Windows 4.3.18 specifically for errors due to security

Discussions related to using VirtualBox on Windows hosts.
RalfK
Posts: 1
Joined: 14. Oct 2014, 17:24

Re: Windows 4.3.18 specifically for errors due to security

Post by RalfK »

Hi,

also with 4.3.18 I have problems to start a new VM:

Host: WIN 7 SP1 64bit German
AV: Avira Free Antivirus 14.0.7.306
Failure-Messages.jpg
Failure-Messages.jpg (50.71 KiB) Viewed 18354 times
Thanks

RalfK
Attachments
VBoxStartup.zip
Log-File
(11.5 KiB) Downloaded 73 times
Memiself
Posts: 4
Joined: 21. Sep 2014, 20:28

Re: Windows 4.3.18 specifically for errors due to security

Post by Memiself »

Hello,
Still no joy for me.. Haven't got a VM started yet.
Server 2012 Essentials (not R2), no AV.
Ran sfc /scannow on suggestion of MS TechNet, which did some stuff, but no mention of crypt32.dll in CBS.log
VirtualBox 4.3.18-96516:

Failed to open a session for the virtual machine Sogo.
The virtual machine 'Sogo' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'D:\VirtualBox\Sogo\Logs\VBoxStartup.log'.
Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}
Attachments
VBoxStartup.log
(101.61 KiB) Downloaded 75 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.18 specifically for errors due to security

Post by mpack »

@Bird, is there any chance of you looking at adding some kind of exception for "uxtheme.dll"?

Sample discussion here: viewtopic.php?f=3&t=64151

Many people use a hacked version of this DLL in order to get around Microsoft imposed limitations on the look and feel of a particular Windows version, e.g. allowing free Win7 like themes on Win8.

I'm thinking there might be a specific patch which you would check for and allow.
michaln
Oracle Corporation
Posts: 2973
Joined: 19. Dec 2007, 15:45
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Any and all
Contact:

Re: Windows 4.3.18 specifically for errors due to security

Post by michaln »

mpack wrote:@Bird, is there any chance of you looking at adding some kind of exception for "uxtheme.dll"?
You're basically asking to completely disable the hardening (because it then becomes an open invitation for malware to subvert uxtheme.dll). I think I know what the answer will be :)
Jacob Klein
Posts: 696
Joined: 20. Nov 2013, 01:07

Re: Windows 4.3.18 specifically for errors due to security

Post by Jacob Klein »

michaln:

Depending on the implementation, it doesn't have to be a "blind exception for uxtheme.dll". It may be a "targeted heuristic exception to a part of the patched uxtheme's behavior". I'm not 100% positive, but I believe that is what bird is doing -- targeted behavioral exceptions, not entire-dll exceptions.
Petr Vones
Posts: 89
Joined: 27. Dec 2012, 01:20
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 10 64-bit
Location: Czech Republic

Re: Windows 4.3.18 specifically for errors due to security

Post by Petr Vones »

michaln wrote:You're basically asking to completely disable the hardening (because it then becomes an open invitation for malware to subvert uxtheme.dll)
A malware can also infect ntoskrnl.exe, any device driver, MBR or BIOS. You can hardly detect this while it also affects your product. Will you try to scan MBR and BIOS next time ?

A "workaround" could be to copy the original unmodified uxtheme.dll into directory where virtualbox.exe resides to be loaded from that location (assuming the LoadLibrary rules still applies) to satisfy your new forced anti-malware guardian role :roll: Note there are also modified versions of DWrite.dll around (by a wrapper DLL) to prevent horrible blurry font rendering in IE9+ and HTML Help viewer that can not be disabled by any user setting.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.18 specifically for errors due to security

Post by mpack »

michaln wrote:You're basically asking to completely disable the hardening
I wouldn't cry if that happened, but no, I'm basically asking you to find a way to make it work. An obvious possibility is to allow "uxtheme.dll" files having one of N known MD5 checksums. Even allow the user to somehow enter what the acceptable checksum should be - possibly extend the idea into a user whitelist, let the user take responsibility.

This is off the top of my head without understanding all the details. I'm sure you can do better.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.18 specifically for errors due to security

Post by mpack »

Petr Vones wrote:A "workaround" could be to copy the original unmodified uxtheme.dll into directory where virtualbox.exe
That would be no good. The whole point of a theme is that we don't want individual apps choosing their own look and feel.

For some users, e.g. the visually impaired, this can be of vital importance.
klaus
Oracle Corporation
Posts: 1115
Joined: 10. May 2007, 14:57

Re: Windows 4.3.18 specifically for errors due to security

Post by klaus »

All, please accept the fact that we have no choice but to carefully check whether all DLLs which end up in a VM process are trustworthy. Our "stubborn" refusal to make compromises in this area should make it obvious that it is a key security requirement and any significant backing down means throwing the security out with the bathwater. The only viable way we see is relying on signatures, and this means any DLL patching will immediate set off the alarm. We're trying to find a solution where a user can declare a particular DLL as trustworthy even if it has been tampered with, but that's tricky and most likely will require signing by the user. Not finalized. Please be aware that we know that the pain level is quite high for some users. However, no matter how bad the pain is, we will not make cheap compromises at the expense of the security of our users.

Personally I put a lot of hope in the next major release (which should bring full separation of the GUI from the VM process), which has the potential to greatly reduce the number of DLLs which are loaded into a VM process.. On the other hand I'm skeptical that it will turn out as good as it sounds, as so many products out there inject their DLLs into each and every process, no matter if it makes sense or not. There are many things fundamentally wrong with security on Windows, but only Microsoft would have the power to fix this by tightening a large number of rules. The flaws in the security architecture on Windows cause a large portion of the effort and pain on our side.
Petr Vones
Posts: 89
Joined: 27. Dec 2012, 01:20
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 10 64-bit
Location: Czech Republic

Re: Windows 4.3.18 specifically for errors due to security

Post by Petr Vones »

<Off topic chat deleted by mod>.
Last edited by mpack on 16. Oct 2014, 12:22, edited 1 time in total.
Reason: Deleted material likely to lead to off topic arguments.
MuldeR
Posts: 27
Joined: 25. Aug 2014, 20:45

Re: Windows 4.3.18 specifically for errors due to security

Post by MuldeR »

VirtualBox 4.3.18 won't launch VM's on Windows 7 x64 (SP-1 installed, fully patched):

Image

Back to VirtualBox 4.3.16 and everything works as expected again...
SteveS73v3
Posts: 1
Joined: 15. Oct 2014, 19:44

Re: Windows 4.3.18 specifically for errors due to security

Post by SteveS73v3 »

I am still seeing the issue with Digital Guardian / dgmaster.sys after upgrading to 4.3.18

My bluescreen looks the same as the one listed by @RelakS posted in the 4.3.16 thread
(viewtopic.php?f=6&t=63556&sid=182e7a2ab7c04b932701fd5e730987c5&start=195) Sorry, I can't post URLs until tomorrow. :oops:
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.18 specifically for errors due to security

Post by mpack »

That's enough chatter on the wisdom of the hardening feature please. I realize that I'm as guilty as the next person, but we do need to stay focused in this topic.
here647
Posts: 6
Joined: 15. Oct 2014, 22:21

Re: Windows 4.3.18 specifically for errors due to security

Post by here647 »

1. Win7 64bit

2. VBoxStartup.zip enclosed

3. Microsoft security essentials, windows firewall


The UI also displayed the errors below when trying to launch the VM.

---------------------------------------------------------------------------

Failed to create the VirtualBox COM object.

The application will now terminate.



Callee RC: E_INVALIDARG (0x80070057)


--------------------------------------------------------------------------------------------------------------


Failed to open a session for the virtual machine slk.

The virtual machine 'slk' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\...\VirtualBox VMs\slk\Logs\VBoxStartup.log'.

Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}
Attachments
VBoxStartup.zip
(20.46 KiB) Downloaded 90 times
mullnerz
Posts: 1
Joined: 16. Oct 2014, 00:25

Re: Windows 4.3.18 specifically for errors due to security

Post by mullnerz »

3D acceleration does not work, because Virtualbox can't use host operation systems OpenGL drivers?! And therefore only sw rendering used (Microsoft Corporation GDI Generic).
There is some minor problem with driver signing at the file c:\Windows\system32\igdusc64.dll, I think this is the cause.

Host:
Windows 8.1 64bit
Windows Defender, Windows Firewall (does not matter whether it is on or off)
Chipset Intel® H87 Express
Intel® HD Graphics 4600
Latest offical Intel HD Graphics Driver installed. The same driver can also be installed from Windows Update.
igdusc64.dll can be found in win64_15363.zip (Intel® Iris™ and HD Graphics Driver for Windows* 7/8/8.1 64bit)

Brief detail from VBox.log:

Code: Select all

[b]00:00:01.585921 supR3HardenedErrorV: supR3HardenedScreenImage/Imports: rc=VERR_LDRVI_UNSUPPORTED_ARCH fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume4\Windows\System32\igdusc64.dll: WinVerifyTrust failed with hrc=CERT_E_CHAINING on '\Device\HarddiskVolume4\Windows\System32\igdusc64.dll'
00:00:01.586209 supR3HardenedErrorV: supR3HardenedScreenImage/NtCreateSection: cached rc=VERR_LDRVI_UNSUPPORTED_ARCH fImage=1 fProtect=0x10 fAccess=0xf cErrorHits=1 \Device\HarddiskVolume4\Windows\System32\igdusc64.dll[/b]
00:00:01.586824 OpenGL Info: Render SPU: GL_VENDOR:   Microsoft Corporation
00:00:01.586828 OpenGL Info: Render SPU: GL_RENDERER: GDI Generic
00:00:01.586831 OpenGL Info: Render SPU: GL_VERSION:  1.1.0
00:00:01.586834 OpenGL Info: Render SPU: GL_EXTENSIONS: GL_WIN_swap_hint GL_EXT_bgra GL_EXT_paletted_texture
00:00:01.587659 OpenGL Info: Cfg: u32Caps(0x1f), fVisualBitsDefault(0x23)
00:00:01.587746 Shared crOpenGL service loaded.
The same applies to different Linux guests (Ubuntu 14.04.1 LTS Desktop).
Running glxgears produces only a black window, but does not crash.

attached:
VBoxStartup.zip
Attachments
VBoxStartup.zip
(22.44 KiB) Downloaded 80 times
Locked