Keylogers

[Mike Acker]

On 14:59, MichaelQuigley at TheWay.Org wrote:
> "In a properly secured O/S an application program can't do any damage"
>
> No damage, yes.  *But additional alterations can happen*.  Software
> installations alter the base O/S--especially the Windows registry.
>  Keep in mind things such as Anti-virus software need to put in hooks
> to intercept normal/original processing to test files/programs.
>
> I've wondered how this same subject works with application whitelisting.
>
> Also, I believe device drivers still run in RING0 on Windows.
>  Although I haven't heard/checked whether that's still true in Windows 7.

yep. when i was working OS/MVT I used to hate people who wanted to
install an SVC. 

and so it is with Win7: if your app needs to modify the O/S then your
app has to be vetted just as though it was the O/S.  because when it
"hooks in" -- it has to be treated that way.

obviously you would not want to allow any and every app program to do
that... if you did you'd have a mess on your hands. Don't we?

I have always felt the registry should be for the O/S use only.  App
Programs should use their own .ini files.

one of the things we have failed to recognize is that the computers for
hobbyists, experimenters et al are different from the computers for
commercial/network/business applications.

-- 
/MIKE

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110429/f1140277/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110429/f1140277/attachment.pgp>