Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Microsoft Opening Up Vista Kernel To Security Vendors
Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
How to Install IE7 Bypassing Genuine Windows Validation »
« Hpguru's Hosts File Error  
dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
·Verizon FIOS

Re: Microsoft Opening Up Vista Kernel To Security Vendors

said by AB See Profile :

said by dave See Profile :

So providing an API to retrieve certain (unspecified) information is all that the people complaining about PatchGuard really wanted?
Dave-
Any chance you could explain to rubes such as myself what actual real-world impact this has on the 'no one can access the kernel' security lock-down of Vista, or would you be lacking enough information at the present time?
Thanks.
They seem unrelated to me.

The original complaint was that it was no longer possible to overwrite certain dispatch tables, say for example overwriting the entry that says "when syscall #42 is implemented, jump to the function that implements NtBanana in the kernel". Overwriting the table allows you to seize control when an app calls the NtBanana system service; this can be used for good or evil, and is now no longer possible due to PatchGuard.

Instead of this ability, the security-app vendors are now apparently being provided with calls whereby they can look at certain vague "information" that the kernel knows. This is, on the surface, completely unrelated to being able to patch kernel data structures.

I suppose it all depends on what this "information" might be; the article was maddeningly imprecise. Maybe there's going to be a way to get hooked in to knowing that an app called the NtBanana service without actually intercepting the call.

Nevertheless, it sounds like McAfee/Symatec were screaming that their nuclear weapons were being taken away from them, and now they've been offered a handgun and they're happy again.

This sounds like goodness to me, esp. if the article is correct in that the security apps are simply getting to read info. Security consists in large part of not having more access than the job requires - so if what you actually want is to read something, don't go having the ability to completely alter the system's flow of control.

----
Sorry for the vagueness of this response, I don't know any more about what is really happening than that single article.
permalink · 2006-10-13 18:29:29 · Print · Reply to this

AB
Premium
join:2006-04-04
Leesburg, VA

Re: Microsoft Opening Up Vista Kernel To Security Vendors

said by dave See Profile :

. . Sorry for the vagueness of this response, I don't know any more about what is really happening than that single article.
Sorry for the vagueness? Hardly.
An incredibly concise and informative response, considering the freshness of the information available and the time you have had to examine it.
Thank you, Dave. Very, very much!
permalink · 2006-10-13 18:40:20 · Print · Reply to this
Forums » Up and Running » Security » SecurityHow to Install IE7 Bypassing Genuine Windows Validation »
« Hpguru's Hosts File Error  

Thursday, 03-Dec 13:58:06 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [162] Comcast Releasing Promised Usage Meter
· [127] Avast Antivirus Has Gone Mad
· [103] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [80] Latest Consumer Reports Survey Not Kind To AT&T
· [71] Comcast Makes NBC Universal Acquisition Official
· [70] Baltimore To Ban Lazy Cable Installs
· [63] Broadband Killed The Game Console
· [55] Rogers Unveils The ISP Dream Model
· [47] ACTA: Global Three Strikes
· [43] Cable Industry's 'Adoption Plus': Altruism Or PR Stunt?
Most people now reading
· False positive in Avast! or is it real? [Security]
· Warrior tank seem underpowered these days [World of Warcraft]
· [Rant] Disrespect of PTO [Rants, Raves, and Praise]
· [TWC] Audio/Video outage in Brooklyn [Time Warner Cable TV/Voice]
· Linux is terrorist - according to MS... [All Things Unix]
· Many Sites Unreachable [Rogers]
· Microsoft actively urges IE 6 users to upgrade [Security]
· Is Gear Score now the new requirement to get pug invite? [World of Warcraft]
· Quality/longevity of 15A 120V receptacles [Home Repair & Improvement]
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]