funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Vendor Bypasses Microsoft's Vista PatchGuard

From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Wed, 25 Oct 2006 15:58:00 -0400
On 10/25/06, Blue Boar <BlueBoar () thievco com> wrote:

Dude VanWinkle wrote:
> How come sophos isnt concerned about not having access to the kernel?

It appears that their product doesn't rely on kernel hooks, and so they
are capitalizing on that for their marketing.  Symantec broken?  No
problem!  Just buy our stuff instead...

Based on Sophos' description, they do static analysis at load time for
their hips functionality.
http://www.sophos.com/pressoffice/news/articles/2006/10/sophos-vista.html


Sounds to me like Sophos has a point, even if its made for marketing
purposes. Patchguard, while not stopping the most wily attackers,
would stop the rootkits that are available today from being a valid
payload.

Isnt that worth something?

-JP
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: