Sir, I applaud your engineering genius. I must build a reactive armor airbag: the car, upon being assaulted by a pedestrian, cushions the pedestrian's impact...just as it throws him 30 feet into the air.
Which still gives me two seconds more to live, and if I'm lucky I'll survive the fall too. I'll take that over instant death on the hood thanks.
and it still looking good. I own the game but I never got into it as UT99 was just so much more fun for casual gamers like me. Perfect game balance and tight levels don't make up for an everlasting brown deathmatch:-)
I would still get a UAC elevation notice before it could install.
True, but users will click yes on such boxes. Not you, but some will.
I don't think you understand what actualy needs ring0. It aint rootkits. It aint malware. It aint viruses.
A rootkit can be quite annoying without using ring0, but there's a whole industry built around making rootkits. Those rootkits do hide in ring0 simply because it makes them harder to detect and remove. By taking measures such as mandatory signing one can (we've yet to find out of course) limit the success of these rootkits.
Keep in mind though that rootkits can still get into the kernel through a vulnerability and a rootkit does not need to hide if a user/system makes no attempt at detecting/removing them.
Consider the following. I can sign my own driver using a local test certificate, boot up windows, and it will faithfully load said driver into ring0. But when I do so the windows Protected Media Path is disabled.
The Protected Media Path is not something I'm familiar with, but I believe it's also disabled on x32 when loading unsigned drivers. This is a requirement for legally playing back "protected content". So no debuggers, unsigned drivers, etc, is allowed when using "protected content". The alternative is the inability to play back "protected content", legally.
I'll happily agree that it's stupid, but as long as Joe Average is satisfied with his locked down Blue Ray player connected with encrypted HDMI to a big screen telly, there's little to be done. Hopefully Blue Ray will die, tellys connects to computers by default and DRM free movies come to dl services.
Anyone remeber those old PSX games. What was it now...
Ridge Racer: Racing game with had Space Invader as the loading screen. Back in 95 the game looked amazing and drew crowds. Wipeout: Never liked this one, way to hardcore for me but it looked different enough that it made you want to try it out. Another crowd pleaser for sure. Jumping Jack Flash: I still remember the name! Of all the early PSX games this was the one I wanted to play most, but it seemingly vanished of the marked before I got the chance:-( Probably shitty, but it was the first 3D platformer - more so than that dull "Bug" game Sega touted. Loaded: Some sort of top down shooter. Didn't impress me by its looks so I only played it for a few minutes. Still remember it though. How I wanted I playstation:-) Torshinden: This was a game that sold itself on graphics, but what graphics! The show off title of its time.
At the same time there was the Amiga CD32, CD-I, Jaguar and 3DO warring for my attention but they looked dull in comparison. When I saw the PSX it was immediately "the console to get", naturally I waited for the blurred up Nintendo 64 - no Ultra 64 - since Nintendo promised to blow the doors of the PSX. Ahh well.
Sega Saturn looked promising too, but it was big, ugly and expensive. That the early games were glitch fests didn't help either. In contrast the PSX was impressive from all angles: size, looks, controllers, and most of all... games! Sony's finest hour.
Uhhh... like this very article we're posting too? Where they need ring0 access to inject code into an area of memory reserved for SMM (which is why they said the exploit was easier on Linux as one could use an API call instead).
I can't personally name any trojans that need ring0 access, but rootkits (which is the usual payload of a trojan these days) desire ring0 access so that they can inject code somewhere a virus scanner can't/won't find it. One of the recent trojans/worms/"whatever it was called" failed to infect XP 64-bit since it injected 32-bit code into the kernel.
Can you just describe how it is a security feature, without jumping to another topic?.
1. User wants to install a program. 2. Program has a Trojan. 3. Trojan needs to load into the kernel. 4. Trojan is not loaded since it's not signed.
No current security feature in use is absolutely 100% foolproof. Requiring code to be signed handles two common attack vectors: One is unsigned code hidden in programs the user might trust (like Firefox), the other is exploiting flaws in applications or the OS that lets you execute unsigned code.
If the attacker goes to the trouble of signing his code then the signature can be revoked.
If you would be so kind as to explain, in plain english, how the signing requirement is a security feature.. I am all ears.
It's not a security feature in that sense that it can't be worked around. A criminal can get his code signed or find some other workaround, but it is an additional hassle for them to handle. In a defense in depth strategy a security feature does not have to be foolproof, understand?
Whats this about illegal things? I thought this was supposed to be a security feature, not an illegal software tracking feature. Are you suggesting that by "security" they mean "national security" or something? I don't get it.
No I'm not suggesting that by "security" they mean "national security", nor that it tracks illegal software.
In case of SecuROM they are an entity that can be held accountable for what their code do to your computer. That's in not unique to Windows or a security feature of the operation system itself. Preventing unsigned code from running will not prevent SecuROM from making signed malware, they can still do that. This is not generally a problem though due to the point above: They can be held accountable for their actions.
Preventing unsigned code from potentially unknown vendors from running is the feature. It may not be a feature you care for, or even improve security in your usage scenarios, but for some/many users not being able to install rootkits are a feature they will welcome (and if they don't Microsoft risks loosing a sale).
A malware author could bundle his malware with Atsiv, making the protection moot, so it and simple boot.ini edits had to go. Even so it's still possible to exploit holes in signed drivers or disable driver signing by altering the OS files, so it's by no means a perfect form of protection.
Not being able to load an unsigned driver is highly annoying of course, very legitimate complaint.
your favorite intrusive copy protection rootkit such as TAGES or SecuROM will be signed
Of course, but if they are found to do anything illegal they can be held accountable - unless they flee to Nigeria:-)
This screams "control" as well as propping up a few specific players in the emerging industry of "signing."
As long as there are legitimate alternative products I don't see the problem. It's a product feature that you may or may not like. Though, it remains to be seen if this and other features will stop the prevalence of malware on the Windows platform.
True, Microsoft can use it as an off switch but if Microsoft decides to be asshats they can do so by other means as well. Also while someone in Nigeria can sign their malware it is not so easy for Joe Stark in Canada.
IOW, it's just part of the "defense in depth" strategy Microsoft swears to right now. Another barrier for malware authors to overcome.
The first time I had to edit xorg.conf, I was very annoyed by having to use the terminal to open it so that it can actually save.
Windows have the same problem. Don't have to use the terminal but it's still annoying to have to right click on notepad, run as admin and browse through the open dialog to edit a text file.
My point? Ubuntu, apparently the most friendly desktop linux, still has a long way to go before it has that GUI polish that Microsoft has had since Windows 95.
Well, Windows 95 didn't have much of a security model so there was no need for an "admin" button (for better or for worse)
To run code in kernel space on Vista x64 it needs to be signed. That will prevent exploits that needs to use kernel mode instructions, unless you find some way around the signed requirement. With Social engineering being the most popular way of getting code into the kernel the signed requirement is a simple and effective way of stopping common attacks.
I have several Nokia phones; obviously, I need to get rid of them. If they make such a fundamental mistake, Nokia obviously cannot be trusted with anything.
The nGage should have been hint enough that there's something basic Nokia lacks, but this particular service is implemented sanely (encrypted, actually usefull and all that). Remember, never trust the edit summary.
and finally, Xbox uses 12xDVD, not 16 as you used.
He used 12x as far as I can see. Anyway, while load times don't generally bother me (assuming we're not talking minutes), the PS3 is reported to load slower than the 360 and does not speed up significantly even when fitted with a faster 7200 RPM HD (on games playing from HD of course).
So there might be a bottleneck in the disk drive interface holding the PS3 back.
Anyways, I hated 9 (or more accurately, was really disappointed by it).
Heh. Final Fantasy 9 is my favorite, followed by the original. Don't remember what trance was about, but I do remember that I never had to grit my character before a boss fight. My end boss characters went up some 10 levels on the last dungeon. Fun game.
As for FF7, Hated Aeris and I'm probably the only one that cheered when I recognized a standard death scene set up. Still FF7 was descent enough. FF2,3,5 and 8 never managed to keep my interest. Don't have a PS2 but FFX and XII seems pretty bleh to me.
I use Windows (have to for work) and support it, and it's so much better to do a clean install. In fact, I recommend wiping Windows* every year or two and starting with a fresh clean install anyway.
I suspect the freshness of new installs to be placebo more than anything, unless you're one of those that got ~10 "startup boost" apps chugging in the background (stuff like googleupdate, winampagent, etc) as a fresh install will indeed be faster then.
The iPhone CPU is clocked to run at 400MHz, and it's browsing performance, is perfectly acceptable, even with Javascript.
What one person finds acceptable is not true for everyone. I have never browsed on an iphone but I have used vastly faster computers. Though judging from people claiming that my cell phone has a responsive interface (when I think it's dog slow) my annoyance threshold must be lower than that of most people:-)
Miss my old celly. Everything instantly available within at most two clicks... could use it in my sleep, in fact that might be why it broke:-/
I find surfing on an ipod touch quite pleasant, and that has a 400MHz ARM. Battery life is pretty decent too, in my experience.
I've heard that it was 533 MHz. In any case I've not used one. The closed is a mips based PSP, which worked well enough on some web pages while badly on others (like Slashdot:-)
Can you please post a link to this benchmark? Otherwise i do not think you know what your talking about.
My google-fu fails me but there are benchmarks around for that A8 equipped Pandora like motherboard. I considered getting a Pandora which is how I came over the benchmark. If the A8 performs as well as some claims the Pandora will be great for handheld emulation. However, it's months later now and there's still no Pandora:-(
Slashdot Mirror
Sir, I applaud your engineering genius. I must build a reactive armor airbag: the car, upon being assaulted by a pedestrian, cushions the pedestrian's impact...just as it throws him 30 feet into the air.
Which still gives me two seconds more to live, and if I'm lucky I'll survive the fall too. I'll take that over instant death on the hood thanks.
and it still looking good. I own the game but I never got into it as UT99 was just so much more fun for casual gamers like me. Perfect game balance and tight levels don't make up for an everlasting brown deathmatch :-)
Nope. Never seen a Tivo. Good to hear that there are good remotes out there.
All DRV boxes I've gotten to play with have 1. been noisy even when not in use and 2. require you to target the remote directly towards the sensor.
As a result we got rid of the DRV/Digital decoder and we'll be sticking with analog TV for as long as that lasts.
I would still get a UAC elevation notice before it could install.
True, but users will click yes on such boxes. Not you, but some will.
I don't think you understand what actualy needs ring0. It aint rootkits. It aint malware. It aint viruses.
A rootkit can be quite annoying without using ring0, but there's a whole industry built around making rootkits. Those rootkits do hide in ring0 simply because it makes them harder to detect and remove. By taking measures such as mandatory signing one can (we've yet to find out of course) limit the success of these rootkits.
Keep in mind though that rootkits can still get into the kernel through a vulnerability and a rootkit does not need to hide if a user/system makes no attempt at detecting/removing them.
Consider the following. I can sign my own driver using a local test certificate, boot up windows, and it will faithfully load said driver into ring0. But when I do so the windows Protected Media Path is disabled.
The Protected Media Path is not something I'm familiar with, but I believe it's also disabled on x32 when loading unsigned drivers. This is a requirement for legally playing back "protected content". So no debuggers, unsigned drivers, etc, is allowed when using "protected content". The alternative is the inability to play back "protected content", legally.
I'll happily agree that it's stupid, but as long as Joe Average is satisfied with his locked down Blue Ray player connected with encrypted HDMI to a big screen telly, there's little to be done. Hopefully Blue Ray will die, tellys connects to computers by default and DRM free movies come to dl services.
Anyone remeber those old PSX games. What was it now...
Ridge Racer: Racing game with had Space Invader as the loading screen. Back in 95 the game looked amazing and drew crowds. :-( Probably shitty, but it was the first 3D platformer - more so than that dull "Bug" game Sega touted. :-)
Wipeout: Never liked this one, way to hardcore for me but it looked different enough that it made you want to try it out. Another crowd pleaser for sure.
Jumping Jack Flash: I still remember the name! Of all the early PSX games this was the one I wanted to play most, but it seemingly vanished of the marked before I got the chance
Loaded: Some sort of top down shooter. Didn't impress me by its looks so I only played it for a few minutes. Still remember it though. How I wanted I playstation
Torshinden: This was a game that sold itself on graphics, but what graphics! The show off title of its time.
At the same time there was the Amiga CD32, CD-I, Jaguar and 3DO warring for my attention but they looked dull in comparison. When I saw the PSX it was immediately "the console to get", naturally I waited for the blurred up Nintendo 64 - no Ultra 64 - since Nintendo promised to blow the doors of the PSX. Ahh well.
Sega Saturn looked promising too, but it was big, ugly and expensive. That the early games were glitch fests didn't help either. In contrast the PSX was impressive from all angles: size, looks, controllers, and most of all... games! Sony's finest hour.
surely there is a SINGLE example.. right?
Uhhh... like this very article we're posting too? Where they need ring0 access to inject code into an area of memory reserved for SMM (which is why they said the exploit was easier on Linux as one could use an API call instead).
I can't personally name any trojans that need ring0 access, but rootkits (which is the usual payload of a trojan these days) desire ring0 access so that they can inject code somewhere a virus scanner can't/won't find it. One of the recent trojans/worms/"whatever it was called" failed to infect XP 64-bit since it injected 32-bit code into the kernel.
Can you just describe how it is a security feature, without jumping to another topic?.
1. User wants to install a program. 2. Program has a Trojan. 3. Trojan needs to load into the kernel. 4. Trojan is not loaded since it's not signed.
No current security feature in use is absolutely 100% foolproof. Requiring code to be signed handles two common attack vectors: One is unsigned code hidden in programs the user might trust (like Firefox), the other is exploiting flaws in applications or the OS that lets you execute unsigned code.
If the attacker goes to the trouble of signing his code then the signature can be revoked.
No one. Or, perhaps, everyone. That's kind of the point, isn't it? It isn't locked into anyone's individual grip.
In case of mysql I think they made a living on selling versions without the gpl license. That business model will not work for a gpl fork.
If you would be so kind as to explain, in plain english, how the signing requirement is a security feature.. I am all ears.
It's not a security feature in that sense that it can't be worked around. A criminal can get his code signed or find some other workaround, but it is an additional hassle for them to handle. In a defense in depth strategy a security feature does not have to be foolproof, understand?
Whats this about illegal things? I thought this was supposed to be a security feature, not an illegal software tracking feature. Are you suggesting that by "security" they mean "national security" or something? I don't get it.
No I'm not suggesting that by "security" they mean "national security", nor that it tracks illegal software.
In case of SecuROM they are an entity that can be held accountable for what their code do to your computer. That's in not unique to Windows or a security feature of the operation system itself. Preventing unsigned code from running will not prevent SecuROM from making signed malware, they can still do that. This is not generally a problem though due to the point above: They can be held accountable for their actions.
Preventing unsigned code from potentially unknown vendors from running is the feature. It may not be a feature you care for, or even improve security in your usage scenarios, but for some/many users not being able to install rootkits are a feature they will welcome (and if they don't Microsoft risks loosing a sale).
Not being able to load an unsigned driver is highly annoying of course, very legitimate complaint.
your favorite intrusive copy protection rootkit such as TAGES or SecuROM will be signed
Of course, but if they are found to do anything illegal they can be held accountable - unless they flee to Nigeria :-)
This screams "control" as well as propping up a few specific players in the emerging industry of "signing."
As long as there are legitimate alternative products I don't see the problem. It's a product feature that you may or may not like. Though, it remains to be seen if this and other features will stop the prevalence of malware on the Windows platform.
True, Microsoft can use it as an off switch but if Microsoft decides to be asshats they can do so by other means as well. Also while someone in Nigeria can sign their malware it is not so easy for Joe Stark in Canada.
IOW, it's just part of the "defense in depth" strategy Microsoft swears to right now. Another barrier for malware authors to overcome.
The first time I had to edit xorg.conf, I was very annoyed by having to use the terminal to open it so that it can actually save.
Windows have the same problem. Don't have to use the terminal but it's still annoying to have to right click on notepad, run as admin and browse through the open dialog to edit a text file.
My point? Ubuntu, apparently the most friendly desktop linux, still has a long way to go before it has that GUI polish that Microsoft has had since Windows 95.
Well, Windows 95 didn't have much of a security model so there was no need for an "admin" button (for better or for worse)
To run code in kernel space on Vista x64 it needs to be signed. That will prevent exploits that needs to use kernel mode instructions, unless you find some way around the signed requirement. With Social engineering being the most popular way of getting code into the kernel the signed requirement is a simple and effective way of stopping common attacks.
XP and x32 do not have that "protection" though.
The Nunchuck port is I2C, and the Wii remote can be directed to talk to many I2C devices connected to that port.
The old stillborn Philips CD-I also had I2C ports, allowing you to chain 1P, 2P, etc, controllers together. (Or was that the 3DO?)
I tried OS/2 Warp4 recently and hated it. The whole menu bar on top is cluttered, glad it never caught on.
Doom 3 is still dark on $500 video cards and $1000 monitors. There was a hack to remove the shadows floating around though.
I have several Nokia phones; obviously, I need to get rid of them. If they make such a fundamental mistake, Nokia obviously cannot be trusted with anything.
The nGage should have been hint enough that there's something basic Nokia lacks, but this particular service is implemented sanely (encrypted, actually usefull and all that). Remember, never trust the edit summary.
and finally, Xbox uses 12xDVD, not 16 as you used.
He used 12x as far as I can see. Anyway, while load times don't generally bother me (assuming we're not talking minutes), the PS3 is reported to load slower than the 360 and does not speed up significantly even when fitted with a faster 7200 RPM HD (on games playing from HD of course).
So there might be a bottleneck in the disk drive interface holding the PS3 back.
Anyways, I hated 9 (or more accurately, was really disappointed by it).
Heh. Final Fantasy 9 is my favorite, followed by the original. Don't remember what trance was about, but I do remember that I never had to grit my character before a boss fight. My end boss characters went up some 10 levels on the last dungeon. Fun game.
As for FF7, Hated Aeris and I'm probably the only one that cheered when I recognized a standard death scene set up. Still FF7 was descent enough. FF2,3,5 and 8 never managed to keep my interest. Don't have a PS2 but FFX and XII seems pretty bleh to me.
I use Windows (have to for work) and support it, and it's so much better to do a clean install. In fact, I recommend wiping Windows* every year or two and starting with a fresh clean install anyway.
I suspect the freshness of new installs to be placebo more than anything, unless you're one of those that got ~10 "startup boost" apps chugging in the background (stuff like googleupdate, winampagent, etc) as a fresh install will indeed be faster then.
Thank the gods.
I hear ya. The original BSG made me cringe... so campy. Cowboy Planet! Heh.
The iPhone CPU is clocked to run at 400MHz, and it's browsing performance, is perfectly acceptable, even with Javascript.
What one person finds acceptable is not true for everyone. I have never browsed on an iphone but I have used vastly faster computers. Though judging from people claiming that my cell phone has a responsive interface (when I think it's dog slow) my annoyance threshold must be lower than that of most people :-)
:-/
Miss my old celly. Everything instantly available within at most two clicks... could use it in my sleep, in fact that might be why it broke
I find surfing on an ipod touch quite pleasant, and that has a 400MHz ARM. Battery life is pretty decent too, in my experience.
I've heard that it was 533 MHz. In any case I've not used one. The closed is a mips based PSP, which worked well enough on some web pages while badly on others (like Slashdot :-)
Can you please post a link to this benchmark? Otherwise i do not think you know what your talking about.
My google-fu fails me but there are benchmarks around for that A8 equipped Pandora like motherboard. I considered getting a Pandora which is how I came over the benchmark. If the A8 performs as well as some claims the Pandora will be great for handheld emulation. However, it's months later now and there's still no Pandora :-(