Windows 4.3.18 specifically for errors due to security

Discussions related to using VirtualBox on Windows hosts.

Re: Windows 4.3.18 specifically for errors due to security

Postby RalfK » 14. Oct 2014, 17:37

Hi,

also with 4.3.18 I have problems to start a new VM:

Host: WIN 7 SP1 64bit German
AV: Avira Free Antivirus 14.0.7.306

Failure-Messages.jpg
Failure-Messages.jpg (50.71 KiB) Viewed 12245 times


Thanks

RalfK
Attachments
VBoxStartup.zip
Log-File
(11.5 KiB) Downloaded 57 times
RalfK
 
Posts: 1
Joined: 14. Oct 2014, 17:24

Re: Windows 4.3.18 specifically for errors due to security

Postby Memiself » 14. Oct 2014, 20:09

Hello,
Still no joy for me.. Haven't got a VM started yet.
Server 2012 Essentials (not R2), no AV.
Ran sfc /scannow on suggestion of MS TechNet, which did some stuff, but no mention of crypt32.dll in CBS.log
VirtualBox 4.3.18-96516:

Failed to open a session for the virtual machine Sogo.
The virtual machine 'Sogo' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'D:\VirtualBox\Sogo\Logs\VBoxStartup.log'.
Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}
Attachments
VBoxStartup.log
(101.61 KiB) Downloaded 58 times
Memiself
 
Posts: 4
Joined: 21. Sep 2014, 20:28

Re: Windows 4.3.18 specifically for errors due to security

Postby mpack » 15. Oct 2014, 12:59

@Bird, is there any chance of you looking at adding some kind of exception for "uxtheme.dll"?

Sample discussion here: https://forums.virtualbox.org/viewtopic.php?f=3&t=64151

Many people use a hacked version of this DLL in order to get around Microsoft imposed limitations on the look and feel of a particular Windows version, e.g. allowing free Win7 like themes on Win8.

I'm thinking there might be a specific patch which you would check for and allow.
mpack
Site Moderator
 
Posts: 29843
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.18 specifically for errors due to security

Postby michaln » 15. Oct 2014, 13:38

mpack wrote:@Bird, is there any chance of you looking at adding some kind of exception for "uxtheme.dll"?

You're basically asking to completely disable the hardening (because it then becomes an open invitation for malware to subvert uxtheme.dll). I think I know what the answer will be :)
michaln
Oracle Corporation
 
Posts: 2958
Joined: 19. Dec 2007, 15:45
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Any and all

Re: Windows 4.3.18 specifically for errors due to security

Postby Jacob Klein » 15. Oct 2014, 13:43

michaln:

Depending on the implementation, it doesn't have to be a "blind exception for uxtheme.dll". It may be a "targeted heuristic exception to a part of the patched uxtheme's behavior". I'm not 100% positive, but I believe that is what bird is doing -- targeted behavioral exceptions, not entire-dll exceptions.
Jacob Klein
 
Posts: 492
Joined: 20. Nov 2013, 01:07

Re: Windows 4.3.18 specifically for errors due to security

Postby Petr Vones » 15. Oct 2014, 13:53

michaln wrote:You're basically asking to completely disable the hardening (because it then becomes an open invitation for malware to subvert uxtheme.dll)
A malware can also infect ntoskrnl.exe, any device driver, MBR or BIOS. You can hardly detect this while it also affects your product. Will you try to scan MBR and BIOS next time ?

A "workaround" could be to copy the original unmodified uxtheme.dll into directory where virtualbox.exe resides to be loaded from that location (assuming the LoadLibrary rules still applies) to satisfy your new forced anti-malware guardian role :roll: Note there are also modified versions of DWrite.dll around (by a wrapper DLL) to prevent horrible blurry font rendering in IE9+ and HTML Help viewer that can not be disabled by any user setting.
Petr Vones
 
Posts: 56
Joined: 27. Dec 2012, 01:20
Location: Czech Republic
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Windows Server 2008+ 64-bit

Re: Windows 4.3.18 specifically for errors due to security

Postby mpack » 15. Oct 2014, 15:27

michaln wrote:You're basically asking to completely disable the hardening

I wouldn't cry if that happened, but no, I'm basically asking you to find a way to make it work. An obvious possibility is to allow "uxtheme.dll" files having one of N known MD5 checksums. Even allow the user to somehow enter what the acceptable checksum should be - possibly extend the idea into a user whitelist, let the user take responsibility.

This is off the top of my head without understanding all the details. I'm sure you can do better.
mpack
Site Moderator
 
Posts: 29843
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.18 specifically for errors due to security

Postby mpack » 15. Oct 2014, 15:34

Petr Vones wrote:A "workaround" could be to copy the original unmodified uxtheme.dll into directory where virtualbox.exe

That would be no good. The whole point of a theme is that we don't want individual apps choosing their own look and feel.

For some users, e.g. the visually impaired, this can be of vital importance.
mpack
Site Moderator
 
Posts: 29843
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.18 specifically for errors due to security

Postby klaus » 15. Oct 2014, 16:42

All, please accept the fact that we have no choice but to carefully check whether all DLLs which end up in a VM process are trustworthy. Our "stubborn" refusal to make compromises in this area should make it obvious that it is a key security requirement and any significant backing down means throwing the security out with the bathwater. The only viable way we see is relying on signatures, and this means any DLL patching will immediate set off the alarm. We're trying to find a solution where a user can declare a particular DLL as trustworthy even if it has been tampered with, but that's tricky and most likely will require signing by the user. Not finalized. Please be aware that we know that the pain level is quite high for some users. However, no matter how bad the pain is, we will not make cheap compromises at the expense of the security of our users.

Personally I put a lot of hope in the next major release (which should bring full separation of the GUI from the VM process), which has the potential to greatly reduce the number of DLLs which are loaded into a VM process.. On the other hand I'm skeptical that it will turn out as good as it sounds, as so many products out there inject their DLLs into each and every process, no matter if it makes sense or not. There are many things fundamentally wrong with security on Windows, but only Microsoft would have the power to fix this by tightening a large number of rules. The flaws in the security architecture on Windows cause a large portion of the effort and pain on our side.
klaus
Oracle Corporation
 
Posts: 712
Joined: 10. May 2007, 14:57

Re: Windows 4.3.18 specifically for errors due to security

Postby Petr Vones » 15. Oct 2014, 17:45

<Off topic chat deleted by mod>.
Last edited by mpack on 16. Oct 2014, 12:22, edited 1 time in total.
Reason: Deleted material likely to lead to off topic arguments.
Petr Vones
 
Posts: 56
Joined: 27. Dec 2012, 01:20
Location: Czech Republic
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Windows Server 2008+ 64-bit

Re: Windows 4.3.18 specifically for errors due to security

Postby MuldeR » 15. Oct 2014, 18:54

VirtualBox 4.3.18 won't launch VM's on Windows 7 x64 (SP-1 installed, fully patched):

Image

Back to VirtualBox 4.3.16 and everything works as expected again...
MuldeR
 
Posts: 24
Joined: 25. Aug 2014, 20:45

Re: Windows 4.3.18 specifically for errors due to security

Postby SteveS73v3 » 15. Oct 2014, 20:04

I am still seeing the issue with Digital Guardian / dgmaster.sys after upgrading to 4.3.18

My bluescreen looks the same as the one listed by @RelakS posted in the 4.3.16 thread
(viewtopic.php?f=6&t=63556&sid=182e7a2ab7c04b932701fd5e730987c5&start=195) Sorry, I can't post URLs until tomorrow. :oops:
SteveS73v3
 
Posts: 1
Joined: 15. Oct 2014, 19:44

Re: Windows 4.3.18 specifically for errors due to security

Postby mpack » 15. Oct 2014, 20:14

That's enough chatter on the wisdom of the hardening feature please. I realize that I'm as guilty as the next person, but we do need to stay focused in this topic.
mpack
Site Moderator
 
Posts: 29843
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.18 specifically for errors due to security

Postby here647 » 15. Oct 2014, 22:29

1. Win7 64bit

2. VBoxStartup.zip enclosed

3. Microsoft security essentials, windows firewall


The UI also displayed the errors below when trying to launch the VM.

---------------------------------------------------------------------------

Failed to create the VirtualBox COM object.

The application will now terminate.



Callee RC: E_INVALIDARG (0x80070057)


--------------------------------------------------------------------------------------------------------------


Failed to open a session for the virtual machine slk.

The virtual machine 'slk' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\...\VirtualBox VMs\slk\Logs\VBoxStartup.log'.

Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}
Attachments
VBoxStartup.zip
(20.46 KiB) Downloaded 74 times
here647
 
Posts: 6
Joined: 15. Oct 2014, 22:21

Re: Windows 4.3.18 specifically for errors due to security

Postby mullnerz » 16. Oct 2014, 10:44

3D acceleration does not work, because Virtualbox can't use host operation systems OpenGL drivers?! And therefore only sw rendering used (Microsoft Corporation GDI Generic).
There is some minor problem with driver signing at the file c:\Windows\system32\igdusc64.dll, I think this is the cause.

Host:
Windows 8.1 64bit
Windows Defender, Windows Firewall (does not matter whether it is on or off)
Chipset Intel® H87 Express
Intel® HD Graphics 4600
Latest offical Intel HD Graphics Driver installed. The same driver can also be installed from Windows Update.
igdusc64.dll can be found in win64_15363.zip (Intel® Iris™ and HD Graphics Driver for Windows* 7/8/8.1 64bit)

Brief detail from VBox.log:
Code: Select all   Expand viewCollapse view
[b]00:00:01.585921 supR3HardenedErrorV: supR3HardenedScreenImage/Imports: rc=VERR_LDRVI_UNSUPPORTED_ARCH fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume4\Windows\System32\igdusc64.dll: WinVerifyTrust failed with hrc=CERT_E_CHAINING on '\Device\HarddiskVolume4\Windows\System32\igdusc64.dll'
00:00:01.586209 supR3HardenedErrorV: supR3HardenedScreenImage/NtCreateSection: cached rc=VERR_LDRVI_UNSUPPORTED_ARCH fImage=1 fProtect=0x10 fAccess=0xf cErrorHits=1 \Device\HarddiskVolume4\Windows\System32\igdusc64.dll[/b]
00:00:01.586824 OpenGL Info: Render SPU: GL_VENDOR:   Microsoft Corporation
00:00:01.586828 OpenGL Info: Render SPU: GL_RENDERER: GDI Generic
00:00:01.586831 OpenGL Info: Render SPU: GL_VERSION:  1.1.0
00:00:01.586834 OpenGL Info: Render SPU: GL_EXTENSIONS: GL_WIN_swap_hint GL_EXT_bgra GL_EXT_paletted_texture
00:00:01.587659 OpenGL Info: Cfg: u32Caps(0x1f), fVisualBitsDefault(0x23)
00:00:01.587746 Shared crOpenGL service loaded.


The same applies to different Linux guests (Ubuntu 14.04.1 LTS Desktop).
Running glxgears produces only a black window, but does not crash.

attached:
VBoxStartup.zip
Attachments
VBoxStartup.zip
(22.44 KiB) Downloaded 62 times
mullnerz
 
Posts: 1
Joined: 16. Oct 2014, 00:25

PreviousNext

Return to VirtualBox on Windows Hosts

Who is online

Users browsing this forum: No registered users and 71 guests