Re: Re:How To Suspend Thread In Kernel?

It is not a matter of being for or against someone (or something), it is a
matter of helping people to not choose bad designs.



Specifically in respect to security:



There is no software only solution that cannot be compromised by malicious
software! Period!



All actually secure systems will require hardware support. In the case of
NT type OSes, this is implemented using the UM-KM transition - this is the
ONLY security feature that cannot be overcome in the whole OS (not to say
that that aren't others that are 'hard' to overcome.



This is the reason why the presence of malicious KM code means that ANY
software function CAN be compromised (not that it will necessarily be
compromised, since the probability of breach in many places is extremely low
etc., but it might be since there is no security mechanism that prevents
this)



I agree, the methods used for a given task are dependent on the task itself,
but think before you do anything stupid and waste a lot of time on something
with only probabilistic success.





"Scherbina Vladimir" <vladimir.scherbina@xxxxxxxxxxxx> wrote in message
news:eWFDlrzUGHA.5996@xxxxxxxxxxxxxxxxxxxxxxx
Anton,

Yes, I fully understand what you mean, and at the same time I understand
those guys that are here against us :).

This newsgroup is not connected with security in the way you think about
it; when someone asks "what is the best way to create secured system"
everybody here will respond with "use well known algo, well know way that
was checked and came through water, fire and the atom war", but this
approach is applied to cryptography mostly.

Another side, if we will try to design approach to secure PC from viruses,
malware and simular stuff, ways mentioned above are stupid.

VirMakers are creating polymorphing engines that uses sometimes unique
techniques and cannot be detected by the signatures feature of AV;

Malware comes to kernel mode and begin hooking SDT, IDT to prevent been
found by av's or SoftIce for example :);

How can one be protected from this stuff using well-known ways ? And here
it goes - AV companies create
"cleaners" that modify SDT using device PhysicalMemory or in the kernel
mode, another AV companies creates "virtual machines" that emulates code,
third companies create components that hooks API to protect themself from
been terminated by malware, because malware uses *undocumented ways* !

The same with protectors - they use a lot of undocumented stuff. We again
met the sentence "each task has it's own implementation".

--
Vladimir
http://spaces.msn.com/vladimir-scherbina/

"anton bassov" <xxx@xxxxxxx> wrote in message
news:1d15ea4a320d49f3aab4093c4cf9802e@xxxxxxxxxxxxxx
Hi Vladimir

I am really glad that there is at least one person who understands what I
mean. You seem to be the only one on this thread who understands that
sometimes we come across problems that cannot be solved by any officially
supported means - anyone in the right state of mind would not play such
tricks just for the fun of doing it, don't you think???


Such trick is dangerous, and I can foresee quite a few problems using it
(at
least directly- probably, it may require quite a few additional
modifications). This is definitely not a solution that wins you MS
awards -
I don't want to even argue about that. However, what is the alternative
solution???

Everyone on this thread says that this is dangerous trick, but no one
came
up with any alternative proposal so far.
You seem to be the only one who has a realistic view of the situation


Regards


Anton Bassov




.

Relevant Pages

  • Re: Windows Security Center damaged
    ... This one runs four different "command-line" scanners, ... In the Security Center, ... I'm sure that some malware caused that ... ETrust Internet Security Suite includes a firewall. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Windows Security Center damaged
    ... In the Security Center, ... I'm sure that some malware caused that ... It looks like you recommend having 5 to 6 tools, ... ETrust Internet Security Suite includes a firewall. ...
    (microsoft.public.windowsxp.security_admin)
  • How To Utterly Destroy The Security By Obscurity Myth
    ... The Financial Times tries spreading some Apple Mac security FUD ... Take the number of known malware in the wild for Mac. ... verifiable data there are 2036x more malware for Windows than Mac. ...
    (comp.sys.mac.advocacy)
  • Re: Pentester convicted..
    ... No matter how much good will is arguably present (think about the Daniel ... case in terms of the same defense) you have gained unauthorised access. ... As ethical IT security experts, with all our knowledge, skill and esoteric talent, we do not have a right to gain unauthorised access. ... Download FREE whitepaper on how a managed service can ...
    (Pen-Test)
  • Re: Is MSIE dead as a browser - if Microsoft does not patch it then it is as far as I am concerned!
    ... it has to do only with ultimate responsibility. ... might not know better when it comes to doing timely security updates, ... Most malware uses some sort of buffer overflow exploit. ... How many patches will it take to make my XP OX as secure as my ...
    (microsoft.public.security.virus)