Will Vista be the
The digital copyright protection feature within the new Windows operating system can allow hackers to easily tie up anti-virus applications, preventing them from executing their malware removal.
In a presentation at the Annual Virus News Conference taking place in Montreal, Canada, expert Aleksander Czarnowski of security firm AVET warned that Vista's Digital Copyright Protection (DRM) feature might be beneficial to hackers. used to protect . rootkits and malicious scripts.
Source: CNET When this feature is activated, it will create a "protected program" like a larva. "Larva" can run in parallel, simultaneously with other programs inside a multitask operating system like Windows.
While normal programs can be controlled by a "mother" program (a parent program is a high-priority process, or created by an admin user), "larva" is like a snail. island, isolated with the whole system. The interaction of "larvae" with normal programs is limited to the maximum.
For example, a program will often not be able to send thread to "larvae", nor will it be able to access the virtual memory that the "larva" is using.
These restrictions serve effectively for digital rights management, because it strictly controls the activities of accessing and distributing media content. But the downside is to create an ideal environment for malware hiding, challenging external antivirus software.
Even admin privileges do not interfere with larval processes. Antivirus software will not be able to analyze changes within the system from which to detect traces of malware.
For example, if a destructive software can control the "larvae" process, it will be able to use larvae to modify memory addresses and "invisible" all these changes in Eye security software. Although running in parallel in the same computer environment, virus scanning tools still need to be "bundled".
" I think they have not anticipated the consequences of giving this feature to the wrong hands ," Czarnowski warned. "The larval process is a weapon, and like all weapons, it can be used for both good and bad purposes."
The Microsoft hasn't released any comments yet, but it seems that the company already knows about this risk. Czarnowski claims he has not recorded any case of trying to take advantage of the mechanism to protect the "larvae" mentioned above.
In addition, Czarnowski predicts that PatchGuard's Vista system protection technology will become a big target for the hacker community to bombard. " Techniques for breaking kernel protection barriers can be shared publicly in the first year of Vista release, sometimes even earlier ."
Trong Cam
- Join Vista with Vista Smoke Pro
- Is Windows Vista really safe?
- Vista will modify according to European requirements
- Windows Vista computer
- Welcome Vista with malware
- Vista ready to play game?
- Windows Vista: Return to Windows XP
- Microsoft officially released Windows Vista RC1
- Microsoft fixed a series of bugs for Vista
- This year there will be a beta version of Vista SP1
- Malware will adapt to Vista very quickly
- Antivirus software for Vista is not secure