Re: The Kernal Is A Huge Security Whole In Windows
From: Miha Pihler (miha-news_at_atlantis.si)
Date: 07/15/04
- Next message: Miha Pihler: "Re: How Can Programs Auto-Run When Windows Starts?"
- Previous message: Lanwench [MVP - Exchange]: "Re: Self Resolved"
- In reply to: CHANGE USERNAME TO westes: "The Kernal Is A Huge Security Whole In Windows"
- Next in thread: CHANGE USERNAME TO westes: "Re: The Kernal Is A Huge Security Whole In Windows"
- Reply: CHANGE USERNAME TO westes: "Re: The Kernal Is A Huge Security Whole In Windows"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 15 Jul 2004 19:41:33 +0200
Hi,
critical system files are digitally signed and system checks for this
signature. If you replace these files with new one that is not digitally
signed system will restore it from e.g. dllcache
(%systemroot%/system32/dllcache). If it cannot restore it it will ask for
installation CD. Same thing happens if you change anything in any of these
files -- you invalidate digital signature.
You can check digital signatures on files by running "sigverif"...
Also all patches and all service packs are digitally signed.
I can't say that for system drivers, but that's up on vendors... You can see
amount of processor used by Kernel if you open Task Manager and click on
Performance Tab > View > Show Kernel Times. You can also check some
additional settings by clicking on Processes Tab > View > Select Columns.
I hope this helps,
Mike
"CHANGE USERNAME TO westes" <DELETE_westes@earthbroadcast.com> wrote in
message news:eflHw7oaEHA.2840@TK2MSFTNGP11.phx.gbl...
> I'm starting to believe that the largest, and most dangerous, security
hole
> in Windows 2000 is the kernel itself. All a virus needs to do is
replace
> a key system file that will load into the kernel, or alternately install
as
> a device driver, and it can hide its behavior to the system. As far as
I
> can tell, there are no utilities that let me see how much CPU, disk, or
> network activity is performed by any component of the Windows 2000 kernel.
>
> On one of my user's machines, her CPU goes to 100% as soon as she starts
up.
> We have stopped every single service and application on her machine, and
it
> doesn't change anything. Is this a virus? Is it a badly written device
> driver? Is some hardware generating interrupts that overwhelm the device
> driver? How can we know?
>
> As far as I can tell, there is nothing left to do here but re-install,
which
> risks that the entire sequence may happen yet again. If Microsoft
values
> security, this is a huge back door that they cannot allow to remain.
>
> --
> Will
> westes AT earthbroadcast.com
>
>
- Next message: Miha Pihler: "Re: How Can Programs Auto-Run When Windows Starts?"
- Previous message: Lanwench [MVP - Exchange]: "Re: Self Resolved"
- In reply to: CHANGE USERNAME TO westes: "The Kernal Is A Huge Security Whole In Windows"
- Next in thread: CHANGE USERNAME TO westes: "Re: The Kernal Is A Huge Security Whole In Windows"
- Reply: CHANGE USERNAME TO westes: "Re: The Kernal Is A Huge Security Whole In Windows"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
