Re: Re:How To Suspend Thread In Kernel?

Anton,

Yes, I fully understand what you mean, and at the same time I understand
those guys that are here against us :).

This newsgroup is not connected with security in the way you think about it;
when someone asks "what is the best way to create secured system" everybody
here will respond with "use well known algo, well know way that was checked
and came through water, fire and the atom war", but this approach is applied
to cryptography mostly.

Another side, if we will try to design approach to secure PC from viruses,
malware and simular stuff, ways mentioned above are stupid.

VirMakers are creating polymorphing engines that uses sometimes unique
techniques and cannot be detected by the signatures feature of AV;

Malware comes to kernel mode and begin hooking SDT, IDT to prevent been
found by av's or SoftIce for example :);

How can one be protected from this stuff using well-known ways ? And here it
goes - AV companies create
"cleaners" that modify SDT using device PhysicalMemory or in the kernel
mode, another AV companies creates "virtual machines" that emulates code,
third companies create components that hooks API to protect themself from
been terminated by malware, because malware uses *undocumented ways* !

The same with protectors - they use a lot of undocumented stuff. We again
met the sentence "each task has it's own implementation".

--
Vladimir
http://spaces.msn.com/vladimir-scherbina/

"anton bassov" <xxx@xxxxxxx> wrote in message
news:1d15ea4a320d49f3aab4093c4cf9802e@xxxxxxxxxxxxxx
Hi Vladimir

I am really glad that there is at least one person who understands what I
mean. You seem to be the only one on this thread who understands that
sometimes we come across problems that cannot be solved by any officially
supported means - anyone in the right state of mind would not play such
tricks just for the fun of doing it, don't you think???


Such trick is dangerous, and I can foresee quite a few problems using it
(at
least directly- probably, it may require quite a few additional
modifications). This is definitely not a solution that wins you MS
awards -
I don't want to even argue about that. However, what is the alternative
solution???

Everyone on this thread says that this is dangerous trick, but no one came
up with any alternative proposal so far.
You seem to be the only one who has a realistic view of the situation


Regards


Anton Bassov


.

Relevant Pages

  • Re: A question for the group
    ... They don't protect you from trojans. ... Even on windows, careful use of NTFS permissions and user level clearances can limit programs' damage to some extent, but on the majority of windows setups, any program can pretty much do what it wants to any files, including vital OS files. ... Add that on *nix systems, it is hard to get malware programs to run without user intervention, and you have an inherently much safer system. ...
    (sci.electronics.design)
  • UNIX Security Weaknesses and Potential Solutions
    ... that writers of malware code protect their computers from ... their malware code on the simulated computer. ... For those whom worry that the root user password ...
    (comp.security.unix)
  • Re: anti virus programs
    ... designed to help protect your computer from virus, worms, and Trojans. ... uniformed computer users who thoughtlessly click pretty links or ... download and install the "brightest and shiniest" new, ... this malware are email attachments that many people open and execute ...
    (microsoft.public.security.virus)
  • Re: Win xp sp2 firewall
    ... the proper approach. ... protect them or us from them. ... get something better then SP2 firewall. ... Why even encourage people to allow malware to ...
    (comp.security.firewalls)