funsec mailing list archives
Re: Security Vendor Bypasses Microsoft's Vista PatchGuard
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Tue, 24 Oct 2006 23:13:32 -0400
On 10/24/06, Blue Boar <BlueBoar () thievco com> wrote:
Fergie wrote: > Hmmm. That somehow doesn't sound very reassuring... if these guys can > do it, so can your friendly neighborhood bad guy... > > Via eWeek. > http://www.eweek.com/article2/0,1759,2036585,00.asp Of course the bad guys can do it, no question.
Err, this was a security company, not necessarily "the bad guys", but I get your point, i think.. correct me if I am wrong, but here is this issue: The bad guys will always be able to find another hole. It doesnt matter to them if the hole is later patched, as they only need their software to install once. AV and other security vendors will have to either: find several security holes that allow you to inject code into the kernel, not report them to MS, and then switch to one of the other hypothetical unreported method to load into ring0 as MS finds and patches the holes; or just hope that MS doesnt have any flaws in the patchguard technology, right? -JP It's a matter of if/who
gets to go into the kernel after them. [PLUG] http://windowssecrets.com/comp/061023/#story1 [/PLUG] And a few days after I wrote that, we see validation for my position in today's Slashdot story: http://it.slashdot.org/article.pl?sid=06/10/24/2122202 BB _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Security Vendor Bypasses Microsoft's Vista PatchGuard Fergie (Oct 24)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 24)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Dude VanWinkle (Oct 24)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 24)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Valdis . Kletnieks (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Dude VanWinkle (Oct 25)
- RE: Security Vendor Bypasses Microsoft's Vista PatchGuard Larry Seltzer (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard John LaCour (Oct 25)
- RE: Security Vendor Bypasses Microsoft's Vista PatchGuard Larry Seltzer (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Dude VanWinkle (Oct 24)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Drsolly (Oct 25)
- RE: Security Vendor Bypasses Microsoft's Vista PatchGuard Larry Seltzer (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 24)