, SecurityFocus 2007-01-29
Microsoft launched its latest operating system--Windows Vista--on Monday, a move that will make finding easily exploitable vulnerabilities a lot harder, according to security researchers.
Expand all |
Post comment
She cares a lot of detection, but misses a simple things happening already. Malware writers switch to "hookless" technique as well. Actually, we face absolutelly the same problem: difficulty to distinguishing between malware and legal code.
That is inherent problem and PatchGuard for sure does help here. A farther simple analysis leads to conclusion that PatchGuard is basically useless from security point of view, and rather introduces more hassle for both: users and security vendors. Just one example:
Q: What happens if PatchGuard worked as advertised and detects kernel modification?
A: It crashes the system with blue screen, which for most normal users will mean - a complete re-install.
Really "intelligent" behaviour, which would be appreciated by many users I guess. I hardly can imagine that current security vendors could survive with such awkward "security measures".
But Microsoft is special... short answer it is not a security measure at all.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/11439/34306#34306