Re: Homeland Security Official Suggests Outlawing Rootkits

[Valdis.Kletnieks () vt edu]

On Fri, 17 Feb 2006 16:03:13 +0100, Brian Azzopardi said:

> In Vista kernel code such as device drivers and Sony's best will not run
> in ring 0 but ring 1 - so stuff like hiding files/processes/etc which
> depend on hijacking kernel data will be very, very hard*

Yes, but simply replacing whatever Windows uses as a /bin/ps, with a version
that hides the naughty bits, will fool 98% of the people.  So the ring 0/1
distinction will only really matter to the 109 or so people that actually
reverse engineer the sucker...

> Additionally, starting with Vista x64, only corps who pay an annual
> license fee to Verisgn for a certificate to sign their drivers with will
> be able to play in kernel-land.

http://www.mountain-america.net

http://www.cert.org/advisories/CA-2001-04.html

Now, as you were saying?

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.