|
Posted by BC on October 2, 2006, 7:56 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Sebastian Gottschalk wrote:
> BC wrote:
>
> > Symantec and McAfee are complaining about being
> > locked out of certain kernel processes in the new
> > upcoming version of Windows, Vista:
> > http://technology.guardian.co.uk/weekly/story/0,,1882019,00.html
> > http://macdailynews.com/index.php/weblog/comments/11096
> >
> > What I'm wondering about is that if Microsoft is going
> > to keep such key info about Vista to itself, and if
> > Symantec and McAfee are correct in that this at the
> > least limits their security products, then how will it be
> > possible to determine how secure a Vista workstation
> > will be in a sensitive environment?
>
> Not at all. Trivial steps for an evil guy:
>
> 1. call VeriSign via anonymous telephone
> 2. claim that you're a big company and that you need a cert signed
> 3. send it in via anonymous email, get the signature mailed back via
> anonymous email
> 4. sign your malware
> 5. infect some Vista boxes by catching idiots who're using IE on the
> internet
> 6. install the malware, load the rootkit
> 7. Congratulations, you got a botnet.
> 8. ...
> 9. PROFIT!!!
>
> > Hope that your firewall product will detect anomalous network behavior
>
> Hope that yours doesn't.
>
> > but then how would
> > you determine if a certain PC was causing it if you can't
> > scan it thoroughly with tried and true products?
>
> Wait, you were talking about McAfee and Symantec first...
>
>
> Strange enough, this is total nonsense. Those big companies can easiliy
> afford a VeriSign certificate, sign their malware^W"security products" and
> then could load it into kernel mode however they like.
>
> The real problem is that this nonsense locks out relevant FOSS software
> like WinPCap and TrueCrypt, as well as relvant patches to kernel-mode
> drivers (anyone said tcpip.sys?) - and doesn't lock out malicious guys as
> promised.
I'm not exactly a big fan of suckware like McAfee and
Symantec, but those two, despite their obvious self-
serving interests, get some credit for making a fuss and
drawing attention to this. I am so uncomfortable with the
idea of a PC attached to the network with essentially a
black box at its core doing all sorts of stuff I would not
be sure about being legitimate or not. I'm sure there will
be some clever reverse engineering to get some trusty
utility apps working again, but then clever hackers and
virus writers will probably be able to do likewise. And
then what? Wait 'til Tuesday?
Ughh....
-BC
| 
XML site map