> [quote]
Read the brilliant post of Dr. Newcomer, earlier today… (thread: How to
detect activity from Windows Explorer from net share)
[/quote]
The “only” problem is that above mentioned post is totally unrelated to
the topic of a discussion…
The problem that the original poster ob the above thread was trying to
solve is unsolvable per se. What the OP here speaks about is, basically, a
virtualization scheme that is known as Jaisl and Zones under respectively
FreeBSD and Solaris, and this scheme is anything but " p-baked (p < 0.05)
Security" hack" - instead, it has proved to work quite well. Although such
a solution is rather problematic in the Windows world, it is still not
infeasible one. Just to give you a tip, go and check the Bromium site -
they are approaching this problem via hardware-assisted
virtualization…
Actually, one of these scenarios turns out to be that some management
dweeb /heard/ about the idea in system and therfore assumes it
is doable in Windows. I don’t know the features of those systems, but I
dealt with Unices for 15 years and not once encountered anything like the
Registry.
And hardware-assisted virtualization is also not relevant to the question,
any more than the successful implementation of in
is relevant. IBM’s AIX on the RISC/6000 series
had a fully transacted file system, and their editor had the property that
if the system crashed, after it rebooted it would put you back in the file
where you were editing and lose at most one keystroke. So if someone comes
along and says “Now that Windows has a transacted file system, I want you
to write VBA extensions to Word that give it that behavior” the existence
proof that AIX implemented it does not mean it is possible to make Word do
it.
Which always returns to te root question: exactly what problem is this
supposed to solve?
Dweeb says, “I hear that modifying the Registry can compromise security,
so I want you to make a virtual Registry that will make it possible to
undo changes”. Now, most of the Registry tricks I know of involve HKLM
being compromised. But this is not a problem, because only privileged
users can do this, and ordinary users are running without the rights to
modify HKLM. So, another rumor is "You can modify HKCU in such a way that
. But HKCU is the root of a number of subtrees. Do you
know which ones can cause problems? I started by protecting all of the
Registry against modification by anyone running as a normal user. Then I
determined which keys were expected to be modified, and opened those up to
the restricted user account. After a week of fiddling, my Registry was
secure. Most management dweebs (and far too many Windows sysadmins and
programmers) do not know that the Registry provides rather fine-grain
access control via ACLs (alas, ACLs are the “assembly code” of security,
and we really should have a 5GL to manage security, but I digress). Now,
what does it mean to “undo changes”? Is it the all-or-nothing approach
like Windows reset points, or is it per-key or per-value? What does the
interface to it look like? Hint: do NOT say “we’ll burn that bridge when
we cross it”; if you don’t know what you are going to present to the user,
how doyou know what information you need to save? (Seriously, I ended up
with a catastrophe because the implementors of an XML-like system didn’t
think about the symbolic I/O reader/writer issues while writing the
middleware part of the design. I was tasked to fix the problem in 3
months. It took me 4 months to completely re-implement it, and 12 months
to recover me).
It isn’t enough to say “OK, you start coding, and I’ll go up and find out
what the requirements are”. If you don’t know what problem you’re trying
to solve, how do you know that a collection of ever-more-complex hacks is
going to be the solution.
I currently run my server with a offsite-backup system that images files
out to a remote server each time they are written. I can exclude files
like .obj, .ilk, .pdb, and similar large-but-otherwise-re-creatable files.
But it is not a mirrored file system; if I need this morning’s, or last
Tuesday’s, version of the file, I can go to the offsite backup server and
retrieve it, and bring it back with or without replacing the current
version of the file. So unless you are actually developing such a
product, you don’t need to create it; it already exists, and it would be
far cheaper to license than re-create it. Now the Registry hives are just
files. How would having them go to an archiving server not give you what
you need? (There are probably several good reasons, but you would need to
show how this form of virtualization fails to accomplish the goal,
whatever it is).
Another problem is “I’m just a lowly programmer trying to do the project
assigned to me. These decisions were made far above my pay grade.” This
is the “I was just following orders” defense, and it doesn’t work too
well. Anyone who creates such designs without talking to the people who
know what’s really going on in the OS is not going to come up with a valid
design. And tasking programmers to implement solutions to unsolvable
problems is actually another example of management failure. I spent a lot
of time finding out the requirements for whatever bizarre task I was
given, and sometimes the answer was “that can’t be done”. But I could
also say /why/ it wasn’t possible. So whatever the resulting code is, it
should only exist if there is a need for it. And I have this nagging
memory that Vista already allowed virtualization of the Registry, because
the original idea that values like HKEY_CLASSES entries were necessarily
global to the entire machine; but in my case, I want to edit a JPG file
using CorelPaint, and you want to use Adobe PhotoShop, and Fred, the third
person who can log onto this machine, wants to use Microsoft Paint. So
you need to understand how this virtualization works, and whether or not
you are trying to duplicate it.
One local school I have dealt with keeps read-only copies of VMs which
students can load (and that’s the only thing their extremely limited login
on the host machine allows). They can save the VM in their own area, but
if it becomes corrupted, they just start another one of the master copies
(they have several different flavors) and they’re back where they started.
In September. If these were to image to an offsite backup, files could
be retrieved, so work would not be lost.
So it is important to understand the requirements (and “virtualize the
Registry and file system” is NOT a requirement; it is an implementation
strategy). Until you understand the requirements, you cannot possibly
know if your work is going to meet them.
joe
>
>
> Anton Bassov
>
> —
> NTDEV is sponsored by OSR
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
or the OS will not work at all, maybe even crash.