Re: Re:How To Suspend Thread In Kernel?

It's still just providing an illusion of security through layers of
obscurity.

BTW, antipiracy system != protecting the system from hostile kernel mode
code.

"Scherbina Vladimir" <vladimir.scherbina@xxxxxxxxxxxx> wrote in message
news:u%23Ena4zUGHA.3192@xxxxxxxxxxxxxxxxxxxxxxx
Hello Skywing,

"Skywing" <skywing_NO_SPAM_@xxxxxxxxxxxxxxxxxxx> wrote in message
news:ObcWyxzUGHA.2276@xxxxxxxxxxxxxxxxxxxxxxx
Yes, it does - you can try to make it harder, but the fact of the matter
is, a determined and clever attacker will be able to bypass your
protection schemes and do what they want if they can run code in kernel
mode. It is a simple matter of kernel mode code having unrestricted
access to hardware - part of the core OS design.

correct, all depends on expirience and thus you can't be sure that your
running code in k.m. gives you absolute power, "all is relative".

The only sane course of action after detecting a kernel mode compromise
is a complete rebuild of the box. Saying you can mitigate arbitrary code
being run in kernel mode is only kidding yourself into a false sense of
security, IMO.

http://www.star-force.com/ - a well-know company that intensivly uses
kernel mode protection components, as I said few month ago (AFAIR to you?)
there are a *few* of men in the world that broke their system

--
Vladimir
http://spaces.msn.com/vladimir-scherbina/




.

Relevant Pages

  • Re: Licence and software protection
    ... Since your software is running in user-mode, any kernel-mode (Ring0) ... runs in kernel mode, in the same level cracking tools are running. ... fight against the protection routines because they are running in the same ... operation level, it has all the privileges enabled and almost everything is ...
    (borland.public.delphi.thirdpartytools.general)
  • Re: Licence and software protection
    ... Protection using Ring 0 are very unstable, ... Currently Themida is same than XProtector... ... > runs in kernel mode, in the same level cracking tools are running. ... but its not a regular software protector in the form ASprotect. ...
    (borland.public.delphi.thirdpartytools.general)
  • Re: communication between Ring0 and Ring3
    ... Kernel Mode simply allows full access to the ... statically mapped virtual addresses without incurring an access violation. ... There is still protection from access across process spaces, ... CPUs protection mechanisms are still used including privileged instruction ...
    (microsoft.public.windowsce.platbuilder)
  • Re: OT: why no file copy() libc/syscall ??
    ... local UNIX-style filesystem. ... It doesn't work for Windows security data. ... > it in Kernel mode. ... > are the same, and one on a remote node, ...
    (Linux-Kernel)
  • Re: HardBound and SoftBound (was "The State of Software")
    ... I think this is a good argument for doing such checks in hardware, like HardBound, not in software, like SoftBound. ... From time to time people propose that there is no need for hardware support for security at the OS level - i.e. no need for kernel mode versus user mode. ...
    (comp.arch)
Quantcast