Windows 4.3.18 specifically for errors due to security
Re: Windows 4.3.18 specifically for errors due to security
Hi,
also with 4.3.18 I have problems to start a new VM:
Host: WIN 7 SP1 64bit German
AV: Avira Free Antivirus 14.0.7.306
Thanks
RalfK
also with 4.3.18 I have problems to start a new VM:
Host: WIN 7 SP1 64bit German
AV: Avira Free Antivirus 14.0.7.306
Thanks
RalfK
- Attachments
-
- VBoxStartup.zip
- Log-File
- (11.5 KiB) Downloaded 104 times
Re: Windows 4.3.18 specifically for errors due to security
Hello,
Still no joy for me.. Haven't got a VM started yet.
Server 2012 Essentials (not R2), no AV.
Ran sfc /scannow on suggestion of MS TechNet, which did some stuff, but no mention of crypt32.dll in CBS.log
VirtualBox 4.3.18-96516:
Failed to open a session for the virtual machine Sogo.
The virtual machine 'Sogo' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'D:\VirtualBox\Sogo\Logs\VBoxStartup.log'.
Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}
Still no joy for me.. Haven't got a VM started yet.
Server 2012 Essentials (not R2), no AV.
Ran sfc /scannow on suggestion of MS TechNet, which did some stuff, but no mention of crypt32.dll in CBS.log
VirtualBox 4.3.18-96516:
Failed to open a session for the virtual machine Sogo.
The virtual machine 'Sogo' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'D:\VirtualBox\Sogo\Logs\VBoxStartup.log'.
Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}
- Attachments
-
- VBoxStartup.log
- (101.61 KiB) Downloaded 102 times
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: Windows 4.3.18 specifically for errors due to security
@Bird, is there any chance of you looking at adding some kind of exception for "uxtheme.dll"?
Sample discussion here: viewtopic.php?f=3&t=64151
Many people use a hacked version of this DLL in order to get around Microsoft imposed limitations on the look and feel of a particular Windows version, e.g. allowing free Win7 like themes on Win8.
I'm thinking there might be a specific patch which you would check for and allow.
Sample discussion here: viewtopic.php?f=3&t=64151
Many people use a hacked version of this DLL in order to get around Microsoft imposed limitations on the look and feel of a particular Windows version, e.g. allowing free Win7 like themes on Win8.
I'm thinking there might be a specific patch which you would check for and allow.
-
- Oracle Corporation
- Posts: 2973
- Joined: 19. Dec 2007, 15:45
- Primary OS: MS Windows 7
- VBox Version: PUEL
- Guest OSses: Any and all
- Contact:
Re: Windows 4.3.18 specifically for errors due to security
You're basically asking to completely disable the hardening (because it then becomes an open invitation for malware to subvert uxtheme.dll). I think I know what the answer will bempack wrote:@Bird, is there any chance of you looking at adding some kind of exception for "uxtheme.dll"?
-
- Posts: 696
- Joined: 20. Nov 2013, 01:07
Re: Windows 4.3.18 specifically for errors due to security
michaln:
Depending on the implementation, it doesn't have to be a "blind exception for uxtheme.dll". It may be a "targeted heuristic exception to a part of the patched uxtheme's behavior". I'm not 100% positive, but I believe that is what bird is doing -- targeted behavioral exceptions, not entire-dll exceptions.
Depending on the implementation, it doesn't have to be a "blind exception for uxtheme.dll". It may be a "targeted heuristic exception to a part of the patched uxtheme's behavior". I'm not 100% positive, but I believe that is what bird is doing -- targeted behavioral exceptions, not entire-dll exceptions.
-
- Posts: 89
- Joined: 27. Dec 2012, 01:20
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows 10 64-bit
- Location: Czech Republic
Re: Windows 4.3.18 specifically for errors due to security
A malware can also infect ntoskrnl.exe, any device driver, MBR or BIOS. You can hardly detect this while it also affects your product. Will you try to scan MBR and BIOS next time ?michaln wrote:You're basically asking to completely disable the hardening (because it then becomes an open invitation for malware to subvert uxtheme.dll)
A "workaround" could be to copy the original unmodified uxtheme.dll into directory where virtualbox.exe resides to be loaded from that location (assuming the LoadLibrary rules still applies) to satisfy your new forced anti-malware guardian role Note there are also modified versions of DWrite.dll around (by a wrapper DLL) to prevent horrible blurry font rendering in IE9+ and HTML Help viewer that can not be disabled by any user setting.
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: Windows 4.3.18 specifically for errors due to security
I wouldn't cry if that happened, but no, I'm basically asking you to find a way to make it work. An obvious possibility is to allow "uxtheme.dll" files having one of N known MD5 checksums. Even allow the user to somehow enter what the acceptable checksum should be - possibly extend the idea into a user whitelist, let the user take responsibility.michaln wrote:You're basically asking to completely disable the hardening
This is off the top of my head without understanding all the details. I'm sure you can do better.
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: Windows 4.3.18 specifically for errors due to security
That would be no good. The whole point of a theme is that we don't want individual apps choosing their own look and feel.Petr Vones wrote:A "workaround" could be to copy the original unmodified uxtheme.dll into directory where virtualbox.exe
For some users, e.g. the visually impaired, this can be of vital importance.
Re: Windows 4.3.18 specifically for errors due to security
All, please accept the fact that we have no choice but to carefully check whether all DLLs which end up in a VM process are trustworthy. Our "stubborn" refusal to make compromises in this area should make it obvious that it is a key security requirement and any significant backing down means throwing the security out with the bathwater. The only viable way we see is relying on signatures, and this means any DLL patching will immediate set off the alarm. We're trying to find a solution where a user can declare a particular DLL as trustworthy even if it has been tampered with, but that's tricky and most likely will require signing by the user. Not finalized. Please be aware that we know that the pain level is quite high for some users. However, no matter how bad the pain is, we will not make cheap compromises at the expense of the security of our users.
Personally I put a lot of hope in the next major release (which should bring full separation of the GUI from the VM process), which has the potential to greatly reduce the number of DLLs which are loaded into a VM process.. On the other hand I'm skeptical that it will turn out as good as it sounds, as so many products out there inject their DLLs into each and every process, no matter if it makes sense or not. There are many things fundamentally wrong with security on Windows, but only Microsoft would have the power to fix this by tightening a large number of rules. The flaws in the security architecture on Windows cause a large portion of the effort and pain on our side.
Personally I put a lot of hope in the next major release (which should bring full separation of the GUI from the VM process), which has the potential to greatly reduce the number of DLLs which are loaded into a VM process.. On the other hand I'm skeptical that it will turn out as good as it sounds, as so many products out there inject their DLLs into each and every process, no matter if it makes sense or not. There are many things fundamentally wrong with security on Windows, but only Microsoft would have the power to fix this by tightening a large number of rules. The flaws in the security architecture on Windows cause a large portion of the effort and pain on our side.
-
- Posts: 89
- Joined: 27. Dec 2012, 01:20
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows 10 64-bit
- Location: Czech Republic
Re: Windows 4.3.18 specifically for errors due to security
<Off topic chat deleted by mod>.
Last edited by mpack on 16. Oct 2014, 12:22, edited 1 time in total.
Reason: Deleted material likely to lead to off topic arguments.
Reason: Deleted material likely to lead to off topic arguments.
Re: Windows 4.3.18 specifically for errors due to security
VirtualBox 4.3.18 won't launch VM's on Windows 7 x64 (SP-1 installed, fully patched):
Back to VirtualBox 4.3.16 and everything works as expected again...
Back to VirtualBox 4.3.16 and everything works as expected again...
-
- Posts: 1
- Joined: 15. Oct 2014, 19:44
Re: Windows 4.3.18 specifically for errors due to security
I am still seeing the issue with Digital Guardian / dgmaster.sys after upgrading to 4.3.18
My bluescreen looks the same as the one listed by @RelakS posted in the 4.3.16 thread
(viewtopic.php?f=6&t=63556&sid=182e7a2ab7c04b932701fd5e730987c5&start=195) Sorry, I can't post URLs until tomorrow.
My bluescreen looks the same as the one listed by @RelakS posted in the 4.3.16 thread
(viewtopic.php?f=6&t=63556&sid=182e7a2ab7c04b932701fd5e730987c5&start=195) Sorry, I can't post URLs until tomorrow.
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: Windows 4.3.18 specifically for errors due to security
That's enough chatter on the wisdom of the hardening feature please. I realize that I'm as guilty as the next person, but we do need to stay focused in this topic.
Re: Windows 4.3.18 specifically for errors due to security
1. Win7 64bit
2. VBoxStartup.zip enclosed
3. Microsoft security essentials, windows firewall
The UI also displayed the errors below when trying to launch the VM.
---------------------------------------------------------------------------
Failed to create the VirtualBox COM object.
The application will now terminate.
Callee RC: E_INVALIDARG (0x80070057)
--------------------------------------------------------------------------------------------------------------
Failed to open a session for the virtual machine slk.
The virtual machine 'slk' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\...\VirtualBox VMs\slk\Logs\VBoxStartup.log'.
Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}
2. VBoxStartup.zip enclosed
3. Microsoft security essentials, windows firewall
The UI also displayed the errors below when trying to launch the VM.
---------------------------------------------------------------------------
Failed to create the VirtualBox COM object.
The application will now terminate.
Callee RC: E_INVALIDARG (0x80070057)
--------------------------------------------------------------------------------------------------------------
Failed to open a session for the virtual machine slk.
The virtual machine 'slk' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\...\VirtualBox VMs\slk\Logs\VBoxStartup.log'.
Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}
- Attachments
-
- VBoxStartup.zip
- (20.46 KiB) Downloaded 112 times
Re: Windows 4.3.18 specifically for errors due to security
3D acceleration does not work, because Virtualbox can't use host operation systems OpenGL drivers?! And therefore only sw rendering used (Microsoft Corporation GDI Generic).
There is some minor problem with driver signing at the file c:\Windows\system32\igdusc64.dll, I think this is the cause.
Host:
Windows 8.1 64bit
Windows Defender, Windows Firewall (does not matter whether it is on or off)
Chipset Intel® H87 Express
Intel® HD Graphics 4600
Latest offical Intel HD Graphics Driver installed. The same driver can also be installed from Windows Update.
igdusc64.dll can be found in win64_15363.zip (Intel® Iris™ and HD Graphics Driver for Windows* 7/8/8.1 64bit)
Brief detail from VBox.log:
The same applies to different Linux guests (Ubuntu 14.04.1 LTS Desktop).
Running glxgears produces only a black window, but does not crash.
attached:
VBoxStartup.zip
There is some minor problem with driver signing at the file c:\Windows\system32\igdusc64.dll, I think this is the cause.
Host:
Windows 8.1 64bit
Windows Defender, Windows Firewall (does not matter whether it is on or off)
Chipset Intel® H87 Express
Intel® HD Graphics 4600
Latest offical Intel HD Graphics Driver installed. The same driver can also be installed from Windows Update.
igdusc64.dll can be found in win64_15363.zip (Intel® Iris™ and HD Graphics Driver for Windows* 7/8/8.1 64bit)
Brief detail from VBox.log:
Code: Select all
[b]00:00:01.585921 supR3HardenedErrorV: supR3HardenedScreenImage/Imports: rc=VERR_LDRVI_UNSUPPORTED_ARCH fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume4\Windows\System32\igdusc64.dll: WinVerifyTrust failed with hrc=CERT_E_CHAINING on '\Device\HarddiskVolume4\Windows\System32\igdusc64.dll'
00:00:01.586209 supR3HardenedErrorV: supR3HardenedScreenImage/NtCreateSection: cached rc=VERR_LDRVI_UNSUPPORTED_ARCH fImage=1 fProtect=0x10 fAccess=0xf cErrorHits=1 \Device\HarddiskVolume4\Windows\System32\igdusc64.dll[/b]
00:00:01.586824 OpenGL Info: Render SPU: GL_VENDOR: Microsoft Corporation
00:00:01.586828 OpenGL Info: Render SPU: GL_RENDERER: GDI Generic
00:00:01.586831 OpenGL Info: Render SPU: GL_VERSION: 1.1.0
00:00:01.586834 OpenGL Info: Render SPU: GL_EXTENSIONS: GL_WIN_swap_hint GL_EXT_bgra GL_EXT_paletted_texture
00:00:01.587659 OpenGL Info: Cfg: u32Caps(0x1f), fVisualBitsDefault(0x23)
00:00:01.587746 Shared crOpenGL service loaded.
Running glxgears produces only a black window, but does not crash.
attached:
VBoxStartup.zip
- Attachments
-
- VBoxStartup.zip
- (22.44 KiB) Downloaded 113 times