DOCSLIB.ORG

Software Reverse Engineering COMP 293A | Spring 2020 | University of the Pacific | Jeff Shafer 2

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Software Reverse Engineering COMP 293A | Spring 2020 | University of the Pacific | Jeff Shafer 2 ì Software Reverse Engineering COMP 293A | Spring 2020 | University of the Pacific | Jeff Shafer 2 “Disintegrating” by Fabian Oefner http://fabianoefner.com/ Software Reverse Engineering Spring 2020 3 “Disintegrating” by Fabian Oefner http://fabianoefner.com/ Software Reverse Engineering Spring 2020 4 Software Reverse Engineering Spring 2020 5 Software Reverse Engineering Spring 2020 6 Software Engineering Classic Waterfall Model Requirements → Project Requirements Document Design → Software Architecture Implementation → Software Implementation Verification Maintenance Software Reverse Engineering Spring 2020 7 Software Reverse Engineering Requirements → Project Requirements Document Design → Software Architecture Implementation → Software Implementation Software Reverse Engineering Spring 2020 8 Software Reverse Engineering Binary Code 0100110011… � Specifications • Algorithms? + • Design/Architecture? • File I/O formats? • Network protocols? � • Usage Instructions? • Any available public documentation? • Any available source code? (even if incomplete) Software Reverse Engineering Spring 2020 9 Why Reverse Engineer Software? ì Produce a competing product ì Phoenix Technologies Ltd ì Reverse engineered IBM PC BIOS in 1980’s and sold IBM-compatible BIOS to PC clone manufacturers ì “Clean Room Design” method ì Avoids copyright law (but not patent law) ì The original IBM implementation was copyrighted – can’t copy! ì Team A examines original software and writes detailed specification ì Lawyers review specification – any copyrighted material present? ì Team B implements new software based only on specification (they never saw original software) Software Reverse Engineering Spring 2020 10 Why Reverse Engineer Software? ì Provide interoperability with existing systems ì Network protocols, file types, operating systems, databases, … ì Samba ì Compatible with Microsoft Windows ì Open source (Linux, BSD, Mac OS, …) ì SMB/CIFS file sharing protocol ì Windows Server Domain Controller or member Software Reverse Engineering Spring 2020 11 Why Reverse Engineer Software? ì Provide interoperability with existing systems ì Network protocols, file types, operating systems, databases, … ì WINE project ì Windows API ì ReactOS ì Windows API and ABI (Application Binary Interface) ì OpenOffice / LibreOffice ì Microsoft Office (and many other) file types Software Reverse Engineering Spring 2020 12 Why Reverse Engineer Software? ì Customization of embedded systems ì Replace stock firmware with enhanced firmware ì Car engines, WiFi routers, etc… ì Generate documentation for orphan code (and possible code modifications, e.g. Y2K) ì Consultant wrote app for your company 20 years ago but has gone out of business? ì Documentation was lost / never produced in first place? ì Business app was written 3 corporate reorganizations ago? ì Removal of copy protection ì Removal of gameplay restrictions Software Reverse Engineering Spring 2020 13 Why Reverse Engineer Software? …. and? Cybersecurity Software Reverse Engineering Spring 2020 14 Motivating Question for Class ì What do you, as a security professional, need to know to answer two questions about a new binary? ì Is this binary malicious? ì If it is malicious, what does it do? ì Same skillset needed as reverse engineering for other purposes Software Reverse Engineering Spring 2020 15 ì Lenny Zeltser ì VP of Products at Minerva Labs ì Anti-malware endpoint platform ì Developer of REMnux ì Linux distro for reverse engineering and analyzing malware https://zeltser.com/ https://remnux.org/ Software Reverse Engineering Spring 2020 16 Reverse Engineering for Security ì What can be learned by examining malicious software? ì Does the program pose a threat to your organization? ì What are its capabilities? ì How can the program be detected across enterprise systems? (Servers, desktops, middleware/network boxes) ì What would data exfiltration (if purpose) look like on our network monitoring infrastructure? ì Can we see if data was taken? Can we see what data was taken? (huge difference in HIPPA or PCI fines and penalties!) ì Does the program reveal anything about your adversaries? ì Are they targeting you specifically? ì What are their capabilities? ì Origins of code? (Did they develop it?) ì Similarities to earlier malicious programs? Software Reverse Engineering Spring 2020 17 Malware Analysis Report ì What to include in a Analysis Report for your boss? ì Capabilities ì Identification (name, size, hashes, …) ì Characteristics ì Infection, exfiltration, anti-analysis, … ì Dependencies for operation ì Behavioral and code analysis ì Tables and Figures (lots!) ì Indicators of Compromise (IOC) for NOC Software Reverse Engineering https://zeltser.com/malware-analysis-report/ Spring 2020 18 Sounds great, so let’s dive into the assembly code! Software Reverse Engineering Spring 2020 19 Software Reverse Engineering Spring 2020 20 Hmmn, perhaps you should jump first… Software Reverse Engineering Spring 2020 21 Fully automated analysis Easy Static properties analysis Easy Interactive behavior analysis Moderate Manual code reversing Hard Software Reverse Engineering Spring 2020 22 Fully Automated Analysis ì Try this first, but don’t get your hopes up! ì The more sophisticated the malware, the more resistant it will be to generic automated tools ì Automated sandbox tools ì Malwr ì Hybrid Analysis ì Cuckoo Sandbox Software Reverse Engineering Spring 2020 23 Static Properties Analysis ì The program is not running – just inspect binary file on disk ì Triage step – Is this file even malware? Is there anything interesting about it to warrant further investigation? ì Always more unknown binaries than engineer time available to analyze them ì Are there suspicious strings? Or a total lack of un-obfuscated strings? ì Are there suspicious libraries? Or a total lack of un-obfuscated libraries? ì Are there suspicious API calls? Or a total lack (??) of un-obfuscated API calls? ì Tools ì PEStudio ì Detect It Easy ì pescanner.py ì strings Software Reverse Engineering Spring 2020 24 Interactive Behavior Analysis ì Binary file looks suspicious, but we have a lot of unanswered questions! ì You could dive into the assembly code, but some important questions might be answerable via an easier method ì Time to run it (safely!) and see what it does ì Carefully observe ì API calls made (user and kernel space) ì Filesystem accessed (read/write) ì Registry accessed (read/write) – Windows-only ì Network communication ì Tools ì Process Hacker ì RegShot ì Wireshark (+ other tools, e.g. fakedns) ì API Monitor Software Reverse Engineering Spring 2020 25 Manual Code Reversing Software Reverse Engineering Spring 2020 26 ì Course Overview Software Reverse Engineering Spring 2020 27 Websites Main website • https://cyberlab.pacific.edu/ Canvas CMS (gradebook, labs, …) • http://canvas.pacific.edu Software Reverse Engineering Spring 2020 28 Textbook ì No official textbook ì May require technical paper readings prior to class lectures/discussion ì Will announce in advance Software Reverse Engineering Spring 2020 29 Courseware Version 0.1a ì Only 15 weeks in a semester ì 29 classes, including today ì The clock is ticking now! ì What to cover? Software Reverse Engineering Spring 2020 30 Class Topics ì Windows malware ì Tools ì Not focusing on Linux ì More Tools… ì Not focusing on OS X ì Yet More Tools…. ì Not focusing on mobile ì Tool A doesn’t work with ì Different tools and different Malware Z? Try Tool B…. critical APIs, but identical skills and thought process ì x86, x86-64 assembly code ì Document file malware ì Anti-RE and obfuscation techniques ì Web (JavaScript) malware ì Communication protocol recovery Software Reverse Engineering Spring 2020 31 Course Components ì 50% - Labs ì Begin in-class, finish at home ì Hands-on experience using analysis tools and working with real malware ì 25% - Lab Practical Exams (3) ì Demonstrate that you learned something in the labs! Software Reverse Engineering Spring 2020 32 Course Components ì 25% - Projects (Malware analysis) ì Here’s a binary that the IT intern pulled off our Exchange server. I need an analysis report on my desk by 5pm Friday… ì Will start early in the semester and expand reports as our skills develop Software Reverse Engineering Spring 2020 33 Software Reverse Engineering Spring 2020 34 Software Reverse Engineering Spring 2020 35 COURSE FEEDBACK! Software Reverse Engineering Spring 2020 36 Give and Take I Promise… … If You Promise ì To keep the class labs fun ì To communicate often with me ì To be flexible with ì How long did the lab take? requirements and deadlines ì What was easy? as we work through the labs ì What was hard? ì What additional resources (lectures, examples, …) would help? ì Should we do this lab next year? Software Reverse Engineering Spring 2020 37 This Week ì Malware Analysis Basics – Automated Tools Software Reverse Engineering Spring 2020 38 Questions? ì Questions? ì Concerns? Software Reverse Engineering Spring 2020.
Load more

Recommended publications
  • Chapter 12 Calc Macros Automating Repetitive Tasks Copyright
    Calc Guide Chapter 12 Calc Macros Automating repetitive tasks Copyright This document is Copyright © 2019 by the LibreOffice Documentation Team. Contributors are listed below. You may distribute it and/or modify it under the terms of either the GNU General Public License (http://www.gnu.org/licenses/gpl.html), version 3 or later, or the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/), version 4.0 or later. All trademarks within this guide belong to their legitimate owners. Contributors This book is adapted and updated from the LibreOffice 4.1 Calc Guide. To this edition Steve Fanning Jean Hollis Weber To previous editions Andrew Pitonyak Barbara Duprey Jean Hollis Weber Simon Brydon Feedback Please direct any comments or suggestions about this document to the Documentation Team’s mailing list: [email protected]. Note Everything you send to a mailing list, including your email address and any other personal information that is written in the message, is publicly archived and cannot be deleted. Publication date and software version Published December 2019. Based on LibreOffice 6.2. Using LibreOffice on macOS Some keystrokes and menu items are different on macOS from those used in Windows and Linux. The table below gives some common substitutions for the instructions in this chapter. For a more detailed list, see the application Help. Windows or Linux macOS equivalent Effect Tools > Options menu LibreOffice > Preferences Access setup options Right-click Control + click or right-click
    [Show full text]
  • A Basic Design Approach to Clean Room
    www.PDHcenter.com PDH Course M143 www.PDHonline.org A Basic Design Guide for Clean Room Applications Course Content PART – I OVERVIEW Clean rooms are defined as specially constructed, environmentally controlled enclosed spaces with respect to airborne particulates, temperature, humidity, air pressure, airflow patterns, air motion, vibration, noise, viable (living) organisms, and lighting. Particulate control includes: !" Particulate and microbial contamination !" Particulate concentration and dispersion “Federal Standard 209E” defines a clean room as a room in which the concentration of airborne particles is controlled to specified limits. “British Standard 5295” defines a clean room as a room with control of particulate contamination, constructed and used in such a way as to minimize the introduction, generation and retention of particles inside the room and in which the temperature, humidity, airflow patterns, air motion and pressure are controlled. Today, many manufacturing processes require that spaces be designed to control particulate and microbial contamination while maintaining reasonable installation and operating costs. Clean rooms are typically used in manufacturing, packaging, and research facilities associated with these industries: 1. Semiconductor: This industry drives the state of the art clean room design, and this industry accounts for a significant number of all operating clean rooms. 2. Pharmaceutical: Clean rooms control living particles that would produce undesirable bacterial growth in the preparation of biological, pharmaceutical, and other medical products as well as in genetic engineering research. Page 1 of 61 www.PDHcenter.com PDH Course M143 www.PDHonline.org 3. Aerospace: The manufacturing and assembling of aerospace electronics, missiles and satellites were the first application of clean rooms.
    [Show full text]
  • AMNESIA 33: How TCP/IP Stacks Breed Critical Vulnerabilities in Iot
    AMNESIA:33 | RESEARCH REPORT How TCP/IP Stacks Breed Critical Vulnerabilities in IoT, OT and IT Devices Published by Forescout Research Labs Written by Daniel dos Santos, Stanislav Dashevskyi, Jos Wetzels and Amine Amri RESEARCH REPORT | AMNESIA:33 Contents 1. Executive summary 4 2. About Project Memoria 5 3. AMNESIA:33 – a security analysis of open source TCP/IP stacks 7 3.1. Why focus on open source TCP/IP stacks? 7 3.2. Which open source stacks, exactly? 7 3.3. 33 new findings 9 4. A comparison with similar studies 14 4.1. Which components are typically flawed? 16 4.2. What are the most common vulnerability types? 17 4.3. Common anti-patterns 22 4.4. What about exploitability? 29 4.5. What is the actual danger? 32 5. Estimating the reach of AMNESIA:33 34 5.1. Where you can see AMNESIA:33 – the modern supply chain 34 5.2. The challenge – identifying and patching affected devices 36 5.3. Facing the challenge – estimating numbers 37 5.3.1. How many vendors 39 5.3.2. What device types 39 5.3.3. How many device units 40 6. An attack scenario 41 6.1. Other possible attack scenarios 44 7. Effective IoT risk mitigation 45 8. Conclusion 46 FORESCOUT RESEARCH LABS RESEARCH REPORT | AMNESIA:33 A note on vulnerability disclosure We would like to thank the CERT Coordination Center, the ICS-CERT, the German Federal Office for Information Security (BSI) and the JPCERT Coordination Center for their help in coordinating the disclosure of the AMNESIA:33 vulnerabilities.
    [Show full text]
  • CIFS/NFS) Administrator's Guide
    Hitachi Data Ingestor File System Protocols (CIFS/NFS) Administrator's Guide Product Version Getting Help Contents MK-90HDI035-13 © 2013- 2015 Hitachi, Ltd. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, or stored in a database or retrieval system for any purpose without the express written permission of Hitachi, Ltd. Hitachi, Ltd., reserves the right to make changes to this document at any time without notice and assume no responsibility for its use. This document contains the most current information available at the time of publication. When new or revised information becomes available, this entire document will be updated and distributed to all registered users. Some of the features described in this document might not be currently available. Refer to the most recent product announcement for information about feature and product availability, or contact Hitachi Data Systems Corporation at https://portal.hds.com. Notice: Hitachi, Ltd., products and services can be ordered only under the terms and conditions of the applicable Hitachi Data Systems Corporation agreements. he use of Hitachi, Ltd., products is governed by the terms of your agreements with Hitachi Data Systems Corporation. Hitachi is a registered trademark of Hitachi, Ltd., in the United States and other countries. Hitachi Data Systems is a registered trademark and service mark of Hitachi, Ltd., in the United States and other countries. Archivas, Essential NAS Platform, HiCommand, Hi-Track, ShadowImage, Tagmaserve, Tagmasoft, Tagmasolve, Tagmastore, TrueCopy, Universal Star Network, and Universal Storage Platform are registered trademarks of Hitachi Data Systems Corporation.
    [Show full text]
  • Personal Computing
    Recent History of Computers: Machines for Mass Communication Waseda University, SILS, Science, Technology and Society (LE202) The communication revolution ‚ In the first period of the history of computers, we see that almost all development is driven by the needs and the financial backing of large organizations: government, military, space R&D, large corporations. ‚ In the second period, we will notice that the focus is now shifting to small companies, individual programers, hobbyists and mass consumers. ‚ The focus in the first period was on computation and control. In the second period, it is on usability and communication. ‚ A mass market for computers was created, through the development of a user-friendly personal computer. Four generations of computers 1st 2nd 3rd 4th 5th Period 1940s–1955 1956–1963 1964–1967 1971–present ? Tech- vacuum transistors integrated micro- ? nology tubes circuits processors Size full room large desk sized desk-top, ? (huge) machine hand-held Software machine assembly operating GUI ? language language systems interface The microprocessor ‚ In 1968, the “traitorous seven” left Fairchild Semiconductor to found Intel. ‚ In 1969, Busicom, a Japanese firm, commissioned Intel to make a microprocessor for a handheld calculator. ‚ This lead to the Intel 4004. Intel bought the rights to sell the chip to other companies. ‚ Intel immediately began the process of designing more and more powerful microchips. Schematic: The Intel 4004 ‚ This has lead to computers small enough to fit in our hands. Consumer electronics ‚ The microprocessor made it possible to create more affordable consumer electronics. ‚ The Walkman came out in 1979. Through the 1980s video players, recorders and stereos were marketed.
    [Show full text]
  • Samba-3 by Example
    Samba-3 by Example Practical Exercises in Successful Samba Deployment John H. Terpstra May 27, 2009 ABOUT THE COVER ARTWORK The cover artwork of this book continues the freedom theme of the first edition of \Samba-3 by Example". The history of civilization demonstrates the fragile nature of freedom. It can be lost in a moment, and once lost, the cost of recovering liberty can be incredible. The last edition cover featured Alfred the Great who liberated England from the constant assault of Vikings and Norsemen. Events in England that finally liberated the common people came about in small steps, but the result should not be under-estimated. Today, as always, freedom and liberty are seldom appreciated until they are lost. If we can not quantify what is the value of freedom, we shall be little motivated to protect it. Samba-3 by Example Cover Artwork: The British houses of parliament are a symbol of the Westminster system of government. This form of government permits the people to govern themselves at the lowest level, yet it provides for courts of appeal that are designed to protect freedom and to hold back all forces of tyranny. The clock is a pertinent symbol of the importance of time and place. The information technology industry is being challenged by the imposition of new laws, hostile litigation, and the imposition of significant constraint of practice that threatens to remove the freedom to develop and deploy open source software solutions. Samba is a software solution that epitomizes freedom of choice in network interoperability for Microsoft Windows clients.
    [Show full text]
  • Reactos-Devtutorial.Pdf
    Developer Tutorials Developer Tutorials Next Developer Tutorials Table of Contents I. Newbie Developer 1. Introduction to ReactOS development 2. Where to get the latest ReactOS source, compilation tools and how to compile the source 3. Testing your compiled ReactOS code 4. Where to go from here (newbie developer) II. Centralized Source Code Repository 5. Introducing CVS 6. Downloading and configuring your CVS client 7. Checking out a new tree 8. Updating your tree with the latest code 9. Applying for write access 10. Submitting your code with CVS 11. Submitting a patch to the project III. Advanced Developer 12. CD Packaging Guide 13. ReactOS Architecture Whitepaper 14. ReactOS WINE Developer Guide IV. Bochs testing 15. Introducing Bochs 16. Downloading and Using Bochs with ReactOS 17. The compile, test and debug cycle under Bochs V. VMware Testing 18. Introducing VMware List of Tables 7.1. Modules http://reactos.com/rosdocs/tutorials/bk02.html (1 of 2) [3/18/2003 12:16:53 PM] Developer Tutorials Prev Up Next Chapter 8. Where to go from here Home Part I. Newbie Developer (newbie user) http://reactos.com/rosdocs/tutorials/bk02.html (2 of 2) [3/18/2003 12:16:53 PM] Part I. Newbie Developer Part I. Newbie Developer Prev Developer Tutorials Next Newbie Developer Table of Contents 1. Introduction to ReactOS development 2. Where to get the latest ReactOS source, compilation tools and how to compile the source 3. Testing your compiled ReactOS code 4. Where to go from here (newbie developer) Prev Up Next Developer Tutorials Home Chapter 1. Introduction to ReactOS development http://reactos.com/rosdocs/tutorials/bk02pt01.html [3/18/2003 12:16:54 PM] Chapter 1.
    [Show full text]
  • Cleanroom Design
    CLEANROOM DESIGN by Douglas H Erickson Bachelor of Architecture Bachelor of Science in Architectural Studies Washington State University Pullman, Washington 1975 SUBMITTED TO THE DEPARTMENT OF ARCHITECTURE IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE MASTER OF SCIENCE IN ARCHITECTURE STUDIES at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY June, 1987 © Douglas H Erickson 1987 The author hereby grants to M.I.T. permission to reproduce and to distribute publicly copies of this thesis document in whole or in part Signature of Author Douglas H Erickson Department of Architecture May 8, 1987 Certified by Dr. Leon Glicksman Senior Research Scientist Thesis Advisor Accepted by t bJulian Beinart Chairman MAzSSAOsmTS INSr~iDpartment Committee for Graduate Students F TECHNOLOGY tlr 1 UmgAES Room 14-0551 77 Massachusetts Avenue Cambridge, MA 02139 Ph: 617.253.2800 MITLib Email: [email protected] Document Services http://Ilibraries.mitedu/docs DISCLAIMER OF QUALITY Due to the condition of the original material, there are unavoidable flaws in this reproduction, We have made every effort possible to provide you with the best copy available. If you are dissatisfied with this product and find it unusable, please contact Document Services as soon as possible. Thank you. Some pages in the original document contain pictures, graphics, or text that is illegible. Pages 96 - 131 CLEANROOM DESIGN by Douglas H Erickson Submitted to the Department of Architecture on May 8, 1987 in partial fulfinent of the requirements for the Degree of Master of Science in Architecture Studies ABSTRACT The development of the integrated circuit which replaced the vacuum tube, started the size reduction process for computer components.
    [Show full text]
  • Feasibility Study: Migrating from Microsoft Office to Libreoffice in An
    Feasibility Study: Migrating from Microsoft Office to LibreOffice in an Academic Enterprise Environment By: Curran Hamilton, David Hersh, Jacqueline McPherson, Tyler Mobray Humboldt State University May 4th, 2012 Abstract This study investigates the feasibility of a migration from Microsoft Office to an alternative office suite at Humboldt State University. After investigating the market for viable alternatives, it was determined that only the open source LibreOffice might be mature enough to meet the needs of a complex enterprise. A literature search was done to learn more about the suite and its development community. Use cases were drawn up and test cases were derived from them in order to compare the functionality of LibreOffice with that of Microsoft Office. It was concluded that LibreOffice is a rapidly maturing and promising suite that may be a viable replacement in one to two years, but is not an acceptable alternative to Microsoft Office in the enterprise environment today. 1 1. Introduction Due to continually increasing costs associated with the CSU’s contract with Microsoft for its many products, including the Office suite, Humboldt State University decided to look into other office suites (preferably open source) that can perform acceptably in place of Microsoft Office (MS Office). The Information Technology Services (ITS) department hired a team of four interns (Curran Hamilton, David Hersh, Jacqueline McPherson, and Tyler Mobray) to determine if a successful migration away from MS Office was feasible enough to warrant further research. We explored other office products currently available, decided on candidate suites, and tested the candidates. Finally, we analyzed and reported on our findings.
    [Show full text]
  • Chapter 2: Installing Samba on a Unix System
    ,ch02.26865 Page 31 Friday, November 19, 1999 3:28 PM Chapter 2 2 Installing Samba on a Unix System Now that you know what Samba can do for you and your users, it’s time to get your own network set up. Let’s start with the installation of Samba itself on a Unix system. When dancing the samba, one learns by taking small steps. It’s just the same when installing Samba; we need to teach it step by step. This chapter will help you to start off on the right foot. For illustrative purposes, we will be installing the 2.0.4 version of the Samba server on a Linux* system running version 2.0.31 of the kernel. However, the installation steps are the same for all of the platforms that Samba supports. A typical installa- tion will take about an hour to complete, including downloading the source files and compiling them, setting up the configuration files, and testing the server. Here is an overview of the steps: 1. Download the source or binary files. 2. Read the installation documentation. 3. Configure a makefile. 4. Compile the server code. 5. Install the server files. 6. Create a Samba configuration file. 7. Test the configuration file. 8. Start the Samba daemons. 9. Test the Samba daemons. * If you haven’t heard of Linux yet, then you’re in for a treat. Linux is a freely distributed Unix-like oper- ating system that runs on the Intel x86, Motorola PowerPC, and Sun Sparc platforms. The operating sys- tem is relatively easy to configure, extremely robust, and is gaining in popularity.
    [Show full text]
  • AV Linux the Distro of Choice for Media Creators
    DISTROHOPPER DISTROHOPPER Our pick of the latest releases will whet your appetite for new Linux distributions. ReactOS Like Windows, but open. K, this isn’t Linux – it’s not even based on Unix – but it is a free Ooperating system that you can try out. ReactOS is a clone of the Windows NT kernel used in Windows XP, and some of the API. This means that in theory, you should be able to use ReactOS just like a Windows system: install the same drivers, run the same software, etc. However, in practice, the implementation is not complete enough to allow you to do this. You can run the simple tools that come with the OS, but not much else. Wine offers a much better chance of being able to run Windows software without a full Windows install. Even though Wine and ReactOS share code, Wine has a much Don’t tell Linus we said this, but some games just don’t look right when running on Linux. better success rate. This is a shame, because if the team had Just because a project isn’t mainstream, Minesweeper, the game that killed millions of been able to create a fully working system that doesn’t mean it’s not interesting. man-hours worth of office-worker time in by the time Microsoft stopped support for Booting up ReactOS feels like taking a trip the last years of the previous millennium. Windows XP, they may have found many back in time – its visual style probably has Perhaps it’s not the best reason to get a new new users.
    [Show full text]
  • Breaking Manufacturers' Aftermarket Monopoly and Restoring
    APRIL 2020 Fixing America: Breaking Manufacturers’ Aftermarket Monopoly and Restoring Consumers’ Right to Repair DANIEL A. HANLEY CLAIRE KELLOWAY SANDEEP VAHEESAN 1 1 Contents Executive Summary ................................................................................. 2 I. Introduction ........................................................................................... 3 II. History of Restricting Repair .............................................................. 4 The History of Open Aftermarkets ............................................................. 4 Early Efforts to Close Afternarkets ............................................................. 6 III. Methods of Restricting Repair .......................................................... 9 Tying of Aftermarket Parts and Service ...................................................... 9 Exclusive Dealing of Aftermarket Parts and Service ................................ 10 Refusal to Sell Essential Tools, Parts, Diagnostics, Manuals, and Software 10 Predatory and Exclusionary Design ........................................................ 11 Leveraging Copyright Law to Lock Software and Hardware .................... 12 Restrictive End User License Agreements ................................................ 13 IV. The Effects and Consequences of Restricted Repair ...................... 15 Increased Costs to Consumers ................................................................ 15 Stifling the Repair Economy and Local Resiliency ..................................
    [Show full text]