IE7 Blogs
Sunday 13th August, 2006 21:24 Comments: 0
I was reading one of the IE7 developers' blog and spotted this post about the City Inn Westminster: "the network tap on the desk in my hotel room was marked simply with an IE logo". I love that hotel, their internet access is good, and included with the room - you can even use it down in the lobby (they do wireless) while killing time to catch a taxi.
His blog also links to this cool quiz, how evil are you?
And, finally, I spotted a nice article in a MS developer's blog about the new WIndows kernel:
Impacts on Application Compatibility
Kernel Patch Protection may impact compatibility of some legitimate software, on x64 systems, which were built using unsupported kernel patching techniques. Microsoft is sensitive to how application compatibility changes impact our customers and our partners. That is the reason that we have implemented this technology on x64 systems only. As customers adopt the x64 platform, and new native 64-bit software, we have the opportunity to build a more secure and reliable next generation platform that does not facilitate unsupported and unreliable practices such as kernel patching.
We have also been asked to provide a supported way for 'known good' vendors to continue hooking the kernel but prevent others from doing so. Unfortunately, there is no reliable mechanism for us to distinguish between 'known good' software and malicious software. Moreover, we cannot prevent a malicious software author from "bundling" purportedly good software in an attempt to thwart the system. Even if we could include such a mechanism, it's unclear if we could use this mechanism to selectively allow kernel hooking in a manner that provides an acceptable trade off between performance and reliability and security. Furthermore, creating such an exception would greatly hamper the ability to utilize hardware assisted security technology, such as a virtual machine hypervisor, to further improve the integrity of the operating system.
Alternatives to Kernel Patching
Clearly, customers demand effective security solutions, and they can be developed without relying on kernel patching techniques. Some of the alternatives to kernel patching are:
1) Windows Vista includes the "Windows Filtering Platform", which enables software to perform network oriented activities such as packet inspection and other activities necessary to support firewall products.
2) The file system mini filter model allows software to participate in file system activities, which can be used by Anti-Virus software.
3) Registry notification hooks, introduced in Windows 2000, and recently enhanced in Windows Vista, allow software to participate in registry related activities in the system.
His blog also links to this cool quiz, how evil are you?
And, finally, I spotted a nice article in a MS developer's blog about the new WIndows kernel:
Impacts on Application Compatibility
Kernel Patch Protection may impact compatibility of some legitimate software, on x64 systems, which were built using unsupported kernel patching techniques. Microsoft is sensitive to how application compatibility changes impact our customers and our partners. That is the reason that we have implemented this technology on x64 systems only. As customers adopt the x64 platform, and new native 64-bit software, we have the opportunity to build a more secure and reliable next generation platform that does not facilitate unsupported and unreliable practices such as kernel patching.
We have also been asked to provide a supported way for 'known good' vendors to continue hooking the kernel but prevent others from doing so. Unfortunately, there is no reliable mechanism for us to distinguish between 'known good' software and malicious software. Moreover, we cannot prevent a malicious software author from "bundling" purportedly good software in an attempt to thwart the system. Even if we could include such a mechanism, it's unclear if we could use this mechanism to selectively allow kernel hooking in a manner that provides an acceptable trade off between performance and reliability and security. Furthermore, creating such an exception would greatly hamper the ability to utilize hardware assisted security technology, such as a virtual machine hypervisor, to further improve the integrity of the operating system.
Alternatives to Kernel Patching
Clearly, customers demand effective security solutions, and they can be developed without relying on kernel patching techniques. Some of the alternatives to kernel patching are:
1) Windows Vista includes the "Windows Filtering Platform", which enables software to perform network oriented activities such as packet inspection and other activities necessary to support firewall products.
2) The file system mini filter model allows software to participate in file system activities, which can be used by Anti-Virus software.
3) Registry notification hooks, introduced in Windows 2000, and recently enhanced in Windows Vista, allow software to participate in registry related activities in the system.