Slashdot Mirror
Mark Russinovich on Windows Kernel Security
An anonymous reader writes to mention that in the final part of his three part series, Mark Russinovich wraps up his look at changes made in the Windows Vista Kernel by exploring advancements in reliability, recovery, and security. "Applications written for Windows Vista can, with very little effort, gain automatic error recovery capabilities by using the new transactional support in NTFS and the registry with the Kernel Transaction Manager. When an application wants to make a number of related changes, it can either create a Distributed Transaction Coordinator (DTC) transaction and a KTM transaction handle, or create a KTM handle directly and associate the modifications of the files and registry keys with the transaction. If all the changes succeed, the application commits the transaction and the changes are applied, but at any time up to that point the application can roll back the transaction and the changes are then discarded."
Although this is technically not a dupe, it is almost, as the above linked article is the Part 3 and the other submitted and discussed article was the Part 1, isn't it kinda repetitive? What now, someone post a multipart article and we will get one story here on front page for each part?
On topic now, I don't like the way Russinovich is blowing Vista's horn now. I liked him more when he was more critical and analytical on what could be improved, instead of what has already been done.
Just leave my applications alone !
There is little reason to put these kinds of transactional services into the kernel: they don't involve security or user permissions and they must be efficiently implementable in user code anyway (otherwise, most databases wouldn't work well on NT). So, I'd classify this as "kernel bloat".
I wonder if these new "security features" put into Vista no matter how good they at first appear to be, will over time be bypassed, comprimised and made obsolete. The main problem is that security only goes as far as the person using the OS lets it. just look at the UAC- it's annoying, and many people disregard it or shut it off entirely. what now is the security benefit? These features only make VIsta "more secure" because they have not yet been exposed to the wild for sufficient time to be comprimised as thoroughly as prior versions. It is much like in biological systems, for example penicillin was not widely utilized in fungal kindoms and it was thus effective as an antibiotic- once we spread its interactions with bacteria, bacteria developed a resistance. Vista is no different- only this time security threats are the bacteria and Vista is the antibiotic.
Sigs are too short to say anything truly profound so read the above post instead.
According to the bottom of just one function of the KTM reference:
.dll, exactly? Did I miss some Windows fundamental about it's kernel? And if it's not really a result of a kernel enhancement, is this yet another potentially useful technology specificly excluded from earlier versions of Windows entirely for business purposes instead of technological limitations?
"Requires Ktmw32.dll."
Why would a kernel add-on require a
More Twoson than Cupertino
For years, the "Registry" was some weird mish-mash of binary files, many of which represented Jet databases.
Has Jet been completed abandoned in Vista?
If so, did they switch to the slimmed down SQLServer [that was supposed to be part of WinFS]?
"If all the changes succeed, the application commits the transaction and the changes are applied, but at any time up to that point the application can roll back the transaction and the changes are then discarded."
What, was my credit card declined for my upgrade to Vista Ultimate Edition?
It's what I was going to say
Not exactly most people's idea of robust and recoverable.
A fairly common trend these days in PC games (mostly multiplayer ones) is the use of a kernel-mode windows driver (effectively a rootkit in most cases) to 'protect' the game from hacking. Many eastern (korean, taiwanese, etc.) game development companies opt to use this mechanism to secure their games instead of writing secure client and server code - for example, GunBound, Maple Story, Ragnarok Online, Rakion, etc... pretty much any MMO you see an ad for these days that isn't from a US or European studio uses this stuff for security. The basic mechanism it uses is that it hooks all the low level operations you can do on your system (file access, process access, etc.) and prevents you from touching anything related to the game. The end result is that you can't even so much as end-task a misbehaving game 'protected' by this driver.
With the huge amount of popularity this approach seems to have (I personally suspect it's a result of some very, very aggressive marketing on the part of the driver's developers), I wouldn't be suprised to see many games start demanding that users run them on Windows Vista, so that the 'protected process' mechanism can be used to fully 'protect' the games from users' interference. While you'd at least be able to end-task them, I can't say I see this as an improvement. It's saddening that many companies believe the solution to security is a series of hacks, workarounds, and black boxes - the only real solution is careful, methodical design and engineering. It seems very likely to me that within a few years, many PC games will refuse to run on anything except a Vista system with nothing but signed drivers loaded, and that's saddening. I dislike the notion that I am denied even basic rights to investigate what an application is doing on my machine simply for the sake of 'security', when it's trivial to set up a second machine to inspect and modify a game's network packets and cheat all I want.
using namespace slashdot;
troll::post();
Just like any database -- from any vendor. If you start running out of system resources, your transaction will likely roll-back.
But I wonder how long it will be before "APK" aka "AlecStaar" comes out of his rathole to talk about how Mark is a witless academic who can't possibly know more than he does, since he's the author of ZDNet-approved APKTools 2007+++++++ 99.8.10101022 SR6.
+++ATH0
...Somewhere... ...Yeah, I know where!
So, they reinvented the wheel once again? It seems to be: every database more complex than a flat file processed by a pair of simple perl scripts has support for transactions like this. So they invented nothing, just applied an old patch to new code.
when the NTFS files access the GHY it extends a random signal to the DFT which emulates the chip switch Architecture (CSA). Hard drives can be extruded and raised to the eye level, the apt facing the sun and look for errors at the kernel module. Then the stubs in the IIOP cloud extends its virginity toward the distributed computing components. thats how the Eifel tower was made. Hope I cleared your doubts.
I just noticed today that Russinovich's utilities are available in a single-file download: http://www.microsoft.com/technet/sysinternals/Util ities/SysinternalsSuite.mspx
There's another theory that says that this has already happened...
I believe there is a bug in the tagging system. I see "security" next to "windows".
This is cross-facility transaction management: registry and filesystem updates combined into a single transaction. The example in TFA that an entire install can be atomic: multiple filesystems, registry, everything appears complete and as requested, all at once, or it never happened.
It's extensible, if TFA is to be believed at all, and the facility works. It's actually there and in use, rather than an it'll be there someday and won't it be wizzo promise, so I'm in "trust-but-verify" mode. It'll be interesting to see if it's actually extensible by coders excluded from the Blessed Realm.
Whether it belongs in the kernel or not is all but irrelevant: so what if it could be implemented as a userland service? Where they choose to put their code is up to them. They wanna play micro-kernel, Giga-kernel, or kernel-a-la-carte, that's up to them; the only question is whether the result is as reliable as they want us to believe.
If it is, it will make building absolutely-bulletproof applications a whole hell of a lot easier. I know something about that. Being able to say ~`if (!quickcheck()) die(fromhere());`~ without leaving a mess means, just for starters, that you don't have to concoct a file format for complex data; you can just use the filesystem, and that choice won't complicate your life. Big win. Big.
As always, all IMO. Insert "I think" everywhere grammatically possible.
Windows Kernel. This is Windows Kernel on ACID. Any questions?
Ok, so M$ reinvented process checkpointing in essence, how sweet!
I don't know if it is new to offer the control of this mechanism to the process actually being checkpointed,
may be there is in fact some innovation here, and it seems more granular too so let's say it has in deed some value.
Yet i feel there is a trap: how should it work over network ?
Sure you can have yr OS revert an I/O to a file, but what about a tcp socket ?
Well, i, for one, am sure there will be some closed/patended protocol to propagate rollbacks over connected app.
Once agan we will end up locked in M$ only environement.
No, thanks!
I really think that transactional file support is cool. I try and make sure any software I design works on multiple operating systems though. Now I know code that specifically uses DTS won't work on other operating systems. However, I write in .NET, which means the specifics of how a feature works doesn't matter. For example, I know Mono implements the FileSystemWatcher class using a completely different mechanism than Microsoft does.
Anyway, what I am asking is if anybody knows if the Linux Kernel and/or popular file systems have support for this. How about Mac?
Hardly. Outside of problems addresed by hotfixes or service packs, tt's rare to find a solution to a problem on TechNet that doesn't involve manually tinkering with the registry.
Instead of putting more and more RDBMS features in file systems, why don't we drop file systems entirely and use RDBMS instead? RDBMS already provide all the required mechanisms for information management (transactions, security, duplication, distribution, strong typing, queries, caching etc), and the concepts of file/directory/hard-soft link are outdated and create more problems than what they solve, in the end.
The registry engine is implemented in kernel mode as an executive subsystem (inside ntoskrnl.exe), where it is known as the Configuration Manager. Registry hives use a transaction journal (like many filesystems do) to avoid corruption during a power failure or crash...
So you're saying that the engine which drives "the Configuration Manager" is neither Jet Red, nor Jet Blue, nor SQLServer Express?
So what is it? YAMIHDE [Yet Another Microsoft In-House Database Engine]?
Everything above is still the same in Vista as it was in NT 3.1.
I could have sworn that I read a few years ago that they were ditching the existing registry engine, and were going with a new engine for Longhorn/Vista.
So did that initiave prove to be YALFTEUOTCRF [Yet Another Longhorn Feature That Ended Up On The Cutting Room Floor]?
The actual innovation is making a Kernel Transaction Manager, along with a resource manager for the filesystem. The KTM means that transactions can be inherited from parent process to child or joined by a cooperating process. Having a transactional filesystem means that all file operations can be all-or-nothing.
Yes. DEC DTM does this with the file system (RMS). I've been away from DEC and VMS for too long to remember if it handles the cooperating process part. Perhaps someone can refresh my memory.
Without the 2nd Amendment, the others are just suggestions.
How can that be possible? The DBMS itself sits on top of a file system; you can hide this detail from the user using a layer of abstraction, but the file system is still there.
The saddest poem
HAHAHAHAHAHAHAHAHAHAHAHA
I knew you wouldn't be able to resist. It never ever fails. I'm convinced I could troll you on a Russian forum about opera and you would STILL find it and HAVE to say something.
+++ATH0
Is this StarKruzr somekind of obsessed psycho stalker or what. Look at that reaction. Obviously, he is insane, as well as somekind of demented loser who has not accomplished anything with his life in the area of computer science other than being a pest on forums. The most his obviously limited intellect allows for no doubt. Please answer the question above StarKruzr. What have you done better than APK or Mark Russinovich in the way of programming the last decade now as they have online for all to see and use? Answer = Nothing. Don't bother answer, we all know you are a useless miserable loser.
You managed to find ONE POST about you in ONE PLACE on the Internet. I put out the bait and you chomped onto it like a hungry piranha.
I think to be "stalking" someone you have to actively track them down, Alec. This was about as passive as it gets.
And the best part? I know that you will keep this up as long as I do because you can never, EVER give up having the last word. It's hilarious. You are the most reliable infinite-supply lulzcow on any of the internets.
I can't decide what I love more -- your bombastic language or the way you pretend to be a third party in every post you write about yourself.
+++ATH0
I simply adore your hierarchy of human beings that is based on what kind of and how much software they've developed. Wonderful.
Are you STILL clinging to the TPU forums? I suppose there are enough passive little sycophants there to jerk you off that you just can't resist hanging out there, can you?
Not that it matters, but I happen to be a graduate student in computer engineering, and expect two papers I've submitted to be published within the next two months. What do YOU know about low-power reconfigurable computing using nanotechnology, "Iron Man?"
Also, in point of fact (it's personal note time!), I actually just broke up with my girlfriend tonight. It just wasn't working out -- she's 4 hours away from me driving and in the end, despite how attracted we were to each other, we just didn't have that much in common. Sad, but it happens.
Nevertheless, I suspect that over the next couple of weeks I'll still get about 4X more tail than you do, since you must be a true social maladjust in person.
+++ATH0
Yada yada yada...
Can my IRCBot worm take over a million Vista desktop in less than 3 hours?
You are so incredibly predictable, but now you're getting boring, using the same old tropes you always have -- responding to graduate education with "boy," claiming hundreds of conquests with your 3" dong, and pointing again and again to your silly Delphi software as evidence of your uebermanhood.
Can't you get some new material, you poor, twisted fool? Come on. Keep me entertained over here!
+++ATH0
Did you pass your grammar classes in elementary school, APK?
WHY do you keep pretending to be someone else?
And why DOES MySpace suck so much?
+++ATH0
Your "writing style" is inimical. You couldn't hide it behind a mountain range. It is obvious that no one has "agreed" with you except for your own AC sockpuppets.
I like picking fights with you because I know you cannot ever let anything go. I knew it would be utterly impossible for you to see something posted about you somewhere without your massive ego needing to reply to it with your usual string of self-important bombast. Do you actually presume that I have anything personally invested in calling you a narcissistic twit with an inflated sense of his own internet celebrity? You are a sad little flea, Alec, and worth my time only so long as I derive enjoyment from wasting yours.
Also, regarding my being a "critic" -- the funny thing is that NOT "any idiot" can do that. I don't even consider myself a "critic," but that's beyond the point -- to be a critic of anything, a serious critic, what is required is a broad comparative knowledge of the subject, not having created something in the subject themselves. It is not often, for example, that a film critic is an accomplished filmmaker. They are two different skillsets.
I also note that you're not commenting logged in. Why's that, pray tell?
+++ATH0
Right. Everyone on Slashdot. Because everyone on Slashdot is reading this thread, right? Everyone is very, very concerned with the fact that poor APK is getting trolled.
You don't have a single original thought in your head, APK. It's really quite amazing. It's like your brain is a finite state machine, going from "show me what you've done" to "you're just a student" to "you don't have a degree in psychology" and back to "show me what you've done" again.
You live such a sad little life. And I am so, so enjoying wasting your time.
+++ATH0
Now lesbians are "mental aberrations and genetic errors?" Intolerance AND stupidity in one package! Man, what a bargain you are.
+++ATH0
Your ranting actually caused Slashdot to cut the post to a "Read more..." link.
+++ATH0
Good! I am GLAD you said that, as it will make people here on this forums want to read this, all the more. And, facts are not rants, & all of this IS fact.
Do you think you have any credibility here on this forums now? LOL! That's a laugh if you think they will listen to you 1 bit. I will make sure the people here don't, or rather, do & throw this in your face every day of your LIFE here. If not, I will. Promise.
After all, you've just proven yourself to be another worthless arstechnica liar, and it is SEVERELY doubtful you are the 'mighty grad student in this field' you claim to be.
You provided so much ammo, along with your loser charlatan FAKE 'computer expert' and fellow arstechnican Jeremy Reimer (who needed help from his buddy Fat ass Jay Little, and lost ontop of it to apk, lol), no wonder it is that long. I am sure APK has more, but this will do!
Proof of your TRUE self and my statements?
E.G. #1: StarKruzr said he was a woman here:
http://slashdot.org/comments.pl?sid=227475&cid=184 94155
StarKruzr is not a woman though (but sure is a liar, another Jeremy Reimer/Jay Little style liar, lol, & like they, got his ass beat in thru his own dishonesties) and is from Staten Island NY, and this is him:
http://gallery.r3v3ng.net/albums/BoardyPhotos/jare tt_katey_maria.jpg
ROTFLMAO, but surely he isn't much of a man either. Look at that flabby little dweeb!
(No wonder he is pissed @ apk. Anybody that looks like this little flimsy freak will never get laid, not by pretty women @ least. Look @ those hounds he is with, lol!)
Yes, yet another arstechnica liar, lol, another arstechnica weasel liar caught in the act again, ROTFLMAO! Why? Too stupid. Most arstechnicans are.
Thanks again for this evidence of that, how scumbag'ish arstechnica people are.
E.G. #2: Jeremy Reimer (your "hero" who has no degree in comp. sci., not even an A+ lol, let alone an MCSE & no professional experience in this field either, & yet you think he is an expert? LOL! You ARE a fool, aren't you!)
At BEST, he makes $100 per 'article', & I earn that in 1 hour, each day! Then again, I actuall possess degrees and decades of experience in this field, like APK has as well, unlike the MORONS from arstechnica you 'worship', lol.
YOU CANNOT BE A GRAD STUDENT in this field, no way, if you believe JEREMY REIMER is a computer expert. lol... far from it.
Arstechnica are ambulance chasers that spit back what they read from others is all, derivative DRIVEL, everytime, & just recently here on slashdot no less they reposted what was on ExtremeTech a year ago regarding IBM using channels on their cpu's to cool them, no less as evidence of THAT? See here -> http://hardware.slashdot.org/comments.pl?sid=22819 7&cid=18490479 )
Reimer lied about impersonating apk on his crappy OSY forums! He admitted it after being caught, lol. This is your hero? Figures: Scum gravitates to scum.
Jeremy Reimer, like a child & not a 36 yr. old man, just ended up doing even MORE childish things like writing a libellous tune about apk, dumb move, grounds for lawsuit, and also edited photos about him, but as far as technical knowledge?
See the url from Windows IT Pro mag below.
E.G. #3: Jay Little his pal the great technical expert (not) got blown away by APK as well, on what he said he was an 'expert' in no less, in Exchange Server. What a pair of dumbos. The evidence is in the Windows IT Pro url below in fact. lol...
http://www.windowsitpro.com/articles/index.cfm?art icleid=41095&cpage=190#feedback
http://slashdot.org/comments.pl?sid=161862&thresho ld=1&commentsort=0&mode=thread&cid=13532123
Now, I have another question that disputes the validity of your claim here in this & your other recent threads per that URL above.
There, did you not (in your series of replies) state you were a 'doctoral student'? I thought it was graduate school student, per your latest replies in THIS thread series??
More b.s. outta StarLOSER: The arstechnica liar pinned down by his own patented lying deceitful style, gained doubtlessly by seeing how his cohorts @ arstechnica TRULY operate.
It's your loss, your reputation, and you are running yourself out of this forums through your own dishonesty and harassing others, much to your own detriment.
Thank you for the additional information, and I'd like to see your answer to this latest point. Are you a doctoral student as you said in the URL series above, or a graduate school student as you are saying lately?
Somehow, I doubt you are either @ this point. You said you were a woman, now not. Case in point, you cannot be believed, or trusted. You ARE truly, arstechnica forums board material. Just like Jay Little & Jeremy Reimer (your no degree in comp. sci., no certifications even, or professional experience hands-on in the trenches in this field hero), who were kicked from their ISP/BSP/Hosting providers and chastised for email harassing others as well.
See where your hero's examples have taken you BOY? Down a road I would wager you wish you NEVER trod attacking apk, because like your buddies up there in Reimer and Little?? It has shown you are just like they - liars & nobodies, who got caught in the act.
That's rich.
Remember, APK -- all you have to do is stop replying to my posts and this is over. I won't hunt you down and stalk you the way you did to me.
+++ATH0
APK and Russinovich both have done decent work, both can show things in this field they have done over time, unlike you when I asked you for them, and you avoid this at all costs, though you cut others down like apk, myspace, and most likely even Dr. Russinovich, lol, knowing you.
I am sure even if apk and M.R. do not get along at times, they can respect one another for that much and can accept the fact each can do the job.
I know that apk helped Mark Russinovich fix an error in his work in fact in pagedefrag.exe, a tool of his, for instance, but the reverse cannot be said which imo, is in apk's favor, and M.R. thanked him for it in email, and he won't deny it. Even though he and apk had done some head butting 6-8 years before that!
It's called professional courtesy.
apk has helped quite a few coders like Jay Loden of AIMFix, & even Mozilla's FireFox Teams a few years back tracking down and isolating bugs @ NTCompatible.com and had their team show up there, and did the same with Belarc Advisor's coders at techpowerup.com (this I saw myself).
Oddly, he even helped Arstechnica's late (oddly, but the man he helped out never bothered him) Roelof J. Englebrecht (god rest his soul) to use Low & High cpu priorities code on his SetiSpy program, but the guy died before implementing it, and also oddly even the fellow that wrote CoolMon (an arstechnica mobo monitor extension iirc), yet another arstechnican apk oddly helped by helping him fix bugs he had in his work regarding lacking error traps, and how to tell if drivers have their performance counters cut off (a performance enhancement if you are not monitoring them, why generate them, using extctrlst.exe) since he was abending on that, & lol, could not figure out HOW to fix it when his program broke down when those are turned off for performance purposes!
and many more over time in helping other coders.
That small and only partial listing alone is more than you can say in this field that is verifiable for just helping other coders online. Russinovich has done the same I have seen it.
apk like M.R., has done work for wares that took his ideas on ramdisks to a finalist with EEC Systems/SuperSpeed.com in the HARDEST category there was, SQLServer performance enhancement, as well as doing work to boost their SuperCache II product to up to 40% better than its stock performance on a paid contract in commercial wares & was reviewed VERY favorably in 1997 Oct. issue for SuperCache and SuperDisk by Mr. John Enck, a fellow technical editor and writer for the same magazine that features M.R. in it, Windows NT/2000/.NET/IT Pro magazine.
APK has more, but I can't even recall them all, lol, too many. Those just stood out.
So, can you even begin to say the same? Until you can, don't cut someone down that's worlds above you in this field. You don't have the status, know how, or understanding.
As far as stalking people? You people from arstechnica are way, WAY guilty of that, & that can be seen and verified here, windowsitpro mag forums, 3dfiles (now majorgeeks), ntcompatible.com, techpowerup.com, and more. Don't you think you can pull the wool over anyone's eyes on that account. Dr. Russinovich of all people has seen that happen in fact, to name one of a notable few.
Also, each time you arstech fools start trouble with apk? apk has finished each one of you that has lol, so badly?? It's hilarious: Ask Jeremy Reimer about losing his hosting provider, being caught email harassing apk, and his pal Jay Little having the same happen. Funniest part is, they tried it on apk and it backfired on them instead, lol! And, like you? Neither Jay Little nor Jeremy Reimer had any decent accomplishments of the likes of apk or dr. russinovich have.
Also, I guess your thinking I am apk is guilt perhaps? It seems now that everyone you are talking to is turning to apk it seems (yes, the 'voices in your head tell you it is so' lol), if they disagree with you at all.
LOL!
I am going to start call