funsec mailing list archives
Re: Security Vendor Bypasses Microsoft's Vista PatchGuard
From: "Fergie" <fergdawg () netzero net>
Date: Wed, 25 Oct 2006 20:15:22 GMT
Well, here's the latest, via eWeek. [snip] Microsoft officials say they are unhappy that security software maker Authentium has decided to bypass the controversial PatchGuard kernel protection feature in its next-generation Vista operating system, and said that the tactic could lead to eventual problems for users of the company's software. Responding to Authentium's move to circumvent PatchGuard in its products, company officials said that the decision to hack the feature could prove unwise for the security vendor as Microsoft will work to close off any flaws that allow unauthorized kernel interaction, making technologies dependent on such access obsolete. As a result, users of applications that circumvent PatchGuard could find themselves unprotected from attack, or dealing with other problems driven by a lack of authorized integration between Vista and those products. [snip] More: http://www.eweek.com/article2/0,1759,2037052,00.asp - ferg -- "Dude VanWinkle" <dudevanwinkle () gmail com> wrote: On 10/25/06, Blue Boar <BlueBoar () thievco com> wrote:
Dude VanWinkle wrote:How come sophos isnt concerned about not having access to the kernel?It appears that their product doesn't rely on kernel hooks, and so they are capitalizing on that for their marketing. Symantec broken? No problem! Just buy our stuff instead... Based on Sophos' description, they do static analysis at load time for their hips functionality. http://www.sophos.com/pressoffice/news/articles/2006/10/sophos-vista.html
Sounds to me like Sophos has a point, even if its made for marketing purposes. Patchguard, while not stopping the most wily attackers, would stop the rootkits that are available today from being a valid payload. Isnt that worth something? -JP -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard, (continued)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Drsolly (Oct 25)
- RE: Security Vendor Bypasses Microsoft's Vista PatchGuard Larry Seltzer (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Dude VanWinkle (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Nick FitzGerald (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Dude VanWinkle (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Nick FitzGerald (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Ron Bowes (Oct 25)