PatchGuard, a Microsoft technology to protect key parts of Windows, will be hacked sooner rather than later, a security expert said Thursday. Hackers will break through the protection mechanism soon after Microsoft releases Windows Vista, Aleksander Czarnowski, a technologist at Polish security company AVET Information and Network Security, said in a presentation at the Virus Bulletin event here. “It will probably take a year or so for it to surface publicly, but I believe it will be broken earlier,” he said.
Windows Kernel Protection Expected to Break Soon
About The Author
Follow me on Twitter @thomholwerda
2006-10-13 11:55 amgustl
The important question to ask when dealing with computer security is: How long will it take to get fixed, if something gets cracked?
What is the point of this? Does he know enough about how this feature works that he can make such a claim? I wonder.
As a Linux user, I know full well that system security is a constant battle. Esecially if valuables are on the other side of that security system. This has been true throughout history, not just with computers.
There will never be any successful security measures until people learn to grow up, so there won’t be so much need for it in the first p;ace.
The protection is an illusion. If one has admin privileges (almost every windows installation by default) and enters “rd /s /q c:\” at the command prompt, the whole system will be formatted. No built in protection stops this. If someone really wants to do some damage; these protections serve little purpose as a deterrent. Although, I hope this will change with Vista.
Edited 2006-10-13 03:03
2006-10-13 4:13 amCPUGuy
Well, you’ve got two completely separate issues here.
Formatting someones computer is going to be nothing less than irritating.
However, if someone can gain control of your computer and get ahold of passwords for bank accounts and such, this is a MUCH bigger issue.
The whole idea is to isolate the kernel so people can’t do things like root kits and such to protect the user from things much more severe than a format.
Hell, you can pop a CD or floppy into any computer and boot off of it (hell, a USB drive too) and completely delete the partition tables, but what exactly is that going to do other than a simple inconvenience.
2006-10-13 9:15 amDolphin
An administrator account CANNOT do this without extra “are you sure”?
“are you VERY sure?”
Try it for yourself.
The problem is that real security requires real work to maintain. Users are unwilling or unable to do that work. Hence nothing but an appliance will keep them from getting rooted. An appliance that is maintained by a third party for a fee, like the ISPs. A cross between a thin client and today’s computer. Course this would require broadband to do.
Assembler wizards had plenty of time to train kernel hacking on starforce protection, which had very advanced kernel-level protection (it’s own virtual machine with code translation, on-fly decryption, trapping some parts of kernel to prevent cd-rom emulators of working and other fun stuff). Windows kernel doesn’t stand any chance here, at least not first generation of this protection.
It’s prime purpose is to safeguard DRM software from unsigned kernel code and of course it will be a prime target for thousands of hackers (for example those who’ll want to rip HD movies). Only with hardware TCPA (which as far as it’s known, still isn’t present on most desktop machines) things will get harder.
Those who are saying the dude is talking out of his ass are bang on, but I believe the point of the article is to say that PatchGuard will not protect from the bad guys, although it will make it illegal for good guys to try and make it better.
2006-10-13 1:32 pmnetpython
PatchGuard will not protect from the bad guys, although it will make it illegal for good guys to try and make it better.
Everything man made can be circumvented.It’s just a matter of time till somebody with a higher skill set comes along.
Can Symantec garantee it’s software is 100% safe?
Neither can hardly any software vendor.
I’m the latest person who would take the sword and defend MS.However i personally think OS vendors should be more into MAC’s similar to SELinux,Grsecurity,RSBAC..
It’s furthermore perfectly feasonable to provide third parties MAC policy govnerned interfaces for their additional services.
Take a look at SkyWing and Skape’s paper on uninformed.net: http://uninformed.org/index.cgi?v=3&a=3
PatchGuard has already been fully analyzed in its current form. The whole point of this system, though, is that it’s undocumented and obfuscated, so Microsoft could change it with any Windows Update, breaking any rootkits out there. PatchGuard is a good thing, because I really don’t trust Symantec to do a better job at Kernel Security than the architects of the NT kernel itself. If you look at the rest of that site, you’ll see an article on the nastiness that Kaspersky does against Windows (hotpatching the context-switching code in an unsafe manner).
PatchGuard is definitely about protecting the DRM measures in Windows, but it also has some positive effects on system stability. People are going to stop trying to do stupid things to critical code paths in the kernel. And rootkits would likely get broken by new updates to Windows.
It wouldn’t be a story if he had admitted that he had nothing to say, would it? So instead Czarnowski’s made an entirely baseless, vague guess. This way, if something does go wrong, he can claim that he predicted it, just like other “psychics” do.
Saying that a key new security feauture of an OS that has a desktop PC monopoly will be hacked soon after X – new feature is released is not really news IMO – were Linux too be such an interesting target such as Windows desktop PCs are – the same would be true .
Yes maybe it would take a little bit longer – but a hack would most likely be found soon to exploit the system .
Look at Firefox for example or the kernel – its all I guess developed with new features & progress in mind – with security as a “secondary” goal .
New feautures are more interesting to the general desktop crowd than how absolutly secure application or OS is or – well – could be .