> ----- Message from Mike Acker <[email protected]> on Thu, 28
> Apr 2011 10:49:13 -0400 -----
>
> To:
>
> "Robert J. Hansen" <[email protected]>
>
> cc:
>
> [email protected], Faramir <[email protected]>
>
> Subject:
>
> Re: Re: Keylogers
>
> On 14:59, Robert J. Hansen wrote:
> On Wed, 27 Apr 2011 12:56:19 -0400, Mike Acker <[email protected]>
> wrote:
>
<snip>
> we shoud recognize that this inventory process is most critical for
> the operating software itself: the software that is allowed to run in
RING0.
>
> In a properly secured O/S an application program can't do any damage
> to its host O/S.
<snip>
"In a properly secured O/S an application program can't do any damage"
No damage, yes. But additional alterations can happen. Software
installations alter the base O/S--especially the Windows registry. Keep
in mind things such as Anti-virus software need to put in hooks to
intercept normal/original processing to test files/programs.
I've wondered how this same subject works with application whitelisting.
Also, I believe device drivers still run in RING0 on Windows. Although I
haven't heard/checked whether that's still true in Windows 7.
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
