funsec mailing list archives
Re: Security Vendor Bypasses Microsoft's Vista PatchGuard
From: Blue Boar <BlueBoar () thievco com>
Date: Tue, 24 Oct 2006 22:44:05 -0700
Dude VanWinkle wrote:
Err, this was a security company, not necessarily "the bad guys", but I get your point, i think.. correct me if I am wrong, but here is this issue:
No, these bad guys are unspecified bad guys.
The bad guys will always be able to find another hole. It doesnt matter to them if the hole is later patched, as they only need their software to install once.
They don't care if they just rendered your copy of Vista unstable, unsupported, or break random things.
AV and other security vendors will have to either: find several security holes that allow you to inject code into the kernel, not report them to MS, and then switch to one of the other hypothetical unreported method to load into ring0 as MS finds and patches the holes; or just hope that MS doesnt have any flaws in the patchguard technology, right?
If the security vendor decides to go that route, then they run the risk of Microsoft refusing to support Vista if your software is installed, and Microsoft might "randomly fix" your method of running in the kernel. Plus, by going the undocumented route, they probably do cause some stability problems, but maybe no worse than what they do now.
BB _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Security Vendor Bypasses Microsoft's Vista PatchGuard Fergie (Oct 24)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 24)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Dude VanWinkle (Oct 24)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 24)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Valdis . Kletnieks (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Dude VanWinkle (Oct 25)
- RE: Security Vendor Bypasses Microsoft's Vista PatchGuard Larry Seltzer (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard John LaCour (Oct 25)
- RE: Security Vendor Bypasses Microsoft's Vista PatchGuard Larry Seltzer (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Dude VanWinkle (Oct 24)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Drsolly (Oct 25)
- RE: Security Vendor Bypasses Microsoft's Vista PatchGuard Larry Seltzer (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 24)