Re: How will PatchGuard change kernel programming?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

After looking at the article, I thought is was one of the stupider things
that has been written on the subject. Microsoft has use the "Windows
Filtering Platform" term to mean the various filter driver technologies in
the system, such as file system filters, TDI filters, documented hooks for
process and registry events. This is not anything new and it sure isn't
secret.

Now you can argue that Microsoft needs to add to the environment to make
some checking easier, and I will not argue. But the basics are there and
can be used to protect a system. There are situations where the system (or
an application will crash), but the basic security is pretty good, and with
the crash the culprit can typically be determined.

It is ironic, that McAfee and Synantec leading the claim to need hooking
both open the systems to attack since they do not do that good a job on
system call validation. I notice that Anton did not bring up his old
argument of Kaspersky AV, probably because Kaspersky has publicly come out
in favoe of PatchGuard.

As far as the claim of undocumented API's as bad, sorry until the open
source movement almost every OS in the world had them. In a previous job,
I spent a ton of time dealing with contracts to get access to undocumented
API's and file formats from companies like IBM and HP. Note: all of these
contracts had a clause that said they would sue your ass off if you either
disclosed the material, or used any API's not in a specific list even
though the include files you got with the contract has additional API's.

It is obvious the OP is one of those who believes Microsoft is evil no
matter what. In the past it was "Microsoft is evil since it doesn't secure
the OS from spyware", now it is evil since "Microsoft has secured the OS
making it harder for me to hack"


--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply


"David J. Craig" <Dave@xxxxxxxxxxxxx> wrote in message
news:eyIVPe07GHA.4552@xxxxxxxxxxxxxxxxxxxxxxx
Look at this: http://WindowsSecrets.com/comp/061012

PatchGuard is a very good idea, but when Microsoft keeps the
methodologies secret to enable protection of a system, it does make it
difficult for anyone to provide good security products. Just program
execution is very difficult to protect with the documented interfaces.
Yes, you can see all file opens with a minifilter, but I can think of
ways to load many DLLs into a single process using documented interfaces
and have them together produce undesirable results.

If someone can get a kernel mode driver loaded on a system, I don't think
it is possible to protect the system. Another issue coming up is the new
hardware VM support that permits someone to wrap an executing OS within a
box so that it has no control over the hardware anymore.

"Don Burn" <burn@xxxxxxxxxxxxxxxx> wrote in message
news:uQuguay7GHA.4568@xxxxxxxxxxxxxxxxxxxxxxx
It is a good thing, since it forces people to develop properly and not
use kludgy hooking, which exposes the system to threats. For any decent
developer it will not impact them at all.


--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply



"smerf" <smerf@xxxxxxxxxx> wrote in message
news:NiUXg.10022$nn6.4289@xxxxxxxxxxxxxxxxxxxxxxxxx
How will Vista's PatchGurad change the ability of coders to extend the
OS?







.

Relevant Pages

  • Re: Slow System - Help Appreciated
    ... Microsoft has these suggestions for Protecting your computer from the ... applications you can use to protect yourself. ... using Windows XP "prettifications". ... Why you should use a computer firewall.. ...
    (microsoft.public.windowsxp.newusers)
  • security downloads
    ... Dear Valued Microsoft Customer, ... released Microsoft Security Bulletin MS03-039 today, ... Internet Connection Firewall in Windows XP. ... Antivirus software programs will help protect your systems ...
    (microsoft.public.security)
  • Paul Daniels makes a very valid comment about micro$oft
    ... by the companies that protect and 'cure' them.... ... COMPUTER TIPS - Live OneCare for Windows XP ... Because it's made by Microsoft, the same people that make the Windows XP ...
    (uk.politics.misc)
  • Re: protecting computer
    ... > are 3 steps to protect our computer. ... Microsoft gives you the base guidelines. ... disable your Windows Messenger service. ... by the normal home user and in cooperation with a good firewall, ...
    (microsoft.public.security)
  • Re: register
    ... Microsoft MVP- Windows Shell/User ... Folder customizations ... >> Microsoft MVP- Windows Shell/User ... >> Protect your PC! ...
    (microsoft.public.windowsxp.customize)