.dll: WinVerifyTrust failed with hrc=CERT_E_CHAINING on '\Device\HarddiskVolume4\Windows\System32\igdusc64.dll'
00:00:01.586209 supR3HardenedErrorV: supR3HardenedScreenImage/NtCreateSection: cached rc=VERR_LDRVI_UNSUPPORTED_ARCH fImage=1 fProtect=0x10 fAccess=0xf cErrorHits=1 \Device\HarddiskVolume4\Windows\System32\igdusc64.dll[/b]
00:00:01.586824 OpenGL Info: Render SPU: GL_VENDOR:   Microsoft Corporation
00:00:01.586828 OpenGL Info: Render SPU: GL_RENDERER: GDI Generic
00:00:01.586831 OpenGL Info: Render SPU: GL_VERSION:  1.1.0
00:00:01.586834 OpenGL Info: Render SPU: GL_EXTENSIONS: GL_WIN_swap_hint GL_EXT_bgra GL_EXT_paletted_texture
00:00:01.587659 OpenGL Info: Cfg: u32Caps(0x1f), fVisualBitsDefault(0x23)
00:00:01.587746 Shared crOpenGL service loaded.
The same applies to different Linux guests (Ubuntu 14.04.1 LTS Desktop).
Running glxgears produces only a black window, but does not crash.

attached:
VBoxStartup.zip