1996-10-05 - RE: WINDOWS NT ????

Header Data

From: Adamsc@io-online.com (Adamsc)
To: “John Fricker” <stewarts@ix.netcom.com>
Message Hash: c5a0a63de52b87971fe81345ba7e102f5ca4d2f7820de53ef9fe8308515a991b
Message ID: <19961005072939812.AAA65@GIGANTE>
Reply To: N/A
UTC Datetime: 1996-10-05 09:18:39 UTC
Raw Date: Sat, 5 Oct 1996 17:18:39 +0800

Raw message

From: Adamsc@io-online.com (Adamsc)
Date: Sat, 5 Oct 1996 17:18:39 +0800
To: "John Fricker" <stewarts@ix.netcom.com>
Subject: RE: WINDOWS NT ????
Message-ID: <19961005072939812.AAA65@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 04 Oct 1996 17:43:52 -0700, John Fricker wrote:

>>> is Windows NT secured system ?

>>Windows 4.x moves the graphics/windowing system into Ring 0,
>>where the "secure" parts of the kernel are.  Bad.
>>This means graphics bugs can make the kernel insecure or crash.
>>I don't trust it, especially because Windows 3.1 crashes all the time
>>for me, and stupid bugs make Windows 3.1 behave badly for me.
>>So if they put the window system in the kernel, I don't trust it.
>>End of message

>Buggy video drivers though can bring the system down. 
This is 99% of the problems with any modern operating system: drivers written
by Juanito's House of Taiwanese Software.
>But this does not affect security, only stability.

>Security in NT can be defeated by any clever, out of work, bored, NT device driver author >who brews up a stealth device driver replacement (perhaps a COM port improvement) that >could run amok on the file system or basically do anything. Of course, any clever device >driver developer is making enough money to not be bored nor even consider writing a >backdoor into a driver. Right?

Doctor Dobb's had an article (with source) that demonstrated a driver that
gave full access to *EVERY* application running on an NT box.   They also
showed how it could be limited to a single application.   I believe the
source is on their web site...

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)







Thread