[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: Re: Keylogers
From: Mike Acker <Mike_Acker () charter ! net>
Date: 2011-04-29 13:08:50
Message-ID: 4DBAB862.4020802 () charter ! net
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
[Attachment #4 (multipart/alternative)]
On 14:59, MichaelQuigley@TheWay.Org wrote:
> "In a properly secured O/S an application program can't do any damage"
>
> No damage, yes. *But additional alterations can happen*. Software
> installations alter the base O/S--especially the Windows registry.
> Keep in mind things such as Anti-virus software need to put in hooks
> to intercept normal/original processing to test files/programs.
>
> I've wondered how this same subject works with application whitelisting.
>
> Also, I believe device drivers still run in RING0 on Windows.
> Although I haven't heard/checked whether that's still true in Windows 7.
yep. when i was working OS/MVT I used to hate people who wanted to
install an SVC.
and so it is with Win7: if your app needs to modify the O/S then your
app has to be vetted just as though it was the O/S. because when it
"hooks in" -- it has to be treated that way.
obviously you would not want to allow any and every app program to do
that... if you did you'd have a mess on your hands. Don't we?
I have always felt the registry should be for the O/S use only. App
Programs should use their own .ini files.
one of the things we have failed to recognize is that the computers for
hobbyists, experimenters et al are different from the computers for
commercial/network/business applications.
--
/MIKE
[Attachment #7 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 14:59, <a class="moz-txt-link-abbreviated" \
href="mailto:MichaelQuigley@TheWay.Org">MichaelQuigley@TheWay.Org</a> wrote: \
<blockquote cite="mid:%3COFA1BFDA3E.2B301879-ON85257880.00636923-85257880.00658461@TheWay.ORG%3E"
type="cite"><big><font size="2"><big>"In a properly secured O/S an
application program
can't do any damage"</big></font>
<br>
<br>
<font size="2"><big>No damage, yes. <b>But additional
alterations can happen</b>. Software installations alter
the base O/S--especially
the Windows registry. Keep in mind things such as
Anti-virus software
need to put in hooks to intercept normal/original processing
to test files/programs.</big></font>
<br>
<br>
<font size="2"><big>I've wondered how this same subject
works with application whitelisting.</big></font>
<br>
<br>
<font size="2"><big>Also, I believe device drivers still
run in RING0 on Windows. Although I haven't heard/checked
whether
that's still true in Windows 7.</big></font></big></blockquote>
<br>
yep. when i was working OS/MVT I used to hate people who wanted to
install an SVC. <br>
<br>
and so it is with Win7: if your app needs to modify the O/S then
your app has to be vetted just as though it was the O/S. because
when it "hooks in" -- it has to be treated that way.<br>
<br>
obviously you would not want to allow any and every app program to
do that... if you did you'd have a mess on your hands. Don't we?<br>
<br>
I have always felt the registry should be for the O/S use only. App
Programs should use their own .ini files.<br>
<br>
one of the things we have failed to recognize is that the computers
for hobbyists, experimenters et al are different from the computers
for commercial/network/business applications.<br>
<pre class="moz-signature" cols="72">--
/MIKE</pre>
</body>
</html>
["signature.asc" (application/pgp-signature)]
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic