Re: Microsoft Opening Up Vista Kernel To Security Vendors in Security

Re: Microsoft Opening Up Vista Kernel To Security Vendors in Security http://www.dslreports.com/forum/r17083361 en Sat, 28 Nov 2009 10:33:40 EDT Sat, 28 Nov 2009 10:33:40 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17196620 Name Game :

said by astirusty

:

Looks like the Vista retail release date has been pushed back slightly further too
As in: January 30th, 20007

By 20007 with all the changes..I will need a bigger screen :(
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/

]]> http://www.dslreports.com/forum/remark,17196620 Wed, 01 Nov 2006 12:04:41 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17196017 astirusty : Looks like the Vista retail release date has been pushed back slightly further too
As in: January 30th, 20007]]> http://www.dslreports.com/forum/remark,17196017 Wed, 01 Nov 2006 10:10:13 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17184502 astirusty :

said by dave

said by Steve

:

Bugs always catch you by surprise - ask any programmer.

Uh, I disagree. I've written stuff that I knew was crap when I wrote it; the subsequent bugs didn't surprise me one bit!

Ahhh, there in lies the difference, you recognized it was crap, and thus no surprise as to the bugs. Whereas, MS was surprised by the bug, because they failed to ... ;) :D]]> http://www.dslreports.com/forum/remark,17184502 Mon, 30 Oct 2006 13:15:29 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17183755 dave :

said by Steve

:

Bugs always catch you by surprise - ask any programmer.

Uh, I disagree. I've written stuff that I knew was crap when I wrote it; the subsequent bugs didn't surprise me one bit!
--
MVP Security]]> http://www.dslreports.com/forum/remark,17183755 Mon, 30 Oct 2006 10:50:12 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17183592 rgillis70 : "Destroy" any system upgraded from XP?
:o
Yeah that definitely sounds like a bug worth fixing.]]> http://www.dslreports.com/forum/remark,17183592 Mon, 30 Oct 2006 10:21:43 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17183575 psloss : The hint a week ago (Paul Thurrott, naturally) related to XP upgrade:
»www.windowsitpro.com/Article/Art···967.html

said by Paul Thurrott on October 23rd :
I've found out that the source of Allchin's concerns was an unexpectedly buggy pre-RTM build of Vista. The previous Friday, Microsoft pushed Vista build 5824 into escrow, hoping that the build could qualify as the final shipping version. But a catastrophic problem with the build destroyed any systems that upgraded from Windows XP, requiring complete reinstallations. After several frantic days of trying to find the bug, Microsoft finally fixed the problem last Friday and reset escrow. On Friday, Microsoft internally released build 5840, which didn't include the bug. Testing over the weekend produced positive feedback.

--
Feedback? e-mail: stuff@lupwa.org ]]> http://www.dslreports.com/forum/remark,17183575 Mon, 30 Oct 2006 10:19:13 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17183570 Steve :

said by Blackbird

:

The bad news is that there could be more bugs.

"Could be"?

The article indicated the bug caught the Vista team "by surprise".

Bugs always catch you by surprise - ask any programmer :-)
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site]]> http://www.dslreports.com/forum/remark,17183570 Mon, 30 Oct 2006 10:17:56 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17183474 astirusty :

said by Blackbird

:

In all fairness, a lot of bugs only appear under peculiar combinations of operating or installation situations, and the later they're caught, usually the more obscure the triggering events involved. Usually...

Yup. I think we have all seen our share of those bugs. The common warning sign is, "No one else is reporting the problem." Which, you can interpret as: 1) Your situation is truly unique, 2) You are "the" early adopter, 3) the support person has a bad grapevine, or 4) PR control is in effect.]]> http://www.dslreports.com/forum/remark,17183474 Mon, 30 Oct 2006 09:56:39 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17182505 Blackbird :

said by astirusty

:

The good news is MS did catch the bug before Vista was RTM.

The bad news is that there could be more bugs. The article indicated the bug caught the Vista team "by surprise".

In all fairness, a lot of bugs only appear under peculiar combinations of operating or installation situations, and the later they're caught, usually the more obscure the triggering events involved. Usually...
--
If God wanted us to work with electrons, He'd make them big enough to see...]]> http://www.dslreports.com/forum/remark,17182505 Mon, 30 Oct 2006 02:23:14 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17178483 astirusty :

said by Name Game

:

Since the train pulls out of the station on the 25th OCT..

"An Oct. 25 RTM date would give computer manufacturers enough time to get new machines loaded with Vista into store inventories for an early January launch, which could still catch some momentum at the tail end of the holidays," said Joe Wilcox, an analyst with Jupiter Research.

Looks like the RTM data has been pushed back to Nov 8th.

quote:
Allen said the Vista team discovered the bug, which "would totally crash the system, requiring a complete reinstall," in Vista Build 5824 on Oct. 13. The team fixed the bug a week later in Vista Build 5840, he said, but the delivery of the operating system to PC makers was delayed.

The team is now targeting a new date of Nov. 8 for Vista's release to manufacturing, Allen said. He also said that the business release of Vista, which Microsoft recently said is on track for release next month, "will barely make the end of November deadline."

Must be some bug if it crashes the system to where a re-install is required. So much for "Safe mode" and "System Restore". The good news is MS did catch the bug before Vista was RTM. Still strange that such a serious bug was not found earlier.]]> http://www.dslreports.com/forum/remark,17178483 Sun, 29 Oct 2006 12:20:41 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17171135 ilago : I think I forgot my "toungue in cheek" smilie there ;)]]> http://www.dslreports.com/forum/remark,17171135 Sat, 28 Oct 2006 01:29:15 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17166559 astirusty :

said by dave

:

Each process has its own address space. What is meant by that statement is that (in general) address N in process 1 is nothing to do with address N in process 2, even though it's the same N.

Thanks!]]> http://www.dslreports.com/forum/remark,17166559 Fri, 27 Oct 2006 12:18:31 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17166487 dave :

said by ilago

:

So the evidence presented to the court by Microsoft in the antitrust case over Internet Explorer was a lie. It can be removed and always could. Fancy that

I see no lie. If you simply "remove anything related to IE" from a stock Windows system, lots of things will (I suppose) no longer work.

If you want to talk about how little or how much engineering effort would be involved in reworking the system, then that's a different question.

This was a court case. Microsoft desired a certain outcome, and they presented the facts in the appropriate light. Isn't that how court cases always work?

In part, any argument here depends on what certain words mean. What exactly is "the operating system"? I'm a kernel weenie, so I tend to the view that sasy Explorer isn't really part of the OS - it's just some userland app. So what if it's the UI that everyone uses? But some people say that when you go to the store and come home with a box labelled "Windows XP Operating System", everything that comes on the CD in the box is part of the operating system. They have a logically unassailable case too.

Likewise, what is "Windows" exactly?

I think you shouldn't confuse statements made in a court of law with the technical aspects of software.]]> http://www.dslreports.com/forum/remark,17166487 Fri, 27 Oct 2006 12:07:08 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17166443 dave : Physical memory is uninteresting to this discussion, it is a concern of the low-level memory allocation code and not much else. Physical memory has nothing to do with protection. Physical memory is not 'address space'. It's just some resource available to the OS.

It may be that the loader loads the kernel into high physical memory. This is probably a consequence of the BIOS loading the loader into low physical memory. Certainly, the kernel does not run with virtual = physical mapping on x86 (if it did, you'd be unable to run Windows on machines with less than 4 GB of physical memory). The loader loads the kernel into some physical memory somewhere, and then it sets up the memory management data structures so that the kernel appears at virtual address 80000000 and up.

But I'm talking about the virtual address space architecture here ('virtual' does not mean 'disk' - you might call it 'logical' address, but that seems to be x86-specific terminology that I'm not fond of).

Each process has its own address space. What is meant by that statement is that (in general) address N in process 1 is nothing to do with address N in process 2, even though it's the same N.

So, each process gets an address space of 00000000 to FFFFFFFF. If the process attempts to touch address N, it's address N in its own process, not in some other process. The notion of 'address N in some other processs' is simply inexpressible in the instruction set (excepting the privileged instructions that are used by the OS to implement processes, of course). Whatever address you issue, it's in the current process.

When the running process touches a page in its own address space, the kernel will need to assign (temporarily) a 'page frame' in physical memory to hold that page. This page frame can be anywhere; there is no physical memory zone 'belonging' to this process.

The 'top half' of the address space (usually 80000000 to FFFFFFFF) is a little different to the above description, in that it always maps the kernel. So, although we still have 'address N in this process', it has been arranged that for N>=80000000, the place you end up at is the same place.

What this means is (a) every process can see the kernel, because it is the same in every process, and (b) the kernel can see the current process, because the kernel is executing within the context of that process.

Mostly, this arrangement is for the advantage of the kernel: it's a lot easier to write the kernel code that (say) implements some kernel system call, when the kernel can actually see the user-mode code that called it.]]> http://www.dslreports.com/forum/remark,17166443 Fri, 27 Oct 2006 11:58:31 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17166319 psloss :

said by ilago

:

So the evidence presented to the court by Microsoft in the antitrust case over Internet Explorer was a lie. It can be removed and always could. Fancy that :huh:

»en.wikipedia.org/wiki/Removal_of···Explorer
--
Feedback? e-mail: stuff@lupwa.org ]]> http://www.dslreports.com/forum/remark,17166319 Fri, 27 Oct 2006 11:34:03 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17166273 astirusty :

said by dave

:

Big news here. Every process runs in the same memory space as the kernel.

Or, to put it a little more normally, the kernel is mapped into the address space of every process. The kernel doesn't have its own address space.

Dave, could you please expand/clarify this. Thanks.

The reason I ask is a different understanding of address space and kernels:
The kernels I have worked with had there own given area in physical memory. I was told years ago that the Windows kernel was loaded into the upper-most area of physical memory. Limiting memory caching to mid-to-lower memory seemed to demonstrate this, in that windows barely ran.
The kernel is what decides/dictates where in physical memory a process will run. The process is setup with address space that is mapped to physical memory. Or put another way, a process runs in logical memory that is mapped to physical memory (or virtual memory - disk) as defined by the kernel.]]> http://www.dslreports.com/forum/remark,17166273 Fri, 27 Oct 2006 11:27:37 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17166226 ilago :

quote:
To add, Explorer is a shell for the user, not Win32 (or the user mode side of NTDLL, for that matter). The USER and GDI calls don't require Explorer...in fact, they still work after killing off most of the user mode paraphernalia.

So the evidence presented to the court by Microsoft in the antitrust case over Internet Explorer was a lie. It can be removed and always could. Fancy that :huh:]]> http://www.dslreports.com/forum/remark,17166226 Fri, 27 Oct 2006 11:19:01 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17165869 psloss :

said by dave

3. Explorer is the shell for the Win32 gui.

Yeah, but I don't see your point. Explorer's just a userland app.

To add, Explorer is a shell for the user, not Win32 (or the user mode side of NTDLL, for that matter). The USER and GDI calls don't require Explorer...in fact, they still work after killing off most of the user mode paraphernalia.
--
Feedback? e-mail: stuff@lupwa.org ]]> http://www.dslreports.com/forum/remark,17165869 Fri, 27 Oct 2006 10:18:24 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17165519 dave :

said by garywk

:

1. Windows Explorer has some fairly low level system access.

I say it doesn't: I say it uses standard APIs. Admittedly, some of them might be native APIs rather than Win32, so you'll have to get non-MS documentation for those.

2. Win32 Gui runs in Kernel mode.

This is be technically true but is misleading. It all depends what you mean by 'the gui'. Yes, there are drawing functions (gdi32) and window-management functions (user32) in kernel mode. The 'real UI', which to say the stuff that executes for example when you double-click on an object, is user mode.

I don't see this as having a lot more to say about the system than 'the mouse driver runs in kernel mode'. Yes, it's practically impossible to replace window management the way you can with, say, X11. That is a different argument.

3. Explorer is the shell for the Win32 gui.

Yeah, but I don't see your point. Explorer's just a userland app.

4. IE and Windows Explorer are basically one and the same.

Debateable. But I'll save my comment for the next point.

5. Bill Gates' sworn testimony in court says that the removal of IE, and thus Windows Explorer, would mean that Windows would be severly crippled or possibly not even run.

Yes, in exactly the same way that removal of the C runtime library (a trivial user-mode component) would result in Windows being severely crippled and would probably not run.

Here's the deal as I see it: HTTP/HTML functions are contained in a DLL, probably wininet.dll. Because Microsoft has or had this vision that there should be no difference between a document on your desk and a document halfway round the planet, many many apps use the facilities of that library, possibly simply because they use a common shell dialogue.

Thus it is indisputably true that if you now removed that library, without making source changes, that you'd break a whole lot of apps.

This means IE/WE processes are integrated at system level as removing a user mode process could not negatively affect system operation.

Nonsense. There's a whole load of user-mode processes (lsass, smss, csrss, winlogon) which are needed before the system runs normally.

In addition, it's perfectly possible to boot up an NT system without Explorer - I've done it. Just change the 'shell' definition in the registry, say to cmd.exe. Note, by the way, that you still have a 'gui' (in the sense that cmd.exe is running in a console window) even though you don't have a 'desktop'.

You really have not understood what you have read.

Any application can write to the file system or to the registry. There are Win32 APIs made available to apps for that very purpose. An operating system that prohibits user mode apps from writing files is not a very usefl operating system.

Right now, the ability of an app to write to (parts of) the file system is constrained only by discretionary access controls that are based on user id. If 'dave' can write to \foo\bar, any program running as 'dave' can do the same.

The mandatory access controls being added will further constrain this by adding a consideration of integrity level. Thus IE running as 'dave' may not be able to write to \foo\bar (controlled by the security descriptor on \foo\bar, though it's in the SACL and not the DACL).

Logically that says that IE6, under current MS OS's, has the ability to write to the file system and registry while connected to the internet.

There is a 'save as' operation that writes to the file system. There is an 'options' command that writes to the registry. You can do these today while connected to the internet. There's no special low-level interface required. It's just apps.

The author speaks of Protected Mode, how it is "defense in depth", and that it is being introduced in Vista in relation to IE. Since this is the introduction of the "defense in depth" security model for IE it is also an admission from MS that IE was previously in violation of the principle of "defense in depth".

You sure read a lot into someone saying "new! improved! better!".

Any new feature is an admission that you didn't have that feature before.

That tells me two things. One. IE currently has low level system access, and, two, that IE's current security model is "insecurity by design".

Sheer fantasy.]]> http://www.dslreports.com/forum/remark,17165519 Fri, 27 Oct 2006 09:01:54 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17165489 psloss :

said by garywk

:

Notice what will now be off-limits for IE to write to under Protected Mode. That means the file system and the registry, both areas of which operate at kernel mode, are currently areas which IE has the ability to write to directly. Whether or not IE runs during kernel mode when performing these actions I cannot say for sure, but MS documentation says some of their applications switch between kernel mode and user mode.

It doesn't appear you understand the difference between "interface" and "implementation."

The operating system provides interfaces for user mode programs to use the file system and the Registry. Explorer is a user mode application and uses those interfaces the same as all user mode applications.

said by garywk

:

Since this is the introduction of the "defense in depth" security model for IE it is also an admission from MS that IE was previously in violation of the principle of "defense in depth". That tells me two things. One. IE currently has low level system access, and, two, that IE's current security model is "insecurity by design".

Defense in depth:

quote:
...in information security defence in depth represents the use of multiple computer security techniques to help mitigate the risk of one component of the defence being compromised or circumvented.

How does a security measure violate a "principle" of combining security measures?

They added measures in the XP SP2 version, they added more in IE 7, they're adding more in Protected Mode.
--
Feedback? e-mail: stuff@lupwa.org ]]> http://www.dslreports.com/forum/remark,17165489 Fri, 27 Oct 2006 08:56:32 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17165358 garywk : dave,

Yeah, I confused processor mode and address space but it seems that even some developers do the same.

Here is my line of reasoning on this. True or not it seems to be held up by what I read from MS.

1. Windows Explorer has some fairly low level system access.
2. Win32 Gui runs in Kernel mode.
3. Explorer is the shell for the Win32 gui.
4. IE and Windows Explorer are basically one and the same.
5. Bill Gates' sworn testimony in court says that the removal of IE, and thus Windows Explorer, would mean that Windows would be severly crippled or possibly not even run. This means IE/WE processes are integrated at system level as removing a user mode process could not negatively affect system operation.
6. Protected Mode in Vista is MS's new security goodie for IE. Protected Mode limits kernel mode system access for IE.

Read the following from IEBlog. IEBlog is written by Mike Friedman, a member of the IE Team.

quote:
Internet-facing applications such as browsers are inherently at a higher security risk than other applications because they can download untrustworthy content from unknown sources. IE7’s Protected Mode leverage's Windows Vista’s UAC, MIC and UIPI features to boost browser security. In IE7’s Protected Mode—which is the default in other than the Trusted security zone—the IE process runs with Low rights, even if the logged-in user is an administrator. Since add-ins to IE such as ActiveX controls and toolbars run within the IE process, those add-ins run Low as well. The idea behind Protected Mode IE is that even if an attacker somehow defeated every defense mechanism and gained control of the IE process and got it to run some arbitrary code, that code would be severely limited in what it could do. Almost all of the file system and registry would be off-limits to it for writing, reducing the ability of an exploit to modify the system or harm user files. The code wouldn't have enough privileges to install software, put files in the user's Startup folder, hijack browser settings, or other nastiness.

Notice what will now be off-limits for IE to write to under Protected Mode. That means the file system and the registry, both areas of which operate at kernel mode, are currently areas which IE has the ability to write to directly. Whether or not IE runs during kernel mode when performing these actions I cannot say for sure, but MS documentation says some of their applications switch between kernel mode and user mode.

I would say this shows that IE has hooks into the system at fairly low levels, and will continue to have those levels of system access whenever it is not running in Protected Mode, i.e. connected to untrusted sources. Logically that says that IE6, under current MS OS's, has the ability to write to the file system and registry while connected to the internet.

The very first paragraph of the blog is also very interesting. The author speaks of Protected Mode, how it is "defense in depth", and that it is being introduced in Vista in relation to IE. Since this is the introduction of the "defense in depth" security model for IE it is also an admission from MS that IE was previously in violation of the principle of "defense in depth". That tells me two things. One. IE currently has low level system access, and, two, that IE's current security model is "insecurity by design".
--
“We will bankrupt ourselves in the vain search for absolute security.”

Dwight David Eisenhower]]> http://www.dslreports.com/forum/remark,17165358 Fri, 27 Oct 2006 08:18:43 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17157673 Kiwi : What's the bottom line, an OS or thread links into the OS. Seems the best approach would be sacrificing the 'Extras' and going for a stable kernel. The real problem as seen by many is the DRM aspect. That, many have suffered; or at least put up with.

VISTA, won't be visited in the same fashion the previous MS OS distributions did, at all. Is it really bad, perhaps not, but the problems of a 'Borrowed license' for a few hundred bucks, is becoming a real issue.

Proprietary has done it's rounds over the years and this one, in particular stinks, more than hardware or any other software. I still maintain the security portfolio of DSLR/BBR could do with an overhaul! It's hard to to claim security and expect an appropriately locked down MS, to function around here.

MS has not proved to be reliable, in terms of security. That can't be debated, it's a fact. Yes, it's a high profile OS, but after more than 20 years one would think they could get it right, a tri-Billion dollar company who can't meet basic security.

I hate I'm forced to such comments, but I guess reality sets in @ some point. Customers are not heard. Why when "Something" goes wrong does one 'Send' a message that goes into a black hole; there is no intent to answer. I could go on, but that would piss off the MS crowd. Users are screwed from the word go with MS.

It's easily stated that 'If' users are disheartened by MS, they could move on; some do and can. But, there are many with vested $$ in programs supported/encouraged by MS who can't afford that option.......

They call it......Capitalistic medicine.

One thinks Netscape was a big deal, pull your pants down for the latest BS.]]> http://www.dslreports.com/forum/remark,17157673 Thu, 26 Oct 2006 00:40:51 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17156233 dave :

said by garywk

:

The simple explanation is that IE runs in the same memory space as the kernel meaning that internet files are processed in the same memory space.

Big news here. Every process runs in the same memory space as the kernel.

Or, to put it a little more normally, the kernel is mapped into the address space of every process. The kernel doesn't have its own address space.

I think you need to understand the difference between 'address space' and 'processor mode'. Processes have address spaces. Processor modes don't.

(And this is utterly conventional operating system design, at least on 32-bit and better machines. I've used 16-bit machines where a mode change implies an address-space change, and it's not fun.)

But, if what you really meant was that the web browser executes in kernel mode: no, it doesn't. That would be silly, which is why it doesn't happen. You could probably demonstrate that with Performance Monitor if you really cared.]]> http://www.dslreports.com/forum/remark,17156233 Wed, 25 Oct 2006 20:27:28 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17155864 garywk :

quote:
Good suggestions there, by the way. Do you think the average Windows user would be able to live with those? Do you think Joe Average would be able to manually change NTFS permissions for every damn executable he encounters?

Do I think that people will rise to the level required of them? Yes.

If all users had been required to do this for several years by now it would be a commonly known practice and just about anyone who runs Windows could tell you how to do it.

This is the way things are done in Unix and many people are finding out that they can run it. BTW, a user will not have to give every executable execute permissions. The user would only have to give executables that are introduced from outside the system execute permissions before they could run. That includes scripts created by users of the system, but not program executables that are introduced by the system installer.

I have introduced several newbs to file system permissions and they don't really have that big of a problem with it.
--
“We will bankrupt ourselves in the vain search for absolute security.”

Dwight David Eisenhower]]> http://www.dslreports.com/forum/remark,17155864 Wed, 25 Oct 2006 19:28:38 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17155832 Steve :

said by garywk

:

The simple explanation is that IE runs in the same memory space as the kernel meaning that internet files are processed in the same memory space. Sound like a good thing to expose to the internet? If you were a kernel developer would think this is an "acceptable practice"?

It would be a lousy practice, which is why it doesn't happen.

IE is no more in the kernel than Firefox.

Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site]]> http://www.dslreports.com/forum/remark,17155832 Wed, 25 Oct 2006 19:23:07 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17155745 garywk : dave,

The simple explanation is that IE runs in the same memory space as the kernel meaning that internet files are processed in the same memory space. Sound like a good thing to expose to the internet? If you were a kernel developer would think this is an "acceptable practice"?

All other web browsers operate in user memory space which has a different set of security permissions and do not have direct exposure to the kernel.
--
“We will bankrupt ourselves in the vain search for absolute security.”

Dwight David Eisenhower]]> http://www.dslreports.com/forum/remark,17155745 Wed, 25 Oct 2006 19:08:03 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17154979 anon :

quote:
Hmmm.... IOW's, you're saying trust the authors of what has been the most insecure OS for last 20 years or so for computer security? What makes you think that MS is really interested in changing the status quo? They've had decades to improve the security of their systems and have shown, imo, little, if any, interest in really securing it.

They could have done things such as change default permissions so that no executable could run unless given explicit execute permissions, and stopped all emailed .exes from executing by default, but they didn't.

They could have removed IE's hooks from the system but they haven't. Doing that would have shown the hypocrisy of their claims that IE had to be hooked into the system.

They could have led the way to getting rid of ActiveX as a way of compromising systems by getting rid of ActiveX on their own websites, but they didn't. Even when they released work-arounds for ActiveX problems that included blocking ActiveX in IE they left ActiveX content in all their own websites. Wow! A company that tells you don't use this feature, it's insecure, forces users to use it or their own sites won't display properly.

So much for any real committment to security by the authors of that OS.

Windows has been as insecure as its users. The default security settings have always been largely crap, but that aside, the security model was always "sound" in Win NT line. "IOW", I'm saying that you should trust yourself first. Then consider what else you can trust. You want an OS that you can trust. If you don't trust MS, then for Mr. F's sake stop using their operating system. If the operating system cannot be trusted, no amount of third-party crapware.., excuse me, anti-malware programs, will magically cure it and make it suddenly all secure and trustworthy. If anything, the recent developments in Windows security (XP SP2, Vista's UAC model) show a strong commitment to trying to make the overly functional and thus insecure default settings better as in more secure.

Good suggestions there, by the way. Do you think the average Windows user would be able to live with those? Do you think Joe Average would be able to manually change NTFS permissions for every damn executable he encounters? If he could, do you think he wouldn't just decide to make everything executable, always, regardless of what the content actually was? And how exactly do you identify which executable was emailed to the system, especially if the user is using non-MS email programs (not unusual even for "Joe Average", seeing how many workplaces use non-MS stuff for groupmail and such)? Add some ludicrous meta-data NTFS stream to every file that is created on the system that stores its origin somehow? That's pretty much shooting flies with a cannon, but then again, tastes differ.

And I hate to sound like an all out flamer, but what are these mysterious and oft-mentioned "hooks" that IE has to "the system"? IE certainly is not hooked to the kernel in any way. The only "hook" it has is to Windows Explorer, and that's because they're one and the same. Oh, and by the way, Konqueror (»www.konqueror.org/) does pretty much that, too. IE has problems, but I don't think "hooks to the system" are one of them. ActiveX is no hook to the system, although it certainly is a real security issue, and a big one.

If MS has no real commitment to security, then why in the blazes is the Win32 security API technically superior (well, at least from this one perspective) to its Unix equivalent, providing far more granular control over resource access?

The devil's advocate aside, MS has real security problems. But companies like Symantec are certainly not a solution. They're a part of the problem. So, why all the whining? Preventing kernel-patching (or, as many keep saying, trying to prevent it only to fail when some hacker exploits some bug in the attempted protection) is absolutely a good thing and shows a commitment to security. It is NOT secure to allow software to patch the kernel. It's the least secure and most destablizing thing you can do to an OS, to allow stuff to screw with the kernel. Anti-malware programs can easily be made to work without rootkitting the kernel. So we get the best of both worlds: 1) Microsoft making a genuine effort at protecting the kernel, and even if it isn't fully successful, it will prevent many attacks regardless and make things more difficult for the black hats. 2) Let you people have your anti-malwares, but now, their crappy kernel-patching won't crash your system anymore. Pardon my passionate words, but how is this bad?]]> http://www.dslreports.com/forum/remark,17154979 Wed, 25 Oct 2006 17:08:15 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17154272 dave :

said by garywk

:

IOWs, they found a bug in the system that allows them to infiltrate Vista's "kernel security" without the system finding it. Malware authors will find and use the same, or similar, bug.

OK, you've passed part (a). For part (b), explain why Symantec requires the ability to hot-patch kernel data structures in order to detect the infiltrator from part (a).]]> http://www.dslreports.com/forum/remark,17154272 Wed, 25 Oct 2006 15:23:43 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17154267 Name Game :

said by Cudni

:

from
»Morning Broadband Bytes
comes
»www.eweek.com/article2/0,1895,20···talkback
"...
Authentium said its workaround allows it to access the kernel without incurring the shut-down.

The company specifically said that it is using an element of the kernel meant to help the OS support older hardware to bypass the feature. The loophole allows the company's tools to infiltrate Vista's kernel hooking driver, and get out, without the OS knowing the difference. ..."

Cudni

Here is the response..

»www.eweek.com/article2/0,1895,2037052,00.asp

Pass the gray poopon please.... It was Kernel Mustard in the Conservatory with the lead pipe?

Sure miss those Cabbage Patch Kids :)
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17154267 Wed, 25 Oct 2006 15:22:56 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17154142 garywk :

quote:
Only a fool would trust his security to MS. But a smart man would trust his security to the author of the operating system (in this case, that would be MS) and more importantly himself. Only a fool would trust an anti-malware company in anything. Anti-malware companies are the last people on earth that would want to see all malware issues disappear. Their livelihood depends on crapware. What makes you think they want the problem to go away? They obviously don't, unless they also want to go out of business.

Hmmm.... IOW's, you're saying trust the authors of what has been the most insecure OS for last 20 years or so for computer security? What makes you think that MS is really interested in changing the status quo? They've had decades to improve the security of their systems and have shown, imo, little, if any, interest in really securing it.

They could have done things such as change default permissions so that no executable could run unless given explicit execute permissions, and stopped all emailed .exes from executing by default, but they didn't.

They could have removed IE's hooks from the system but they haven't. Doing that would have shown the hypocrisy of their claims that IE had to be hooked into the system.

They could have led the way to getting rid of ActiveX as a way of compromising systems by getting rid of ActiveX on their own websites, but they didn't. Even when they released work-arounds for ActiveX problems that included blocking ActiveX in IE they left ActiveX content in all their own websites. Wow! A company that tells you don't use this feature, it's insecure, forces users to use it or their own sites won't display properly.

So much for any real committment to security by the authors of that OS.
--
“We will bankrupt ourselves in the vain search for absolute security.”

Dwight David Eisenhower]]> http://www.dslreports.com/forum/remark,17154142 Wed, 25 Oct 2006 15:02:04 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17153935 anon : Only a fool would trust his security to MS. But a smart man would trust his security to the author of the operating system (in this case, that would be MS) and more importantly himself. Only a fool would trust an anti-malware company in anything. Anti-malware companies are the last people on earth that would want to see all malware issues disappear. Their livelihood depends on crapware. What makes you think they want the problem to go away? They obviously don't, unless they also want to go out of business. ]]> http://www.dslreports.com/forum/remark,17153935 Wed, 25 Oct 2006 14:19:33 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17153926 rgillis70 :

said by garywk

:

Since MS has not shown the ability to patch promptly, except for DRM, and keep ahead of the malware why would anyone want to trust only MS for their system security?

Nobody has to, and few would. KAV currently runs on Vista. Sophos says they will run as well.

Symantec and McAfee are blowing smoke.

Edit: Quote from the same article "The real reason those companies dislike PatchGuard is because it will drive up the expense of developing their own products"

Money...the root of all complaints.]]> http://www.dslreports.com/forum/remark,17153926 Wed, 25 Oct 2006 14:18:29 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17153857 garywk :

said by Cudni

Yup. IOWs, they found a bug in the system that allows them to infiltrate Vista's "kernel security" without the system finding it. Malware authors will find and use the same, or similar, bug.

It's just evidence that MS alone will never keep out the junk and that it's plain foolish to rely upon just one vendor to keep a MS product free from malware. No one 3rd party spyware/malware vendor ever catches 100% of the malware in a Windows system, including MS's own product.

Since MS has not shown the ability to patch promptly, except for DRM, and keep ahead of the malware why would anyone want to trust only MS for their system security?
--
“We will bankrupt ourselves in the vain search for absolute security.”

Dwight David Eisenhower]]> http://www.dslreports.com/forum/remark,17153857 Wed, 25 Oct 2006 14:06:49 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17152707 Name Game :

said by ilago

said by Name Game

:

I am not a 'what if' guy ilago, but I certainly do not expect Microsoft "to maintain high quality security software"..I expect them to patch the OS faster if required. ;)

Good Luck ;)

I've been using computers for too long not to be a 'what if' girl. I just don't have that much faith in Microsoft's ability to do what you're asking - sorry :huh:

Fair enough.. ;) but here are "alternatives" for the last two years on one of those vendors that you suggest "has actually supported Windows operating systems. Without them, Microsoft wouldn't be where it is now."

Users do not need this kind of support..and I think Symantec for one should start worrying about protecting their own product from hacks since that seems to be the role they want to play for Microsoft on Vista.

Symantec rootkit

»www.f-secure.com/weblog/archives···00000776

Serious flaw found in Symantec antivirus

»www.infoworld.com/article/06/05/···w_1.html

Authentication bug breaks Symantec's scanner
(took them 3 months to fix)
»www.infoworld.com/article/06/04/···k_1.html

Serious flaw reported in Symantec antivirus software
Symantec Antivirus Library can be overwhelmed by "heap overflows" while decompressing an RAR file

»www.infoworld.com/article/05/12/···w_1.html

Scammers use Symantec, DNS holes to push adware
Users being tricked into installing programs onto their computers

Internet users on some networks protected by the vulnerable Symantec products had requests for Web sites, such as google.com directed to attack Web pages that attempted to install the ABX toolbar, a search toolbar and spyware program that displays pop-up ads, Ullrich said.

The DNS poisoning attacks were easy to detect because Web sites involved in the attack do not mimic the sites that users were trying to reach, Ullrich said. However, DNS poisoning could be a potent tool for online identity thieves who could set up phishing Web sites that are identical to sites like Google.com or eBay.com, but secretly capture user information, he said.

Some of those customers told ISC that they installed a patch that the company issued in June to fix a DNS cache poisoning problem in many of the same products, but were still susceptible to the latest DNS cache poisoning attacks, according to information on the ISC Web site.

»www.infoworld.com/article/05/03/···e_1.html

They are so busy buying up other products and vendors for leverage in the market..their market share loss in the home user market was to be expected.

Symantec hit with $1 billion tax bill

»www.infoworld.com/article/06/04/···x_1.html

»www.redherring.com/Article.aspx?···Tax+Bill
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17152707 Wed, 25 Oct 2006 10:39:24 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17152578 garywk :

quote:
For years they had been trashing every OS Microsoft put out

Hmmm... Are you saying this because MS does a good enough job of trashing their own OS all by themselves that they don't need the help? :D ;)]]> http://www.dslreports.com/forum/remark,17152578 Wed, 25 Oct 2006 10:16:30 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17152496 Cudni : from
»Morning Broadband Bytes
comes
»www.eweek.com/article2/0,1895,20···talkback
"...
Authentium said its workaround allows it to access the kernel without incurring the shut-down.

The company specifically said that it is using an element of the kernel meant to help the OS support older hardware to bypass the feature. The loophole allows the company's tools to infiltrate Vista's kernel hooking driver, and get out, without the OS knowing the difference. ..."

Cudni
--
Some are born to failure, others achieve it, all deserve it.
Help yourself so God can help you.
MVP, Microsoft Windows Security 2006]]> http://www.dslreports.com/forum/remark,17152496 Wed, 25 Oct 2006 09:57:50 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17152381 ilago :

said by Name Game

:

I am not a 'what if' guy ilago, but I certainly do not expect Microsoft "to maintain high quality security software"..I expect them to patch the OS faster if required. ;)

Good Luck ;)

I've been using computers for too long not to be a 'what if' girl. I just don't have that much faith in Microsoft's ability to do what you're asking - sorry :huh:]]> http://www.dslreports.com/forum/remark,17152381 Wed, 25 Oct 2006 09:30:23 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17152032 dave :

said by Name Game

:

Well at least they finally know how to uninstall their own software..

One day, maybe they'll even have an uninstall procedure?]]> http://www.dslreports.com/forum/remark,17152032 Wed, 25 Oct 2006 07:56:36 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17151884 Name Game :

said by dave

:

Symantec Device Driver Elevation of Privilege.

»securityresponse.symantec.com/av···.23.html

Damn, this programming is hard, even when you're supposed to know what you're doing.

Well at least they finally know how to uninstall their own software..
»service1.symantec.com/SUPPORT/en···_sch_nam

For years they had been trashing every OS Microsoft put out with their hooks and keys in the name of Security leaving the user with no method to fully uninstall on all those New PC's purchased that came with their "preinstalled" software. Users could not even upgrade to their new engine "versions" without running into installation problem much less any Competitors software..how they got away with that so long I will never know. :(
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17151884 Wed, 25 Oct 2006 06:21:01 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17150172 dave : Jim Allchin clarifies recent market confusion about Vista Security.

said by allchin :

Here is what we are doing to maintain the integrity and security of 64-bit Windows, while still addressing the needs of our security partners:
•

Contrary to some media reports, Microsoft will not weaken the security of 64-bit Windows by enabling some applications to modify the kernel of the operating system.
•

We have applied our no-exceptions policy against kernel patching to Microsoft applications as well as third party applications, consistent with our Windows Principles. No application can bypass or weaken Kernel Patch Protection—this is essential to improving security and reliability for you. Note that many third-party security companies provide highly competitive products without modifying the Windows kernel in unsupported ways.
•

For legitimate third-party applications that have intentionally patched the 32-bit Windows kernel in unsupported ways, Microsoft will continue to work with these third-parties to identify, prioritize, design and develop new interfaces for 64-bit Windows that will help their applications perform needed tasks, without directly modifying, bypassing or weakening Kernel Patch Protection. We have already begun discussions with the engineering teams of major third-party security vendors about the functionality they are seeking.
•

Microsoft will continue to work closely with others in the software industry to resolve any interoperability issues that may arise, particularly any issues that arise from our efforts to ensure that Windows Vista is more secure and reliable by design.

In short, we are committed to providing the best operating system we can for you – one that you can depend on and feel safe using.

]]> http://www.dslreports.com/forum/remark,17150172 Tue, 24 Oct 2006 21:52:29 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17150134 dave : Symantec Device Driver Elevation of Privilege.

»securityresponse.symantec.com/av···.23.html

Damn, this programming is hard, even when you're supposed to know what you're doing.]]> http://www.dslreports.com/forum/remark,17150134 Tue, 24 Oct 2006 21:47:02 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17147293 daT :

said by Name Game

:

When you can show me independent lab tests on anyone of those third party security vendors products that over the years or even today consistently sco

Change 'those third party security vendors' for 'Microsoft' and ask that question again.
--
Vista... just say no! Your solution?... >su Password: *****
]]> http://www.dslreports.com/forum/remark,17147293 Tue, 24 Oct 2006 14:17:01 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17146708 Name Game : People hack M$ for money these days..not for the fun of it..AV's claim to be proactive in real time yet over the past few years they have missed most of the tojans..then malware and rootkits themselves and they still can't fully clean and/or repair XP or past Microsoft OS's. So now they should get full access to the kernel in Vista ????

When you can show me independent lab tests on anyone of those third party security vendors products that over the years or even today consistently score better that 90% on "all the bad boys floating around out there... I will match that with the list of vendors who do not even need a hook to the kernel to do their thing. That's real history. In fact many that did..just made their users more vulnerable to attack.

blog quote:

"Having come from an IT consulting background, I personally attended their sales meetings as recent as last year and witnessed their sales tactics first hand. The AV vendors would actually position their software as an alternative to Microsoft's Windows patches. They openly boasted about the fact that they had clients who didn't patch their operating systems for a year. The problem is that you're paying top dollars for a security solution to replace a free patching solution. Furthermore, the effectiveness of AV solutions is limited to known patterns and known signatures and so-called "behavior based AV" doesn't really exist even though many AV vendors claim to be behavior based. One AV vendor contacted me and told me their solution was proactive but when I asked them what zero-day attacks have they preemptively stopped recently and I never got a response back."

»blogs.zdnet.com/Ou/?p=343

I am not a 'what if' guy ilago, but I certainly do not expect Microsoft "to maintain high quality security software"..I expect them to patch the OS faster if required. ;)
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17146708 Tue, 24 Oct 2006 12:46:50 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17146703 PS32 : Good :D]]> http://www.dslreports.com/forum/remark,17146703 Tue, 24 Oct 2006 12:45:36 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17146530 astirusty :
said by dave :

Does HIPAA have a provision for extradition?
I am no lawyer, but there is an extradition treaty between the U.K. & the U.S. that appears to be applicable. Link: »www.usdoj.gov/opa/pr/2003/March/···_196.htm

quote:
The new extradition treaty will give the two countries more flexibility to ensure that fugitive criminals can be brought to justice in either country. It covers criminal conduct, from white collar crime and fraud to organized crime, money laundering and terrorism.
]]> http://www.dslreports.com/forum/remark,17146530 Tue, 24 Oct 2006 12:14:37 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17146279 ilago : Name Game - I think you have misunderstood where I am coming from. Yes, I have also read this »theinvisiblethings.blogspot.com/···ome.html from Joanna Rutkowska and many of the comments that follow. There is a clear indication that PatchGuard has a limited life span of invulnerability. October 19th is not that long ago. She notes in the blog that bad signed code is a viable attack vector. The big malware developers are still there too, they will be slaving over their RC versions of Vista too.

My concerns relate to Microsoft's history. To me, this is an antitrust issue only party related to kernel access. Microsoft is "Netscaping" several third party developers not just the security companies. The third party security companies are not all McAfee and Symantec. Much of the expertise to deal with the serious issues that Windows (various) have had over the years has come from third parties with the technical ability to find exploits, investigate problems and often find the solutions where Microsoft failed. Many of these third party developers aren't large ugly security corporations. You don't just lose the McAfees and Symantecs you lose all the rest of that expertise as well. You throw the baby out with the bathwater. I think the purchase of Sysinternals and their expertise is something you should add to that. The Windows XP utilities will still be available for the time being. But there will be no Vista equals of power of those programs. You lose that expertise as well.

Far from being parasites of Microsoft, the security industry as a whole, not just McAfee and Symantec, has actually supported Windows operating systems. Without them, Microsoft wouldn't be where it is now. The big malware developers are still there too, they will be slaving over their RC versions of Vista too and probably not designing new skins.

You guys have been so busy arguing the case for Microsoft to cut out any third party scrutiny of their closed system that you aren't looking at the bigger picture and the possible future. The possible future you are seeing is one where Vista will be safe because of patchguard and driver signing and Microsoft's great effort at security, while completely ignoring the possibility of what could happen if it isn't bug proof and there's no one left to provide the information to you or anyone else.

Dave, you are seeing a technical issue of kernel protection. I am seeing an operating system becoming so restricted on access that the user has no control over any part of their machine apart from changing colour schemes, installing hardware with signed proprietary drivers (good or bad) and using a limited number of productivity applications. It's the way they have introduced this concept and the restrictions placed on what third party applications can do under this model that should be under discussion.

The reason why the Windows kernel can't be treated the way that Microsoft want to is that the desktop manager, file management and internet browser are hooked into the operating system, run as part of the operating system, and can't be run as ordinary applications. So the vulnerability that Windows has always had is still there.

I expect to operate unix, linux, OSX or BSD without running as root. I don't have problems with that. I can run any of those systems successfully as a user, only requiring root access for installation and system level configuration. But I have a choice about the access level I want once I am running as root. I can kill the desktop manager process and still run the operating system it is not part of it. I can install alternative desktop managers and browsers as I see fit. I can open a shell and do anything I like at user or root level. There is no equivalent to this in Windows.

Windows is now the only completely proprietary operating system out there. My post wasn't motivated by any interest in the rights and wrongs of kernel access. I am simply disappointed that the thread disintegrated into a defence of Microsoft's actions with alternative views and serious security concerns being pushed out of the way because this is the best version of Windows ever, ever, ever........

What is going to happen when there are no third party applications and utilities available to us. What is going to happen if Microsoft have underestimated the resources required to maintain high quality security software. Their own history is there for all to see.]]> http://www.dslreports.com/forum/remark,17146279 Tue, 24 Oct 2006 11:31:55 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17146233 dave : Does HIPAA have a provision for extradition?]]> http://www.dslreports.com/forum/remark,17146233 Tue, 24 Oct 2006 11:25:10 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17146184 astirusty :
said by Name Game :

"With Vista and Bitlocker, businesses will be able to throw hard disks away and be sure (they are) secure," Nick McGrath, head of platform strategy for Microsoft UK, said at Infosecurity 2006.
McGrath's statement might be more believable if:
1) Microsoft would put that in writing, with a guarantee to assume all financial liability
and
2) waive their EULA that always exonerates MS from anything and everything.

Otherwise McGrath's statement is meaningless when it comes to ensuring businesses (and individuals) the data on disposed of hard disks will not end up in the wrong hands. Besides the financial liability there is the criminal liability with regards to laws like HIPAA with prison time up to 1 year (longer if done under false pretense).]]> http://www.dslreports.com/forum/remark,17146184 Tue, 24 Oct 2006 11:17:48 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17145549 dave :
said by said by blogs.zdnet.com/Ou/?p=292 :

This effectively defeats one of the security mechanisms in Vista x64 and allows administrators the ability to deliberately or accidentally install Malware in to the kernel.
If the admin wants to do this deliberately, it is surely easier to use the documented techniques available to driver developers for bypassing signature checking. There are two choices, I believe: boot with a debugger attached to the PC, or modify the boot configuration.

Drivers still need to be signed but the signatures aren't checked - this allows driver developers to use self-generated digital ids during development. I imagine it's "signed but not checked" rather than "not signed" because that involves fewer special-cased code paths.

So, if you're talking about this hack allowing deliberate bypasses on the part of the admin, you're missing the point. Driver signing is not intended to stop the admin loading unattributable crap at all costs; it is intended to stop the admin from being fooled into loading unattributable crap. (The old way, "Are you sure you want to load this crap?" has not worked out.) There is an easier way than editing code after it has been loaded.

If you're talking about deliberate malware attacks, yup. Malware running under admin could force kernel code to be outpaged and edit it by raw disk access. This sounds like a fairly sophisticated attack, though. ]]> http://www.dslreports.com/forum/remark,17145549 Tue, 24 Oct 2006 09:25:55 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17145444 Name Game :
said by dave :

said by ilago :

I don't think many of the points made in this article have actually been looked at in depth in this thread.
It doesn't actually say anything useful. It appears to make the common error of conflating "can call kernel-mode APIs" and "can overwrite kernel tables". I conclude he doesn't understand the issue.

hi ilago,

For a review, These two links might give you a more technical insight on some of the issues.

Impact of Vista x64 signed driver requirement bypass

»blogs.zdnet.com/Ou/?p=292

Symantec and McAfee should stop crying about Vista

»blogs.zdnet.com/Ou/?p=343

I fouind this also very interesting about BitLocker Drive Encryption.

Microsoft claims that businesses planning to use Vista together with its Bitlocker hard drive encryption technology will have an easy and safe way to dispose of their hard disks. The software giant said on Tuesday that Vista will be so secure that businesses will no longer need to worry about data being compromised when hard disks are sent for disposal, in line with upcoming "green" legislation designed to reduce waste. "With Vista and Bitlocker, businesses will be able to throw hard disks away and be sure (they are) secure," Nick McGrath, head of platform strategy for Microsoft UK, said at Infosecurity 2006. However, McGrath rejected suggestions that Bitlocker would have backdoors in its encryption that will allow police forces to decrypt information stored on suspect systems. "The technology itself is 100 percent secure--we will not be producing any backdoors," said McGrath. "There are no backdoors in Bitlocker technology."

more here...
»www.schneier.com/blog/archives/2···ker.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17145444 Tue, 24 Oct 2006 09:04:14 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17145277 dave :
said by ilago :

I don't think many of the points made in this article have actually been looked at in depth in this thread.
It doesn't actually say anything useful. It appears to make the common error of conflating "can call kernel-mode APIs" and "can overwrite kernel tables". I conclude he doesn't understand the issue.]]> http://www.dslreports.com/forum/remark,17145277 Tue, 24 Oct 2006 08:25:22 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17145252 anon : Interestingly enough, "pathetic and laughable" is exactly how I'd describe the claim that Vista's kernel protection can only work if there are zero bugs in the kernel and all drivers. A comment like that betrays a tremendous lack of understanding of OS fundamentals. Just having "any" bug in the kernel code or some random driver does NOT translate into "now you can get into the kernel." ]]> http://www.dslreports.com/forum/remark,17145252 Tue, 24 Oct 2006 08:19:05 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17145181 Mele20 : Why is that article "old news"? It is so new that I haven't received it yet in OE.

I think the main point of the article is a comment that is pathetic and laughable...I almost fell off my chair as I couldn't stop laughing...then I felt like crying that we have let it come to this. We are all to blame for allowing Republicans who have no morals (neither do Democrats ...but they are more honest about it) to run our country and make kissy-poo with Microsoft in the antitrust case. Now we reap what we have sown. And we watch in envy as the Europeans take on the leadership role that used to be ours.

"In my June 6 article in the paid version of the newsletter, I talked about how Windows can be hacked via buggy drivers. All of that still applies to Vista. Sure, Vista will be better. I'm hoping for fewer bugs. The problem is, it has to be perfect and have zero bugs in order for this model to really work.

That means zero bugs in all the Vista kernel code, zero bugs in all the drivers that Microsoft supplies, and zero bugs in any third-party drivers that you happen to install. If a single one of those pieces has a bug, then the bad guys can get into the kernel.

Microsoft has, of course, implemented several checks and balances in hopes of preventing the rootkits from moving in. But the rootkits will simply disable the checks. It will be the same game of patch-and-exploit that we've been playing for years now."
»windowssecrets.com/comp/061023/#story1

ZERO BUGS from Microsoft? Ohhhhh...muooohahahaha :uhh: :o :p
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"

»www.ie7.com/]]> http://www.dslreports.com/forum/remark,17145181 Tue, 24 Oct 2006 08:02:06 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17145136 Name Game :
said by ilago :

This article contains some interesting comments on this issue.

»windowssecrets.com/comp/061023/#story1

I don't think many of the points made in this article have actually been looked at in depth in this thread.

Edit - left out a word :(

That is old news in anycase..and still no reason to open up the kernel futher to ANY thrid party..muchless AV vendors.

»Vista RC2 v pagefile attack + Patch Guard thoughts

And if you understood all the events that would have to be in place on the user end for Joanna's "rootkit" caution to even have taken place, it would be evident in her presentation at Hack-in-the-box you don't just get infected clicking on links. Also these "tests" are still being done on release candidates of Vista and from the get go, many "opening" that still exist in those RC's were never intended to part of the Final release..but rather for testing purposes only.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17145136 Tue, 24 Oct 2006 07:47:49 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17144922 ilago : This article contains some interesting comments on this issue.

»windowssecrets.com/comp/061023/#story1

I don't think many of the points made in this article have actually been looked at in depth in this thread.

Edit - left out a word :(]]> http://www.dslreports.com/forum/remark,17144922 Tue, 24 Oct 2006 05:56:30 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17144398 Kiwi : Now, finally we some great points advocated, and reasonable arguments.

Still, the bottom line for the realistic "Few" will be how will MS really deal with kernel hooks? ActiveX IS an integral part of the MS OS and many players INSIST on using Java [Which was fun for awhile, a short while, but hack City in the long run] and even here we STILL, have to use these on this forum, though it's NOT even MS based!...And we still think-tank security?

Why not question the over all picture! Consider if this site works off MS, don't think so at all. Apache. Why are 'Plug-Ins' used that are known compromising factors, such as Scripting, Java and ActiveX in order to actuate a thumb or run a speed test? This might resemble a basic question, for this site and I for one would like an answer?

It's about to get dirty.

Cheers]]> http://www.dslreports.com/forum/remark,17144398 Tue, 24 Oct 2006 01:38:35 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17139952 garywk :
said by Steve :

said by garywk :

Ask yourself how many millions, or billions, of dollars have been spent cleaning up messes created by malicious ActiveX malware and how much it would cost to eliminate ActiveX from websites. The balance clearly is in favor of eliminating ActiveX.
Ask yourself how many millions, or billions, of dollars have been spent cleaning up messes created by malicious .EXE malware and how much it would cost to reliminate .EXEs from website. The balance clearly is in favor of eliminating .EXEs

I consider that to be pretty much a straw man. Tell me how many .exe's are used in web content and activated by simply entering a web site and viewing a web page.
--
“We will bankrupt ourselves in the vain search for absolute security.”

Dwight David Eisenhower]]> http://www.dslreports.com/forum/remark,17139952 Mon, 23 Oct 2006 13:53:48 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17139839 dave :
said by garywk :

The balance clearly is in favor of eliminating ActiveX.
Sure, but on the company's schedule, not Microsoft's schedule.]]> http://www.dslreports.com/forum/remark,17139839 Mon, 23 Oct 2006 13:32:08 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17139832 Steve :
said by garywk :

Ask yourself how many millions, or billions, of dollars have been spent cleaning up messes created by malicious ActiveX malware and how much it would cost to eliminate ActiveX from websites. The balance clearly is in favor of eliminating ActiveX.
Ask yourself how many millions, or billions, of dollars have been spent cleaning up messes created by malicious .EXE malware and how much it would cost to reliminate .EXEs from website. The balance clearly is in favor of eliminating .EXEs
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site]]> http://www.dslreports.com/forum/remark,17139832 Mon, 23 Oct 2006 13:31:00 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17139801 garywk :
said by dave :

1) As far as I'm aware, ActiveX is not a security problem for web sites that use ActiveX.

The demand for web sites to stop using ActiveX must come from customers of those web sites (or from forward-thinking web site owners). Meanwhile, Microsoft has to support ActiveX in browsers, since the alternative of "Microsoft web browsers do not support the facilities of Microsoft web servers" is not one that can be defended in the marketplace.

The gist of what I'm saying is that server customers want to own the timetable for strategic withdrawal from ActiveX, not have Microsoft own it.

2) As far as I'm aware, ActiveX does not have any serious security problems when used inside a suitable security perimeter.

When I'm sitting at work and I browse over to some company-internal web site, I don't worry that it's going to use ActiveX to attack me.

Sure, maybe someone needs to rework the web site, but we've got better things to spend development dollars on.

The gist of what I'm saying is that web site developers want to own the timetable for strategic withdrawal from ActiveX, not have Microsoft own it.

You're missing the point. Any corporation that has employees has a corporate lan with users. Those users, in most cases, have access to the internet. ActiveX is a favorite tool for compromising MS computers through IE. Thus it is a security problem for the corporation. A compromised computer in a corporate lan can do a whole lot of damage and it can cost a lot of money to both clean up the mess the compromised computer an create and to keep security up to date.

Thus, getting rid of ActiveX can help to reduce overall corporate spending in regards to their networks. That's an ongoing reduction in spending, not a one time expense associated with moving from ActiveX to a different technology. Thus the overall payback for reduced security spending will be a plus for many corporations.

Ask yourself how many millions, or billions, of dollars have been spent cleaning up messes created by malicious ActiveX malware and how much it would cost to eliminate ActiveX from websites. The balance clearly is in favor of eliminating ActiveX.
--
“We will bankrupt ourselves in the vain search for absolute security.”

Dwight David Eisenhower]]> http://www.dslreports.com/forum/remark,17139801 Mon, 23 Oct 2006 13:26:10 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17139266 astirusty :
said by dave :

1) As far as I'm aware, ActiveX is not a security problem for web sites that use ActiveX.
That is great, but I am not really concerned with their security, unless it is my financial institutional. ;) :D]]> http://www.dslreports.com/forum/remark,17139266 Mon, 23 Oct 2006 11:56:14 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17139233 Martinus :
said by AB :

And one thing you can say for ActiveX-- it works great, just like it's supposed to.

You got that right.

The problem with ActiveX is that it's not suited to be run in the wild. ActiveX is a powerful set of tools and when run in a trusted environment - corporate intranets, for instance - you can run a lot of disparate applications just using your browser - your MS browser, that is - as a host.

We use some MS Office 2003 Web Components at our company's intranet and they just work, like you said.
--
El que la hace la paga]]> http://www.dslreports.com/forum/remark,17139233 Mon, 23 Oct 2006 11:48:50 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17139220 dave : 1) As far as I'm aware, ActiveX is not a security problem for web sites that use ActiveX.

The demand for web sites to stop using ActiveX must come from customers of those web sites (or from forward-thinking web site owners). Meanwhile, Microsoft has to support ActiveX in browsers, since the alternative of "Microsoft web browsers do not support the facilities of Microsoft web servers" is not one that can be defended in the marketplace.

The gist of what I'm saying is that server customers want to own the timetable for strategic withdrawal from ActiveX, not have Microsoft own it.

2) As far as I'm aware, ActiveX does not have any serious security problems when used inside a suitable security perimeter.

When I'm sitting at work and I browse over to some company-internal web site, I don't worry that it's going to use ActiveX to attack me.

Sure, maybe someone needs to rework the web site, but we've got better things to spend development dollars on.

The gist of what I'm saying is that web site developers want to own the timetable for strategic withdrawal from ActiveX, not have Microsoft own it.]]> http://www.dslreports.com/forum/remark,17139220 Mon, 23 Oct 2006 11:45:39 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17139175 garywk :
said by dave :

said by SpannerITWks :

But MS stubbornly and consistantly refuse to do it.
Quite possibly because doing that would screw over their server customers big time, and maybe trigger the mass migration that you're suggesting will happen anyway.

Rule 1 of staying alive in the software business is that you don't tell all your big customers to build their applications (in this case, web sites) using some proprietary technology, and then two versions later say "never mind, our web browser doesn't support that any more".

So, dave, are you suggesting that corporations would rather spend a ton of money and manpower for security on an ongoing basis rather than spend some money and manpower on a one-time basis to improve the overall security of their networks on a permanent basis? That seems to be the gist of what you're saying....
--
“We will bankrupt ourselves in the vain search for absolute security.”

Dwight David Eisenhower]]> http://www.dslreports.com/forum/remark,17139175 Mon, 23 Oct 2006 11:36:20 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17139014 AB :
said by dave :

You can spin it how you like, but one of the (perceived) advantages of buying your business-critical computing needs from the big, established company is that the company will be around next week and that the code you write today will still work next week.
I hear that, Dave. Point taken.
It doesn't matter much whether or not Microsoft admits they've made a lemon once you've got your lemon-based web application running; you need the citrus to stay around until YOU feel like rewriting, not when your vendor decides to get out of the fruit business.

(I don't think ActiveX is 'a lemon' - I think it's merely unsuitable for a world where one connects to unknown web sites. Which is why I have ActiveX disabled at home.)
Again, just a thought on my part.
Though your comments here would seem to bear out that it has some merit.
I'm certain Microsoft never concieved initially how this technology would ultimately be used to aggressively attack their OS. And one thing you can say for ActiveX-- it works great, just like it's supposed to.]]> http://www.dslreports.com/forum/remark,17139014 Mon, 23 Oct 2006 11:11:31 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17139010 Blackbird :
said by dave :

... I bet it wasn't Manville's customers who sued Manville to stop Manville selling asbestos to them.
Well... some of them did: School-systems and local governments who were forced to pay for haz-mat asbestos removal during building remodeling... and some builders who had to eat similar costs for asbestos shingles. And there were others...

It all really got in motion when the government stepped into the asbestos debate. And one watches with interest to see if the EU (a government) will eventually step into the computer security debate - specifically with regard to Microsoft. They've thus far shown every inclination to step into every other software debate (real or imagined) regarding Microsoft.
--
If God wanted us to work with electrons, He'd make them big enough to see...]]> http://www.dslreports.com/forum/remark,17139010 Mon, 23 Oct 2006 11:10:49 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17138958 dave :
said by Blackbird :

Maybe Rule 1 will keep you alive, and maybe it won't.
'Necessary but not sufficient'.

Apropos asbestos: I bet it wasn't Manville's customers who sued Manville to stop Manville selling asbestos to them.]]> http://www.dslreports.com/forum/remark,17138958 Mon, 23 Oct 2006 11:01:41 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17138946 dave : You can spin it how you like, but one of the (perceived) advantages of buying your business-critical computing needs from the big, established company is that the company will be around next week and that the code you write today will still work next week.

It doesn't matter much whether or not Microsoft admits they've made a lemon once you've got your lemon-based web application running; you need the citrus to stay around until YOU feel like rewriting, not when your vendor decides to get out of the fruit business.

(I don't think ActiveX is 'a lemon' - I think it's merely unsuitable for a world where one connects to unknown web sites. Which is why I have ActiveX disabled at home.)
]]> http://www.dslreports.com/forum/remark,17138946 Mon, 23 Oct 2006 11:00:10 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17138929 Blackbird :
said by dave :

... Rule 1 of staying alive in the software business is that you don't tell all your big customers to build their applications (in this case, web sites) using some proprietary technology, and then two versions later say "never mind, our web browser doesn't support that any more".
Hmm. Maybe Rule 1 will keep you alive, and maybe it won't. Maybe a company's use of something similar to Rule 1 was why it took government regulation and class-action lawsuits to ensure the end of asbestos mining, marketing and manufacturing by Manville... on its own, the company just couldn't tell its big customers, "never mind, our thermal-insulation products are hazardous and we don't support them anymore..."

And, yes, analogies can be dangerous :huh: ... but they're so irresistable :D
--
If God wanted us to work with electrons, He'd make them big enough to see...]]> http://www.dslreports.com/forum/remark,17138929 Mon, 23 Oct 2006 10:56:58 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17138909 AB :
said by dave :

. . Rule 1 of staying alive in the software business is that you don't tell all your big customers to build their applications (in this case, web sites) using some proprietary technology, and then two versions later say "never mind, our web browser doesn't support that any more".
Because that might suggest that your 'proprietary technology' isn't the end-all, be-all that you initially touted it for, possibly?
And that 'Houston, we have a problem here', which of course
would be unthinkable, as your proprietary technology is the end-all, be-all, and therefore incapable of having a problem, Houston.
Not to mention you may actually have to admit that you made a mistake-- again, unthinkable given the way you touted this proprietary technology.
That is, if you were a large corporation that specialized in proprietary technology, looking to not only stay alive in the software business, but to maintain the overwhelming, monopoly-style grip that you currently possess on it.
Just a thought. ;)

*Edit- sp]]> http://www.dslreports.com/forum/remark,17138909 Mon, 23 Oct 2006 10:53:06 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17138465 dave :
said by SpannerITWks :

But MS stubbornly and consistantly refuse to do it.
Quite possibly because doing that would screw over their server customers big time, and maybe trigger the mass migration that you're suggesting will happen anyway.

Rule 1 of staying alive in the software business is that you don't tell all your big customers to build their applications (in this case, web sites) using some proprietary technology, and then two versions later say "never mind, our web browser doesn't support that any more".]]> http://www.dslreports.com/forum/remark,17138465 Mon, 23 Oct 2006 09:05:37 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17137188 SpannerITWks : Banishing both ActiveX + JavaScript forever to history, would make an Enormous difference in safer surfing etc for Most people out there. But MS stubbornly and consistantly refuse to do it. I think it suits their and others " plans " etc to be able to have almost free reign of peoples PC's.

So it looks like they are here to stay ! if you stick with MS. But those Alternative OS's are appearing more and more attractive to more people, for even More reasons than before.

Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks]]> http://www.dslreports.com/forum/remark,17137188 Sun, 22 Oct 2006 23:44:36 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17136111 Name Game : I too still like my win98SE laptop..it is accident proof.. flies around the net and does not mind power outages..have not used a battery with it for ages..and it has gone through a few mice since 2001.

drunk mouse syndrome: n.
(also mouse on drugs) A malady exhibited by the mouse pointing device of some computers. The typical symptom is for the mouse cursor on the screen to move in random directions and not in sync with the motion of the actual mouse. Can usually be corrected by unplugging the mouse and plugging it back again. Another recommended fix for optical mice is to rotate your mouse pad 90 degrees.

At Xerox PARC in the 1970s, most people kept a can of copier cleaner (isopropyl alcohol) at their desks. When the steel ball on the mouse had picked up enough cruft to be unreliable, the mouse was doused in cleaner, which restored it for a while. However, this operation left a fine residue that accelerated the accumulation of cruft, so the dousings became more and more frequent. Finally, the mouse was declared ‘alcoholic’ and sent to the clinic to be dried out in a CFC ultrasonic bath.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17136111 Sun, 22 Oct 2006 20:49:59 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17135133 Mele20 : Windows 98SE runs on my older Dell with IE5.5 and no patches in the last two years and no problems. That computer only had Windows reinstalled once when it was one and one-half years old so the install is now six years ago and still running fine. We had a power outage last night (another drunk driver hitting the pole on the street ....third time this month and 5 hours of outage. The only thing I notice with this old computer is difficulty when booting after a power outage and I haven't booted it yet today. Just went through a power outage of three hours a couple of days ago and Windows wouldn't fully load when I booted it and it was a hassle to get it booted. I just wish the police would crack down on the drunk drivers as they hit a pole and knock out power to three large condos and a bunch of residences for hours).

(I believe you stated earlier that you thought I only had one computer? I have two networked and the one really superior thing I see with SP2 vs SP1 is that SP2 networked instantly with the 98SE box. It was impossible to get the SP1 box, when I had it, to network with 98SE and that was not just me bumbling about...I eventually had the Dell field tech spend two hours trying to network them. It was very easy for me to get the 98SE box to see the XP SP1 but getting the XP one to see the 98SE one proved impossible. He finally gave up in frustration. Then I got the SP2 computer in February and had them networked in a couple of minutes).
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"

»www.ie7.com/]]> http://www.dslreports.com/forum/remark,17135133 Sun, 22 Oct 2006 17:58:57 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17135019 dave :
said by Martinus :

Well, at least you are consistent.

said by Mele20 :

I agree that 98SE is a better OS than 2000/XP...

... 98SE is superior.
»Re: [W9x] End of support for Windows 98 and Windows Me

I believe the argument that 'Win98 is superior to Win2000' is a variation on Anselm's ontological argument. It's clear that an OS that is not running can have no exploitable bugs. Therefore, an OS that is not running is superior to an OS that is running. Ipso facto, Win98 is superior to Win2000.]]> http://www.dslreports.com/forum/remark,17135019 Sun, 22 Oct 2006 17:38:31 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17133138 astirusty :
said by garywk :

They are not hooked into the system with Firefox like ActiveX is through IE so that a malicious site has far more problems trying to compromise my computer.
BTW, my suggestion for getting rid of ActiveX was based on how it is used in IE. That wasn't plainly stated but it was my thought when I "said" it.

I agree dump ActiveX. I have yet to see a need for ActiveX. Of course having ActiveX disabled may have something to do with it. ;) You don't miss something if you never experienced it. :p]]> http://www.dslreports.com/forum/remark,17133138 Sun, 22 Oct 2006 11:10:32 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17132374 Martinus : Well, at least you are consistent.

said by Mele20 :

I agree that 98SE is a better OS than 2000/XP...

... 98SE is superior.

»Re: [W9x] End of support for Windows 98 and Windows Me
--
El que la hace la paga]]> http://www.dslreports.com/forum/remark,17132374 Sun, 22 Oct 2006 04:48:53 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17132270 Mele20 :
said by Steve :

SP2 didn't break anything: SP2 prevented insecure, already-broken applications from running.
Steve

So breaking my ability to use my Visioneer scanner on SP2 means that the scanner was already broken? I'm afraid don't quite understand. It worked fine on SP1. Since I got this new computer that came with SP2, I have a broken scanner that I can't use. Same thing with some HP printer software that worked on SP1 but won't on SP2. To me that means that Microsoft broke my hardware with their worthless upgrade. I would far prefer my hardware to work than some worthless, irritating service pack that I didn't need. I still run SP1 on my virtual machine and I go to risky places on that machine. It doesn't even have most of the security patches and I have NEVER been infected with any malware on that machine. Much of the time I did not run a resident AV on it either and it doesn't even have ProcessGuard.

I think most of the hype about security is hot air. Very interesting stuff though and I want to continue to practice safe computing so I continue my education by reading this forum. If you practice safe computing, 50% of the patches and SP2 are not needed. The advice Dell supervisors in the Small Business Resolution Expert Center gave me was that I knew so much about computers that they felt I should put SP1 on the new computer as it was superior to SP2 for any knowledgeable user. I didn't use a real time AV for two years recently and no software firewall in many years. ProcessGuard was the only real time defense. BitDefender command line scanning, Spyware Blaster, and Spybot were there for on demand checking only, and a router and that was it. This was when I had SP1 on my main machine. So, you cannot convince me that SP2 is anything other than hot air from Microsoft designed to lull the ignorant into thinking that they can now successfully refuse to learn anything about the complex machine they now own. Vista will just be more of the same. If Microsoft was to ever act responsibly about security it would not put out SP2 and Vista rather it would sponsor mandatory classes on security and computer use for anyone wishing to buy a computer.

I resent SP2 because it broke my hardware and Vista...well it is just a big joke because that hyped up security is not needed if you educate yourself about how to properly and safely use a computer.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"

»www.ie7.com/]]> http://www.dslreports.com/forum/remark,17132270 Sun, 22 Oct 2006 03:27:42 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17132086 garywk :
said by Steve :

said by garywk :

Hmmmm.... I have Flash, Acrobat, and Google plugins in Firefox and I have no ActiveX whatsoever as I'm running Linux.
And "browser plugins" are different from "ActiveX" in what way?

They are not hooked into the system with Firefox like ActiveX is through IE so that a malicious site has far more problems trying to compromise my computer.

Steve, it's funny how you zone in on my suggestion for ActiveX and ignore my suggestions for divorcing read and execute permissions in NTFS and eliminating IE's hooks into the system. BTW, my suggestion for getting rid of ActiveX was based on how it is used in IE. That wasn't plainly stated but it was my thought when I "said" it. Even sandboxing ActiveX, as was also suggested by someone else, is a very good idea. The combination of all three suggestions would do a lot toward reducing the effectiveness of malware inside Windows. You know it and I know it. These three ideas, if implemented, would have a far greater effect than SP2 ever had.

These ideas, if implemented, would slow down virus and worm infections to a crawl. No more automatic execution of malware executables. Users would have to manually change their permissions to get them to run. The days of a rapidly spreading virus or worm would be gone. No more ability for malicious sites to get hooks deep into the system through ActiveX and IE.

As these are the main ways most malware infections happen there would be a dramatic, real-world, difference seen in Windows security. It really would be a "huge win" for Windows security. The incentive for writing malware would decrease greatly as there is no way it could spread as quickly as it does now.

Would there still be some people who would give the malicious code a chance to run? Yeah, but most people who aren't competent on their computers would at least have to follow written instructions and that would give them much more time to think about they're doing. It would take a fair amount of social engineering to get people to take extra steps rather than just an absent-minded click on an executable, just previewing an email, or a browser hit on malicious site.
--
“We will bankrupt ourselves in the vain search for absolute security.”

Dwight David Eisenhower]]> http://www.dslreports.com/forum/remark,17132086 Sun, 22 Oct 2006 01:59:53 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17131921 Steve :
said by garywk :

Hmmmm.... I have Flash, Acrobat, and Google plugins in Firefox and I have no ActiveX whatsoever as I'm running Linux.
And "browser plugins" are different from "ActiveX" in what way?
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site]]> http://www.dslreports.com/forum/remark,17131921 Sun, 22 Oct 2006 00:52:22 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17131756 AB :
said by Kiwi :

. . I reviewed all of this thread and found too many personal 'Digs'.
You're right.
Although some of them may not have been without foundation, I suspect.
Gone now, at any rate. And the thread back on track, for the most part. ;)]]> http://www.dslreports.com/forum/remark,17131756 Sun, 22 Oct 2006 00:10:23 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17131725 Kiwi :
said by dave :

said by Kiwi :

said by dave :

Uh, what is an "interracial component feature" ?

A play on words if you don't get it...FINE! I'm not getting dragged into the BS.

You used a term I don't understand in the context in which it was used; I asked what you meant. I still have no idea what you meant, and now I have no idea what you're talking about when you say "dragged into the BS".

I'm not getting into the general argument thing, that seemed to have become personal on several posts, I had always believed that such a thing was contra indicated from the FAQ....That's what I meant by the BS comment, not directed @ you, but I won't get pulled into it....The BS, thing, ok. I reviewed all of this thread and found too many personal 'Digs'.

ActiveX is an inherent component of MS, although most people would like to see it gone, it won't, ever happen.

If anything I would like "Wish that BBR/DSLR would NOT expect scripting for thumbs, would not rely on activeX or Java....But that's another story, for security expectations.]]> http://www.dslreports.com/forum/remark,17131725 Sun, 22 Oct 2006 00:01:07 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17131083 dave : (Dup, sorry)]]> http://www.dslreports.com/forum/remark,17131083 Sat, 21 Oct 2006 21:50:28 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17131070 dave :
said by Kiwi :

said by dave :

Uh, what is an "interracial component feature" ?

A play on words if you don't get it...FINE! I'm not getting dragged into the BS.

You used a term I don't understand in the context in which it was used; I asked what you meant. I still have no idea what you meant, and now I have no idea what you're talking about when you say "dragged into the BS".]]> http://www.dslreports.com/forum/remark,17131070 Sat, 21 Oct 2006 21:48:15 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17130273 Kiwi :
said by dave :

Uh, what is an "interracial component feature" ?

A play on words if you don't get it...FINE! I'm not getting dragged into the BS.]]> http://www.dslreports.com/forum/remark,17130273 Sat, 21 Oct 2006 18:37:23 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17129834 Blackbird :
said by Steve :

... ActiveX is in the same category as "executable program", and it's simply not reasonable to suggest that it be removed from IE. ...
Yep... and there you have it. The question in my mind has long been why ActiveX executables were not made 100% sand-boxed by design in Windows instead of being treated in all too many cases like ordinary executables (with all the potential for system damage if they turn out to be rogue)? To me, MS's ActiveX security focus has seemed to be more on "authentication" than on "containment" or water-tight compartmenting. And I would think that's all a consequence of how the whole ActiveX implementation was designed and integrated into Windows via IE. I do know that for the many "private" users who employ Firefox and Opera almost exclusively, the Internet Highway gets traveled just fine without ActiveX aboard... though perhaps they don't typify the web-centric corporate world you describe.
--
If God wanted us to work with electrons, He'd make them big enough to see...]]> http://www.dslreports.com/forum/remark,17129834 Sat, 21 Oct 2006 16:42:20 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17129785 Grail Knight : I think he meant "integral component feature".

Edit* Corrected component spelling.]]> http://www.dslreports.com/forum/remark,17129785 Sat, 21 Oct 2006 16:31:10 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17129743 dave : Uh, what is an "interracial component feature" ?]]> http://www.dslreports.com/forum/remark,17129743 Sat, 21 Oct 2006 16:20:11 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17129698 garywk :
quote:
And for lots of people, losing Flash, Acrobat, or Google plugins would be a loss of useful functionality.

Hmmmm.... I have Flash, Acrobat, and Google plugins in Firefox and I have no ActiveX whatsoever as I'm running Linux. I didn't even have ActiveX in Firefox when running Windows and it still worked just fine. Most of the sites that used to not work on Firefox work now as developers are moving more to standards based development models.

MS could move away from ActiveX if they really wanted to. They could announce they are phasing it out and give the developers time to change things over on the web sites that use it, but they won't. Overall security isn't that big of deal to them. They would rather keep something that negatively affects overall system security than make the change. They would rather use DRM in the name of security to screw over their users than make some simple, fundamental design changes that would make much of the malware that now works on Windows machines far less able to spread and cause damage.

I have a hard time believing that if MS announced that are embarking on a revamp of their system to improve security and listed such changes as my suggestion that the entire world would go bonkers on them because they are actually making changes that would markedly improve overall OS security. Legit developers would quickly find another way of doing things and a ton of existing malware would no longer work. Or, are you telling me that MS-centric developers are so locked into one technology that they couldn't find another way to do things?
--
“We will bankrupt ourselves in the vain search for absolute security.”

Dwight David Eisenhower]]> http://www.dslreports.com/forum/remark,17129698 Sat, 21 Oct 2006 16:08:04 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17129616 psloss :
said by garywk :

I guess we just have much different ideas as to what a "huge win" means. To me it means a very marked increase in system security. You know, like removing IE's hooks into the system and creating a means of keeping executables from running just because they are executables, along with getting rid of ActiveX.
Leaving the "huge" part off, SP2 had a major impact -- it largely eliminated XP systems with the patch from being "backdoored." No more Blaster or Sasser on XP SP2 and up. While it's not impossible to backdoor consumer broadband systems, it's been effective enough as a deterrent for organized crime to go elsewhere.

"Win" or not, SP2 forced the bad guys to use different tactics. Vista will, too -- win or not.
--
Feedback? e-mail: stuff@lupwa.org ]]> http://www.dslreports.com/forum/remark,17129616 Sat, 21 Oct 2006 15:46:10 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17129551 Kiwi :
said by garywk :

"... along with getting rid of ActiveX."

Most disable the component feature in the IE browser, but one has to realize the MS OS activeX is an interracial component feature and won't go away at all :(]]> http://www.dslreports.com/forum/remark,17129551 Sat, 21 Oct 2006 15:31:46 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17129550 Steve :
said by garywk :

along with getting rid of ActiveX.
Ah, so that's the story: you want to cripple Windows as an application platform.

Many people like to whine about ActiveX, but it's indispensible to a large part of the user base. There would be uproar in the corporate world - huge numbers of web-centric applications would be positively crippled. And for lots of people, losing Flash, Acrobat, or Google plugins would be a loss of useful functionality.

ActiveX is in the same category as "executable program", and it's simply not reasonable to suggest that it be removed from IE.

Is that what you had in mind?

Also, one smart-ass comment. If SP2 stopped insecure software from running why didn't it break IE and OE? ;)
I like it :-)
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site]]> http://www.dslreports.com/forum/remark,17129550 Sat, 21 Oct 2006 15:31:45 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17129431 garywk :
said by Steve :

said by garywk :

Mind telling me why the number of security advisories for XP, Home and Professional, are at higher levels in 2004, 2005, and 2006 than they were in 2003?
Because the tools and skills for finding exploits are improving faster than Microsoft can fix the software - there's a huge world of people out there trying to find these things.
I just see a service pack that broke a ton of stuff
SP2 didn't break anything: SP2 prevented insecure, already-broken applications from running.

If you think SP2 was not a huge win for security, then I guess we're done talking about it.

Edit - Analysis of XP Service Pack 2; read for yourself on the security improvements

Steve

I guess we just have much different ideas as to what a "huge win" means. To me it means a very marked increase in system security. You know, like removing IE's hooks into the system and creating a means of keeping executables from running just because they are executables, along with getting rid of ActiveX.

Those moves alone would be a "huge win" for MS OS security. They would stop the vast majority of worms from running rampant and greatly reduce the damage malicious sites can do to a system.

Also, one smart-ass comment. If SP2 stopped insecure software from running why didn't it break IE and OE? ;)
--
“We will bankrupt ourselves in the vain search for absolute security.”

Dwight David Eisenhower]]> http://www.dslreports.com/forum/remark,17129431 Sat, 21 Oct 2006 15:01:43 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17129163 dave : I suspect that:

a) Security vendors have done nothing for Windows XP on x64 because they haven't yet seen it as a big market. And they haven't seen fit to say in public "hey, our product does not work on 64 bit!".

b) Security vendors have done nothing for Windows Server 2003 because (I guess) server operators don't subscribe to the arse-in-every-seat approach, and thus a pop-up saying "mumblefrotz.exe wants to create a process! ok? [yes/no]" isn't the right approach.

OK, I'm a little biased, as you can tell by the wording. But it's difficult to be specific about what harm Patch Guard actually does to vendors, and that's because the vendors are woefully vague about what their products actually do. A quick glance at the Symantec web site (as an example) doesn't really offer any information about what their products actually do on any technical level. No statements like "we intercept all system service calls", for example.

Will it put anyone out of business? I suspect it shouldn't, but then again, it might. If you're spending all your development budget on 'complaining to Microsoft' and not on 'working out an implementation that does not involve undocumented interfaces', you could die. (Whoops, my bias is showing again).

I believe that most security functions, such as real time anti-virus scanning, can be implemented using documented interfaces (the technique is generally known as 'filter drivers'). The only thing I can guess might need hot-patching of data structures is stuff like intercepting all calls to, say, NtCreateProcess, so you can control what gets to execute process creation calls.

I'm not overwhelmed by the few implementations of that idea that I've seen, so I place little penalty on vendors being denied the ability to do so (since it also denies the ability to hide processes, by the same mechanism).

I may change my mind when the security vendors release technically-detailed descriptions of what they will no longer be able to do when Vista comes out :-)]]> http://www.dslreports.com/forum/remark,17129163 Sat, 21 Oct 2006 13:50:59 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17129052 INHCNN :
said by dave :

The same as they've been doing for Windows XP on 64-bit and for Windows 2003 on 64-bit, presumably.

It's not like this is anything new... ;-)

So assuming the 64 bit systems have not been a massive failure, what is the real basis for the vendor's gripe? What have been the "in production" problems with existing kernel protection, other than software vendor's failure to comply?

I'm highly tempted to draw an analogy here with the "spam problem". I think that "spam" could be solved, but the marketing industry has WAY too much money on the line (and thus politicians and industry decisions makers in their pocket) and a whole sub industry which was created because of spam now depends on it... for there to be a concerted effort to fix the root of the problem rather than going further and further down the rabbit hole of controlling spam. IMO

Similarly, could it be that if MS implements a serious change to security that proves marked improvement, they could put some people out of business? I guess I'd understand the AV vendors concerns about staying alive, but a decision to prevent problems should supercede a decision to monitor them.

Again... I'm seeking to understand. Guide as needed ;)

FWIW Dave - I went and had my sarcasim sensor system adjusted. Luckily my PPO covered it :)
--
"Pressure makes diamonds."
--General George S. Patton]]> http://www.dslreports.com/forum/remark,17129052 Sat, 21 Oct 2006 13:23:09 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17128852 Longboard :
said by AB :

said by Name Game :

said by Longboard :

some vendors seem to think we might be in for moreof the same.
See here from a thread that was about testing a browser exploit.
»www.wilderssecurity.com/showpost···count=62

Thought that was an IE6 and now IE7 thingie..what does that have to do with Vista or the Kernel ? :D
I think the fact that Microsoft inregrates their browser into the OS makes it relevant, personally.

Nothing specifically, as quoted above, has some implications and I do love seeing him in print :)]]> http://www.dslreports.com/forum/remark,17128852 Sat, 21 Oct 2006 12:33:02 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17128782 AB :
said by Name Game :

said by Longboard :

some vendors seem to think we might be in for moreof the same.
See here from a thread that was about testing a browser exploit.
»www.wilderssecurity.com/showpost···count=62

Thought that was an IE6 and now IE7 thingie..what does that have to do with Vista or the Kernel ? :D
I think the fact that Microsoft inregrates their browser into the OS makes it relevant, personally.]]> http://www.dslreports.com/forum/remark,17128782 Sat, 21 Oct 2006 12:17:04 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17128770 Name Game :
said by Longboard :

some vendors seem to think we might be in for moreof the same.
See here from a thread that was about testing a browser exploit.
»www.wilderssecurity.com/showpost···count=62

Thought that was an IE6 and now IE7 thingie..what does that have to do with Vista or the Kernel ? :D
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17128770 Sat, 21 Oct 2006 12:13:22 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17128769 dave :
said by INHCNN :

IWhat will the security vendors do in the interim?
The same as they've been doing for Windows XP on 64-bit and for Windows 2003 on 64-bit, presumably.

»www.microsoft.com/whdc/driver/ke···FAQ.mspx

It's not like this is anything new... ;-)]]> http://www.dslreports.com/forum/remark,17128769 Sat, 21 Oct 2006 12:12:48 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17128754 Steve :
said by garywk :

Mind telling me why the number of security advisories for XP, Home and Professional, are at higher levels in 2004, 2005, and 2006 than they were in 2003?
Because the tools and skills for finding exploits are improving faster than Microsoft can fix the software - there's a huge world of people out there trying to find these things.
I just see a service pack that broke a ton of stuff
SP2 didn't break anything: SP2 prevented insecure, already-broken applications from running.

If you think SP2 was not a huge win for security, then I guess we're done talking about it.

Edit - Analysis of XP Service Pack 2; read for yourself on the security improvements

Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site]]> http://www.dslreports.com/forum/remark,17128754 Sat, 21 Oct 2006 12:10:03 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17128747 AB :
said by garywk :

Where was the win?
Well . . . it was free. They didn't charge for it.]]> http://www.dslreports.com/forum/remark,17128747 Sat, 21 Oct 2006 12:08:13 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17128711 garywk :
said by Steve :

said by garywk :

Thanks for making my point. We all avoid the vendors we don't trust for to do certain jobs very well. Now MS, basically overnight, says, "Oh, trust us we are now the makers of a very secure OS. We are going to take care of all your security needs" To which many people answer with, "Yeah, that's what you said before you released Win2k and XP. Problem is, the results never quite match the words. Why should we think this case is any different?"
Because their turnaround is marked not by words about Vista, but with action in XP/SP2. All serious security people consider SP2 to be an enormous win for security, and I don't know anybody who considered it fluff or unimportant. It was a watershed event.

They put off Vista (a revenue upgrade) so they could get out a security service pack (a nonrevenue upgrade), and that's known as "putting your money where your mouth is.

Steve

Mind telling me why the number of security advisories for XP, Home and Professional, are at higher levels in 2004, 2005, and 2006 than they were in 2003? If SP2 was a "huge win" why the increase in vulnerabilities starting in 2004? The number of XP vulnerabilies found in 2005 is more than double the number for 2003, and the numbers for both 2004 and 2006 are above 2003 levels. To me, a "huge win" for security means that a system would be found to have fewer vulnerabilities after the "huge win", not have those numbers go up by double digits percentage wise, and that the number of viruses, trojans, and just overall malware afflicting the OS would be less common and less effective, not more common and just as effective.

I guess I just don't see a "huge win" that translates into real life performance. I just see a service pack that broke a ton of stuff when it came out and within a rather short time after it's release it's "upgrades" were beginning to being exploited.

Where was the win?
--
“We will bankrupt ourselves in the vain search for absolute security.”

Dwight David Eisenhower]]> http://www.dslreports.com/forum/remark,17128711 Sat, 21 Oct 2006 12:00:18 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17128665 INHCNN : I'm trying to formulate my own opinion here, but I have some questions for the experts:

(A=assumption, Q=question)

A1.) Process Guard monitors the kernel and prevents modifications to it.
Q1.) Is Process Guard defeatable? I'm trying to draw an analogy in my head right now about how viruses are currently written to defeat AV and FW applications, and how Process Guard differs.

A2.) The kernel API's will provide read-only access to “kernel information”
Q2.) How does limiting access to the kernel API's to selected vendors, which provide read-only access to kernel information, enhance the security of the OS? What information could a virus collect from a read-only API which would lead to a security breach? How does this really handcuff the AV vendors?

A3.) The kernel API's will be released circa Vista SP1.
Q3.) That doesn't make sense. What will the security vendors do in the interim?

A4.) Windows OneCare will use the same API's that MS makes available to... whomever.
Q4.) I completely made that up, but this would seem just, no? If MS uses the same vectors that it provides to other vendors, and makes changes to those API's based on their own needs and keeps the vendors up to date as appropriate, then the playing field is level, isn't it?
--
"Pressure makes diamonds."
--General George S. Patton]]> http://www.dslreports.com/forum/remark,17128665 Sat, 21 Oct 2006 11:51:04 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17128449 Longboard : some vendors seem to think we might be in for moreof the same.
See here from a thread that was about testing a browser exploit.
»www.wilderssecurity.com/showpost···count=62]]> http://www.dslreports.com/forum/remark,17128449 Sat, 21 Oct 2006 10:56:17 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17128271 Steve :
said by garywk :

Thanks for making my point. We all avoid the vendors we don't trust for to do certain jobs very well. Now MS, basically overnight, says, "Oh, trust us we are now the makers of a very secure OS. We are going to take care of all your security needs" To which many people answer with, "Yeah, that's what you said before you released Win2k and XP. Problem is, the results never quite match the words. Why should we think this case is any different?"
Because their turnaround is marked not by words about Vista, but with action in XP/SP2. All serious security people consider SP2 to be an enormous win for security, and I don't know anybody who considered it fluff or unimportant. It was a watershed event.

They put off Vista (a revenue upgrade) so they could get out a security service pack (a nonrevenue upgrade), and that's known as "putting your money where your mouth is.

Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site]]> http://www.dslreports.com/forum/remark,17128271 Sat, 21 Oct 2006 10:13:04 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17127998 garywk :
quote:
I understand what your saying and with another vendors products this would be significant factor. However, were talking about MS here. They don't have to give a rats rear about trust or relationships, so long as MS maintains its market dominance or is the De facto standard.

Well, this does matter to me. As long as MS demonstrates that they don't care about trust or relationships then I'll just keep on staying away from their products, and keep on encouraging as many people as I can to do the same thing.

As far as I'm concerned everyone ought to make MS earn their market share through product quality, not advertising.
--
“We will bankrupt ourselves in the vain search for absolute security.”

Dwight David Eisenhower]]> http://www.dslreports.com/forum/remark,17127998 Sat, 21 Oct 2006 08:44:17 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17127264 astirusty :
said by garywk :

It takes time to repair relationships and build trust. MS has been building distrust now for a long time. It will take even longer to rebuild that trust than it did to destroy it. That's just human nature. MS has to prove they are trustworthy before people will begin to trust them because trust is earned, not given....
I understand what your saying and with another vendors products this would be significant factor. However, were talking about MS here. They don't have to give a rats rear about trust or relationships, so long as MS maintains its market dominance or is the De facto standard.

Customers (business and individuals) are going to use what ever lets them interact with the vast majority. Its a herd mentality and the herd will run right to the MS feeding troughs to lap-up Vista and all the new required Vista upgrades, when they are released.

Now, if you could get about 30% of the herd headed in another direction then the trust and relationship factors might actually matter. MS might even have to demonstrate a really secure OS to keep the remaining 65% of the market. Then again that 65% is likely to be made up of those clueless types that think only people visiting porn sites get hit with malware.]]> http://www.dslreports.com/forum/remark,17127264 Sat, 21 Oct 2006 00:58:56 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17127144 Grail Knight : Time will tell if MS is serious about security or lapses into their old ways.
--
In these matters the only certainty is that nothing is certain.]]> http://www.dslreports.com/forum/remark,17127144 Sat, 21 Oct 2006 00:27:50 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17127126 garywk :
said by astirusty :

said by garywk :

Why should anyone trust MS to suddenly have a reasonably secure product when they have history of decades of not producing such a product?
Man have you asked for it now! This is just as bad as telling an Apple fanatic Steve isn't god. ;)

LOL. Oh, well, I seem to need to scrape off the bottoms of my shoes quite often.... ;)
--
“We will bankrupt ourselves in the vain search for absolute security.”

Dwight David Eisenhower]]> http://www.dslreports.com/forum/remark,17127126 Sat, 21 Oct 2006 00:24:04 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17127104 garywk :
said by Grail Knight :

Any company can turn around. Consumers have given MS a lot of shit over the years about security. MS is fully capable of applying proper security to their OS. MS needs to stay the course for for a few years and build that trust back up. Not an impossible task and other companies have turned themselves around.

Having 3rd Party vendors supply security is a double edged sword also. My opinion of Norton and McAfee to name 2 well know vendors is very low and all I trust them to do is eith push their products in the interface or slow my computer down

Even the once great firewall vendor ZoneLabs has turned their software to a beta in progress with enough buggy releases the past two years to push me away and many others if just some of the posts at BBR are true.

There are of course many good 3rd Part vendors like KAV, Trend Micro, AVG to name a few.

Thanks for making my point. We all avoid the vendors we don't trust for to do certain jobs very well. Now MS, basically overnight, says, "Oh, trust us we are now the makers of a very secure OS. We are going to take care of all your security needs" To which many people answer with, "Yeah, that's what you said before you released Win2k and XP. Problem is, the results never quite match the words. Why should we think this case is any different?"

It takes time to repair relationships and build trust. MS has been building distrust now for a long time. It will take even longer to rebuild that trust than it did to destroy it. That's just human nature. MS has to prove they are trustworthy before people will begin to trust them because trust is earned, not given....
--
“We will bankrupt ourselves in the vain search for absolute security.”

Dwight David Eisenhower]]> http://www.dslreports.com/forum/remark,17127104 Sat, 21 Oct 2006 00:18:52 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17126477 Grail Knight : Sure he is in the eyes of his flock. ;)

After reading about the excitement new software brings to a user anything is possible.
--
In these matters the only certainty is that nothing is certain.]]> http://www.dslreports.com/forum/remark,17126477 Fri, 20 Oct 2006 22:12:42 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17126449 Grail Knight : Any company can turn around. Consumers have given MS a lot of shit over the years about security. MS is fully capable of applying proper security to their OS. MS needs to stay the course for for a few years and build that trust back up. Not an impossible task and other companies have turned themselves around.

Having 3rd Party vendors supply security is a double edged sword also. My opinion of Norton and McAfee to name 2 well know vendors is very low and all I trust them to do is eith push their products in the interface or slow my computer down

Even the once great firewall vendor ZoneLabs has turned their software to a beta in progress with enough buggy releases the past two years to push me away and many others if just some of the posts at BBR are true.

There are of course many good 3rd Part vendors like KAV, Trend Micro, AVG to name a few.
--
In these matters the only certainty is that nothing is certain.]]> http://www.dslreports.com/forum/remark,17126449 Fri, 20 Oct 2006 22:09:05 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17126322 astirusty :
said by garywk :

Why should anyone trust MS to suddenly have a reasonably secure product when they have history of decades of not producing such a product?
Man have you asked for it now! This is just as bad as telling an Apple fanatic Steve isn't god. ;)]]> http://www.dslreports.com/forum/remark,17126322 Fri, 20 Oct 2006 21:45:19 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17126238 garywk :
said by Grail Knight :

I think MS should have denied any company access to the kernel.

Most of these security companies live only by the good graces a security weak OS offered.

Now MS is tightening the reigns and those 3rd. Party Companies are seeing one possible future that does not include them and will do anything that allows them to remain viable.

The flip side of that is that many people will be quite uneasy trusting the complete security of their computer to MS. I know if I were to use Vista that's not something I would be comfortable with.

I would say that MS owes it to their user base to allow 3rd party security products the same level of access they allow their own products as MS has shown themselves incapable of creating a reasonably secure OS. Why should anyone trust MS to suddenly have a reasonably secure product when they have history of decades of not producing such a product?
--
“We will bankrupt ourselves in the vain search for absolute security.”

Dwight David Eisenhower]]> http://www.dslreports.com/forum/remark,17126238 Fri, 20 Oct 2006 21:29:36 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17126094 AB :
said by Grail Knight :

. . What are you worried about I see a flavor of Linux in your future. :D
Do I look worried to you? ;)

If only I could figure out how to use that mouse left-handed in Linux . . .]]> http://www.dslreports.com/forum/remark,17126094 Fri, 20 Oct 2006 21:04:25 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17126066 Grail Knight : Only time will tell if this becomes a major mistake.

What are you worried about I see a flavor of Linux in your future. :D
--
In these matters the only certainty is that nothing is certain.]]> http://www.dslreports.com/forum/remark,17126066 Fri, 20 Oct 2006 20:59:41 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17125967 astirusty :
said by AB :

And apparently a previously known vulnerability. Which might lead a person to wonder . . .
well, you fill in the blanks. :hmm:
No wonderment and the blanks have been repeatedly filled in. :o]]> http://www.dslreports.com/forum/remark,17125967 Fri, 20 Oct 2006 20:44:26 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17125922 AB :
said by Grail Knight :

I think MS should have denied any company access to the kernel.
Agreed.
Because general access to the kernel by the lieutenants of these private companies would be a major mistake, Cap'n!

Possibly requiring corporal punishment. :D]]> http://www.dslreports.com/forum/remark,17125922 Fri, 20 Oct 2006 20:37:03 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17125839 Grail Knight : I think MS should have denied any company access to the kernel.

Most of these security companies live only by the good graces a security weak OS offered.

Now MS is tightening the reigns and those 3rd. Party Companies are seeing one possible future that does not include them and will do anything that allows them to remain viable.
--
In these matters the only certainty is that nothing is certain.]]> http://www.dslreports.com/forum/remark,17125839 Fri, 20 Oct 2006 20:23:10 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17125786 AB :
said by Grail Knight :

. . The next 5 years could see a big move away from Windows IMO to Apple & Linux.
Actually, I'm expecting it to be a company that emerges from the shadows. Google is where a lot of speculation has been directed, but I think it's unlikely to be them, unless they partner-up with somebody over it. But remember, 20 years ago nobody had ever heard of Microsoft.

At any rate, to pull my own posts more back on topic--
It would appear Microsoft has pretty good reason to deny kernel access, as their very own, brand-spanking new, all safe-and-secure browser went less than 24 hours before a vulnerability was discovered. And apparently a previously known vulnerability. Which might lead a person to wonder . . .
well, you fill in the blanks. :hmm: ]]> http://www.dslreports.com/forum/remark,17125786 Fri, 20 Oct 2006 20:15:22 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17125783 Mele20 :
said by Steve :

said by Mele20 :

Microsoft was not forced to spend more time on security. They chose to do that and I think they should have spent the time on the new file system instead.
Then why do you spend your time in the Security forum?

To hang around with all us hot guys in suits?

LOL The answer is simple. Computer security is not boring. :D
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"

»www.ie7.com/]]> http://www.dslreports.com/forum/remark,17125783 Fri, 20 Oct 2006 20:14:55 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17125550 Grail Knight : Sorry for the late reply. Busy day.

Apple still supplies an OS which does make them a software company. If they had done things differently Windows would not be the major supplier. Anyone can make hardware, there are thousands of companies that do that. The OS is what brings it all together.

If any company has had the chance to exceed MS it was Apple. Only now is Apple making inroads by offering a dual capability machine that does not run half assed.

MS has a lot of hopes riding in Vista and thinks users are going to such right out and buy it. New computers w/ pre-installed Vista should do well but but consumers are getting smarter no matter what some users would like us to believe.

The next 5 years could see a big move away from Windows IMO to Apple & Linux.
--
In these matters the only certainty is that nothing is certain.]]> http://www.dslreports.com/forum/remark,17125550 Fri, 20 Oct 2006 19:34:51 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17123356 dave : OT: Apple is a hardware vendor, not an OS vendor. Apple competes with all the manufacturers of Wintel PCs, not solely with Microsoft. Even Apple's use of Intel CPUs hasn't changed that orientation.]]> http://www.dslreports.com/forum/remark,17123356 Fri, 20 Oct 2006 13:15:13 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17122596 Grail Knight : Market saturation only happened because another OS maker at the time (Apple) dropped the ball and allowed MS to become what they are today.

If you look at it at face value there really are only 3 mainstream OS suppliers. MS, Apple, and Linux.

Nothing is stopping either one or the other from doing th esame thing MS did.

No more car stories please. :D
--
In these matters the only certainty is that nothing is certain.]]> http://www.dslreports.com/forum/remark,17122596 Fri, 20 Oct 2006 10:40:06 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17122570 Martinus :
said by dave :

I like that analogy!

So, even though some Europeans are using alternative product, it's still not enough to displace the entrenched technology.

I happen to know those Europeans. They are a young couple - recently married -. They live about half a mile from my place. Nice, decent people.

The man said, in a recent interview, that he wouldn't mind going off in a blast of Hydrogen if it was good for the environment.
--
El que la hace la paga]]> http://www.dslreports.com/forum/remark,17122570 Fri, 20 Oct 2006 10:36:06 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17122531 dave : I like that analogy!

So, even though some Europeans are using alternative product, it's still not enough to displace the entrenched technology.]]> http://www.dslreports.com/forum/remark,17122531 Fri, 20 Oct 2006 10:27:46 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17122500 astirusty :
said by Grail Knight :

Only because no other company has stepped up to the plate with a comparable easy to use product other then Apple. Linux is making inroads with ease of use but has a ways to go yet IMO.
A comparable product is not enough. Even a better product is not enough. The reason is (like it or not) MS is the de-facto standard because of market saturation.

Since I know how everyone here loves car analogies... ;)
MS's market saturation is similar to the gasoline engine saturation of the automobile industry. There are comparable engines, but until there are sufficient recharging stations or hydrogen fuel stations available, gasoline engines are going to dominate car sales.]]> http://www.dslreports.com/forum/remark,17122500 Fri, 20 Oct 2006 10:22:32 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17122360 Steve :
said by Mele20 :

Microsoft was not forced to spend more time on security. They chose to do that and I think they should have spent the time on the new file system instead.
Then why do you spend your time in the Security forum?

To hang around with all us hot guys in suits?
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site]]> http://www.dslreports.com/forum/remark,17122360 Fri, 20 Oct 2006 09:48:47 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17122219 psloss :
said by dave :

There are different situations in the world.
No there aren't. One size fits all. (One down, six billion to go.)

Actually, this reminds me of Wowbagger the Infinitely Prolonged...

"I've done you before, haven't I?"
--
Feedback? e-mail: stuff@lupwa.org

]]> http://www.dslreports.com/forum/remark,17122219 Fri, 20 Oct 2006 09:12:56 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17122083 dave :
said by Mele20 :

Microsoft was not forced to spend more time on security. They chose to do that and I think they should have spent the time on the new file system instead. If people don't want to learn how to secure their systems..well that is their tough luck.
You write from an extremely limited viewpoint - a home PC with one user; not even a LAN, right? There are different situations in the world. Consider, for example, a fairly typical server room, with a few dozen machines running a Windows server variant. With professional IT staff as well, who we can assume have 'learned how to secure systems'. I suspect they'd be in favour of security before new features. I am too.

Yes, I know that Microsoft have, since Windows 2000, split the release schedules of 'desktop' and 'server' versions. Nevertheless, the kernel is the kernel. (Just look it like server version = desktop version + other-stuff; the split was made, I assume, so as to not delay the desktop version while they finish up server work).]]> http://www.dslreports.com/forum/remark,17122083 Fri, 20 Oct 2006 08:33:44 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17122058 Grail Knight :
quote:
Microsoft was not forced to spend more time on security. They chose to do that and I think they should have spent the time on the new file system instead.

Security to me and I am sure others comes first and foremost over a new file system. Considering you are so gung ho on keeping your computer secure hearing that the file system takes priority is somewhat amusing.

MS was lambasted for years about not doing more to secure their OS and now they make the attempts to do so some consumers complain. Damned if you do damned if you don't.

Third-party vendors might be good at AV and Firewalls but MS is responsible for core security of their product.
============================================

I am not crabby at all. There you go assuming things you know nothing about. Stick with getting excited over software and you will be just fine.
--
In these matters the only certainty is that nothing is certain.]]> http://www.dslreports.com/forum/remark,17122058 Fri, 20 Oct 2006 08:25:15 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17121773 Mele20 : Why stop where you did? I agree with what you said but you stopped too short. The best answer, perhaps unfortunately, is to require licensing of all computer users and require that new buyers take courses in computer safety before they can be licensed to buy a computer. Microsoft, OEMs and the state and/or federal government should provide the classes with a reasonable fee required from the would be buyers. Current owners should be required to take a test to demonstrate their ability to use a computer safely and then everyone should be required to renew their license every so many years.

I say "perhaps unfortunately" because I am not big on government regulation of anything but in this case I am convinced that is the only thing that will even begin to work. Mandatory licensing and passing of computer courses would over night wake up all these willfully clueless mainstream users. It is willful. You cannot convince me otherwise. They know they need to bone up on computers and security, and the care and feeding thereof before getting one, but they are lazy and they think they can get away with not learning what they need to learn. The same person would never dream of thinking they can just drive a car...no need to learn or pass driving tests every so many years after being initially licensed thus indicating continued education regarding driving. People will do that which affects their pocketbooks. Look at the AARP Defensive Driving course. That course, taken once every three years (8 hour course), will lower insurance premiums by an average of 11% EACH YEAR for three years. AARP can't offer enough of the classes and when everyone is asked at the end of the course why they took it...what do they say (myself included)? " I wanted to lower my insurance rate and I wanted to be a better driver". But note which reason is given first by almost all participants. So, with a bit of creativity taking the classes for computer usage and safety could perhaps result in a coupon from an OEM for a lower price, etc.

I don't agree that most average folks are unaware that computers are not simple devices like toasters. Some are unaware but I think the majority is like my mother and my friend...very aware but those who go ahead and get a computer lull themselves into thinking it won't be hard to figure out care and feeding and security. Then when it is they don't know where to turn. Enter mandatory classes and licensing. I get really tired of the argument that because toasters are simple to use so should be a computer. Well, duh, of course. But it isn't and it won't be for many years to come if ever. Most folks can't set the time on the VCR but they have deluded themselves into thinking they can handle a computer responsibly. They are not happy once they get that "toy" and it gets terribly infected and slow and their identity gets stolen, etc. I think the general public would welcome licensing and mandatory classes that are well taught. It would signal to them the seriousness (responsibility) of a purchase of a computer so they know what they are getting into instead of being a victim of a salesperson in a megastore who tells them anyone can use a computer with no problems. Done right the OEMs, retail stores would back this. This is where Microsoft should be putting much (not all) of its attention when it comes to computer security.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"

»www.ie7.com/]]> http://www.dslreports.com/forum/remark,17121773 Fri, 20 Oct 2006 05:46:59 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17121698 Blackbird : And how many "average users" ever are told what you've just said? By their buddies on the shop floor... or the salesman at the big-box emporium... or by the TV ads promising neat machines to "take them wherever they want to go... ? Or maybe in security forums - which they don't even know exist? In this forum (and others), the focus is unrelentingly upon good security practices, layered security, keeping updated, and the like. But "average" folks rarely venture here... and they'd likely often not have a clue what was being said if they did stumble into one of these threads. In the cases I cited, I became aware of their computer usage only long after they'd bought their machines - and usually only after they'd already stepped into cow-pies. But there are a lot of computers being sold to folks like them and a lot of computers being operated by the same sort of people (at least, until they become too infected to function). They may not be the very centroid of "average users", but they're not far from it. And the mass-market is geared to selling to them.

These folks' lives are surrounded with applicances that just -- are. Relatively benign, relatively simple to operate, relatively simple to maintain, relatively buy-and-forget... just use and add energy now and then. Everything from toasters to TVs to refrigerators to radios to cellphones to cars. Granted, a car requires a modicum of knowledge and a license to operate - but one really doesn't have to be conversant with fuel-injector design or the pros-cons of side-airbag concepts or optimal cloverleaf banking angle tradeoffs to drive a car reasonably safely. But we're probably all familiar with jokes that were making the rounds about what if cars operated like computers...

User education is vital to keeping a computer secure. But first, users have got to somehow hear that computer education is critical... and then they've got to be convinced enough to act on what they've heard. After all, there are a lot of voices demanding this or that from each of us these days, and not all are to be believed. Finally, computer education has to be readily available to folks living under a vastly diverging array of personal constraints... reality is simply that way.

Until these issues are resolved constructively (and there's little I see being done, frankly), improving out-of-box security is the only way manufacturers seem to be able to address general security issues. And it simply makes good sense to have better, more robust security, even for above-average users.
--
If God wanted us to work with electrons, He'd make them big enough to see...]]> http://www.dslreports.com/forum/remark,17121698 Fri, 20 Oct 2006 04:21:46 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17121639 Mele20 : i have advised my 93 year old mother to not get a computer for the very reasons you cite. She fully agrees that she and most of her friends should not have computers. Her life is full and active and she doesn't feel she is missing anything. I have a friend who is 68 and she has never had a computer and doesn't plan to ever get one. She also doesn't want to know anything about them and she is well aware that if she wishes to keep her head in the sand that she should avoid computers. She's happy to do that. Her only gripe is that she seems to lose many of her friends to computers as they are fascinated by them and after getting one suddenly spend most of their time on them instead of with her and they all become geeks. :D

Those who want computers should be willing to learn how to use them properly. Otherwise, stay away from them for heavens sake! I have another friend in her 70's still teaching at the University and she has never learned to drive. She doesn't feel a pressing need to have a car. She lives only two blocks from campus and can easily walk and students, husband, etc. give her rides to the Mall, grocery store, whatever. She never wanted to learn to drive and to have to take care of a car properly. She would never dream of driving her husband's car one day because there was no one to take her somewhere. She knows she would have to learn proper driving. She doesn't expect to get in a car and just drive.

It should be the same with computers. Personal computers are not something one must have to enjoy life. If it is going to be overwhelming, for whatever reasons, to learn how to use a computer properly and maintain it then one should pass it by. No big deal. Simple as that.

Almost any town of any decent size has places where one can go and take lessons regarding computer use and safety and maintenance. Unfortunately, you have to pay for the classes and they vary in worth depending on the source. This is why I keep advocating licensing of users of personal computers and a requirement that certain courses be taken and passed before the user is allowed to buy a computer. Those courses should be funded partially by Microsoft and partially by the federal or state governments with a reasonable fee required of the would be computer buyer. So, currently the persons that you mentioned could have taken courses to learn about computers and if they happen to live in a university town then they can audit college classes and if above 55-60 they can enroll in Senior Net courses, etc. and those are cheap. If they live in a really small town then they may not be able to find classes, or find really good ones in larger towns, and some cities, and this is another reason why mandatory classes and licensing would be very helpful.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"

»www.ie7.com/]]> http://www.dslreports.com/forum/remark,17121639 Fri, 20 Oct 2006 03:38:39 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17121571 Blackbird :
said by Mele20 :

... If people don't want to learn how to secure their systems.. well that is their tough luck. Sink or swim. Microsoft's security "improvements" are going to make very little difference as the criminals will always be with us. The only real defense is to stop sticking your head in the sand (I'm speaking about average users not those who frequent this forum) and learn about computers and how to engage in safe computing. Microsoft is just spinning its wheels on security and would have done much better to have instead concentrated on the new file system, leave security to third party vendors, and put some of its vast amount of funds into sponsoring required classes for all those who wish to use a computer.
So... who's an "average user"? Perhaps my 83-year-old, utterly nontechnical friend who decided 2 years ago to buy a computer for eMailing and a wee bit of web searching... and did only what the big-box store told her to for securing her system - which was next to nothing. Or perhaps another acquaintance in her 60's, physically disabled, who bought a system 4 years ago for eMailing and browsing - also from a big-box store, where she was given no technical advice at all (not that she'd have understood it anyway); and who got so frustrated at continual crashes and hiccups caused by now-known malfunctions from several Windows patches and NAV updates that she literally disconnected the computer and hopelessly shoved it into a closet. Or the accountant friend who sought out expert advice and tried to faithfully apply it when bringing up their new computer, only to still get virus-infected and lock up within 15 minutes of first going online to download and install new anti-virus software... and who got so frustrated that he took the computer (used in his work) completely offline for over 2 years. Or the neighbor 2 doors up whose hot-shot teen knows more about computers than he ever will in his backhoe business... and the teen end-ran all the generic "best security practices" and got the family computer hugely infected. And the list goes on and on...

I don't think a single one of these folks "stuck their head in the sand"... they simply had no comprehension of what was involved in securing a computer and operating it safely - nor what it would take to keep it safe, going forward. And in many cases, they couldn't grasp the necessary technical nuances, even if they knew of the issues involved.

So... something has to "give". Either altering the current paradigm of marketing technically sophisticated, insecure-by-nature computers to the technically illiterate (not a "slam", as it consitutes many, if not most, "average users") or... or software and computers must be made far more secure out-of-the-box. Microsoft is correct to emphasize security, though I'll leave it to others to rate the effectiveness of those efforts. What's deplorable is that it's taken so long to move security to the front burner, and that it's still moving so slowly. Those, like yourself, who regularly inhabit the shadowy caverns of these forums are by no means typical of the technical or security-conscious prowess of "average" users. But the average user is where the computer market is today.

edit: clarity - last para. (I hope!)
--
If God wanted us to work with electrons, He'd make them big enough to see...]]> http://www.dslreports.com/forum/remark,17121571 Fri, 20 Oct 2006 03:02:15 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17121484 Mele20 : Microsoft was not forced to spend more time on security. They chose to do that and I think they should have spent the time on the new file system instead. If people don't want to learn how to secure their systems..well that is their tough luck. Sink or swim. Microsoft's security "improvements" are going to make very little difference as the criminals will always be with us. The only real defense is to stop sticking your head in the sand (I'm speaking about average users not those who frequent this forum) and learn about computers and how to engage in safe computing. Microsoft is just spinning its wheels on security and would have done much better to have instead concentrated on the new file system, leave security to third party vendors, and put some of its vast amount of funds into sponsoring required classes for all those who wish to use a computer.

I'm really sorry that nothing in life except your wife is exciting...gee, I think I now understand why you are so crabby much of the time. ;)
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"

»www.ie7.com/]]> http://www.dslreports.com/forum/remark,17121484 Fri, 20 Oct 2006 02:10:27 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17121478 Blackbird :
said by Mele20 :

... Shortly after, something dawned on Microsoft. They had promised too much, and they couldn’t deliver the unimaginable new experience we’d come to expect. ...
And since the dawn of DOS, this has been the template for new-product introduction for MS - as well as many other players in the software world. Those of us who date back to the beginnings of the PC era can, I think, recall numerous similar hype-and-bust scenarios. Not that it's a "good" thing, nor the way it "ought" to be... but frankly it is the way it almost always is. The Vista story is no exception.
--
If God wanted us to work with electrons, He'd make them big enough to see...]]> http://www.dslreports.com/forum/remark,17121478 Fri, 20 Oct 2006 02:07:42 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17121090 Grail Knight : Only because no other company has stepped up to the plate with a comparable easy to use product other then Apple. Linux is making inroads with ease of use but has a ways to go yet IMO.

If Apple had played their cards right and now is the time for them to do it right they can really get a lot of users/companies to move away from the Windows platform.
--
In these matters the only certainty is that nothing is certain.]]> http://www.dslreports.com/forum/remark,17121090 Fri, 20 Oct 2006 00:00:07 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17121014 astirusty :
said by dave :

I'm especially suspicious of attempts to move Windows to a database-like or object-oriented file system, because we've been there before, starting in the mid-1990s.
MS should definitely do away with NTFS and jump right on to database-like or object-oriented file systems. In fact, I think MS should put the release of Vista on hold till the new file systems are ready! ;)

Should this come to fruition, I think I will buy some stock in companies making the required disks -- terabyte sizes with gigabyte transfer rates. :)]]> http://www.dslreports.com/forum/remark,17121014 Thu, 19 Oct 2006 23:46:31 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17120951 astirusty :
said by Grail Knight :

MS is not forcing users to buy their product. If consumers do not like it let them buy something else.
True MS is not forcing consumers to buy their products, but consumers have little choice in the matter if they want to communicate and work with the significant majority that is using MS products. In some cases the clones of MS products are simply unacceptable because of the circumstances or potential for file format differences. Thus, MS may not be forcing consumers, but in a round-about way, MS is twisting consumers arms.]]> http://www.dslreports.com/forum/remark,17120951 Thu, 19 Oct 2006 23:35:39 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17120873 dave :
said by Mele20 :

Why didn't Microsoft just delay Vista until they could give us the new file system?
Because they wanted the next version of the product to be available not more than a couple or three years after it was supposed to be?

This is the kind of decision that software companies make all the time. There's a bunch of project teams working on different features. They come up with schedules (which are always wrong; that's the nature of the game). Product management decides how to collect those features into scheduled releases.

When a project is late (and it will be) you decide whether to drop the feature from the release and ship on something like the intended date, or you decide to slip the date and keep the feature.

This isn't a one-time decision; it's continuous. So it's not uncommon to slip the date so you can keep the feature, and then up dropping the feature anyway.

(I made my code-freeze deadline, though).

One customer is going to be annoyed that their pet feature didn't show up as planned, but another customer will be annoyed if the release date slips yet again.

Me, I'm on the side of "ship the damn thing with whatever we've got ready". You're either on the train when it leaves or you're not (mixing my transportation metaphors).

Why not just make a super duper service pack 3 with DirectX10, etc. for XP (in other words basically give XP vista as a service pack) and continue to work on the new file system until it was ready and then release a new version of Windows? That is what we were promised.
1. There's no revenue in a service pack. I think that answers the question.

2. Why not release Vista now and ship WinFS as a service pack?

3. Ah, I see the mismatch. You see a statement of what they're hoping to come up with as a 'promise'. Me, I'm a programmer: it doesn't exist until I see it running in front of me, and even then I'm suspicious.

I'm especially suspicious of attempts to move Windows to a database-like or object-oriented file system, because we've been there before, starting in the mid-1990s.

----
I can't understand why you're so bent out of shape about a file system, in any case. It's a file system. It's not really going to revolutionize the way end users experience computing. It might, if we're lucky, provide a basis for application developers to build some interesting new applications. But it'll take time.

I suspect (but this is out of my expertise) that we could probably do all those things today with an ordinary relational database, if only we could get everyone using the database. And maybe that's the win for WinFS; once the database is part of the basic OS, if becomes a common tool.]]> http://www.dslreports.com/forum/remark,17120873 Thu, 19 Oct 2006 23:22:43 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17120729 Grail Knight : Wow, you sure are in a tizzy over a piece of software.

Do you work and if so have you ever had a project fall behind schedule for one reason or another? No matter what you do it is still behind yet you or your company made a promise to deliver it by a certain date. Better to release something then nothing at all or risk your company losing credibility in the market.

Like I said MS is damned if they do and damned if they do not.

Greed I do not believe has anything to do with it no matter what you think. Competition is getting stronger from the OpenSource community and Apple Computer. MS has to release what they have to keep the flow of progress going not unlike any other company that designs software. Can not have it sit around getting old while other companies make advancements on their own.

quote:
It was the broken promise of a new file system that would revolutionize the way we experience computing that got everyone excited about Longhorn originally.

I never got excited nor did a lot of people I know that work in the Industry upon hearing about Longhorn. The excitement over software must be some local thing. I usually get excited by my wife not software.

quote:
Why is there a new version of Windows without the revolutionary new experience of a fabulous way to compute with this incredible new file system?

As for the new file system it is missing due to MS having to spend more time on security. So MS either sells it as a module or includes it in a service pack. No biggie life goes on.

MS is not forcing users to buy their product. If consumers do not like it let them buy something else.

How hard is that for people to figure out?

Edit* Fixed spelling error.]]> http://www.dslreports.com/forum/remark,17120729 Thu, 19 Oct 2006 22:50:36 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17120724 Grail Knight : Most things are damned to do something or another. :)]]> http://www.dslreports.com/forum/remark,17120724 Thu, 19 Oct 2006 22:49:30 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17120719 astirusty :
said by Grail Knight :

MS is damned if they do and damned if they don't.
So in summary, MS is just dammed. ;)
Pardon me if I don't loose any sleep over that thought. :p]]> http://www.dslreports.com/forum/remark,17120719 Thu, 19 Oct 2006 22:48:39 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17120493 Mele20 : Why didn't Microsoft just delay Vista until they could give us the new file system? Why not just make a super duper service pack 3 with DirectX10, etc. for XP (in other words basically give XP vista as a service pack) and continue to work on the new file system until it was ready and then release a new version of Windows? That is what we were promised. A new file system and that was the main point of a new version of Windows as other than a new file system what could be so great in a new version of Windows that couldn't be in a third Service Pack for XP? XP is supported for five more years so there was no need (other than greed) to rush Vista out half baked. It was the broken promise of a new file system that would revolutionize the way we experience computing that got everyone excited about Longhorn originally. Where is it? Why is there a new version of Windows without the revolutionary new experience of a fabulous way to compute with this incredible new file system? Hmpf. I'll wait for the "real" next version of Windows and pass by this service pack 3 for XP that is now called Vista.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"

»www.ie7.com/]]> http://www.dslreports.com/forum/remark,17120493 Thu, 19 Oct 2006 22:11:49 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17119977 Grail Knight :
quote:
They had promised too much, and they couldn’t deliver the unimaginable new experience we’d come to expect. Vista, as much as matters, flopped.

Now how can they say Vista flopped when it has not even been released yet? Betas do not count in judging if a product succeeded or not unless the beta is the only thing being released

Come back in 2008 or 2009 and tell us Vista flopped or succeeded based on sales not on guessing how well a product is doing based on a beta version and broken promises.
-------------------------------------

quote:
Mele,

I thought Blackcomb was still the code name for the next REAL version of Windows...the version we have all been cheated out of with Vista.

Maybe a person feels let down because they did not get what was expected but MS cheated no one.

Considering you say you beta test you must realize the complexity of an OS and if MS fell behind they fell behind. They are doing what they feel is the next best thing. Releasing Vista then later releasing/selling the remaining modules that were left out.

Had MS released what you wanted just to say they got out what they promised and it was buggy as hell then you would have been all over MS about that.

MS is damned if they do and damned if they don't.

Then again no one is forcing anyone to stay with MS. ;)

Edit* Corrected originator of quote for Vista flopping. Added some info]]> http://www.dslreports.com/forum/remark,17119977 Thu, 19 Oct 2006 20:58:19 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17119185 Mele20 :
said by dave :

Nice spin: non-delivery of software means you've been "cheated" out of something.

You were only "cheated" if you'd already paid for it.

No, I was cheated of what Microsoft deliberately hyped and said was going to be.

"Vista was planned as Windows XP R2, and Vienna as the next major version of Windows. But after the delays, Vista became a major new version itself. Vienna becomes the version after that, with Fiji being the Vista R2 in between.
What happens when you tell an excited rabble of Windows enthusiasts that instead of just being a small addition, Vista is going to be an all-out all-new version of Windows? They get even more excited and generate more hype than you could ever imagine. That is hype that Vista just didn’t deserve at that point. Microsoft latched onto this, and proceeded to announce they were filling Vista with as many new features as they could.

Shortly after, something dawned on Microsoft. They had promised too much, and they couldn’t deliver the unimaginable new experience we’d come to expect. Vista, as much as matters, flopped.

We are left with a scrappy remnant of what could have been. We have just had the beta 2, which is buggy up to the eyeball, and seems to not have half of the originally promised features. Major inclusions such as WinFS, Monad Shell (WPS), the Next-Generation Secure Computing Base architecture, Intel's Extensible Firmware Interface support and PC-to-PC Sync have all been dropped."

»www.vistasector.com/articles/2/w···-vienna/
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"

»www.ie7.com/]]> http://www.dslreports.com/forum/remark,17119185 Thu, 19 Oct 2006 18:45:03 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17118399 dave :
said by Martinus :

said by Mele20 :

I thought Blackcomb was still the code name for the next REAL version of Windows...
... as opposed to the current or upcoming UNREAL version?

The last real version of Windows was Windows 3.0; support was removed in version 3.1.]]> http://www.dslreports.com/forum/remark,17118399 Thu, 19 Oct 2006 16:26:26 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17118224 Grail Knight : MS can give it any name they like but at the end of the day it is just the next version of Windows.

Still want to hear your code name though so PM me if you like. :D
--
In these matters the only certainty is that nothing is certain.]]> http://www.dslreports.com/forum/remark,17118224 Thu, 19 Oct 2006 15:54:47 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17118153 Grail Knight : :D]]> http://www.dslreports.com/forum/remark,17118153 Thu, 19 Oct 2006 15:44:10 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17116755 Martinus :
said by Mele20 :

I thought Blackcomb was still the code name for the next REAL version of Windows...
... as opposed to the current or upcoming UNREAL version?
--
El que la hace la paga]]> http://www.dslreports.com/forum/remark,17116755 Thu, 19 Oct 2006 11:27:30 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17116643 AB : I've got my own code name for Vista/Longhorn/Blackcomb/Fiji/Vienna.

In deference to the younger members of our audience, and those of 'nervous dispositions', I shall refrain from printing it here. ;)]]> http://www.dslreports.com/forum/remark,17116643 Thu, 19 Oct 2006 11:05:46 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17116412 Name Game :
said by dave :

Nice spin: non-delivery of software means you've been "cheated" out of something.

You were only "cheated" if you'd already paid for it.

And before the train stops in Vienna..you get another mountain view.

Fiji is also a recent addition, planned as the interim between Vista and Vienna.

»www.vistasector.com/articles/2/w···-vienna/

"Fiji" (also referred to by some Microsoft watchers as Vista R2) – the version of Windows set to follow Vista -- as for Windows "Vienna," the successor to Fiji, partner sources close to the company said.

»www.microsoft-watch.com/article2···1,00.asp
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17116412 Thu, 19 Oct 2006 10:18:27 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17116284 Name Game :
said by Mele20 :

I thought Blackcomb was still the code name for the next REAL version of Windows...the version we have all been cheated out of with Vista. So, what is the code name for the next version (the one that will give us the new file system we were supposed to get in Vista) if not Blackcomb?

The code name "Blackcomb" was originally assigned to a version of Windows that was planned to follow Windows XP (codenamed "Whistler"; both named after the Whistler-Blackcomb resort) in both client and server versions. However, in August 2001, the release of Blackcomb was pushed back several years and Vista (originally codenamed "Longhorn" after a bar in the Whistler Blackcomb Resort) was announced as a release between XP and Blackcomb. Since then, the status of Blackcomb has undergone many alterations and PR manipulations, ranging from Blackcomb being scrapped entirely, to becoming a server-only release. As of 2006, it is still planned as both a client and server release with a current release estimate of anytime between 2009-2012, although no firm release date or target has yet been publicized.

In January 2006, Blackcomb was renamed to "Vienna".[1]

read more here
»en.wikipedia.org/wiki/Windows_%22Vienna%22
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17116284 Thu, 19 Oct 2006 09:51:11 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17116267 dave : Nice spin: non-delivery of software means you've been "cheated" out of something.

You were only "cheated" if you'd already paid for it.]]> http://www.dslreports.com/forum/remark,17116267 Thu, 19 Oct 2006 09:45:57 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17116243 Mele20 : I thought Blackcomb was still the code name for the next REAL version of Windows...the version we have all been cheated out of with Vista. So, what is the code name for the next version (the one that will give us the new file system we were supposed to get in Vista) if not Blackcomb? ]]> http://www.dslreports.com/forum/remark,17116243 Thu, 19 Oct 2006 09:42:47 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17116198 Name Game :
said by Longboard :

"It's sort of ripped out of the hands of the developers and handed over to the people who need to do the manufacturing," said Michael Cherry, an analyst with Directions on Micros.

That is a good thing??

THey have their own battles with rootkits

New rootkit found in Symantec software
1/12/2006 10:59:22 AM,

»arstechnica.com/news.ars/post/20···960.html

Dont disagree. That was a good interpretation of a "little secret" LOL Had been there for some time.
WHo says it has to be Symantec or McAfee only
Maybe little guys like ESET/Avira et al will get a lot better ;)

Thanks for the lessons. Appreciate the patience.

Cheers Mate ;)

Since the train pulls out of the station on the 25th OCT..

"An Oct. 25 RTM date would give computer manufacturers enough time to get new machines loaded with Vista into store inventories for an early January launch, which could still catch some momentum at the tail end of the holidays," said Joe Wilcox, an analyst with Jupiter Research.

I thought we all could get prepared..

Ever wonder how they clean the windows on a vista dome car?
With a very clever ladder attachment..
»www.arizonarails.com/vista_canyon.html

We should never forget..

Q: What's up with the name Longhorn?
A: As I first revealed, the Longhorn name wasn't chosen randomly. Remember that Windows XP was code-named Whistler and the next version of Windows, at the time, was code-named Blackcomb. Both of these names come from ski areas in British Columbia, close to Microsoft's headquarters. At the foot of Whistler Mountain, there is a saloon named Longhorn that serves the local skiing population. So if you're ever in the area and want to take in some local color, Longhorn is a nice stop… after you're done with Whistler.

»www.winsupersite.com/faq/longhorn.asp

Vista Express

»railjourneyswest.com/silversolar···tory.htm

»www.snowboard-mag.com/node/7340

I have my ticket :D
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/
]]> http://www.dslreports.com/forum/remark,17116198 Thu, 19 Oct 2006 09:31:37 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17115787 psloss :
said by Longboard :

But to quote a user here

But who will run as non admin in Vista? Only the dummies who will never be protected because they refuse to learn about computers and how to use them properly. The rest of us will continue to run as admin ...those who get Vista..that is.
Forum members here infrequently represent "typical" Windows users.

Given that non-admin is the default in Vista (and restricted tokens), this is likely to be the first consumer version of either lineage of Windows in which a high percentage run as non-admin.

Whereas the Windows institution of "running the defaults" will continue into the foreseeable future. The only reason that Windows Update or Windows Firewall were widely adopted "post SP2" is that making them active became the default.
--
Feedback? e-mail: stuff@lupwa.org ]]> http://www.dslreports.com/forum/remark,17115787 Thu, 19 Oct 2006 07:35:19 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17115540 Longboard : "It's sort of ripped out of the hands of the developers and handed over to the people who need to do the manufacturing," said Michael Cherry, an analyst with Directions on Micros.

That is a good thing??

THey have their own battles with rootkits

New rootkit found in Symantec software
1/12/2006 10:59:22 AM,

»arstechnica.com/news.ars/post/20···960.html

Dont disagree. That was a good interpretation of a "little secret" LOL Had been there for some time.
WHo says it has to be Symantec or McAfee only
Maybe little guys like ESET/Avira et al will get a lot better ;)

Thanks for the lessons. Appreciate the patience.]]> http://www.dslreports.com/forum/remark,17115540 Thu, 19 Oct 2006 04:05:23 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17115479 Name Game :
said by Longboard :

@Name Game
Vista user do not need those elavated privileges for safe surfing and neither do the AV companies. And those users who think they are safer with and AV "nag" message telling them to just say "no" rather than Microsoft's pop-up.....
....would do the same thing no matter what OS they are runnin

Sure

But to quote a user here

But who will run as non admin in Vista? Only the dummies who will never be protected because they refuse to learn about computers and how to use them properly. The rest of us will continue to run as admin ...those who get Vista..that is.

??
»www.eweek.com/article2/0,1759,19···K0000594

One could read that as an admission of failure on by Msoft?
Certainly points out that there are multiple holes in Vista
Nonetheless; good spin.

Admin can read in Vista..just like in XP but they can not write access anymore as a privilege to system files. That is only reserved for the TrustedInstaller. But even with all the hooks Symantec and other Security Companies were given in XP, they still today can't stop the crap or clean up a PC.

»gladiator-antivirus.com/forum/in···4800&hl=

I surely would not let them play with the Kernel in the Vista RTM

»seattletimes.nwsource.com/html/b···a16.html

THey have their own battles with rootkits ;)

New rootkit found in Symantec software
1/12/2006 10:59:22 AM,

»arstechnica.com/news.ars/post/20···960.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17115479 Thu, 19 Oct 2006 03:10:29 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17113144 Mele20 :
said by garywk :

BTW, my wife thinks I am an impatient person, but even I can spend the 3 or 4 seconds it takes to enter a password without becoming irritated at that slight delay....

If I have to boot the computer (which I hate doing and try to avoid if at all possible..I never shut down a computer except during a thunderstorm or other really bad weather, vacation, or in a few minutes so I can clean out the dust I noticed yesterday) I don't sit at the desk and twiddle my thumbs while it is booting (I did on the 10 second boot one but not on this one that takes so much longer to boot). I would hate having to come back to the desk and there is that stupid password window waiting and so I type in the password and then have to wait until Kaspersky has finished...it is slow and until Process Guard is ready, etc. Why waste time like that? I want to hit reboot and go in the kitchen, or to the bathroom, or whatever, and when I get back my desktop is fully loaded.

If I want to boot to networking for my 98 SE computer I now have to logon for it and that drives me nuts. I usually boot it to non-networking desktop so it fully boots with no need to logon (thus I can be off doing something else while it boots) but then it is not networked.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"

»www.ie7.com/]]> http://www.dslreports.com/forum/remark,17113144 Wed, 18 Oct 2006 19:20:32 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17113069 Mele20 : I don't know much at all about any flavor of Linux but I have Ubuntu appliance on VMWare Workstation and the first thing I was asked when I tried to look at settings was for a password! I had to type a password just to get it to load also. I have read other comments around the internet that users like myself who don't logon Windows don't like all the password typing that there is in Linux. Maybe that is not true. I have taken the writers at their word but maybe I should not have.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"

»www.ie7.com/]]> http://www.dslreports.com/forum/remark,17113069 Wed, 18 Oct 2006 19:08:56 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17113061 garywk :
quote:
Because I don't want to have to type the password! I don't have to type any passwords for XP or 98SE why should I for Vista or Linux? I haven't run into any problems because I don't run as limited user in XP. It is irritating enough how slow boot is in XP even without any password to type. Fast boot on my 8300 was 10 seconds to desktop fully loaded. On my fancy XPS 600 (double the RAM and 1 GhZ faster processor than the 8300) it is close to a minute and that is without any password. I think the difference is due to having had XP Pro SP1 (far better OS as it isn't bogged down with too much security stuff and download speed is much faster on SP 1 than on SP2 where it is about half that of SP1) on the 8300 and SP 2 on the XPS 600.

Well, I guess if typing a password is that big of deal to you, you need to stick with XP and run as admin. You're the type of user MS had in mind when they created Windows.

Personally, I have never allowed auto-logins on any of my machines from my first Win2K install on. If someone is going to get into my machine they are either going to have to hack it remotely, physically steal the machine to get physical access to the hard drive, or at least have enough knowledge to know how to mount drives from a live CD. I'm not going to make things that easy for them.

BTW, my wife thinks I am an impatient person, but even I can spend the 3 or 4 seconds it takes to enter a password without becoming irritated at that slight delay....
--
“We will bankrupt ourselves in the vain search for absolute security.”

Dwight David Eisenhower]]> http://www.dslreports.com/forum/remark,17113061 Wed, 18 Oct 2006 19:07:55 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17113020 dave :
said by Mele20 :

I don't have to type any passwords for XP or 98SE why should I for Vista or Linux?
~ $ id
uid=1053(dave) gid=1007(eng) groups=1007(eng)
~ $ sudo su
# id
uid=0(root) gid=0(root) groups=0(root)
#

What's this about typing passwords on Linux?

The trick is to set up 'sudo' to allow me to execute commands as root without a password. Executing su as root doesn't require a password before switching user to root.
]]> http://www.dslreports.com/forum/remark,17113020 Wed, 18 Oct 2006 19:01:44 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17112993 Name Game : @astirusty's post

Rowan Trollope's recent PR rant is based upon older testing they did on Vista..If you want to read the final report you can get it here in pdf.

August 10, 2006 @ 1:12AM - posted by Matt Mondok

Symantec completes its Windows Vista trilogy
It was only a matter of time before Symantec released its final report on Windows Vista

»arstechnica.com/journals/microso···/10/4943

Symantec does not need "more" API's to protect Windows.. but it does need them so their own product does not get shut down. ;)

»arstechnica.com/journals/microso···/5655/p2

They also realize they are in fact a third-party security product with an orange shield :D...not to mention the logistics problem they now face with McAfee trying to market those "Security Suite" with built-in firewall.

»arstechnica.com/news.ars/post/20···851.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17112993 Wed, 18 Oct 2006 18:58:52 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17112865 Mele20 :
said by garywk :

quote:
But who will run as non admin in Vista? Only the dummies who will never be protected because they refuse to learn about computers and how to use them properly. The rest of us will continue to run as admin ...those who get Vista..that is. That is one thing I can't stand about Linux. It won't let me run as admin. That is my decision to make not the OS.

There is absolutely no need to run as root in Linux. Basically, anything you need to do as root is available as sudo or su from the bash prompt, or asks for the root password when you start it from the gui.

Why would you want to run as root?

Because I don't want to have to type the password! I don't have to type any passwords for XP or 98SE why should I for Vista or Linux? I haven't run into any problems because I don't run as limited user in XP. It is irritating enough how slow boot is in XP even without any password to type. Fast boot on my 8300 was 10 seconds to desktop fully loaded. On my fancy XPS 600 (double the RAM and 1 GhZ faster processor than the 8300) it is close to a minute and that is without any password. I think the difference is due to having had XP Pro SP1 (far better OS as it isn't bogged down with too much security stuff and download speed is much faster on SP 1 than on SP2 where it is about half that of SP1) on the 8300 and SP 2 on the XPS 600.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"

»www.ie7.com/]]> http://www.dslreports.com/forum/remark,17112865 Wed, 18 Oct 2006 18:41:28 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17111713 astirusty : The following may help explain why PatchGuard does not need to check if the anti-malware application is MS's Onecare. Its a mute point since Onecare is not currently able to interface with the kernel (via hooks or at a low-level) and also why the anti-malware vendors are deeming kernel access is so important.
Symantec Spurns Microsoft's Vista Security Proposal

quote:
One way that current security software uses the Windows kernel -- by "hooking" into it, or patching the kernel code -- is to ensure that a Trojan, for example, can't disable defenses. "In 32-bit, if you get a Trojan and you don't know it, we make sure that the protection's not disabled. The malware's attempt to turn us off fails.

quote:
Our advanced technologies won't run." Trollope claimed that his research team had identified 25 samples of recent malware, including Trojans and backdoors, that would be able to attack 64-bit Vista. Trollope also accused Microsoft of brushing off vendors who want to access the kernel because Microsoft doesn't have the advanced capabilities that require kernel hooking in their own security software, like Windows Live OneCare.

"Absolutely, this is connected to that. It's no coincidence that they're not concerned about kernel access because they don't offer these advanced technologies. Now that they're in anti-virus, it's even more convenient for them to not offer [kernel access]."
]]> http://www.dslreports.com/forum/remark,17111713 Wed, 18 Oct 2006 15:25:27 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17110996 AB :
said by dave :

said by Mele20 :

But who will run as non admin in Vista?
Effectively, everyone.

What you call 'running as admin' is a mix of rights+privileges assigned (generally) to the Administrators group, and some object accesses that arise from (for example) ACL entries saying "this file: Administrators have full control)".

As well as being 'granted or not' to a particular user or group, rights+privs can (if granted) be 'enabled or not'. Until now, the default for most privs has been 'enabled' (exceptions being made for things like debug-any-process or backup-any-file, that must be enabled before use). As I understand it, the default will become 'disabled' for most serious privs.

So, while you might still be logged in as a member of the admins group, your powers are curtailed, unless you explicitly authorize their use in a particular situation.

(I could be wrong here, this is based on what I've seen on the 'net: I haven't yet bothered to test Vista myself).

That is one thing I can't stand about Linux. It won't let me run as admin. That is my decision to make not the OS.
Sure, it's your decision whether to stick the gun in your ear and pull the trigger.

But

(a) no serious Unix user runs as 'root' all the time. It's just asking for trouble. You can do too much damage that way, and "but I never make mistakes" is not much of a defence for that. You need to be sure that all the application programmers never make mistakes either.

(b) no-one needs to run as 'root' all the time: 'su' is so convenient. Would that 'run as' on Windows was so useful.

(c) I'm not sure what Linux distribution prevents you from running as root. Certainly, that restriction doesn't apply to any of the systems (Debian, Red Hat) that I use. Maybe it's a gui thing? I don't use any Linux desktop, though I think I recall having logged in as 'root' to KDE on some old Red Hat system.
Your choppy post was very difficult for me to read.

But as best I could make of it, you seem to be suggesting that you might know more about this than Mele20 , and that there is a possibility she could be wrong?
said by dave :

. . I could be wrong here . . .
Whoops. Nevermind. Now I see.]]> http://www.dslreports.com/forum/remark,17110996 Wed, 18 Oct 2006 13:12:34 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17110001 dave : Hmm, so they leave out the Administrator group membership by default:

S-1-5-32-544 = 0x00000010 = SE_GROUP_USE_FOR_DENY_ONLY

That's good.]]> http://www.dslreports.com/forum/remark,17110001 Wed, 18 Oct 2006 10:03:04 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17109950 garywk :
quote:
But who will run as non admin in Vista? Only the dummies who will never be protected because they refuse to learn about computers and how to use them properly. The rest of us will continue to run as admin ...those who get Vista..that is. That is one thing I can't stand about Linux. It won't let me run as admin. That is my decision to make not the OS.

There is absolutely no need to run as root in Linux. Basically, anything you need to do as root is available as sudo or su from the bash prompt, or asks for the root password when you start it from the gui.

Why would you want to run as root?

--
“We will bankrupt ourselves in the vain search for absolute security.”

Dwight David Eisenhower]]> http://www.dslreports.com/forum/remark,17109950 Wed, 18 Oct 2006 09:52:33 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17109780 psloss :
said by dave :

As well as being 'granted or not' to a particular user or group, rights+privs can (if granted) be 'enabled or not'. Until now, the default for most privs has been 'enabled' (exceptions being made for things like debug-any-process or backup-any-file, that must be enabled before use). As I understand it, the default will become 'disabled' for most serious privs.
Shame on you for taking this thread down a technical tangent, but yup, it's basically the same as the restricted token that the SAFER "normal" level returns in XP.

Steering further into that skid and using Build 5270 as an example, here's the standard token an admin gets from the desktop/shell:
Token SIDs: (13)
S-1-5-21-X-Y-Z-1000 = 0x00000000
S-1-5-21-X-Y-Z-513 = 0x00000007 = SE_GROUP_MANDATORY+SE_GROUP_ENABLED_BY_DEFAULT+SE_GROUP_ENABLED
S-1-1-0 = 0x00000007 = SE_GROUP_MANDATORY+SE_GROUP_ENABLED_BY_DEFAULT+SE_GROUP_ENABLED
S-1-5-32-544 = 0x00000010 = SE_GROUP_USE_FOR_DENY_ONLY
S-1-5-32-545 = 0x00000007 = SE_GROUP_MANDATORY+SE_GROUP_ENABLED_BY_DEFAULT+SE_GROUP_ENABLED
S-1-5-4 = 0x00000007 = SE_GROUP_MANDATORY+SE_GROUP_ENABLED_BY_DEFAULT+SE_GROUP_ENABLED
S-1-5-11 = 0x00000007 = SE_GROUP_MANDATORY+SE_GROUP_ENABLED_BY_DEFAULT+SE_GROUP_ENABLED
S-1-5-15 = 0x00000007 = SE_GROUP_MANDATORY+SE_GROUP_ENABLED_BY_DEFAULT+SE_GROUP_ENABLED
S-1-5-5-0-114252 = 0xc0000007 = SE_GROUP_MANDATORY+SE_GROUP_ENABLED_BY_DEFAULT+SE_GROUP_ENABLED+SE_GROUP_LOGON_ID
S-1-2-0 = 0x00000007 = SE_GROUP_MANDATORY+SE_GROUP_ENABLED_BY_DEFAULT+SE_GROUP_ENABLED
S-1-5-64-10 = 0x00000007 = SE_GROUP_MANDATORY+SE_GROUP_ENABLED_BY_DEFAULT+SE_GROUP_ENABLED
S-1-16-8192 = 0x00000060
S-1-16-8192 = 0x000000a0

Token privileges: (5)
SeChangeNotifyPrivilege = 0x00000003 = SE_PRIVILEGE_ENABLED_BY_DEFAULT+SE_PRIVILEGE_ENABLED
SeTimeZonePrivilege = 0x00000000
SeIncreaseWorkingSetPrivilege = 0x00000000
SeUndockPrivilege = 0x00000000
SeShutdownPrivilege = 0x00000000

And here's the token from an "elevated" Vista process:
Token SIDs: (13)
S-1-5-21-X-Y-Z-1000 = 0x00000000
S-1-5-21-X-Y-Z-513 = 0x00000007 = SE_GROUP_MANDATORY+SE_GROUP_ENABLED_BY_DEFAULT+SE_GROUP_ENABLED
S-1-1-0 = 0x00000007 = SE_GROUP_MANDATORY+SE_GROUP_ENABLED_BY_DEFAULT+SE_GROUP_ENABLED
S-1-5-32-544 = 0x0000000f = SE_GROUP_MANDATORY+SE_GROUP_ENABLED_BY_DEFAULT+SE_GROUP_ENABLED+SE_GROUP_OWNER
S-1-5-32-545 = 0x00000007 = SE_GROUP_MANDATORY+SE_GROUP_ENABLED_BY_DEFAULT+SE_GROUP_ENABLED
S-1-5-4 = 0x00000007 = SE_GROUP_MANDATORY+SE_GROUP_ENABLED_BY_DEFAULT+SE_GROUP_ENABLED
S-1-5-11 = 0x00000007 = SE_GROUP_MANDATORY+SE_GROUP_ENABLED_BY_DEFAULT+SE_GROUP_ENABLED
S-1-5-15 = 0x00000007 = SE_GROUP_MANDATORY+SE_GROUP_ENABLED_BY_DEFAULT+SE_GROUP_ENABLED
S-1-5-5-0-114252 = 0xc0000007 = SE_GROUP_MANDATORY+SE_GROUP_ENABLED_BY_DEFAULT+SE_GROUP_ENABLED+SE_GROUP_LOGON_ID
S-1-2-0 = 0x00000007 = SE_GROUP_MANDATORY+SE_GROUP_ENABLED_BY_DEFAULT+SE_GROUP_ENABLED
S-1-5-64-10 = 0x00000007 = SE_GROUP_MANDATORY+SE_GROUP_ENABLED_BY_DEFAULT+SE_GROUP_ENABLED
S-1-16-12288 = 0x00000060
S-1-16-12288 = 0x000000a0

Token privileges: (23)
SeChangeNotifyPrivilege = 0x00000003 = SE_PRIVILEGE_ENABLED_BY_DEFAULT+SE_PRIVILEGE_ENABLED
SeSecurityPrivilege = 0x00000000
SeBackupPrivilege = 0x00000000
SeRestorePrivilege = 0x00000002 = SE_PRIVILEGE_ENABLED
SeSystemtimePrivilege = 0x00000000
SeShutdownPrivilege = 0x00000000
SeRemoteShutdownPrivilege = 0x00000000
SeTakeOwnershipPrivilege = 0x00000000
SeDebugPrivilege = 0x00000002 = SE_PRIVILEGE_ENABLED
SeSystemEnvironmentPrivilege = 0x00000000
SeSystemProfilePrivilege = 0x00000000
SeProfileSingleProcessPrivilege = 0x00000000
SeIncreaseBasePriorityPrivilege = 0x00000000
SeLoadDriverPrivilege = 0x00000000
SeCreatePagefilePrivilege = 0x00000000
SeIncreaseQuotaPrivilege = 0x00000000
SeUndockPrivilege = 0x00000000
SeManageVolumePrivilege = 0x00000000
SeImpersonatePrivilege = 0x00000003 = SE_PRIVILEGE_ENABLED_BY_DEFAULT+SE_PRIVILEGE_ENABLED
SeCreateGlobalPrivilege = 0x00000003 = SE_PRIVILEGE_ENABLED_BY_DEFAULT+SE_PRIVILEGE_ENABLED
SeCreateSymbolicLinkPrivilege = 0x00000000
SeIncreaseWorkingSetPrivilege = 0x00000000
SeTimeZonePrivilege = 0x00000000

Or compared to an XP SAFER, normal token passed from an admin process:
Token SIDs: (9)
S-1-5-21-X-Y-Z-1009 = 0x00000000
S-1-5-21-X-Y-Z-513 = 0x00000007 = Mandatory+Default+Enabled
S-1-1-0 = 0x00000007 = Mandatory+Default+Enabled
S-1-5-32-544 = 0x00000019 = Mandatory+Owner+Deny Only
S-1-5-32-545 = 0x00000007 = Mandatory+Default+Enabled
S-1-5-4 = 0x00000007 = Mandatory+Default+Enabled
S-1-5-11 = 0x00000007 = Mandatory+Default+Enabled
S-1-5-5-0-51170 = 0xc0000007 = Mandatory+Default+Enabled+Logon ID
S-1-2-0 = 0x00000007 = Mandatory+Default+Enabled

Token privileges: (1)
SeChangeNotifyPrivilege = 0x00000003 = Default+Enabled

--
Feedback? e-mail: stuff@lupwa.org ]]> http://www.dslreports.com/forum/remark,17109780 Wed, 18 Oct 2006 09:19:31 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17109707 astirusty :
said by dave :

(c) I'm not sure what Linux distribution prevents you from running as root. Certainly, that restriction doesn't apply to any of the systems (Debian, Red Hat) that I use. Maybe it's a gui thing? I don't use any Linux desktop, though I think I recall having logged in as 'root' to KDE on some old Red Hat system.
Both distributions of Linux (SUSE and Redhat) that I have used allowed a person to run as administrator ('root') if they so desired. However, that is definitely not a good idea even if you are an experienced Linux or UNIX person. On two occasions I have had the pleasure of cleaning up the messes that resulted from experienced UNIX admins that had made serious typos while they were running with 'root' privileges. :(]]> http://www.dslreports.com/forum/remark,17109707 Wed, 18 Oct 2006 09:01:11 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17109677 astirusty :
said by dave :

Take the fight to the public? Because the public are, of course, well-versed in the details of solid operating system design practice, and can comment on the stability or otherwise of allowing arbitrary mods to kernel tables.
Most of us would rather have the "arbitrary"** mods to the kernel tables made by a anti-malware vendor than have "arbitrary" mods to the kernel tables made by hackers' malware. As has been stated before, Patchguard can be bypassed by the white and black hats. The key difference being that MS has threatened to block the white hats via a Windows Update that results in a BSD. It is one thing to block the vendor's workaround, it is another thing to do so by causing the system to BSD.

** Maybe the mods would not need to be so "arbitrary" if MS would start co-operating with the white hats; instead of dragging its feet in attempts to protect its new found anti-malware (Onecare) turf? ;)]]> http://www.dslreports.com/forum/remark,17109677 Wed, 18 Oct 2006 08:51:10 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17109616 astirusty :
said by SpannerITWks :

Extract from the www -

" Folks, this is a real issue. Microsoft has created a PR coup by agreeing to give APIs to security companies. It's a red herring. ..."
Red Herring
McAfee -
quote:
To date, we have not had any cooperation from MS and no response on McAfee's repeated requests to review the information.

Symantec -
quote:
With regards to Microsoft and their announcement regarding security provisions in the Windows Vista operating system, Symantec has yet to actually see the final detailed information needed to address our concerns regarding Windows Security Centre or PatchGuard.
]]> http://www.dslreports.com/forum/remark,17109616 Wed, 18 Oct 2006 08:35:09 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17109615 dave :
said by Mele20 :

But who will run as non admin in Vista?
Effectively, everyone.

What you call 'running as admin' is a mix of rights+privileges assigned (generally) to the Administrators group, and some object accesses that arise from (for example) ACL entries saying "this file: Administrators have full control)".

As well as being 'granted or not' to a particular user or group, rights+privs can (if granted) be 'enabled or not'. Until now, the default for most privs has been 'enabled' (exceptions being made for things like debug-any-process or backup-any-file, that must be enabled before use). As I understand it, the default will become 'disabled' for most serious privs.

So, while you might still be logged in as a member of the admins group, your powers are curtailed, unless you explicitly authorize their use in a particular situation.

(I could be wrong here, this is based on what I've seen on the 'net: I haven't yet bothered to test Vista myself).

That is one thing I can't stand about Linux. It won't let me run as admin. That is my decision to make not the OS.
Sure, it's your decision whether to stick the gun in your ear and pull the trigger.

But

(a) no serious Unix user runs as 'root' all the time. It's just asking for trouble. You can do too much damage that way, and "but I never make mistakes" is not much of a defence for that. You need to be sure that all the application programmers never make mistakes either.

(b) no-one needs to run as 'root' all the time: 'su' is so convenient. Would that 'run as' on Windows was so useful.

(c) I'm not sure what Linux distribution prevents you from running as root. Certainly, that restriction doesn't apply to any of the systems (Debian, Red Hat) that I use. Maybe it's a gui thing? I don't use any Linux desktop, though I think I recall having logged in as 'root' to KDE on some old Red Hat system.]]> http://www.dslreports.com/forum/remark,17109615 Wed, 18 Oct 2006 08:34:34 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17109593 Longboard : @Name Game
Vista user do not need those elavated privileges for safe surfing and neither do the AV companies. And those users who think they are safer with and AV "nag" message telling them to just say "no" rather than Microsoft's pop-up.....
....would do the same thing no matter what OS they are runnin

Sure

But to quote a user here

But who will run as non admin in Vista? Only the dummies who will never be protected because they refuse to learn about computers and how to use them properly. The rest of us will continue to run as admin ...those who get Vista..that is.

??
»www.eweek.com/article2/0,1759,19···K0000594

One could read that as an admission of failure on by Msoft?
Certainly points out that there are multiple holes in Vista
Nonetheless; good spin. ]]> http://www.dslreports.com/forum/remark,17109593 Wed, 18 Oct 2006 08:28:40 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17109567 Mele20 : But who will run as non admin in Vista? Only the dummies who will never be protected because they refuse to learn about computers and how to use them properly. The rest of us will continue to run as admin ...those who get Vista..that is. That is one thing I can't stand about Linux. It won't let me run as admin. That is my decision to make not the OS. ]]> http://www.dslreports.com/forum/remark,17109567 Wed, 18 Oct 2006 08:19:28 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17109470 Name Game :
said by Longboard :

Maybe MS should be opening their kernels to outside scrutiny a little more?

This may be out of date but...
I guess she would be regarded as a reputable source

»theinvisiblethings.blogspot.com/

All of it still comes down to running as Admin and clicking "yes" to accept.
»news.com.com/2100-7349_3-6102458.html

Vista user do not need those elavated privileges for safe surfing and neither do the AV companies. And those users who think they are safer with and AV "nag" message telling them to just say "no" rather than Microsoft's pop-up..

Quote-
To stage the attack, however, Vista needs to be running in administrator mode, Rutkowska acknowledged. That means her attack would be foiled by Microsoft's User Account Control, a Vista feature that runs a PC with fewer user privileges. UAC is a key Microsoft effort to prevent malicious code from being able to do as much damage as on a PC running in administrator mode, a typical setting on Windows XP.

"I just hit accept," Rutkowska replied to a question from the audience about how she bypassed UAC. Because of the many security pop-ups in Windows, many users will do the same without realizing what they are allowing, she said."

....would do the same thing no matter what OS they are running.

:D
»gladiator-antivirus.com/forum/in···ry151998

Microsoft this go around is serious about security...

»www.eweek.com/article2/0,1759,19···K0000594

They have stripped down the code base and they have separated the processes in the code which is a good move after WinXP.

The on-going problem users will have with Vista will be "bad code" in third party products and applications leaving them vulnerable..some of them might end up not working until those vendors patch their stuff.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17109470 Wed, 18 Oct 2006 07:54:26 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17109455 dave : 'Internal server error 500' on that link.]]> http://www.dslreports.com/forum/remark,17109455 Wed, 18 Oct 2006 07:49:18 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17109449 dave : Sure, and let Symantec put themselves out of business. Sounds fine to me, but I'm not sure Symantec will see it that way. Let's see: Symantec products don't work with Windows. Competitor X's products do. Shall I say (a) say no to Windows updates, or (b) say no to Symantec?

Take the fight to the public? Because the public are, of course, well-versed in the details of solid operating system design practice, and can comment on the stability or otherwise of allowing arbitrary mods to kernel tables. Any so-called debate will just depend on who's best at swift-boating the oppposition.

You're on the wrong side here from a technical viewpoint. I don't knowingly install software that goes dicking around writing in kernel data structures.
]]> http://www.dslreports.com/forum/remark,17109449 Wed, 18 Oct 2006 07:48:11 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17109117 Mele20 :
said by SpannerITWks :

Extract from the www -

" Folks, this is a real issue. Microsoft has created a PR coup by agreeing to give APIs to security companies. It’s a red herring.

The security industry needs full access to the kernel. Period. "

»sunbeltblog.blogspot.com/

Spanner

Symantec is quoted in the blog:

"Next, can Symantec get around Patchguard? Of course we can, in fact we have already published a whitepaper on the subject. Here is the problem: Microsoft has told us that IF we put in code to circumvent Patchguard, they will release a patch which will go out through Windows Update which will cause our workaround to bluescreen the computer.

We of course cannot pursue a path when Microsoft tells us that they will bluescreen our customers machines. Hackers on the other hand have no such issues."

I think Symantec should simply release their software and instruct their customers to turn off auto updating and to reject any patch that Microsoft attempts to force on them that would cripple Symantec's software and cause a blue screen. This fight should be taken directly to the public. Who better to do that than Symantec? Then let the public decide. We all got cheated by Bush and his cronies in the Microsoft anti trust case so let us have at it now. :D I'd install Norton (and I don't care for Norton since about 2002) and support Symantec if they showed some balls here.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"

»www.ie7.com/]]> http://www.dslreports.com/forum/remark,17109117 Wed, 18 Oct 2006 04:21:52 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17108999 Longboard : Maybe MS should be opening their kernels to outside scrutiny a little more?

This may be out of date but...
I guess she would be regarded as a reputable source

»theinvisiblethings.blogspot.com/]]> http://www.dslreports.com/forum/remark,17108999 Wed, 18 Oct 2006 03:12:59 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17108736 AB :
said by SpannerITWks :

" Folks, this is a real issue. Microsoft has created a PR coup by agreeing to give APIs to security companies. It’s a red herring.

The security industry needs full access to the kernel. Period. "

»sunbeltblog.blogspot.com/
Gee. What happened to the "good news"? ;) :D]]> http://www.dslreports.com/forum/remark,17108736 Wed, 18 Oct 2006 01:11:03 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17108110 Name Game :
said by SpannerITWks :

Extract from the www -

" Folks, this is a real issue. Microsoft has created a PR coup by agreeing to give APIs to security companies. It’s a red herring.

The security industry needs full access to the kernel. Period. "

»sunbeltblog.blogspot.com/

Spanner

No they don't... Period. :D
»www.betanews.com/article/Symante···61117633

The AV's over the years "reluctantly" finally addressed the "Trojan" and then even later "malware" when their market shares started to tumble and then fought among themselves for top position..wasted time..money.. silly updates that broke many home PC's...and they would be the last ones I would give the keys to the exe washroom.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17108110 Tue, 17 Oct 2006 23:12:06 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17105550 SpannerITWks : Extract from the www -

" Folks, this is a real issue. Microsoft has created a PR coup by agreeing to give APIs to security companies. It’s a red herring.

The security industry needs full access to the kernel. Period. "

»sunbeltblog.blogspot.com/

Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks]]> http://www.dslreports.com/forum/remark,17105550 Tue, 17 Oct 2006 17:18:12 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17101350 Steve : Put another way: giving people a readonly API doesn't give them the read/write API they are asking for.]]> http://www.dslreports.com/forum/remark,17101350 Mon, 16 Oct 2006 23:54:29 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17101315 dave :
said by astirusty :

Assuming** here that MS's kernel Patchguard will also "Functions as designed" and identifies any MS anti-malware product (a.k.a. Onecare) as a threat (or "thread to the system ;)"); then MS giving McAfee, Symantec, and other anti-malware vendors access to the APIs should resolve the issue with the EU.
I think you misunderstand. PatchGuard, as I understand it, doesn't have to do any "identifying" at all. It simply prevents all attempts to overwrite key system tables. You can't overwrite tables, end of story. ]]> http://www.dslreports.com/forum/remark,17101315 Mon, 16 Oct 2006 23:48:11 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17100240 astirusty :
said by dave :

quote:
Symantec wanted its software to be excluded from Patchguard's scope so it would not be wrongly identified as a threat to the system.
"Functions as designed", as we say in the bug-fixing field. Symantec's software is not "wrongly" identified as a thread to the system. ;-)
Assuming** here that MS's kernel Patchguard will also "Functions as designed" and identifies any MS anti-malware product (a.k.a. Onecare) as a threat (or "thread to the system ;)"); then MS giving McAfee, Symantec, and other anti-malware vendors access to the APIs should resolve the issue with the EU. **This also assumes MS is acting in good faith and not planning to pull some oops-its-too-late-weaselly-stunt that prevents anti-malware vendor products from working in the future.]]> http://www.dslreports.com/forum/remark,17100240 Mon, 16 Oct 2006 21:03:57 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17100183 Mele20 : Behaving was the word I used ....not thinking.]]> http://www.dslreports.com/forum/remark,17100183 Mon, 16 Oct 2006 20:55:23 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17099963 Blackbird :
said by Mele20 :

...
From that Brussels article it would appear that Microsoft may also be behaving overly optimistically regarding the EU's approval.
Behaving optimistically in advance of any kind of EU ruling is... uhmm... "rash", at best. Giant, non-European corporations are viewed adversarily in the halls of power at Brussels - to put things mildly. And from past unpleasant experiences, Microsoft undoubtedly knows that. The EU has taken direct aim at them a number of times, almost always over what some EU body perceives as MS designs that attempt to lock out third-party "anythings". MS certainly realizes this situation, and is trying as best they can to improve their standing and deflect criticism on third-party security issues in advance at EU. But are they really "overly optimistic"? I seriously doubt they harbor any optimism about approvals or rulings out of the EU, regardless of press releases or public spin. They most likely possess only faint "hope" that things will actually break their way. That is, unless something "else" has gone on behind scenes... :D
--
If God wanted us to work with electrons, He'd make them big enough to see...]]> http://www.dslreports.com/forum/remark,17099963 Mon, 16 Oct 2006 20:22:06 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17099697 dave :
quote:
Symantec wanted its software to be excluded from Patchguard's scope so it would not be wrongly identified as a threat to the system.
"Functions as designed", as we say in the bug-fixing field.

Symantec's software is not "wrongly" identified as a thread to the system.

;-)]]> http://www.dslreports.com/forum/remark,17099697 Mon, 16 Oct 2006 19:42:26 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17099690 dave : Note that the 'info' in question (in the referenced article( appears to have nothing to do with 'opening up the kernel'. The API given to McAfee/Symantec seems to allow them to plug in their stuff into the Security Centre. This is, of course, unrelated to PatchGuard, which is what the majority of the fuss has been about.]]> http://www.dslreports.com/forum/remark,17099690 Mon, 16 Oct 2006 19:41:08 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17099480 Mele20 : Ain't that super cool...if it means anything other than placating the two AV companies temporarily. But even if Microsoft really has given them the exemption they seek...where the heck does this leave all the other security companies? Only the big bullies get Microsoft to cave in for them and no one else?

From that Brussels article it would appear that Microsoft may also be behaving overly optimistically regarding the EU's approval.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"

»www.ie7.com/]]> http://www.dslreports.com/forum/remark,17099480 Mon, 16 Oct 2006 19:07:21 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17099055 amysheehan : Updated info from the AP Monday 16th Oct: »Microsoft is giving information to critics McAfee, Symantec

:)
--
DSLR Phishtracker]]> http://www.dslreports.com/forum/remark,17099055 Mon, 16 Oct 2006 17:53:37 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17097188 psloss :
said by dave :

Me, I'd be waiting on seeing exactly what this API might be, before I started staging photo-ops on the flight deck in front of "Mission Accomplished" banners.

You sure you're not working for Symantec or McAfee?
»news.com.com/Security+firms+skep···nefd.top

Excerpt:

quote:
"We have not seen anything yet," said Cris Paden, a Symantec spokesman. "These are technical issues. Until we actually see the APIs, all we know is what they have said in the media. So far they have not done anything yet."

--
Feedback? e-mail: stuff@lupwa.org ]]> http://www.dslreports.com/forum/remark,17097188 Mon, 16 Oct 2006 12:46:42 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17095180 astirusty :
said by Mele20 :

said by Steve :

2) When users have the native ability to create whatever Microsoft's PDFs are called, without having to spend money for a third-party solution (have you ever priced the Acrobat product that does this?), is this really such a bad thing?

The reader is free...so, no, I haven't tried to price a free product. ;)

Maybe -- Windows Vista should be free; just like Adobe's PDF reader?
Let MS make money charging for the tools to create your own version of Windows Vista, similar to how Adobe charges for the tools to create your own PDF documents. ;)]]> http://www.dslreports.com/forum/remark,17095180 Mon, 16 Oct 2006 00:38:02 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17093657 dave :
said by SpannerITWks :

Alex Eckelberry of Sunbelt says " This is really good news "
dave of here says Alex Eckelberry is a little premature with his celebration.

Let's see, Microsoft has said "we'll provide an api that lets you access, uh, something or other, no details though." Microsoft has said "and we'll have it in about a year's time".

Me, I'd be waiting on seeing exactly what this API might be, before I started staging photo-ops on the flight deck in front of "Mission Accomplished" banners.]]> http://www.dslreports.com/forum/remark,17093657 Sun, 15 Oct 2006 19:59:27 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17093633 dave :
said by INHCNN :

How the heck is $300 exorbitant for an OS whereas $200 is appropriate for an application that you use a faction of the time that you're using the OS?
Uh, I think your sarcasm sensors need immediate adjustment.

I assumed it would be obvious that I was ridiculing a viewpoint that is prevalent in this forum.]]> http://www.dslreports.com/forum/remark,17093633 Sun, 15 Oct 2006 19:55:18 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17093552 AB :
said by SpannerITWks :

Re MS allowing security developers access to the kernel in Vista 64:

Alex Eckelberry of Sunbelt says " This is really good news " - »sunbeltblog.blogspot.com/
I'm in no position of technical expertise to comment, but it's always "good news" when one gets one's way, is it not? ;)]]> http://www.dslreports.com/forum/remark,17093552 Sun, 15 Oct 2006 19:37:30 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17093503 SpannerITWks : Re MS allowing security developers access to the kernel in Vista 64:

Alex Eckelberry of Sunbelt says " This is really good news " - »sunbeltblog.blogspot.com/ -

Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks]]> http://www.dslreports.com/forum/remark,17093503 Sun, 15 Oct 2006 19:28:45 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17093164 INHCNN :
said by dave :

"Professional" operating system = $299 : exorbitant price, abuse of monopoly power.

"Professional" document production software = $199 : appropriate price for product of independent software vendor.

How the heck is $300 exorbitant for an OS whereas $200 is appropriate for an application that you use a faction of the time that you're using the OS? Call me back when it's $20.

...and independant! That's like calling Sony Music an indie record label. Pfft.

oh... independant of M$. Got it. Nothing trumps blind hate for 'ol evil M$.

said by Steve :

Perhaps you have no need to create a PDF, but many many others do, and most of those resent having to spend hundreds of dollars for Adobe's software. True, there are third party programs that do PDF creation, but none of them are as good as Acrobat.
True that. In fact, there's a fourth party market for apps that convert PDF to DOC. But guess what? Adobe's going to force (sarcasim) their PDF to DOC converter in version 8 (it's one of the new features). So, so far as MS being "unfair" to PDF by being the bigger fish and offering a competitive product, Adobe is doing the same thing to companies smaller than they. Big bank takes little bank.

Wow, talk about OT. Good job Mele. :)
--
"Pressure makes diamonds."
--General George S. Patton]]> http://www.dslreports.com/forum/remark,17093164 Sun, 15 Oct 2006 18:17:32 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17092399 antdude : Also, on »www.washingtonpost.com/wp-dyn/co···r=reddit from »digg.com/security/Microsoft_Now_···or_Vista ...]]> http://www.dslreports.com/forum/remark,17092399 Sun, 15 Oct 2006 15:39:55 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17088825 Steve :
said by Mele20 :

I thought Microsoft was giving away a pdf reader not a tool to create PDF's.
No. Microsoft has invented a new portable-document format, the XML Paper Specification (XPS), that is meant to compete head to head with PDF. Vista will ship with tools for reading and writing, and though I haven't really looked at the details, being based on XML looks to be a pretty big win for the open-standards folks - there are a LOT of tools that work with XML now.

There are a lot of unanswered questions about this:
•Is the format actually any good?•Will people actually adopt it enough to drive demand?•Will the open source folks be able to produce/consume XPS documents?•What's the license look like?•Will this actually hurt Adobe?•(If "Yes") does this matter?
If this takes off, consumer will have yet another useful tool included in the OS that they used to have to pay real money for.

Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site]]> http://www.dslreports.com/forum/remark,17088825 Sat, 14 Oct 2006 20:31:05 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17088638 Mele20 : I thought Microsoft was giving away a pdf reader not a tool to create PDF's. ]]> http://www.dslreports.com/forum/remark,17088638 Sat, 14 Oct 2006 19:52:26 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17088533 AB :
said by Steve :

. . Should a company be allowed to give away a "free" tool if it's only to drive demand for its expensive software?

Steve
Good question. I wonder what Microsoft's response to that would be? ;)]]> http://www.dslreports.com/forum/remark,17088533 Sat, 14 Oct 2006 19:33:46 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17088367 Steve :
said by Mele20 :

The reader is free...so, no, I haven't tried to price a free product. ;)
Yes, the reader is free (and very good), but the software to create those PDFs you're reading for free is not - somebody else is spending money for the PDF writers.

Perhaps you have no need to create a PDF, but many many others do, and most of those resent having to spend hundreds of dollars for Adobe's software. True, there are third party programs that do PDF creation, but none of them are as good as Acrobat.

Should a company be allowed to give away a "free" tool if it's only to drive demand for its expensive software?

Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site]]> http://www.dslreports.com/forum/remark,17088367 Sat, 14 Oct 2006 18:54:32 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17088298 Mele20 :
said by Steve :

2) When users have the native ability to create whatever Microsoft's PDFs are called, without having to spend money for a third-party solution (have you ever priced the Acrobat product that does this?), is this really such a bad thing?

The reader is free...so, no, I haven't tried to price a free product. ;)
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"

»www.ie7.com/]]> http://www.dslreports.com/forum/remark,17088298 Sat, 14 Oct 2006 18:38:23 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17087529 dave : Hmm, I got my price for Acrobat Pro from a google-selected web retailer. They said it was the retail package. Looks a little suspicious that they're selling it for less than half what you quoted.

(Though of course your figures make my point even better: multifunction OS = price gouging, single application = fair price).

The XP Pro price is MS's list price.]]> http://www.dslreports.com/forum/remark,17087529 Sat, 14 Oct 2006 16:01:42 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17087486 Martinus :
said by Mele20 :

We get a Vista that...

:uhh:

Only those who buy Vista - or download a cracked Vista - will get Vista. It's not like it's going to be pushed by Windows Update to everybody. You've got nothing to worry or complain about.

said by Mele20 :

...I have said repeatedly for a long time that I have no plans to upgrade this 8 month old gaming computer to Vista. Since this is a new computer, I won't be buying another for some time. So no Vista.
»Re: Microsoft 'taking security risks'

Edit: Added self-explanatory content with link]]> http://www.dslreports.com/forum/remark,17087486 Sat, 14 Oct 2006 15:49:44 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17087144 Steve :
said by dave :

Please try and keep up.
I think it's you who needs to keep up:

Windows XP Home = $209

Windows XP Professional = $309

Adobe Acrobat Standard = $285

Adobe Acrobat Professional = $425

(all prices retail from one representative vendor)

--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site]]> http://www.dslreports.com/forum/remark,17087144 Sat, 14 Oct 2006 14:19:29 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17087027 dave :
said by Steve :

have you ever priced the Acrobat product that does this?
Please try and keep up.

"Professional" operating system = $299 : exorbitant price, abuse of monopoly power.

"Professional" document production software = $199 : appropriate price for product of independent software vendor.

(As usual when discussing price, I have to make this clear: Of course I prefer lower prices. But what I'm interested in here is the perception that some prices are too high in principle.)]]> http://www.dslreports.com/forum/remark,17087027 Sat, 14 Oct 2006 13:56:52 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17086913 Steve :
said by Mele20 :

and forces Microsoft's version of a pdf reader on us
1) How does Microsoft offering a new tool have even the slightest impact on whether you can install and run Acrobat?

2) When users have the native ability to create whatever Microsoft's PDFs are called, without having to spend money for a third-party solution (have you ever priced the Acrobat product that does this?), is this really such a bad thing?
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site]]> http://www.dslreports.com/forum/remark,17086913 Sat, 14 Oct 2006 13:28:34 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17085983 dave :
said by DragonJoe :

And how long will these changes push back vista

Uh, not at all. See the article. The changes will be out in SP1.]]> http://www.dslreports.com/forum/remark,17085983 Sat, 14 Oct 2006 09:47:43 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17085343 norwegian : Thanks for the link, give me 30-32 mins after it's downloaded. :)

Edit: For those that question, here is a quote of Cudni's first link that started this topic

"Microsoft won't roll out the APIs for PatchGuard in the first edition of Vista, said Wilcox, but will unveil them with the first Service Pack. Typically, Microsoft deploys an initial Service Pack 12 to 18 months after the release of an OS."]]> http://www.dslreports.com/forum/remark,17085343 Sat, 14 Oct 2006 02:35:27 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17085296 AB :
said by norwegian :

Service pack 1 in a year's time ?

Sound's like a sales pitch, more than facts presently.
»www.twit.tv/ww

Podcast. Episode 1 (right-hand side of the page), about 30, 32 minutes in (something like that). :)]]> http://www.dslreports.com/forum/remark,17085296 Sat, 14 Oct 2006 02:10:32 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17085267 norwegian :
Service pack 1 in a year's time ?

Sound's like a sales pitch, more than facts presently.

Microsoft just letting security companies keep that warm fuzzy feeling ? Or is it simply because of the concern more for whether they become too dominant in the field, and are worried about getting split up into 2 companies like they did a few years back ?

It's all hearsay right now really, isn't it.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke]]> http://www.dslreports.com/forum/remark,17085267 Sat, 14 Oct 2006 01:56:53 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17085138 anon : And how long will these changes push back vista]]> http://www.dslreports.com/forum/remark,17085138 Sat, 14 Oct 2006 01:12:35 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17084745 La Luna :
said by Cudni :

It is too late now to backtrack. You will be held responsible so better be proved right and not some thongs ;)

Cudni

Wait, back up the trolley.... dave wears thongs? :o :D
--
~~Well, I think you're crazy, I think you're crazy, I think you're crazy, just like me...~~

]]> http://www.dslreports.com/forum/remark,17084745 Fri, 13 Oct 2006 23:52:53 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17084345 rotty97 : I have the opinion that Microsoft have done the right thing, security companies are in effect "leaches", they leached of the insecurity of Windows.

Antivirus products can still operate, i don't see what the problem is, no product should modify the kernal. That is just insane.

cheers, rotty]]> http://www.dslreports.com/forum/remark,17084345 Fri, 13 Oct 2006 22:39:51 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17084249 hayc59 : Now this is great news for a whole lot of vendors!! :D]]> http://www.dslreports.com/forum/remark,17084249 Fri, 13 Oct 2006 22:24:38 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17084186 dave : »www.microsoftmonitor.com/archive···ate.html

PatchGuard. As I explained last week, McAfee and Symantec had raised competitive concerns over Kernel Patch Protection. Microsoft will modify the technology that will make available more kernel information. But that's something coming in the far future, right now projected for Windows Vista Service Pack 1. Microsoft plans to release kernel-level application programming interfaces that will provide access to information flowing to the kernel. However, companies like McAfee and Symantec would not be able to modify the Windows kernel as they do today.

API release as far away as Windows Vista Service Pack 1 is sure to cause some competitive grumbling. I don't see a huge problem, however. Kernel protection comes on 64-bit Windows Vista (and not the 32-bit software), and I expect customer migration to that version to take a long time; Service Pack 1 is sure to come sooner.

Competitors might also complain that Microsoft's solution is inadequate because they can't modify the operating system kernel, same as 32-bit Windows. Good! I'm no computer programmer, but I know enough that the kernel should be as secure as possible. The kernel should be sacrosanct. If the good guys get access, the bad guys are sure to, too. In fact, the API change is a compromise Microsoft should reconsider, if the priority is really securing the operating system. The company will disclose information that hackers conceivably could use, too.

Security isn't the only consideration. Kernel-level access can impact applications running on the operating system. I wonder how much Windows instability blamed on Microsoft is the fault of software mucking around the kernel.
]]> http://www.dslreports.com/forum/remark,17084186 Fri, 13 Oct 2006 22:14:55 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17083516 Mele20 : UPDATE 6-Microsoft makes changes to Vista in EU, S. Korea

»today.reuters.com/news/articlein···ype=qcna

It's that title that makes me wonder if the changes Microsoft agreed to are ONLY for the EU version (and Korea gets it own totally separate version according to another article).

To me it sounds like the changes are only for the EU.

EDIT: According to this article:

"Even with the changes, which will be included in all versions the company ships worldwide,..."

The article goes on to say that the European version and Korean will not have WMP and the Korean version will also not have Microsoft's IM software. So, it appears the other changes will be in all versions worldwide. :)
»www.chron.com/disp/story.mpl/ap/···109.html

--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"

»www.ie7.com/]]> http://www.dslreports.com/forum/remark,17083516 Fri, 13 Oct 2006 20:13:56 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17083408 AB :
said by dave :

Bear in mind that I'm basing my opinion on one not-very-informed article, so don't blame me if it turns out to be complete pants.
When I request an opinion, that's all I expect to get in reply. :)
No blame shall be assessed, by me anyway. ;)

BTW, Paul Thurrott has pointed out that a Service Pack 1 for Vista is already scheduled to be released for about a year from now, which will include a kernel upgrade. Apparently this will be the same kernel that is contained in the upcoming Server (I believe) version of Vista, again, to be released about a year from now. From the way he was speaking about this, it seemed to be a fairly important piece of news, as I take it kernel upgrades normally accompany a whole new version of an OS, not just a Service Pack.
Just an FYI, food for thought, food for comment, or whatever.]]> http://www.dslreports.com/forum/remark,17083408 Fri, 13 Oct 2006 19:52:00 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17083378 dave : There's nothing in the article I can see that says the changes made to satisfy the EU will be available in the EU only.

(There is some mention of Korea "getting a unique view" but I don't know what that means).]]> http://www.dslreports.com/forum/remark,17083378 Fri, 13 Oct 2006 19:47:01 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17083361 Mele20 : I read all but one of the articles (one won't load) and it is not clear to me what happens here. We get a Vista that forces Microsoft's search engine on us and forces Microsoft's version of a pdf reader on us and we can't buy the AV of our choice because the APIs that are being offered to certain vendors are only for the European and Korean versions? Only the Europeans and Koreans get a decent version of Vista? All because the Department of Justice is asleep?
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"

»www.ie7.com/]]> http://www.dslreports.com/forum/remark,17083361 Fri, 13 Oct 2006 19:43:30 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17083350 Cudni : It is too late now to backtrack. You will be held responsible so better be proved right and not some thongs ;)

Cudni]]> http://www.dslreports.com/forum/remark,17083350 Fri, 13 Oct 2006 19:41:49 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17083337 dave : Bear in mind that I'm basing my opinion on one not-very-informed article, so don't blame me if it turns out to be complete pants.]]> http://www.dslreports.com/forum/remark,17083337 Fri, 13 Oct 2006 19:37:38 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17083010 AB :
said by dave :

. . Sorry for the vagueness of this response, I don't know any more about what is really happening than that single article.
Sorry for the vagueness? Hardly.
An incredibly concise and informative response, considering the freshness of the information available and the time you have had to examine it.
Thank you, Dave. Very, very much! :)]]> http://www.dslreports.com/forum/remark,17083010 Fri, 13 Oct 2006 18:40:20 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17082941 dave :
said by AB :

said by dave :

So providing an API to retrieve certain (unspecified) information is all that the people complaining about PatchGuard really wanted?
Dave-
Any chance you could explain to rubes such as myself what actual real-world impact this has on the 'no one can access the kernel' security lock-down of Vista, or would you be lacking enough information at the present time?
Thanks.

They seem unrelated to me.

The original complaint was that it was no longer possible to overwrite certain dispatch tables, say for example overwriting the entry that says "when syscall #42 is implemented, jump to the function that implements NtBanana in the kernel". Overwriting the table allows you to seize control when an app calls the NtBanana system service; this can be used for good or evil, and is now no longer possible due to PatchGuard.

Instead of this ability, the security-app vendors are now apparently being provided with calls whereby they can look at certain vague "information" that the kernel knows. This is, on the surface, completely unrelated to being able to patch kernel data structures.

I suppose it all depends on what this "information" might be; the article was maddeningly imprecise. Maybe there's going to be a way to get hooked in to knowing that an app called the NtBanana service without actually intercepting the call.

Nevertheless, it sounds like McAfee/Symatec were screaming that their nuclear weapons were being taken away from them, and now they've been offered a handgun and they're happy again.

This sounds like goodness to me, esp. if the article is correct in that the security apps are simply getting to read info. Security consists in large part of not having more access than the job requires - so if what you actually want is to read something, don't go having the ability to completely alter the system's flow of control.

----
Sorry for the vagueness of this response, I don't know any more about what is really happening than that single article.]]> http://www.dslreports.com/forum/remark,17082941 Fri, 13 Oct 2006 18:29:29 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17082692 AB :
said by dave :

So providing an API to retrieve certain (unspecified) information is all that the people complaining about PatchGuard really wanted?
Dave-
Any chance you could explain to rubes such as myself what actual real-world impact this has on the 'no one can access the kernel' security lock-down of Vista, or would you be lacking enough information at the present time?
Thanks.]]> http://www.dslreports.com/forum/remark,17082692 Fri, 13 Oct 2006 17:44:39 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17082662 SpannerITWks : Wow surprise surprise, and right out of the blue too !

They must have been reading some of the threads on here, amongst other places. But at least the're listening and must have taken on board some suggestions, if only because of All the time and effort and $ they'll save by protracted resisting.

Wonder how far down the " path " they'll let vendors etc go ?

Interesting times indeed !

Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks]]> http://www.dslreports.com/forum/remark,17082662 Fri, 13 Oct 2006 17:37:15 EDT Re: Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17082438 dave : So providing an API to retrieve certain (unspecified) information is all that the people complaining about PatchGuard really wanted?]]> http://www.dslreports.com/forum/remark,17082438 Fri, 13 Oct 2006 17:01:12 EDT Vista stripped-down for EU & S. Korea http://www.dslreports.com/forum/remark,17082435 SUMware : Microsoft makes changes to its Windows Vista operating system to conform to EU and S. Korean demands

Microsoft is giving in to demands from the European Union (EU) and will be releasing a stripped-down version of Windows Vista for that region. The company will also offer a similar version of Windows for the South Korean market in order to stave off further litigation.]]> http://www.dslreports.com/forum/remark,17082435 Fri, 13 Oct 2006 17:00:45 EDT Microsoft Opening Up Vista Kernel To Security Vendors http://www.dslreports.com/forum/remark,17082368 Cudni : from
»www.techweb.com/wire/193302307
"..
Microsoft has compromised with security vendors who've been demanding access to the kernel of the upcoming Vista operating system so that they can update their security offerings, two analysts confirmed Friday.

Following conversations with the European Union, Microsoft will make two security-related changes to Vista. First, it will create a new set of APIs, which will let third-party security vendors access information from the kernel. Microsoft will also build additional APIs to make sure Vista's security status dashboard -- Windows Security Center -- doesn't send duplicate alerts to users who have installed a rival dashboard.
..."

Cudni
--
Some are born to failure, others achieve it, all deserve it.
Help yourself so God can help you.
MVP, Microsoft Windows Security 2006]]> http://www.dslreports.com/forum/remark,17082368 Fri, 13 Oct 2006 16:48:37 EDT