funsec mailing list archives
Re: Security Vendor Bypasses Microsoft's Vista PatchGuard
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Wed, 25 Oct 2006 13:08:58 -0400
On 10/25/06, Blue Boar <BlueBoar () thievco com> wrote:
Dude VanWinkle wrote: > Err, this was a security company, not necessarily "the bad guys", but > I get your point, i think.. correct me if I am wrong, but here is this > issue: No, these bad guys are unspecified bad guys. > > The bad guys will always be able to find another hole. It doesnt > matter to them if the hole is later patched, as they only need their > software to install once. They don't care if they just rendered your copy of Vista unstable, unsupported, or break random things. > > AV and other security vendors will have to either: find several > security holes that allow you to inject code into the kernel, not > report them to MS, and then switch to one of the other hypothetical > unreported method to load into ring0 as MS finds and patches the > holes; or just hope that MS doesnt have any flaws in the patchguard > technology, right? If the security vendor decides to go that route, then they run the risk of Microsoft refusing to support Vista if your software is installed, and Microsoft might "randomly fix" your method of running in the kernel. Plus, by going the undocumented route, they probably do cause some stability problems, but maybe no worse than what they do now.
How come sophos isnt concerned about not having access to the kernel? -JP _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Security Vendor Bypasses Microsoft's Vista PatchGuard Fergie (Oct 24)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 24)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Dude VanWinkle (Oct 24)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 24)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Valdis . Kletnieks (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Dude VanWinkle (Oct 25)
- RE: Security Vendor Bypasses Microsoft's Vista PatchGuard Larry Seltzer (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard John LaCour (Oct 25)
- RE: Security Vendor Bypasses Microsoft's Vista PatchGuard Larry Seltzer (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Dude VanWinkle (Oct 24)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Drsolly (Oct 25)
- RE: Security Vendor Bypasses Microsoft's Vista PatchGuard Larry Seltzer (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 24)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Dude VanWinkle (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)