Author Topic: Vista and security  (Read 9529 times)

0 Members and 1 Guest are viewing this topic.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48465
  • 63 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Vista and security
« Reply #15 on: October 17, 2006, 06:42:03 PM »
Microsoft's contention is simple if you let them in, the crooks are sure to follow.
Exploits are cause by a breach of the OS.
If the dam has no holes, why do they want Microsoft to drill some?
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Vista and security
« Reply #16 on: October 17, 2006, 06:50:57 PM »
Heaven forbid that the bad guys might find some holes in Vista!!

http://www.eweek.com/article2/0,1895,2029031,00.asp
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88771
  • No support PMs thanks
Re: Vista and security
« Reply #17 on: October 17, 2006, 06:52:17 PM »
My contentions is that the people who don't play by the rules and couldn't give a stuff about breaking the system will try and may get in. There are probably many undocumented holes just waiting to be discovered, sorry but MS has form in this area.

Those wanting to have authorised access as partners in security won't want to break the system and do play by the rules and do give a stuff would be fighting with one arm behind their backs.

Microsoft has already drilled a hole by having the PatchGuard, which like WGA will have people trying to crack it once cracked it is not a drill hole but a gaping hole.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Vista and security
« Reply #18 on: October 17, 2006, 07:08:09 PM »
More from Symantec's Rowan Trollope on the Sunbelt Blog today:

Quote
Next, can Symantec get around Patchguard?  Of course we can, in fact we have already published a whitepaper on the subject.  Here is the problem: Microsoft has told us that IF we put in code to circumvent Patchguard, they will release a patch which will go out through Windows Update which will cause our workaround to bluescreen the computer.

We of course cannot pursue a path when Microsoft tells us that they will bluescreen our customers machines.  Hackers on the other hand have no such issues.  Once they workaround patchguard (which they already have), they don’t really care if the system becomes unstable or bluescreens or anything else.  So in fact Patchguard works in favor of hackers in this case.

http://sunbeltblog.blogspot.com/2006/10/why-microsoft-patchguard-apis-arent.html

It looks like Alex Eckelberry isn't going to "stop complaining" anytime soon either:

Quote
Folks, this is a real issue.  Microsoft has created a PR coup by “agreeing” to give APIs to security companies.  It’s a red herring.

The security industry needs full access to the kernel.  Period.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48465
  • 63 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Vista and security
« Reply #19 on: October 18, 2006, 12:27:54 AM »
More from Symantec's Rowan Trollope on the Sunbelt Blog today:

Quote
Next, can Symantec get around Patchguard?  Of course we can, in fact we have already published a whitepaper on the subject.  Here is the problem: Microsoft has told us that IF we put in code to circumvent Patchguard, they will release a patch which will go out through Windows Update which will cause our workaround to bluescreen the computer.

We of course cannot pursue a path when Microsoft tells us that they will bluescreen our customers machines.  Hackers on the other hand have no such issues.  Once they workaround patchguard (which they already have), they don’t really care if the system becomes unstable or bluescreens or anything else.  So in fact Patchguard works in favor of hackers in this case.

http://sunbeltblog.blogspot.com/2006/10/why-microsoft-patchguard-apis-arent.html



It looks like Alex Eckelberry isn't going to "stop complaining" anytime soon either:

Quote
Folks, this is a real issue.  Microsoft has created a PR coup by “agreeing” to give APIs to security companies.  It’s a red herring.

The security industry needs full access to the kernel.  Period.

When all else fails, use the Media to get your way. They should hire a few politicians since they're the experts in this tactic.  ;D
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48465
  • 63 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Vista and security
« Reply #20 on: October 18, 2006, 09:16:59 PM »
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33871
  • malware fighter
Re: Vista and security
« Reply #21 on: October 19, 2006, 08:05:24 AM »
Hi bob3160,

If you are in support of certain schemes, you can also become a victim of certain schemes. If you support a system that there is "no tinkering allowed with", and you still want the right to "tinker with it", you cannot have it "two ways". Furthermore the system of "corporational monopolism" does not equal "free trade and free culture", MacAfee should have realised that before. What is on 90% of computers is stronger.
By the way I think PatchGuard is only safe for one year for the "high end circumventors".

polonus
« Last Edit: October 19, 2006, 08:07:24 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Vista and security
« Reply #22 on: October 21, 2006, 12:37:46 PM »
Sophos: Microsoft Doesn't Need to Open Up PatchGuard

Quote
"Two of our largest competitors, McAfee and Symantec - which clearly have anti-virus products that compare to Sophos - have publicly complained that being locked out of the Vista kernel somehow prevents them from being able to innovate," O'Brien noted.

"I would say that the opposite is really true: that by not focusing on having Microsoft provide us with the means to access the kernel, and in fact using the APIs that have [already] been provided by Microsoft, we are not experiencing any problems with PatchGuard for our latest HIPS technology, Sophos Anti-Virus, or any of the other aspects of our security offering for either 32-bit or 64-bit versions of Windows Vista."

Quote
As O'Brien explained, his company's "behavioral genotyping" -- while it might sound like the worst techno-babble from straight out of Star Trek -- does not need to hook into the API calls. Instead, it evaluates code before it is executed, and if the code "matches the genotype," then it never gets executed. His comments are consistent with those he made last month to BetaNews, when Symantec first raised objections before the European Commission about Microsoft's planned deployment of PatchGuard.

http://www.betanews.com/article/Sophos_Microsoft_Doesnt_Need_to_Open_Up_PatchGuard/1161379239

In the comments section, klavc makes an interesting point:

Quote
The above technology represented by Sophos (Behavioral Genotype) has actually nothing to do wit the standard HIPS technologies that McAfee and Symantec are fighting for. From the description on the Sophos page it is clear that this Sophos technology is actually what is more known today as advance heuristics (heuristics in virtual environment, sandbox, emulation,...). Indeed it might use some "intelligence" from HIPS like systems but in reality this simple can not be compared to standard HIPS. It is more in the league of NOD32 ThreatSense, bitdefender B-HAVE, F-prot 4 !Maximus, Norman Sandbox,...

I am not saying that this technology from Sophos is bad or good (from its abilities to protect from unknown malware), I simple would like to say that IMO this comments from Sophos are totally on the wrong place and have nothing to do with this issue. Symantec and McAfee also have their heuristics and signature based detection technologies that work just fine in Vista 64.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48465
  • 63 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Vista and security
« Reply #23 on: October 21, 2006, 03:14:21 PM »
FWF,
I actually found the last statement the most interesting:
Quote
"It is somewhat counter-intuitive for me to be critical of a competitor," he continued. "However, in this particular instance, I would encourage enterprise-level customers to ask whether or not their security vendor is prepared to offer a security solution that is compatible with Windows Vista 64-bit. And if the answer is no, then I, as a customer, would ask why. And if the reason is because, 'We haven't worked with Microsoft in order to achieve that goal,' then my next question would be, 'Why not?"'

The complaints by Symantec and McAfee almost remind me of AOL's complaints about MS during the anti-trust hearings.
Complain , complain, maybe it will make people overlook their faults.  ???
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet