funsec mailing list archives
Re: Homeland Security Official Suggests Outlawing Rootkits
From: Valdis.Kletnieks () vt edu
Date: Fri, 17 Feb 2006 11:19:28 -0500
On Fri, 17 Feb 2006 16:03:13 +0100, Brian Azzopardi said:
In Vista kernel code such as device drivers and Sony's best will not run in ring 0 but ring 1 - so stuff like hiding files/processes/etc which depend on hijacking kernel data will be very, very hard*
Yes, but simply replacing whatever Windows uses as a /bin/ps, with a version that hides the naughty bits, will fool 98% of the people. So the ring 0/1 distinction will only really matter to the 109 or so people that actually reverse engineer the sucker...
Additionally, starting with Vista x64, only corps who pay an annual license fee to Verisgn for a certificate to sign their drivers with will be able to play in kernel-land.
http://www.mountain-america.net http://www.cert.org/advisories/CA-2001-04.html Now, as you were saying?
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Homeland Security Official Suggests Outlawing Rootkits Fergie (Feb 17)
- Re: Homeland Security Official Suggests Outlawing Rootkits Gadi Evron (Feb 17)
- RE: Homeland Security Official Suggests Outlawing Rootkits Larry Seltzer (Feb 17)
- RE: Homeland Security Official Suggests Outlawing Rootkits Rob, grandpa of Ryan, Trevor, Devon & Hannah (Feb 17)
- RE: Homeland Security Official Suggests Outlawing Rootkits Larry Seltzer (Feb 17)
- Re: Homeland Security Official Suggests Outlawing Rootkits Mike Johnson (Feb 17)
- Re: Homeland Security Official Suggests Outlawing Rootkits Dude VanWinkle (Feb 17)
- <Possible follow-ups>
- RE: Homeland Security Official Suggests Outlawing Rootkits Brian Azzopardi (Feb 17)
- RE: Homeland Security Official Suggests Outlawing Rootkits Barrie Dempster (Feb 17)
- Re: Homeland Security Official Suggests Outlawing Rootkits Valdis . Kletnieks (Feb 17)
- RE: Homeland Security Official Suggests Outlawing Rootkits Fergie (Feb 17)
- Re: Homeland Security Official Suggests Outlawing Rootkits Richard Cox (Feb 17)
- Re: Homeland Security Official Suggests Outlawing Rootkits Kevin McAleavey (Feb 17)
- Re: Homeland Security Official Suggests Outlawing Rootkits Valdis . Kletnieks (Feb 17)
- Re: Homeland Security Official Suggests Outlawing Rootkits Kevin McAleavey (Feb 17)
- Re: Homeland Security Official Suggests Outlawing Rootkits Richard Cox (Feb 17)
- Re: Homeland Security Official Suggests Outlawing Rootkits Gadi Evron (Feb 17)