[nSLUG] Re: An open door for open source?

Mike Spencer mspencer at tallships.ca
Mon Feb 16 01:03:25 AST 2009


> Interview with an adware author...
> 
> http://philosecurity.org/2009/01/12/interview-with-an-adware-author

What I thought was interesting about the techniques the interviewee
described was that XP and subsequent MS OSs run on an NT kernel with a
mis-match such that neither the user nor the ordinary hacker can
access the interface to the system internals that the adware was
manipulating.

    NT is fundamentally a Unicode system, so all the strings internally
    are 16-bit counter Unicode. The Win32 API is fundamentally Ascii.
    There are strings that you can express in 16-bit counted Unicode that
    you can't express in ASCII. Most notably, you can have things with a
    Null in the middle of it.

    That meant that we could, for instance, write a Registry key that had
    a Null in the middle of it. Since the user interface is based on the
    Win32 API, people would be able to see the key, but they wouldn't be
    able to interact with it because when they asked for the key by name,
    they would be asking for the Null-terminated one. Because of that, we
    were able to make registry keys that were invisible or immutable to
    anyone using the Win32 API. Interestingly enough, this was not only
    all civilians and pretty much all of our competitors, but even most of
    the antivirus people.

Boggle.  

> S: In your professional opinion, how can people avoid adware?
>
> M: Um, run UNIX.

AFAIK, there's nothing remotely like that in Linux (or *ix,
for that matter.) Er, is there?

But then, more and more stuff is like that: "No user serviceable parts
inside" and assembly techniques that make it impossible to take
something apart anyhow without a chainsaw or a carbide wheel.  And
that's before you even *think* about black boxes with embeded digital
stuff.

I used to work for a US Navy vet who'd been an carrier aircraft
mechanic in WW II.  He like to say, "A man made it, a man can fix it."
Hah.  Now, if a man had anything to with it, he intentionally made
it un-fixable and anyhow, mostly, a *robot* made it.  

Not to mention.... 

     [SYS_RANT_FILTER: System Rant Filter invoked.  NO CARRIER  :-]




More information about the nSLUG mailing list