I interpreted that remark to mean “There are more things in Heaven and
Earth than are dreamt of in your philosophy”. That is, if you have gaping
secutity holes, and you blithely ignore most of them while focusing on one
little hole, you miss the Big Picture.
I have used the image below to show this.
You have an important secret. So you build a wall, put macine-gun turrets
every 50 feet, dig a moat, cover the space between the moat and the wall
with anti-personnel barbed wire, equip your guards with infrared vision
devices, and have radar, heat sensors, etc protecting the approches.
That’s great, for defending against anyone who is approaching from that
direction.
But if you secret iis kept in a cardboard box, in a tent behind the wall,
and the wall is only a single wall, then there are three unprotected sides
by which someone can approach, and a Swiss Army Knife is sufficient to
capture the secret.
Think of the Maginot Line. google it if you are unfamiliar with the term.
Also, look up “Potemkin village”. I found in my security consulting that
this is the other approach. Show management lots of code, and explain how
effective each piece is. But they are superficial solutions to deep
problems. ACLs were designed to cover a lot of security scenarios, but I
was told, “They’re too complicated, and nobody here understands them, but
we DO understand how THIS code solves ONE problem, so it’s good enough”.
There were a few times where it took me more than ten minutes to figure
out how to bypass their kludge, and one case where I took two weeks’ worth
of thinking before I emailed the workaround, but in all cases, ACLs and
suitably limited login acounts would have been a cheaper and more
effective solution.
ActiveVirus (aka ActiveX by those unwilling to admit how bad it is for
security) remains the most effective vector, and can usually have its
potential for damage considably reduced by proper use of ACLs.
So before you start asking how to disable a global hook, you should first
explain why proper use of the existing security mechanisms cannot do the
job.
joe
>Giving users lots of freedom in the first place and then trying to make
it more secure by glossing over Windows internals to make it more secure
is like trying to plug a sieve one hole at a time."If you claim that “open source OS” is inherently more secure than Windows,
you don’t really know neither of them.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer