KPEB

Don Burn said that a few years ago BillG in a speech ripped apart the
antivirus vendors since they accounted for a large percentage of the crashes
of Windows. The theory is probably that they use too many undocumented
system call hooks but in reality it’s because they need to install too many
filters drivers installed which all have to behave well.

/Daniel

“Dan Partelly” wrote in message news:xxxxx@ntdev…
>I dont get it. What have a AV package in common with good coding practices
>?
> Dan
>
>
>
> ----- Original Message -----
> From: “Daniel Terhell”
> Newsgroups: ntdev
> To: “Windows System Software Devs Interest List”
> Sent: Tuesday, January 18, 2005 6:09 PM
> Subject: Re:[ntdev] Re:KPEB
>
>
>> Sorry, didn’t want to hurt any toes. It was just a product launch, not a
>> rocket launch so he is probably forigiven. What I wanted to point out is
>> only that Microsoft antivirus for Windows is/was blatantly missing from
>> their software park.
>>
>> Regards,
>>
>> Daniel
>>
>>
>> “Jamey Kirby” wrote in message news:xxxxx@ntdev…
>>> Courage!!! I suspect Bill Gates has far more courage that you will ever
>>> have.
>>>
>>> I also doubt you have ever had a blue screen in your code; we wish we
>>> could
>>> all be so perfect and courageous; NOT!
>>>
>>> Jamey
>>>
>>>
>>> -----Original Message-----
>>> From: xxxxx@lists.osr.com
>>> [mailto:xxxxx@lists.osr.com] On Behalf Of Daniel Terhell
>>> Sent: Tuesday, January 18, 2005 10:51 AM
>>> To: Windows System Software Devs Interest List
>>> Subject: Re:[ntdev] Re:KPEB
>>>
>>> Fact is that Bill Gates cannot even to produce an XBox presentation
>>> without
>>> bluescreening. As far as he wants to blame antivirus vendors for this,
>>> we
>>> know that at least he does know better. Until recently he did not even
>>> have
>>> the courage to produce any antivirus solution himself (at least after
>>> MSAV
>>> for Dos), it is easy to blame on the others who have done the dirty
>>> work
>>> for him. If Microsoft wants to get serious about security they should
>>> get
>>> serious about their own reponsability and that includes providing good
>>> APIs
>>> for developers.
>>>
>>> Greetings,
>>>
>>> Daniel Terhell
>>> Resplendence Software Projects Sp
>>> xxxxx@resplendence.com
>>> http://www.resplendence.com
>>>
>>>
>>>
>>> “Don Burn” wrote in message news:xxxxx@ntdev…
>>>> The API’'s have been there a long time, since it was years ago that
>>>> RegMon
>>>> switched to them. I agree that Microsoft needs to document them
>>>> properly.
>>>> I have checked a number of antivirus tools and most don’t hook, nor do
>>>> the
>>>> majority of the monitoring tools. Debugging tools are a special case,
>>>> this
>>>> list had a discussion a while back about IrpTracker as an example of
>>>> something that a developer has to realize can help but has risks.
>>>>
>>>> The reason I hate hooking and other bad practices is that I come from a
>>>> fault tolerant background. I am part of a team trying to bring fault
>>>> tolerance and reliability to Windows. Now having looked at the kernel
>>>> sources, Windows has come a long way in the last 7 years and is a
>>>> robust
>>>> system. What hasn’t come along is the improvement in 3rd party
>>>> drivers.
>>>> A
>>>> few years ago BillG in a speech ripped apart the antivirus vendors
>>>> since
>>>> they accounted for a large percentage of the crashes of Windows. I
>>>> believe
>>>> that AV has reduced the percentage, but from what I can tell AV and
>>>> security
>>>> are still a major reason Windows crashed.
>>>>
>>>> If you believe there is a real problem that Microsoft is not
>>>> addressing,
>>>> ask
>>>> them. They have been highly respectful of input as of late. No, I
>>>> don’t
>>>> expect they will turn on a dime and add all the feature we want, but
>>>> they
>>>> will listen and perhaps suggest a better way or offer a fix.
>>>>
>>>> There is a perception in the marketplace that Windows is buggy and
>>>> crashes
>>>> all the time and a an alternate OS is robust and reliable. I’ve gone
>>>> through the kernels of both and I know I would trust Windows over the
>>>> alternate. I also know that the last time I checked driver guru’s for
>>>> the
>>>> alternate were getting a heck of a lot less for a consult that
>>>> developers
>>>> for Windows. If we want long term to keep programming Windows we all
>>>> have
>>>> to make an effort to make it more reliable, and that means cutting out
>>>> the
>>>> hacks.
>>>>
>>>>
>>>> –
>>>> Don Burn (MVP, Windows DDK)
>>>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>>>> Remove StopSpam from the email to reply
>>>>
>>>> “Daniel Terhell” wrote in message
>>>> news:xxxxx@ntdev…
>>>>> This registry monitor api is I think still unofficial, only for the
>>>>> latest
>>>>> OSes, not part of the latest DDK. For a lot of the situations that
>>>>> developers do hooking the reason is that an acceptable solution still
>>>>> does
>>>>> not exist. If you get serious about your boycot you might find that
>>>> includes
>>>>> most of the antivirus, monitoring and debugging tool vendors. This
>>>>> world
>>>> has
>>>>> real problems but for many real solutions do not exist. If this is
>>>>> because
>>>>> the tools to develop them are lacking I think this religion is not
>>>> something
>>>>> we should embraced.
>>>>>
>>>>> Regards,
>>>>>
>>>>> Daniel Terhell
>>>>> Resplendence Software Projects Sp
>>>>> xxxxx@resplendence.com
>>>>> http://www.resplendence.com
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>> —
>>> Questions? First check the Kernel Driver FAQ at
>>> http://www.osronline.com/article.cfm?id=256
>>>
>>> You are currently subscribed to ntdev as: xxxxx@tfb.com
>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>>
>>> NOD32 1.974 (20050117) Information
>>>
>>> This message was checked by NOD32 antivirus system.
>>> http://www.nod32.com
>>>
>>>
>>>
>>
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

> Maqts,

You forgot to mention the cost, all the broken bones, required for
Rothwell
to reach the preeminence he currently has. I believe Evil Kneivel managed
to
break every bone in his body at least once.

Ehm, yes, getting the experience to that level on anything will involve
some pain (physical and/or mental), just like getting to know how to do the
“Sysinternals” stuff without breaking too many rules. However, I think the
“Evil” man was a little bit more dare-devil and less “sane” than Gary
Rothwell. Different type of stunts. Gary will do lots of things like riding
on one wheel (either front or rear), burnouts and “bunny-hops” [which means
using center of gravity and rotation to lift the entire bike of the ground
without any ramps or other mechanical aids]. Quite impressive, but not as
dangerous as what Evil did, and thus fewer broken bones.

Enough off-topic tho’.

–
Mats

Actually I think it has more to do with quality and AV products. Qualtiy
such as not having to uninstall Symantec’s AV so you can install such things
as Visual Studio .NET, or an Embroidery suite for my wife’s sewing. Or
having your entire system crash requiring a format and reinstall when you
use GHOST because Symantec didn’t have the concept of quality or testing
before they released it. Quality such that you will slap a warranty on the
box because you know your product works and you will support it when it
doesn’t instead of charging per call for customers to report bugs; e.g.
Symantec, again.

–
The personal opinion of
Gary G. Little

“Daniel Terhell” wrote in message
news:xxxxx@ntdev…
> Don Burn said that a few years ago BillG in a speech ripped apart the
> antivirus vendors since they accounted for a large percentage of the
crashes
> of Windows. The theory is probably that they use too many undocumented
> system call hooks but in reality it’s because they need to install too
many
> filters drivers installed which all have to behave well.
>
> /Daniel
>
>
>
>
> “Dan Partelly” wrote in message
news:xxxxx@ntdev…
> >I dont get it. What have a AV package in common with good coding
practices
> >?
> > Dan
> >
> >
> >
> > ----- Original Message -----
> > From: “Daniel Terhell”
> > Newsgroups: ntdev
> > To: “Windows System Software Devs Interest List”
> > Sent: Tuesday, January 18, 2005 6:09 PM
> > Subject: Re:[ntdev] Re:KPEB
> >
> >
> >> Sorry, didn’t want to hurt any toes. It was just a product launch, not
a
> >> rocket launch so he is probably forigiven. What I wanted to point out
is
> >> only that Microsoft antivirus for Windows is/was blatantly missing from
> >> their software park.
> >>
> >> Regards,
> >>
> >> Daniel
> >>
> >>
> >> “Jamey Kirby” wrote in message news:xxxxx@ntdev…
> >>> Courage!!! I suspect Bill Gates has far more courage that you will
ever
> >>> have.
> >>>
> >>> I also doubt you have ever had a blue screen in your code; we wish we
> >>> could
> >>> all be so perfect and courageous; NOT!
> >>>
> >>> Jamey
> >>>
> >>>
> >>> -----Original Message-----
> >>> From: xxxxx@lists.osr.com
> >>> [mailto:xxxxx@lists.osr.com] On Behalf Of Daniel Terhell
> >>> Sent: Tuesday, January 18, 2005 10:51 AM
> >>> To: Windows System Software Devs Interest List
> >>> Subject: Re:[ntdev] Re:KPEB
> >>>
> >>> Fact is that Bill Gates cannot even to produce an XBox presentation
> >>> without
> >>> bluescreening. As far as he wants to blame antivirus vendors for this,
> >>> we
> >>> know that at least he does know better. Until recently he did not even
> >>> have
> >>> the courage to produce any antivirus solution himself (at least after
> >>> MSAV
> >>> for Dos), it is easy to blame on the others who have done the dirty
> >>> work
> >>> for him. If Microsoft wants to get serious about security they should
> >>> get
> >>> serious about their own reponsability and that includes providing good
> >>> APIs
> >>> for developers.
> >>>
> >>> Greetings,
> >>>
> >>> Daniel Terhell
> >>> Resplendence Software Projects Sp
> >>> xxxxx@resplendence.com
> >>> http://www.resplendence.com
> >>>
> >>>
> >>>
> >>> “Don Burn” wrote in message news:xxxxx@ntdev…
> >>>> The API’'s have been there a long time, since it was years ago that
> >>>> RegMon
> >>>> switched to them. I agree that Microsoft needs to document them
> >>>> properly.
> >>>> I have checked a number of antivirus tools and most don’t hook, nor
do
> >>>> the
> >>>> majority of the monitoring tools. Debugging tools are a special
case,
> >>>> this
> >>>> list had a discussion a while back about IrpTracker as an example of
> >>>> something that a developer has to realize can help but has risks.
> >>>>
> >>>> The reason I hate hooking and other bad practices is that I come from
a
> >>>> fault tolerant background. I am part of a team trying to bring fault
> >>>> tolerance and reliability to Windows. Now having looked at the
kernel
> >>>> sources, Windows has come a long way in the last 7 years and is a
> >>>> robust
> >>>> system. What hasn’t come along is the improvement in 3rd party
> >>>> drivers.
> >>>> A
> >>>> few years ago BillG in a speech ripped apart the antivirus vendors
> >>>> since
> >>>> they accounted for a large percentage of the crashes of Windows. I
> >>>> believe
> >>>> that AV has reduced the percentage, but from what I can tell AV and
> >>>> security
> >>>> are still a major reason Windows crashed.
> >>>>
> >>>> If you believe there is a real problem that Microsoft is not
> >>>> addressing,
> >>>> ask
> >>>> them. They have been highly respectful of input as of late. No, I
> >>>> don’t
> >>>> expect they will turn on a dime and add all the feature we want, but
> >>>> they
> >>>> will listen and perhaps suggest a better way or offer a fix.
> >>>>
> >>>> There is a perception in the marketplace that Windows is buggy and
> >>>> crashes
> >>>> all the time and a an alternate OS is robust and reliable. I’ve gone
> >>>> through the kernels of both and I know I would trust Windows over the
> >>>> alternate. I also know that the last time I checked driver guru’s
for
> >>>> the
> >>>> alternate were getting a heck of a lot less for a consult that
> >>>> developers
> >>>> for Windows. If we want long term to keep programming Windows we all
> >>>> have
> >>>> to make an effort to make it more reliable, and that means cutting
out
> >>>> the
> >>>> hacks.
> >>>>
> >>>>
> >>>> –
> >>>> Don Burn (MVP, Windows DDK)
> >>>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> >>>> Remove StopSpam from the email to reply
> >>>>
> >>>> “Daniel Terhell” wrote in message
> >>>> news:xxxxx@ntdev…
> >>>>> This registry monitor api is I think still unofficial, only for the
> >>>>> latest
> >>>>> OSes, not part of the latest DDK. For a lot of the situations that
> >>>>> developers do hooking the reason is that an acceptable solution
still
> >>>>> does
> >>>>> not exist. If you get serious about your boycot you might find that
> >>>> includes
> >>>>> most of the antivirus, monitoring and debugging tool vendors. This
> >>>>> world
> >>>> has
> >>>>> real problems but for many real solutions do not exist. If this is
> >>>>> because
> >>>>> the tools to develop them are lacking I think this religion is not
> >>>> something
> >>>>> we should embraced.
> >>>>>
> >>>>> Regards,
> >>>>>
> >>>>> Daniel Terhell
> >>>>> Resplendence Software Projects Sp
> >>>>> xxxxx@resplendence.com
> >>>>> http://www.resplendence.com
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>> —
> >>> Questions? First check the Kernel Driver FAQ at
> >>> http://www.osronline.com/article.cfm?id=256
> >>>
> >>> You are currently subscribed to ntdev as: xxxxx@tfb.com
> >>> To unsubscribe send a blank email to xxxxx@lists.osr.com
> >>>
> >>> NOD32 1.974 (20050117) Information
> >>>
> >>> This message was checked by NOD32 antivirus system.
> >>> http://www.nod32.com
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >> —
> >> Questions? First check the Kernel Driver FAQ at
> >> http://www.osronline.com/article.cfm?id=256
> >>
> >> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> >> To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
>
>
>

Once again, I am going to move this subject off-topic, but you all have got
to see this!!!

Who knew Bill was such a heart throb

http://slashdot.org/article.pl?sid=05/01/18/1510248&tid=133&tid=109

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Daniel Terhell
Sent: Tuesday, January 18, 2005 11:54 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Re:Re:KPEB

Don Burn said that a few years ago BillG in a speech ripped apart the
antivirus vendors since they accounted for a large percentage of the crashes

of Windows. The theory is probably that they use too many undocumented
system call hooks but in reality it’s because they need to install too many
filters drivers installed which all have to behave well.

/Daniel

“Dan Partelly” wrote in message news:xxxxx@ntdev…
>I dont get it. What have a AV package in common with good coding practices

>?
> Dan
>
>
>
> ----- Original Message -----
> From: “Daniel Terhell”
> Newsgroups: ntdev
> To: “Windows System Software Devs Interest List”
> Sent: Tuesday, January 18, 2005 6:09 PM
> Subject: Re:[ntdev] Re:KPEB
>
>
>> Sorry, didn’t want to hurt any toes. It was just a product launch, not a
>> rocket launch so he is probably forigiven. What I wanted to point out is
>> only that Microsoft antivirus for Windows is/was blatantly missing from
>> their software park.
>>
>> Regards,
>>
>> Daniel
>>
>>
>> “Jamey Kirby” wrote in message news:xxxxx@ntdev…
>>> Courage!!! I suspect Bill Gates has far more courage that you will ever
>>> have.
>>>
>>> I also doubt you have ever had a blue screen in your code; we wish we
>>> could
>>> all be so perfect and courageous; NOT!
>>>
>>> Jamey
>>>
>>>
>>> -----Original Message-----
>>> From: xxxxx@lists.osr.com
>>> [mailto:xxxxx@lists.osr.com] On Behalf Of Daniel Terhell
>>> Sent: Tuesday, January 18, 2005 10:51 AM
>>> To: Windows System Software Devs Interest List
>>> Subject: Re:[ntdev] Re:KPEB
>>>
>>> Fact is that Bill Gates cannot even to produce an XBox presentation
>>> without
>>> bluescreening. As far as he wants to blame antivirus vendors for this,
>>> we
>>> know that at least he does know better. Until recently he did not even
>>> have
>>> the courage to produce any antivirus solution himself (at least after
>>> MSAV
>>> for Dos), it is easy to blame on the others who have done the dirty
>>> work
>>> for him. If Microsoft wants to get serious about security they should
>>> get
>>> serious about their own reponsability and that includes providing good
>>> APIs
>>> for developers.
>>>
>>> Greetings,
>>>
>>> Daniel Terhell
>>> Resplendence Software Projects Sp
>>> xxxxx@resplendence.com
>>> http://www.resplendence.com
>>>
>>>
>>>
>>> “Don Burn” wrote in message news:xxxxx@ntdev…
>>>> The API’'s have been there a long time, since it was years ago that
>>>> RegMon
>>>> switched to them. I agree that Microsoft needs to document them
>>>> properly.
>>>> I have checked a number of antivirus tools and most don’t hook, nor do
>>>> the
>>>> majority of the monitoring tools. Debugging tools are a special case,
>>>> this
>>>> list had a discussion a while back about IrpTracker as an example of
>>>> something that a developer has to realize can help but has risks.
>>>>
>>>> The reason I hate hooking and other bad practices is that I come from a
>>>> fault tolerant background. I am part of a team trying to bring fault
>>>> tolerance and reliability to Windows. Now having looked at the kernel
>>>> sources, Windows has come a long way in the last 7 years and is a
>>>> robust
>>>> system. What hasn’t come along is the improvement in 3rd party
>>>> drivers.
>>>> A
>>>> few years ago BillG in a speech ripped apart the antivirus vendors
>>>> since
>>>> they accounted for a large percentage of the crashes of Windows. I
>>>> believe
>>>> that AV has reduced the percentage, but from what I can tell AV and
>>>> security
>>>> are still a major reason Windows crashed.
>>>>
>>>> If you believe there is a real problem that Microsoft is not
>>>> addressing,
>>>> ask
>>>> them. They have been highly respectful of input as of late. No, I
>>>> don’t
>>>> expect they will turn on a dime and add all the feature we want, but
>>>> they
>>>> will listen and perhaps suggest a better way or offer a fix.
>>>>
>>>> There is a perception in the marketplace that Windows is buggy and
>>>> crashes
>>>> all the time and a an alternate OS is robust and reliable. I’ve gone
>>>> through the kernels of both and I know I would trust Windows over the
>>>> alternate. I also know that the last time I checked driver guru’s for
>>>> the
>>>> alternate were getting a heck of a lot less for a consult that
>>>> developers
>>>> for Windows. If we want long term to keep programming Windows we all
>>>> have
>>>> to make an effort to make it more reliable, and that means cutting out
>>>> the
>>>> hacks.
>>>>
>>>>
>>>> –
>>>> Don Burn (MVP, Windows DDK)
>>>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>>>> Remove StopSpam from the email to reply
>>>>
>>>> “Daniel Terhell” wrote in message
>>>> news:xxxxx@ntdev…
>>>>> This registry monitor api is I think still unofficial, only for the
>>>>> latest
>>>>> OSes, not part of the latest DDK. For a lot of the situations that
>>>>> developers do hooking the reason is that an acceptable solution still
>>>>> does
>>>>> not exist. If you get serious about your boycot you might find that
>>>> includes
>>>>> most of the antivirus, monitoring and debugging tool vendors. This
>>>>> world
>>>> has
>>>>> real problems but for many real solutions do not exist. If this is
>>>>> because
>>>>> the tools to develop them are lacking I think this religion is not
>>>> something
>>>>> we should embraced.
>>>>>
>>>>> Regards,
>>>>>
>>>>> Daniel Terhell
>>>>> Resplendence Software Projects Sp
>>>>> xxxxx@resplendence.com
>>>>> http://www.resplendence.com
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>> —
>>> Questions? First check the Kernel Driver FAQ at
>>> http://www.osronline.com/article.cfm?id=256
>>>
>>> You are currently subscribed to ntdev as: xxxxx@tfb.com
>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>>
>>> NOD32 1.974 (20050117) Information
>>>
>>> This message was checked by NOD32 antivirus system.
>>> http://www.nod32.com
>>>
>>>
>>>
>>
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@tfb.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

NOD32 1.974 (20050117) Information

This message was checked by NOD32 antivirus system.
http://www.nod32.com

Correct, but issuing software which relies on hooking worsens the Windows
platform and not improves it.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Daniel Terhell”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Tuesday, January 18, 2005 6:50 PM
Subject: Re:[ntdev] Re:KPEB

> Fact is that Bill Gates cannot even to produce an XBox presentation without
> bluescreening. As far as he wants to blame antivirus vendors for this, we
> know that at least he does know better. Until recently he did not even have
> the courage to produce any antivirus solution himself (at least after MSAV
> for Dos), it is easy to blame on the others who have done the dirty work
> for him. If Microsoft wants to get serious about security they should get
> serious about their own reponsability and that includes providing good APIs
> for developers.
>
> Greetings,
>
> Daniel Terhell
> Resplendence Software Projects Sp
> xxxxx@resplendence.com
> http://www.resplendence.com
>
>
>
> “Don Burn” wrote in message news:xxxxx@ntdev…
> > The API’'s have been there a long time, since it was years ago that RegMon
> > switched to them. I agree that Microsoft needs to document them properly.
> > I have checked a number of antivirus tools and most don’t hook, nor do the
> > majority of the monitoring tools. Debugging tools are a special case,
> > this
> > list had a discussion a while back about IrpTracker as an example of
> > something that a developer has to realize can help but has risks.
> >
> > The reason I hate hooking and other bad practices is that I come from a
> > fault tolerant background. I am part of a team trying to bring fault
> > tolerance and reliability to Windows. Now having looked at the kernel
> > sources, Windows has come a long way in the last 7 years and is a robust
> > system. What hasn’t come along is the improvement in 3rd party drivers.
> > A
> > few years ago BillG in a speech ripped apart the antivirus vendors since
> > they accounted for a large percentage of the crashes of Windows. I
> > believe
> > that AV has reduced the percentage, but from what I can tell AV and
> > security
> > are still a major reason Windows crashed.
> >
> > If you believe there is a real problem that Microsoft is not addressing,
> > ask
> > them. They have been highly respectful of input as of late. No, I don’t
> > expect they will turn on a dime and add all the feature we want, but they
> > will listen and perhaps suggest a better way or offer a fix.
> >
> > There is a perception in the marketplace that Windows is buggy and crashes
> > all the time and a an alternate OS is robust and reliable. I’ve gone
> > through the kernels of both and I know I would trust Windows over the
> > alternate. I also know that the last time I checked driver guru’s for the
> > alternate were getting a heck of a lot less for a consult that developers
> > for Windows. If we want long term to keep programming Windows we all have
> > to make an effort to make it more reliable, and that means cutting out the
> > hacks.
> >
> >
> > –
> > Don Burn (MVP, Windows DDK)
> > Windows 2k/XP/2k3 Filesystem and Driver Consulting
> > Remove StopSpam from the email to reply
> >
> > “Daniel Terhell” wrote in message
> > news:xxxxx@ntdev…
> >> This registry monitor api is I think still unofficial, only for the
> >> latest
> >> OSes, not part of the latest DDK. For a lot of the situations that
> >> developers do hooking the reason is that an acceptable solution still
> >> does
> >> not exist. If you get serious about your boycot you might find that
> > includes
> >> most of the antivirus, monitoring and debugging tool vendors. This world
> > has
> >> real problems but for many real solutions do not exist. If this is
> >> because
> >> the tools to develop them are lacking I think this religion is not
> > something
> >> we should embraced.
> >>
> >> Regards,
> >>
> >> Daniel Terhell
> >> Resplendence Software Projects Sp
> >> xxxxx@resplendence.com
> >> http://www.resplendence.com
> >>
> >>
> >
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

At least one major AV vendor (will withhold its name) - have hooks in most
critical parts of the OS. Surely it decreases the stability. Surely, if you’re
100% sure you will never have any virus :), Windows is more stable without this
product.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Daniel Terhell”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Tuesday, January 18, 2005 7:54 PM
Subject: Re:[ntdev] Re:Re:KPEB

> Don Burn said that a few years ago BillG in a speech ripped apart the
> antivirus vendors since they accounted for a large percentage of the crashes
> of Windows. The theory is probably that they use too many undocumented
> system call hooks but in reality it’s because they need to install too many
> filters drivers installed which all have to behave well.
>
> /Daniel
>
>
>
>
> “Dan Partelly” wrote in message news:xxxxx@ntdev…
> >I dont get it. What have a AV package in common with good coding practices
> >?
> > Dan
> >
> >
> >
> > ----- Original Message -----
> > From: “Daniel Terhell”
> > Newsgroups: ntdev
> > To: “Windows System Software Devs Interest List”
> > Sent: Tuesday, January 18, 2005 6:09 PM
> > Subject: Re:[ntdev] Re:KPEB
> >
> >
> >> Sorry, didn’t want to hurt any toes. It was just a product launch, not a
> >> rocket launch so he is probably forigiven. What I wanted to point out is
> >> only that Microsoft antivirus for Windows is/was blatantly missing from
> >> their software park.
> >>
> >> Regards,
> >>
> >> Daniel
> >>
> >>
> >> “Jamey Kirby” wrote in message news:xxxxx@ntdev…
> >>> Courage!!! I suspect Bill Gates has far more courage that you will ever
> >>> have.
> >>>
> >>> I also doubt you have ever had a blue screen in your code; we wish we
> >>> could
> >>> all be so perfect and courageous; NOT!
> >>>
> >>> Jamey
> >>>
> >>>
> >>> -----Original Message-----
> >>> From: xxxxx@lists.osr.com
> >>> [mailto:xxxxx@lists.osr.com] On Behalf Of Daniel Terhell
> >>> Sent: Tuesday, January 18, 2005 10:51 AM
> >>> To: Windows System Software Devs Interest List
> >>> Subject: Re:[ntdev] Re:KPEB
> >>>
> >>> Fact is that Bill Gates cannot even to produce an XBox presentation
> >>> without
> >>> bluescreening. As far as he wants to blame antivirus vendors for this,
> >>> we
> >>> know that at least he does know better. Until recently he did not even
> >>> have
> >>> the courage to produce any antivirus solution himself (at least after
> >>> MSAV
> >>> for Dos), it is easy to blame on the others who have done the dirty
> >>> work
> >>> for him. If Microsoft wants to get serious about security they should
> >>> get
> >>> serious about their own reponsability and that includes providing good
> >>> APIs
> >>> for developers.
> >>>
> >>> Greetings,
> >>>
> >>> Daniel Terhell
> >>> Resplendence Software Projects Sp
> >>> xxxxx@resplendence.com
> >>> http://www.resplendence.com
> >>>
> >>>
> >>>
> >>> “Don Burn” wrote in message news:xxxxx@ntdev…
> >>>> The API’'s have been there a long time, since it was years ago that
> >>>> RegMon
> >>>> switched to them. I agree that Microsoft needs to document them
> >>>> properly.
> >>>> I have checked a number of antivirus tools and most don’t hook, nor do
> >>>> the
> >>>> majority of the monitoring tools. Debugging tools are a special case,
> >>>> this
> >>>> list had a discussion a while back about IrpTracker as an example of
> >>>> something that a developer has to realize can help but has risks.
> >>>>
> >>>> The reason I hate hooking and other bad practices is that I come from a
> >>>> fault tolerant background. I am part of a team trying to bring fault
> >>>> tolerance and reliability to Windows. Now having looked at the kernel
> >>>> sources, Windows has come a long way in the last 7 years and is a
> >>>> robust
> >>>> system. What hasn’t come along is the improvement in 3rd party
> >>>> drivers.
> >>>> A
> >>>> few years ago BillG in a speech ripped apart the antivirus vendors
> >>>> since
> >>>> they accounted for a large percentage of the crashes of Windows. I
> >>>> believe
> >>>> that AV has reduced the percentage, but from what I can tell AV and
> >>>> security
> >>>> are still a major reason Windows crashed.
> >>>>
> >>>> If you believe there is a real problem that Microsoft is not
> >>>> addressing,
> >>>> ask
> >>>> them. They have been highly respectful of input as of late. No, I
> >>>> don’t
> >>>> expect they will turn on a dime and add all the feature we want, but
> >>>> they
> >>>> will listen and perhaps suggest a better way or offer a fix.
> >>>>
> >>>> There is a perception in the marketplace that Windows is buggy and
> >>>> crashes
> >>>> all the time and a an alternate OS is robust and reliable. I’ve gone
> >>>> through the kernels of both and I know I would trust Windows over the
> >>>> alternate. I also know that the last time I checked driver guru’s for
> >>>> the
> >>>> alternate were getting a heck of a lot less for a consult that
> >>>> developers
> >>>> for Windows. If we want long term to keep programming Windows we all
> >>>> have
> >>>> to make an effort to make it more reliable, and that means cutting out
> >>>> the
> >>>> hacks.
> >>>>
> >>>>
> >>>> –
> >>>> Don Burn (MVP, Windows DDK)
> >>>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> >>>> Remove StopSpam from the email to reply
> >>>>
> >>>> “Daniel Terhell” wrote in message
> >>>> news:xxxxx@ntdev…
> >>>>> This registry monitor api is I think still unofficial, only for the
> >>>>> latest
> >>>>> OSes, not part of the latest DDK. For a lot of the situations that
> >>>>> developers do hooking the reason is that an acceptable solution still
> >>>>> does
> >>>>> not exist. If you get serious about your boycot you might find that
> >>>> includes
> >>>>> most of the antivirus, monitoring and debugging tool vendors. This
> >>>>> world
> >>>> has
> >>>>> real problems but for many real solutions do not exist. If this is
> >>>>> because
> >>>>> the tools to develop them are lacking I think this religion is not
> >>>> something
> >>>>> we should embraced.
> >>>>>
> >>>>> Regards,
> >>>>>
> >>>>> Daniel Terhell
> >>>>> Resplendence Software Projects Sp
> >>>>> xxxxx@resplendence.com
> >>>>> http://www.resplendence.com
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>> —
> >>> Questions? First check the Kernel Driver FAQ at
> >>> http://www.osronline.com/article.cfm?id=256
> >>>
> >>> You are currently subscribed to ntdev as: xxxxx@tfb.com
> >>> To unsubscribe send a blank email to xxxxx@lists.osr.com
> >>>
> >>> NOD32 1.974 (20050117) Information
> >>>
> >>> This message was checked by NOD32 antivirus system.
> >>> http://www.nod32.com
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >> —
> >> Questions? First check the Kernel Driver FAQ at
> >> http://www.osronline.com/article.cfm?id=256
> >>
> >> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> >> To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

Those registry monitoring API’s might have been there for a long time, but
they are broken. So, Microsoft needs to fix them first and document them
next.

Douglas.

-----Original Message-----
From: Don Burn [mailto:xxxxx@acm.org]
Sent: 18 January 2005 15:31
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Re:KPEB

The API’'s have been there a long time, since it was years
ago that RegMon switched to them. I agree that Microsoft
needs to document them properly.
I have checked a number of antivirus tools and most don’t
hook, nor do the majority of the monitoring tools. Debugging
tools are a special case, this list had a discussion a while
back about IrpTracker as an example of something that a
developer has to realize can help but has risks.

The reason I hate hooking and other bad practices is that I
come from a fault tolerant background. I am part of a team
trying to bring fault tolerance and reliability to Windows.
Now having looked at the kernel sources, Windows has come a
long way in the last 7 years and is a robust system. What
hasn’t come along is the improvement in 3rd party drivers. A
few years ago BillG in a speech ripped apart the antivirus
vendors since they accounted for a large percentage of the
crashes of Windows. I believe that AV has reduced the
percentage, but from what I can tell AV and security are
still a major reason Windows crashed.

If you believe there is a real problem that Microsoft is not
addressing, ask them. They have been highly respectful of
input as of late. No, I don’t expect they will turn on a
dime and add all the feature we want, but they will listen
and perhaps suggest a better way or offer a fix.

There is a perception in the marketplace that Windows is
buggy and crashes all the time and a an alternate OS is
robust and reliable. I’ve gone through the kernels of both
and I know I would trust Windows over the alternate. I also
know that the last time I checked driver guru’s for the
alternate were getting a heck of a lot less for a consult
that developers for Windows. If we want long term to keep
programming Windows we all have to make an effort to make it
more reliable, and that means cutting out the hacks.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting Remove
StopSpam from the email to reply

“Daniel Terhell” wrote in message
> news:xxxxx@ntdev…
> > This registry monitor api is I think still unofficial, only for the
> > latest OSes, not part of the latest DDK. For a lot of the
> situations
> > that developers do hooking the reason is that an acceptable
> solution
> > still does not exist. If you get serious about your boycot
> you might
> > find that
> includes
> > most of the antivirus, monitoring and debugging tool vendors. This
> > world
> has
> > real problems but for many real solutions do not exist. If this is
> > because the tools to develop them are lacking I think this
> religion is
> > not
> something
> > we should embraced.
> >
> > Regards,
> >
> > Daniel Terhell
> > Resplendence Software Projects Sp
> > xxxxx@resplendence.com
> > http://www.resplendence.com
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as:
> xxxxx@logicacmg.com To unsubscribe send a blank
> email to xxxxx@lists.osr.com
>

This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

The real reason for the bad reputation is Windows 9x. But to return to that
statistic. Forget the hook theory, it was because Micrososft maintained the
semblance of having a workable file system filter model, while having none.

The design of the Windows file-system/cache/memory manager forgot to
consider the possibility of a stack of filters, the fastio interface was a
fiasco, attaching to removable file systems a hit and miss affair at best.
And multiple filters? Just make your own agreements!

During this time Microsoft chose to maintain a
no-documentation-no-comment-no-ifs-kit policy for years (as those of you who
can remember the old compuserve forum can corroborate) while telling us all
repeatedly that it was just around the corner. Occasionally they would
glibly refer to some technical information leaked out by mistake at some
mythical FS event at the dawn of time, but whoever had that kept it close to
their chest.

So third party AV and security vendors were left to find all of this out for
themselves at their own (often great) cost. Was the time and money left for
testing squeezed a teeny by this? You bet. Did we have driver verifier, HCT,
a decent WinDbg and all that other good stuff? Nope.

The fact that Bill Gates tries to draw fire on third parties is natural
enough. If we present an easy target shouldn’t we expect it. Is Microsoft
complicit in their own reputation here? Absolutely! Its their own silly
fault for being so defensive and secretive, and by assigning the NT
development resources to Windows 95 they compounded their bad reputation
every which way.

But hey, if Bill opens his mouth calls the damn thing '95 out of
embarrassment at earlier delays, just to force the issue with his
developers, then he deserves everything he gets on reliability. Does he not?

Its remains in my opinion truly a wonder that any FS filter ever worked at
all, and where would we be without virus protection and security?

Jack.

PS I figure OSR must have made a killing back then, so I guess it must be th
eir filter code that has all the bugs

“Daniel Terhell” wrote in message
news:xxxxx@ntdev…
> Don Burn said that a few years ago BillG in a speech ripped apart the
> antivirus vendors since they accounted for a large percentage of the
crashes
> of Windows. The theory is probably that they use too many undocumented
> system call hooks but in reality it’s because they need to install too
many
> filters drivers installed which all have to behave well.
>
> /Daniel
>
>
>
>
> “Dan Partelly” wrote in message
news:xxxxx@ntdev…
> >I dont get it. What have a AV package in common with good coding
practices
> >?
> > Dan
> >
> >
> >
> > ----- Original Message -----
> > From: “Daniel Terhell”
> > Newsgroups: ntdev
> > To: “Windows System Software Devs Interest List”
> > Sent: Tuesday, January 18, 2005 6:09 PM
> > Subject: Re:[ntdev] Re:KPEB
> >
> >
> >> Sorry, didn’t want to hurt any toes. It was just a product launch, not
a
> >> rocket launch so he is probably forigiven. What I wanted to point out
is
> >> only that Microsoft antivirus for Windows is/was blatantly missing from
> >> their software park.
> >>
> >> Regards,
> >>
> >> Daniel
> >>
> >>
> >> “Jamey Kirby” wrote in message news:xxxxx@ntdev…
> >>> Courage!!! I suspect Bill Gates has far more courage that you will
ever
> >>> have.
> >>>
> >>> I also doubt you have ever had a blue screen in your code; we wish we
> >>> could
> >>> all be so perfect and courageous; NOT!
> >>>
> >>> Jamey
> >>>
> >>>
> >>> -----Original Message-----
> >>> From: xxxxx@lists.osr.com
> >>> [mailto:xxxxx@lists.osr.com] On Behalf Of Daniel Terhell
> >>> Sent: Tuesday, January 18, 2005 10:51 AM
> >>> To: Windows System Software Devs Interest List
> >>> Subject: Re:[ntdev] Re:KPEB
> >>>
> >>> Fact is that Bill Gates cannot even to produce an XBox presentation
> >>> without
> >>> bluescreening. As far as he wants to blame antivirus vendors for this,
> >>> we
> >>> know that at least he does know better. Until recently he did not even
> >>> have
> >>> the courage to produce any antivirus solution himself (at least after
> >>> MSAV
> >>> for Dos), it is easy to blame on the others who have done the dirty
> >>> work
> >>> for him. If Microsoft wants to get serious about security they should
> >>> get
> >>> serious about their own reponsability and that includes providing good
> >>> APIs
> >>> for developers.
> >>>
> >>> Greetings,
> >>>
> >>> Daniel Terhell
> >>> Resplendence Software Projects Sp
> >>> xxxxx@resplendence.com
> >>> http://www.resplendence.com
> >>>
> >>>
> >>>
> >>> “Don Burn” wrote in message news:xxxxx@ntdev…
> >>>> The API’'s have been there a long time, since it was years ago that
> >>>> RegMon
> >>>> switched to them. I agree that Microsoft needs to document them
> >>>> properly.
> >>>> I have checked a number of antivirus tools and most don’t hook, nor
do
> >>>> the
> >>>> majority of the monitoring tools. Debugging tools are a special
case,
> >>>> this
> >>>> list had a discussion a while back about IrpTracker as an example of
> >>>> something that a developer has to realize can help but has risks.
> >>>>
> >>>> The reason I hate hooking and other bad practices is that I come from
a
> >>>> fault tolerant background. I am part of a team trying to bring fault
> >>>> tolerance and reliability to Windows. Now having looked at the
kernel
> >>>> sources, Windows has come a long way in the last 7 years and is a
> >>>> robust
> >>>> system. What hasn’t come along is the improvement in 3rd party
> >>>> drivers.
> >>>> A
> >>>> few years ago BillG in a speech ripped apart the antivirus vendors
> >>>> since
> >>>> they accounted for a large percentage of the crashes of Windows. I
> >>>> believe
> >>>> that AV has reduced the percentage, but from what I can tell AV and
> >>>> security
> >>>> are still a major reason Windows crashed.
> >>>>
> >>>> If you believe there is a real problem that Microsoft is not
> >>>> addressing,
> >>>> ask
> >>>> them. They have been highly respectful of input as of late. No, I
> >>>> don’t
> >>>> expect they will turn on a dime and add all the feature we want, but
> >>>> they
> >>>> will listen and perhaps suggest a better way or offer a fix.
> >>>>
> >>>> There is a perception in the marketplace that Windows is buggy and
> >>>> crashes
> >>>> all the time and a an alternate OS is robust and reliable. I’ve gone
> >>>> through the kernels of both and I know I would trust Windows over the
> >>>> alternate. I also know that the last time I checked driver guru’s
for
> >>>> the
> >>>> alternate were getting a heck of a lot less for a consult that
> >>>> developers
> >>>> for Windows. If we want long term to keep programming Windows we all
> >>>> have
> >>>> to make an effort to make it more reliable, and that means cutting
out
> >>>> the
> >>>> hacks.
> >>>>
> >>>>
> >>>> –
> >>>> Don Burn (MVP, Windows DDK)
> >>>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> >>>> Remove StopSpam from the email to reply
> >>>>
> >>>> “Daniel Terhell” wrote in message
> >>>> news:xxxxx@ntdev…
> >>>>> This registry monitor api is I think still unofficial, only for the
> >>>>> latest
> >>>>> OSes, not part of the latest DDK. For a lot of the situations that
> >>>>> developers do hooking the reason is that an acceptable solution
still
> >>>>> does
> >>>>> not exist. If you get serious about your boycot you might find that
> >>>> includes
> >>>>> most of the antivirus, monitoring and debugging tool vendors. This
> >>>>> world
> >>>> has
> >>>>> real problems but for many real solutions do not exist. If this is
> >>>>> because
> >>>>> the tools to develop them are lacking I think this religion is not
> >>>> something
> >>>>> we should embraced.
> >>>>>
> >>>>> Regards,
> >>>>>
> >>>>> Daniel Terhell
> >>>>> Resplendence Software Projects Sp
> >>>>> xxxxx@resplendence.com
> >>>>> http://www.resplendence.com
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>> —
> >>> Questions? First check the Kernel Driver FAQ at
> >>> http://www.osronline.com/article.cfm?id=256
> >>>
> >>> You are currently subscribed to ntdev as: xxxxx@tfb.com
> >>> To unsubscribe send a blank email to xxxxx@lists.osr.com
> >>>
> >>> NOD32 1.974 (20050117) Information
> >>>
> >>> This message was checked by NOD32 antivirus system.
> >>> http://www.nod32.com
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >> —
> >> Questions? First check the Kernel Driver FAQ at
> >> http://www.osronline.com/article.cfm?id=256
> >>
> >> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> >> To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
>
>
>