Jonathan C. Patschke
jp at celestrion.net
Tue Jan 31 16:22:37 CST 2006
On Sun, 29 Jan 2006, Charles Shannon Hendrix wrote:
>>> Yes, but that's far less likely, and it doesn't happen through an
>>> API that was deliberately designed to allow it, and it is very
>>> unlikely to happen from a userland software install like it can in
>> Which API entry points, in particular, are you talking about?
> I don't know, I don't write Windows drivers.
> It's called driver filters as far as I know.
I finaly dug up some information on what you've been ranting about. A
copy-protection company (StarForce) wrote a supervisor-mode driver for
Windows that accepts unauthenticated commands from userland. This is
neither a Windows flaw nor an API misfeature. It's a community flaw in
developers and Microsoft assuming Microsoft's that users need
administrator access to their systems to play video cames, and it's a
flawed expectation on the part of users that "computers are just like
Suppose I wrote a character device driver (which allowed writes from
UIDs > 0) for Unix that took pairs of ordered integers like this:
Where the first number is interpreted as a word address in physical
memory and the second is interpreted as the word to insert into kernel
memory at that address. That's the same basic idea, and any decent Unix
programmer could bang that out in less than two hours. Gee, I guess
Unix is a completely insecure pile of garbage.
One could easily write a similar device driver that wraps VFS and lets
any old user scribble blocks to the disk. Oh my! How could we ever use
such an unreliable and easily-compromised operating system?
Once you get administration rights, it's all over, no matter what OS
you're running. That's why we keep them guarded on most systems. That
Windows doesn't is an unfortunate social, not technical circumstance.
 Those two flawed assumptions really irritate me because, without
them, Windows would be a halfway decent platform to use. In the 11
years I've run Windows NT and it's derivatives, even without a
firewall, I've never (knock on wood) gotten a virus merely because I
-never- log in with adminstrator rights unless I'm performing
administration, and then I typically use RunAs, anyway. When you
assume that the user needs superuser rights just to read email and
web pages, it starts to suck.
 Not that it isn't, but not in that way.
Jonathan Patschke ) "A man who never dreams goes slowly mad."
Elgin, TX ( --Thomas Dolby, "Valley of the Mind's Eye"
More information about the rescue