Re: How will PatchGuard change kernel programming?

Tech-Archive recommends: Fix windows errors by optimizing your registry

Look at this: http://WindowsSecrets.com/comp/061012

PatchGuard is a very good idea, but when Microsoft keeps the methodologies
secret to enable protection of a system, it does make it difficult for
anyone to provide good security products. Just program execution is very
difficult to protect with the documented interfaces. Yes, you can see all
file opens with a minifilter, but I can think of ways to load many DLLs into
a single process using documented interfaces and have them together produce
undesirable results.

If someone can get a kernel mode driver loaded on a system, I don't think it
is possible to protect the system. Another issue coming up is the new
hardware VM support that permits someone to wrap an executing OS within a
box so that it has no control over the hardware anymore.

"Don Burn" <burn@xxxxxxxxxxxxxxxx> wrote in message
news:uQuguay7GHA.4568@xxxxxxxxxxxxxxxxxxxxxxx
It is a good thing, since it forces people to develop properly and not use
kludgy hooking, which exposes the system to threats. For any decent
developer it will not impact them at all.


--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply



"smerf" <smerf@xxxxxxxxxx> wrote in message
news:NiUXg.10022$nn6.4289@xxxxxxxxxxxxxxxxxxxxxxxxx
How will Vista's PatchGurad change the ability of coders to extend the
OS?





.