I remember when this story 1st broke - that someone had found a way to use cpu virtualisation technology to provide the ultimate "root kit" to steal information from Vista (although this would work for any / every operating system). One little niggle was that the user had to install the nasty, which required admin access, so a UAC security prompt was part of the "process" of the seamless install.
Then came the uproar about the 2-yr old technology of PatchGuard, which stops the hooking and replacing of certain x64 kernel APIs to make it harder to attack the system and blocks another set of routes for non-virtualisation based root kits. The noise about this was because some Anti-Virus vendors felt it was their right to modify the kernel in anyway they wanted and this access would obviously be used by both good and bad people. A compromise has been reached, so hopefully systems will be protected and AV vendors will be happy.
The final piece is the changes that have been made to stop the virtualisation attack. Once again the changes have raised eyebrows, but overall, I suspect it will lead to secure systems.
Link to Microsoft blocks 'Black Hat' Vista hack | CNET News.com
ttfn
David
Posted
Wed, Nov 8 2006 7:59 AM
by
David Overton