-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
Xbox Ones get viruses?
- Thread starter bsod
- Start date
It's up to game devs to disable it (skeletal tracking took up a fair portion of GPU compute, and it used to run no matter what until the SDK was updated). It won't make a difference if it's plugged in or unplugged.
Source:
https://twitter.com/majornelson/status/474597301303140352?s=09
Vigilant Gambit
Member
If you can run unsigned code on a retail game console, you are going to do one of two things:
Sell it to a company that will use it to ultimately develop some means of software piracy that they can turn into a proprietary product to sell (like a usb dongle)
or
Release it publicly (possibly as an open source project) so that the homebrew community can grow around it
If this is real, it is not specifically targeting Xboxes. It is some browser shenanigans that the Xbone's version of IE can't cope with yet.
Sell it to a company that will use it to ultimately develop some means of software piracy that they can turn into a proprietary product to sell (like a usb dongle)
or
Release it publicly (possibly as an open source project) so that the homebrew community can grow around it
If this is real, it is not specifically targeting Xboxes. It is some browser shenanigans that the Xbone's version of IE can't cope with yet.
LordOfChaos
Member
I bet the customer was just one of those folks who call every error a "virus". I've heard people say their "facebook got a virus" and dumber things. The customer service was likely making a joke at his expense (or was just as clueless), and the message was a legit one from Microsoft about odd activity.
01DragonFly
Member
I got one of these a few days ago just close tab/window , probably the person didn't know how to close it(it took a while for me to find how to close a tab) Also deleting history doesn't delete the open tabs
A video of how to do it
https://www.youtube.com/watch?v=RikXDXWLqEc
A video of how to do it
https://www.youtube.com/watch?v=RikXDXWLqEc
I hope you are kidding because this topic and your reply are the most idiotic things that i have read here today. And there was a lot of stupid stuff.
jellies_two
Member
they can get a virus in theory.
but historically, and currently, it is an infinitesimal problem
Macs don't need products from symantec etc,
Nor do smart phones.
Or internet routers.
Or smart TVs.
But windows based computers do need virus scanners, although even the best are mainly just reactive not pro-active.
No. If you can get around the hypervisor, you're not going to pop up a box telling folks to call a scam toll free number. You're going to sell that exploit for bank.
Yes, he is. Unplugging the Kinect has -zero- effect on what is available to the game.
No wonder MS wants a different name for their new browser. Not to sound as snarky as this will undoubtedly sound, but please, do some research.
SyenceLabb
Member
The Xbone could be running the Windows 8 kernel at it's core, along with IE, but it's not running nearly the same amount of system services like the full blown Windows OS, so the attack surface is not as expansive.
Did you bother reading the article at all?
cnet said:
It can have an effect. I don't know if any games are currently coded to take an advantage, but to say "it does nothing" is flat out wrong.
ahahahahaha omg
Unplugging the Kinect does not do anything. Devs are just allowed to disable it from using processing power so games an use more. It being plugged in during these games doesn't do anything since it won't be used anyway.
That article is wrong in the first half of the paragraph and actually tries to correct itself.
Did you bother reading this?
https://twitter.com/majornelson/status/474597301303140352?s=09
Major Nelson said:
Dear Media: The GPU change was developer facing. Unplugging Kinect does not get you more HP. Devs have to code to the new specs.
I was under the impression you can get 10% more; however devs have to code their games to take advantage of it? Perhaps I'm not reading this correctly?
Alright thanks for editing your post to explain. Sorry for reading articles that are never corrected, and not following Hyrb on twitter.
As other people have said, it's not unbelievable if it runs Windows. I'm not a computer security expert or anything, but I'd imagine that just about any computer with Internet connectivity can get viruses - it's just a matter of someone having the interest to create a virus and the ability to distribute it.
But I don't think it's likely. Most people developing viruses will probably aim for popular operating systems or smartphones just because that's bigger target. Would likely be much easier to do as well. The only major security issues I've heard of video game consoles having are trojans for modded PSP and DS. Fake homebrew / pirated software that bricks your system.
But I don't think it's likely. Most people developing viruses will probably aim for popular operating systems or smartphones just because that's bigger target. Would likely be much easier to do as well. The only major security issues I've heard of video game consoles having are trojans for modded PSP and DS. Fake homebrew / pirated software that bricks your system.
You are partially correct. Kinect can be plugged in and still have the GPU boost, the game is just locked out of skeletal tracking.
"Theoretically" only if the code has been digitally signed by MS. And even then that code would be using the heavily sandboxed and locked down WinRT APIs. Good luck creating a virus with those restrictions.
Bad habit of mine. I will post a reaction and edit the explanation why soon after. I have actually been banned in between doing those things within the minute.
MS is at fault for expressing Xbone improvements technically, so when it is reported by people who don't know what they are reporting on it gets all muddled and suddenly "Xbox One can't do 1080p" or "Forza 5 runs better online". So it's not really your fault for thinking it was the case.
It probably doesn't. Malware (adware) is a bit different as it isn't actually executing any unsigned code.
PanicFreak
Member
I don't watch porn on my Xbox for just this reason. I don't want a virus on my Xbox LOL
01DragonFly
Member
It looks it just IE popups messages on xbox oneliquidblue4 on gamefaqs said:
Fnord
Member
I don't know why it would be any more or less likely when they switch to Win10. It's running a version of Win8 now.
It doesn't.
Northeastmonk
Gold Member
https://www.youtube.com/watch?v=vZq4UnkgZQI
GeekSquad are notorious for their scams. They couldn't even fix the space bar on my laptop. I had to go to a generic PC repair place to fix it and he didn't even charge me. I wouldn't think Best Buy has the necessary equipment to troubleshoot a game console. If I hooked up my console to a PC diagnostics machine it wouldn't do anything. It would probably give me some sort of default error message. I wouldn't trust a word they say.
I believe the console is coded for specifically, so the chances of getting a virus are slim.
GeekSquad are notorious for their scams. They couldn't even fix the space bar on my laptop. I had to go to a generic PC repair place to fix it and he didn't even charge me. I wouldn't think Best Buy has the necessary equipment to troubleshoot a game console. If I hooked up my console to a PC diagnostics machine it wouldn't do anything. It would probably give me some sort of default error message. I wouldn't trust a word they say.
I believe the console is coded for specifically, so the chances of getting a virus are slim.
Scrub Mcgrubb
Member
Consumer affairs posted a BS article about a Kaspersky report that next gen consoles were getting viruses.... except they pretty much made up the story as click bait-
http://www.consumeraffairs.com/news/hackers-like-playstation-4-and-xbox-one-too-121613.html
Gamespot ran with the story after that without checking their sources and a lot of misinformation was spread... I sent their editors a link to the original unedited press release that the bogus story sited- http://www.prnewswire.co.uk/news-re...cked-117-million-times-in-2013-235755681.html
... but Gamespot never took their article down.
http://www.consumeraffairs.com/news/hackers-like-playstation-4-and-xbox-one-too-121613.html
Gamespot ran with the story after that without checking their sources and a lot of misinformation was spread... I sent their editors a link to the original unedited press release that the bogus story sited- http://www.prnewswire.co.uk/news-re...cked-117-million-times-in-2013-235755681.html
... but Gamespot never took their article down.
cpp_is_king
Member
Guys, of course it's possible for a console to get a virus. With Xbox One, I would even argue it's easy. I can't believe the level of misinformation going back and forth in this thread.
OS is windows based, so there are known vulnerabilities in the os. Browser is IE based, so there are known vulnerabilities in the browser. Done and done.
Did this particular persons console have a virus? Maybe / maybe not. But it is 100% possible, and I would be extremely surprised if this isn't a thing going forward
OS is windows based, so there are known vulnerabilities in the os. Browser is IE based, so there are known vulnerabilities in the browser. Done and done.
Did this particular persons console have a virus? Maybe / maybe not. But it is 100% possible, and I would be extremely surprised if this isn't a thing going forward
It was a joke. I haven't used internet explorer in ages, I'm running Linux anyway.
Nope and nope.
What's so strange about parental controls?
cpp_is_king
Member
Do you even know how malware works? Because to those of us who actually do, you sound completely ridiculous.
Tell me why. And just to add, despite how it may sound, I'm not trying to say that the XB1 (or any console for that matter) is invulnerable to malware. Just that the reasons you stated for why it could happen are pretty weak. To further add, it kind of reminds me of the people who made joke after joke about the BSOD soon after MS unveiled the original Xbox.
Northeastmonk
Gold Member
all the pr0n searched for with the web browser? If you didn't search the web then I highly doubt it could get a virus. You aren't necessarily phishing the internet unless you're saving jpegs and so forth to your drive. The liability from developers also has to be extremely high. There isn't some firewall blocking pvp servers or optional service accounts. I'd say the risks are higher if you install a used HDD (possibly), but it has to format itself either way.
cpp_is_king
Member
The reasons I stated are not weak at all. There are a lot of people out there who all they do is sit around reverse engineering Windows and IE looking for vulnerabilities. Many of these have never been disclosed, and some attackers are just sitting on banks of vulnerabilities. This isn't fiction, it's real. Xbox 1 does use Hyper-V to segment different parts of the OS, so it's probably not at risk for being fully rooted through a browser, but those are not the only type of exploits that exist. Hyper-V instances are still susceptible, for example, to local privilege escalation attacks, and it is virtually guaranteed that there is nothing Xbox One could do to stop this.
This kind of attack would most likely occur when the user visited a malicious website. If you used NeoGAF on mobile a few weeks ago, you'll know firsthand that this can happen without your consent. Over 90% of page loads on NeoGAF a few weeks ago were automatically redirecting to a spam website, and it was widespread for all users, due to a poisoned ad. If someone poisons an ad with a redirect to a website that contains an exploit that grants local privilege escalation, guess what?
You might say "oh sure, but what could it actually do?" All the apps run in the same Hyper-V instance, so in theory this would allow arbitrary code execution within that instance. It could, for example, inject a filter into your network stack that can read and/or modify your traffic. It won't be able to affect your games though, since that runs in a different Hyper-V instance, and it won't be able to root the actual console, so it probably couldn't do things like install new apps or allow homebrew.
But it could very easily gain access to sensitive personal details that are used by any of the apps on your system, and/or modify their behavior.
justsomeguy
Member
Cpp please stop, everything you are typing is speculation but you're presenting it as educated fact. If you're going to put comments about privilege escalation and apps breaking out of their sandbox please cite sources on the xbox app security model.
The reddit thread just shows an annoying browser pop up. That's it and that's all. Edit: As ever this post is personal opinion not official blah blah
The reddit thread just shows an annoying browser pop up. That's it and that's all. Edit: As ever this post is personal opinion not official blah blah
cpp_is_king
Member
There is nothing about speculation here. My original post in this thread was "of course Xbox Ones can get viruses". I'm telling you one possible attack vector. What source do you expect to see for a possible attack vector? It might not have been exploited yet!
Nice hypothesis I guess. But with JIT completely disabled in the browser, and with Microsoft's digital signature required to run any code in the first place, and with that authenticated code only having access to heavily sandboxed WinRT APIs, how exactly do you propose that that code do anything malicious?
justsomeguy
Member
Well as the next poster says, I'm interested how a sandboxed winrt app can inject into the network stack, for example (clue: It can't).
GiantEnemyCrab
Banned
Here's your answer, folks. This story is bogus. It would be like jailbreaking the original iPhone for the first time, and using that power to show porn popups to a few people. When someone gets unsigned code running on an Xbone, you'll know about it.
Mihael Mello Keehl
Banned
Wait... so yall are really saying that the xbox can really get a virus? If so what does it do? Are you getting pop ups?
cpp_is_king
Member
There are plenty of sandbox escapes that don't rely on JIT, and IE doesn't have a particularly strong sandbox anyway. I mean, it's ok, it's just not great. My first idea would be to try to exploit their HTML5 video code.
Edit: Seems I wasn't the only one with this idea. Proof of concept in Firefox: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8643
Interesting. What's the analog for the Gecko Media Plugin system that allows for third party codecs and other binaries on Xbox One's implementation of IE?
It seems to me they're not attacking video codecs under HTML5 in Firefox, they are attacking the end-user-extendable plugin system that Firefox has allowed within their browser.