how-to block ads
|
dave
Premium,MVM
join:2000-05-04
not in ohio | Re: Microsoft Opening Up Vista Kernel To Security Vendors So providing an API to retrieve certain (unspecified) information is all that the people complaining about PatchGuard really wanted? | |
|  
AB
Premium
join:2006-04-04
Leesburg, VA
| Re: Microsoft Opening Up Vista Kernel To Security Vendors said by dave  :So providing an API to retrieve certain (unspecified) information is all that the people complaining about PatchGuard really wanted? Dave-
Any chance you could explain to rubes such as myself what actual real-world impact this has on the 'no one can access the kernel' security lock-down of Vista, or would you be lacking enough information at the present time?
Thanks. | |
| | dave
Premium,MVM
join:2000-05-04
not in ohio
 ·Verizon Online DSL
 ·Verizon FIOS
| Re: Microsoft Opening Up Vista Kernel To Security Vendors said by AB :said by dave :So providing an API to retrieve certain (unspecified) information is all that the people complaining about PatchGuard really wanted? Dave- Any chance you could explain to rubes such as myself what actual real-world impact this has on the 'no one can access the kernel' security lock-down of Vista, or would you be lacking enough information at the present time? Thanks. They seem unrelated to me.
The original complaint was that it was no longer possible to overwrite certain dispatch tables, say for example overwriting the entry that says "when syscall #42 is implemented, jump to the function that implements NtBanana in the kernel". Overwriting the table allows you to seize control when an app calls the NtBanana system service; this can be used for good or evil, and is now no longer possible due to PatchGuard.
Instead of this ability, the security-app vendors are now apparently being provided with calls whereby they can look at certain vague "information" that the kernel knows. This is, on the surface, completely unrelated to being able to patch kernel data structures.
I suppose it all depends on what this "information" might be; the article was maddeningly imprecise. Maybe there's going to be a way to get hooked in to knowing that an app called the NtBanana service without actually intercepting the call.
Nevertheless, it sounds like McAfee/Symatec were screaming that their nuclear weapons were being taken away from them, and now they've been offered a handgun and they're happy again.
This sounds like goodness to me, esp. if the article is correct in that the security apps are simply getting to read info. Security consists in large part of not having more access than the job requires - so if what you actually want is to read something, don't go having the ability to completely alter the system's flow of control.
----
Sorry for the vagueness of this response, I don't know any more about what is really happening than that single article. | |
| | |
AB
Premium
join:2006-04-04
Leesburg, VA
| Re: Microsoft Opening Up Vista Kernel To Security Vendors said by dave :. . Sorry for the vagueness of this response, I don't know any more about what is really happening than that single article. Sorry for the vagueness? Hardly.
An incredibly concise and informative response, considering the freshness of the information available and the time you have had to examine it.
Thank you, Dave. Very, very much!  | |
| | | |
|
