|
|
|
Assessment of Vista Kernel Mode Security |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : The Windows Vista operating system launches one of the most aggressive assaults on kernel mode security threats seen to date even when compared to those capabilities seen in Mac OS X, Linux, and many UNIX variants. Microsoft is using a number of new security technologies in order to accomplish this Driver signing mandating digital signatures on all drivers PatchGuard protecting key kernel data structures on 64-bit Windows Kernel-mode code integrity checks validating kernel component hashes Optional support for Secure Bootup using a TPM hardware chip Access to Device PhysicalMemory blocked from user-mode Our new paper, Windows Vista Kernel Mode Security takes a detailed look at the Vista boot process and these new security technologies. It also discusses techniques by which driver signing and PatchGuard can be subverted by an attacker and disabled within Windows Vista. Microsoft s motivation in protecting the Vista kernel is twofold. The first and most obvious reason is one of security. Kernel mode threats such as Rootkits and malicious drivers have become commonplace and eradicating this risk is certainly in everyone s best interest. The second motivation, which may not be as apparent as of yet, is one of digital rights management DRM . In order to create a protected path between DRM components and the system hardware, it is vital that no malicious code be allowed to insert itself within the media path lest it intercept protected content. This is apparent as Microsoft is positioning Vista as a safe platform for the delivery of protected media content. In order to accomplish this, Microsoft has implemented many characteristics of the original Palladium model now known as NGSCB that has received a significant amount of criticism over the past several years. While this is a noble effort, these new security technologies have a serious side effect. This side effect is that nobody, with the exception of Microsoft, can make changes to certain components of the Windows kernel. The PatchGuard functionality restricts any software that may be attempting to make extensions to the Vista kernel even those attempting to do so for legitimate reasons . This includes techniques that are commonplace today such as system service dispatch table SSDT hooking and interrupt dispatch table IDT hooking to name a few. Another disturbing side effect of this technology is that while legitimate security vendors can no longer make extensions to the Vista kernel any attempt to circumvent these security features may only work temporarily , researchers and attackers can, and have, already found ways to disable and work around PatchGuard. These new technologies, along with Microsoft s unwillingness to make compromises in this area have serious implications for the security industry as a whole. If Microsoft wants to make Vista more secure, it should provide equal access to the platform that its own developers have to ensure that security vendors can continue to innovate on the platform, and to ensure that consumers and OEMs can continue to choose the best security solutions for the platform. This has always been the case with prior operating systems. If security vendors don t have access to the platform kernel, it cuts down on our ability to innovate and create compatible solutions. As a result, customers around the world will lose their ability to choose what security solutions they would like to run on their operating systems, and be forced to use only those solutions offered or allowed by Microsoft. A lack of choice for customers prevents them from having the widest variety of options for security solutions to quickly address a constantly evolving landscape of security threats. In the end, a less secure Internet will result and both consumers and enterprises will find themselves more vulnerable to cyber attack.
Les mots clés de la revue de presse pour cet article : vista kernel security
Les videos sur SecuObs pour les mots clés : vista kernel security
Les mots clés pour les articles publiés sur SecuObs : vista security
Les éléments de la revue Twitter pour les mots clé : vista kernel security
Les derniers articles du site "Symantec Connect Security Response Billets" :
- What you need to know about election apps and your personal data
- Microsoft Patch Tuesday April 2016
- New Adobe Flash Player exploit used by Magnitude and Nuclear exploit kits
- Latest Intelligence for March 2016
- New Flash zero-day exploited by attackers in the wild
- Samsam may signal a new trend of targeted ransomware
- Four tax scams to watch out for this tax season
- Most prevalent Android ransomware in the West arrives in Japan
- Taiwan targeted with new cyberespionage back door Trojan
- Seven Iranians charged in relation to cyberattacks against US
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
