Dailydave mailing list archives
Re: Is Windows Integrity Control in Vista really worth the performance hit? And does it really work?
From: "J.M. Seitz" <lists () bughunter ca>
Date: Thu, 1 Mar 2007 13:22:15 -0800
Ouch! Joanna must have drunk ample amounts of Hatorade today! As well I doubt this poster has used SeLinux (not lightweight), tried AppArmor (slightly more friendly) or even attempted to use PaX and the rest of the GRSec patches, who openly admit you are going to see an 8% performance hit or more depending on what you are running on the machine and your own particular setup. Let's not kid ourselves, doing this type of application level security comes at a cost no matter what operating system is implementing it. Now the only tie to performance and security I can justify is that at times you are going to have to trade in a little of one for a little of the other, and I'll leave it at that before Miss Rutkowska kicks MY ass. JS -----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of Joanna Rutkowska Sent: Thursday, March 01, 2007 5:44 AM To: Security Admin (NetSec) Cc: dailydave Subject: Re: [Dailydave] Is Windows Integrity Control in Vista really worth the performance hit? And does it really work? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Admin (NetSec) wrote:
I have been playing around with Vista for about a year; to date I cannot find a reason why one would take the productivity hit to upgrade. For those who do not know what WIC is, there is a good into write-up at http://www.securityfocus.com/infocus/1887. While Windows Integrity Control (WIC) is somewhat secure, I was able to elevate privileges on programs using a tool from a friend of mine.
Lucky you! (to have such helpful friends ;)
Presumable one could use this tool or one like to elevate their privileges as well. Has anyone tried to elevate all the way to SYSTEM? I know it is possible to elevate form Low to Medium to High.
I'm sure everybody on this list would love to hear the details :)
It seems to me that the Linux and BSD folks have figured out how to implement access controls without a heavy load on the system; Vista really chokes.
"Heavy load on the system"? That's interesting... How about we don't mix our subjective opinions about performance, UI functionality, etc, with technical discussions about security mechanisms? joanna. -----BEGIN PGP SIGNATURE----- iD8DBQFF5tijORdkotfEW84RAh3JAKDEpuMgBxh5vqAEj+EgImVppxBsMACfXn96 GOv0S1r3CDC3ML9EoUBmMmM= =tbXW -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Is Windows Integrity Control in Vista really worth the performance hit? And does it really work? Security Admin (NetSec) (Mar 01)
- Re: Is Windows Integrity Control in Vista really worth the performance hit? And does it really work? Joanna Rutkowska (Mar 01)
- Re: Is Windows Integrity Control in Vista really worth the performance hit? And does it really work? J.M. Seitz (Mar 01)
- Re: Is Windows Integrity Control in Vista really worth the performance hit? And does it really work? Joanna Rutkowska (Mar 01)