funsec mailing list archives
Re: Security Vendor Bypasses Microsoft's Vista PatchGuard
From: Blue Boar <BlueBoar () thievco com>
Date: Wed, 25 Oct 2006 13:20:21 -0700
Dude VanWinkle wrote:
Sounds to me like Sophos has a point, even if its made for marketing purposes.
Nothing wrong with having multiple approaches. You won't catch me trying to force Sophos to use a kernel-hooking model if they don't want. The question is does anyone have a legitimate need to hook the kernel as a protection/cleaning mechanism?
Patchguard, while not stopping the most wily attackers, would stop the rootkits that are available today from being a valid payload.
Simply making sufficient changes to the kernel, doesn't matter what kind, will break some of the hooking mechanisms. Before you even add on Patchguard.
Isnt that worth something?
It's not a useless attempt, and I don't think they should necessarily get rid of it. It's also not necessarily mutually exclusive with what McAfee and Symantec want.
But Microsoft acting like having KPP has now eliminated all potential kernel attack vectors, and the need for other security software to act there, is a mistake. Microsoft has now claimed that their software won't get to play there either. And that's good, it changes the situation from Microsoft abusing a monopoly to Microsoft making a stupid mistake.
Not that I believe that MS will actually keep their security software from playing where the other guys want to, but at least it's a claim we can look back on.
http://www.microsoft.com/security/windowsvista/allchin.mspx BB _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard, (continued)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Dude VanWinkle (Oct 25)
- RE: Security Vendor Bypasses Microsoft's Vista PatchGuard Larry Seltzer (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard John LaCour (Oct 25)
- RE: Security Vendor Bypasses Microsoft's Vista PatchGuard Larry Seltzer (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Drsolly (Oct 25)
- RE: Security Vendor Bypasses Microsoft's Vista PatchGuard Larry Seltzer (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Dude VanWinkle (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Nick FitzGerald (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Dude VanWinkle (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Nick FitzGerald (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Ron Bowes (Oct 25)