Re: Security Vendor Bypasses Microsoft's Vista PatchGuard

["Dude VanWinkle" <dudevanwinkle () gmail com>]

On 10/24/06, Blue Boar <BlueBoar () thievco com> wrote:
> Fergie wrote:
> > Hmmm. That somehow doesn't sound very reassuring... if these guys can
> > do it, so can your friendly neighborhood bad guy...
> >
> > Via eWeek.
> > http://www.eweek.com/article2/0,1759,2036585,00.asp
>
> Of course the bad guys can do it, no question.

Err, this was a security company, not necessarily "the bad guys", but
I get your point, i think.. correct me if I am wrong, but here is this
issue:

The bad guys will always be able to find another hole. It doesnt
matter to them if the hole is later patched, as they only need their
software to install once.

AV and other security vendors will have to either: find several
security holes that allow you to inject code into the kernel, not
report them to MS, and then switch to one of the other hypothetical
unreported method to load into ring0 as MS finds and patches the
holes; or just hope that MS doesnt have any flaws in the patchguard
technology, right?

-JP

It's a matter of if/who
> gets to go into the kernel after them.
> [PLUG]
> http://windowssecrets.com/comp/061023/#story1
> [/PLUG]
>
> And a few days after I wrote that, we see validation for my position in
> today's Slashdot story:
> http://it.slashdot.org/article.pl?sid=06/10/24/2122202
>
>                                         BB
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.