64-Bit Vista Kernel Will Be a "Black Box" 402
ryanskev writes with news from RSA Europe, where a Microsoft VP spoke bluntly about the lock-down that will apply to 64-bit Vista. From the article: "Microsoft will operate 64-bit versions of Windows Vista as a tabernacle, with the kernel as the holy of holies, where only its own high priests of security may venture." While Microsoft has seemed to be making some concessions to the likes of Symantec and McAfee, considerable doubt remains as to their ultimate future.
Jim Allchin of Microsoft responds (Score:5, Informative)
Re:I'm confused (Score:5, Informative)
Re:I'm confused (Score:2, Informative)
However -- I too -- am not a kernel developer. I've read through the linux and BSD kernel sources. And I've read the Tannenbaum book. But I don't claim to be able to write the stuff.
OTOH: I could use a scotch. (nudge nudge)
Re:I'm confused (Score:5, Informative)
This has more to do with system stability than it does for security. Many syscall interceptors are not multiproc safe or do bad things: if the computer bluescreens because of a poorly written syscall interceptor, Microsoft gets blamed for writing unstable software. The syscall interface is considered an internal interface, not to be tampered with by outside parties because its behavior has subtleties not documented, and could change. This is a technical enforcement of that policy.
Re:I'm confused (Score:4, Informative)
[1] By the way, the Wikipedia x86-64 article is horrendously biased, and just plain wrong in this area to such an extent that I can't even be bothered to fix it. Apparently Minix 3 is not a 'modern operating system,' and the creators of Xen do not fall into the category of 'modern' in terms of operating system thought.
Re:Sounds like the right plan (Score:3, Informative)
In case people are wondering, yes, 64-bit Vista anti-virus software exists. See this post [microsoft.com] for details.
Re:I'm confused (Score:3, Informative)
However, I think non-Quebecers need an explanation, so here goes:
Quebec French Profanity [wikipedia.org]
You sign your driver, silly (Score:1, Informative)
There's 4 ways to sign your bits for kernel mode running on x64- all the way from making your own test cert and booting windows in a test mode to getting a commercial CA to sign with.
Re:Alpha supported 4 privilege modes (Score:4, Informative)
Different operating systems had different firmware images. The VMS PALCode implemented a load of privileged instructions that corresponded to those found in the VAX. The NT PALCode implemented x86-style operations.
So, while VMS may have required four privilege modes, these were not intrinsically an attribute of the Alpha. Instead, various instructions defined in PALCode would check the status of a shadow register and refuse to operate if it had the wrong value. PALCode was an incredible concept, and it was a very sad day for the industry when the promise of the Itanium killed the Alpha.
Re:I'm confused (Score:2, Informative)
Here's some more information from a 30-second google search:
http://www.microsoft.com/whdc/winlogo/drvsign/cro
http://www.microsoft.com/whdc/system/platform/64b
Obscurity? (Score:2, Informative)