PatchGuard, a Microsoft technology to protect key parts of Windows, will be hacked sooner rather than later, a security expert said Thursday. Hackers will break through the protection mechanism soon after Microsoft releases Windows Vista, Aleksander Czarnowski, a technologist at Polish security company AVET Information and Network Security, said in a presentation at the Virus Bulletin event here. "It will probably take a year or so for it to surface publicly, but I believe it will be broken earlier," he said.
Post a Comment
Member since:
2005-07-06
Member since:
2005-08-13
Saying that a key new security feauture of an OS that has a desktop PC monopoly will be hacked soon after X - new feature is released is not really news IMO - were Linux too be such an interesting target such as Windows desktop PCs are - the same would be true .
Yes maybe it would take a little bit longer - but a hack would most likely be found soon to exploit the system .
Look at Firefox for example or the kernel - its all I guess developed with new features & progress in mind - with security as a "secondary" goal .
New feautures are more interesting to the general desktop crowd than how absolutly secure application or OS is or - well - could be .
Member since:2006-01-19
Member since:
2006-05-24
What is the point of this? Does he know enough about how this feature works that he can make such a claim? I wonder.
As a Linux user, I know full well that system security is a constant battle. Esecially if valuables are on the other side of that security system. This has been true throughout history, not just with computers.
There will never be any successful security measures until people learn to grow up, so there won't be so much need for it in the first p;ace.
Member since:
2005-07-09
The protection is an illusion. If one has admin privileges (almost every windows installation by default) and enters "rd /s /q c:\" at the command prompt, the whole system will be formatted. No built in protection stops this. If someone really wants to do some damage; these protections serve little purpose as a deterrent. Although, I hope this will change with Vista.
Edited 2006-10-13 03:03
Member since:2005-07-06
Well, you've got two completely separate issues here.
Formatting someones computer is going to be nothing less than irritating.
However, if someone can gain control of your computer and get ahold of passwords for bank accounts and such, this is a MUCH bigger issue.
The whole idea is to isolate the kernel so people can't do things like root kits and such to protect the user from things much more severe than a format.
Hell, you can pop a CD or floppy into any computer and boot off of it (hell, a USB drive too) and completely delete the partition tables, but what exactly is that going to do other than a simple inconvenience.
Member since:2006-05-01
Member since:
2006-01-14
The problem is that real security requires real work to maintain. Users are unwilling or unable to do that work. Hence nothing but an appliance will keep them from getting rooted. An appliance that is maintained by a third party for a fee, like the ISPs. A cross between a thin client and today's computer. Course this would require broadband to do.
Member since:
2006-01-17
Assembler wizards had plenty of time to train kernel hacking on starforce protection, which had very advanced kernel-level protection (it's own virtual machine with code translation, on-fly decryption, trapping some parts of kernel to prevent cd-rom emulators of working and other fun stuff). Windows kernel doesn't stand any chance here, at least not first generation of this protection.
It's prime purpose is to safeguard DRM software from unsigned kernel code and of course it will be a prime target for thousands of hackers (for example those who'll want to rip HD movies). Only with hardware TCPA (which as far as it's known, still isn't present on most desktop machines) things will get harder.
Member since:
2006-02-05
Member since:2005-07-06
PatchGuard will not protect from the bad guys, although it will make it illegal for good guys to try and make it better.
Everything man made can be circumvented.It's just a matter of time till somebody with a higher skill set comes along.
Can Symantec garantee it's software is 100% safe?
Neither can hardly any software vendor.
I'm the latest person who would take the sword and defend MS.However i personally think OS vendors should be more into MAC's similar to SELinux,Grsecurity,RSBAC..
It's furthermore perfectly feasonable to provide third parties MAC policy govnerned interfaces for their additional services.
Member since:
2006-01-02
Take a look at SkyWing and Skape's paper on uninformed.net: http://uninformed.org/index.cgi?v=3&a=3
PatchGuard has already been fully analyzed in its current form. The whole point of this system, though, is that it's undocumented and obfuscated, so Microsoft could change it with any Windows Update, breaking any rootkits out there. PatchGuard is a good thing, because I really don't trust Symantec to do a better job at Kernel Security than the architects of the NT kernel itself. If you look at the rest of that site, you'll see an article on the nastiness that Kaspersky does against Windows (hotpatching the context-switching code in an unsafe manner).
PatchGuard is definitely about protecting the DRM measures in Windows, but it also has some positive effects on system stability. People are going to stop trying to do stupid things to critical code paths in the kernel. And rootkits would likely get broken by new updates to Windows.
