Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Firm Bypasses Patch Guard

Posted by ryuzaki0 on from the routing-around-it dept.

filenavigator writes, "This week the security firm Authentium found a workaround for Patch Guard, the security feature Microsoft has embedded into the 64-bit version of Windows. It is supposed to keep out unsigned drivers, kernel modifications, and security company competitors. With Authentium's workaround it can be turned off, software installed, and turned right back on. Microsoft immediately responded by saying their reckless ways are endangering the security of Windows users and that they will disable this hack quickly."

5 of 122 comments (clear)

  1. 'obvious' bug. by SillyNickName4me · · Score: 3, Interesting

    So, the way to achieve this is by changing contents in the pagefile by writing disk sectors directly.

    If such an obvious bypass has not been considered, how many other such issues exist that are yet undiscovered?

    Then, the supposed 'fix' is to disallow writing raw disk sectors for any non kernel code. This will only work when not allowing for things like disk editors and recovery tools, because those would need ways to bypass this and this just opens up new attack vectors.

  2. Obscurity... by RyanFenton · · Score: 2, Interesting

    The only realistic hope for security through obscurity is if your product never actually comes in contact with a customer. Doesn't matter what kind of black box you put things in - if it comes in contact with a customer, it should not be considered secret or secure.

    If you can package it to put it into a black box, someone's either going to open it, poke at it for a response, or figure out how to replace it. And especially with computers, they'll figure out how to use it in a more general way than you intended.

    If you cannot accept that your ideas, no matter how big or well-crafted, are just a part of the greater ocean of ideas, then as long as your ideas can be used, your ideas are going to be swept away against your wishes. Until the nature of humanity is changed, that is the nature of the way we deal with ideas (and thus software/hardware). I personally find much more comfort in that dynamic than pain - there are many more ways to use that dynamic rather than fight against the ocean, so to speak.

    Ryan Fenton

  3. Re:Reckless? by Anonymous Coward · · Score: 1, Interesting

    I know this isn't the answer that the slashdot crowd wan't to here, but designing an exploit is a lot more reckless than designing code that can be exploited.

    One's a mistake; the other is deliberate.

  4. Bit of a stretch by Psykosys · · Score: 3, Interesting
    It is supposed to keep out unsigned drivers, kernel modifications, and security company competitors.
    While it could be argued that part of Microsoft's goal with PatchGuard is to keep out "security company competitors", there's no hard evidence, AFAIK, that this was one of Microsoft's design goals in creating it and it's somewhat irresponsible to suggest this. If there were, this would presumably be an easy court case and security companies wouldn't have a hard time at all suing Microsoft for illegal measures to establish a monopoly, etc. Instead, they'll be faced with the uphill task of proving that the "keeping out the competition" aspect is not just a necessary side effect of the rest of the design.
  5. Re:Wayback Machine... by fishbowl · · Score: 2, Interesting

    There are good reasons to have virtual memory even when there is sufficient physical memory.
    Some applications need a lot of RAM, but not all at once. So if they don't do a lot of page-outs, they are actually put a much less significant load on the overall system than the same applications would if they had to store their entire state in physical RAM.

    --
    -fb Everything not expressly forbidden is now mandatory.