Re: [Possible Spam] Re: New Internet for Security

[Valdis Kletnieks <Valdis.Kletnieks () VT EDU>]

On Tue, 17 Feb 2009 13:08:45 EST, Dennis Meharchand said:
> For patch upgrades our chip can be put into an update mode where changes
> (patches) are kept allowing the changes to be tested. Changes are actually
> kept on a Change area of the hard disk drive - not immediately written into
> the secure area. If all is well the changes can be permanently applied into
> the secure area (Backed Up).

Which doesn't stop a miscreant from saying "I'm Administrator, I'm applying
these changes, I'm approving these changes onto the secured area. KTHXBY."

Phrased differently, how does your chip know it's talking to a *real*
Administrator running with associated privs, as opposed to a subverted process
that happens to be running with the same privs?  (Note well that it could
very well be *the same process* - the first time around a browser hitting
windowsupdate.microsoft.com for legitimate patches, the second time around
the *same* instance of the browser, but now being hijacked by a drive-by
download).

Attachment: _bin
Description: