Yes, >NOW< if you can load yourself into kernel space, you can do anything and everything - Thou Art God to quote Heinlein. This is true of every OS. Except if you add that nice little TCPA bugger which can verify the kernel image you're running is the right and approved one. Q.E.D. Look at the XBox hacks for ideas as to why it's not a trival issue, but even so, one James Bond like buffer overflow in something everyone will have marked as trusted (say IE 8.0, or a specially crafted Word 2005 macro), and the 3v1l h4x0r party is back on and you iz ownz0red once more. It's not enough to fear Microsoft, you must learn to love it. Give us 2 minutes of hate for Linux now brother! ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_@_sunder_._net_------- http://www.sunder.net ------------ On Tue, 10 Jun 2003, Rich Salz wrote:
But if the system is rooted, then the attacker merely has to find the "today's secret word" entry in the registry and do the same thing. Unless Windows is planning on getting real kernel-level kinds of protection.
It was none other than Microsoft's NGSCB, nee Palladium. See http://news.com.com/2100-1012_3-1000584.html?tag=fd_top:
See previous sentence. :)